F.ROOT-SERVERS.NET moved to Beijing?

Joe Abley jabley at hopcount.ca
Mon Oct 3 21:10:47 UTC 2011

On 2011-10-03, at 13:39, Danny McPherson wrote:

> On Oct 3, 2011, at 1:09 PM, Christopher Morrow wrote:
>> Given that in the ISC case the hostname.bind query can tell you at
>> least the region + instance#, it seems plausible that some system of
>> systems could track current/changes in the mappings, no? and either
>> auto-action some 'fix' (SHUT DOWN THE IAD INSTANCE IT's ROGUE!) or at
>> least log and notify a hi-priority operations fixer.
> That sort of capability at the application layer certainly seems 
> prudent to me, noting that it does assume you have a measurement 
> node within the catchment in question and are measuring at a high 
> enough frequency to detect objective incidents.

In principle there seems like no reason that a DNS client sending queries to authority-only servers couldn't decide to include the NSID option and log changes in declared server identity between subsequent queries (or take some other configured action).

We support 5001 on L-Root (which runs NSD), for what that's worth, as well as HOSTNAME.BIND/CH/TXT, VERSION.BIND/CH/TXT, ID.SERVER/CH/TXT and VERSION.SERVER/CH/TXT, but those require separate queries. I appreciate NSID support is not universal, but perhaps that's ok in the sense of "better than nothing".

> I'm a fan of both routing system && consumer-esque monitoring, and 
> do believe that a discriminator in the routing system associated with 
> globally anycasted prefixes makes this simpler - for both detection, 
> and possibly even reactive or preventative controls IF necessary.  A 
> unique origin AS is not the only place you can do this in the routing 
> system, as I'm sure some will observe, but it seems an ideal location
> to me.

Whether it's the right-most entry in the AS_PATH or a bigger substring, you still need more measurement points than you have if you want to catch every leak.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 163 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20111003/a8886b8c/attachment.sig>

More information about the NANOG mailing list