North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

RE: WP: Attack On Internet Called Largest Ever

  • From: Daniel Karrenberg
  • Date: Wed Oct 23 17:46:08 2002

[Longish diatribe. I just use my share of bandwidth here in
larger packets. I hope you will consider S/N large enough]

At 04:51 PM 10/23/2002, Joe Patterson wrote:
>would it cause problems, and more importantly would it solve potential
>problems, to put some/most/all of the root servers (and maybe gtld-servers
>too) into an AS112-like config? ....
>Is it a problem that's even worth looking at? 

It is definitely worth exploring. As David Conrad pointed out,
the technology is there. Also it is very appealing in terms
of DDoS resistance and general distributedness that works so
well for the Internet.

> Is it a solution that's worse
>(for some reason I haven't noticed yet) than the problem?

The problem is making absolutely sure that the root zone 
that is served is authentic. For AS112 this is 
not really important because the queries it syphons off 
are all bogus anyways. So I could not care less if they
received bogus answers. For the root this is an entirely 
different matter! Of course if we had DNSSEC widely deployed
it would be a no-brainer. But I am afraid that is going to 
take a long time; I hope it happens before DNS itself 
becomes obsoleted.

So with the lack of DNS security the problem 
could be mitigted by routing security, i.e one could 
have some trust in the place the information comes from
instead of having the information itself authenticated.
However there is no such thing as routing security either. 

The best we can do in the absence of pertinent security
technology is to try to distribute things carefully;
always making sure that ISPs, and end-users if they wish,
have current and usable information to determine 
themselves which DNS servers and which routes to them
they trust. While doing this we also must maintain 
clearly the responsibility of the server operators
to serve the authentic unique root zone and to
provide a consistent service with good performance.

At the same time there is the ever increasing number
of self appointed people suggesting to run root servers
for a variety of motives, usually even good intentions;
however with the potential to change the content of
the root zone *without accountability* or even without
telling the users of those servers. 

Those who know me will testify that I am a very grass roots,
bottom-up oriented person suspicious of centralisation and
hierarchies. But the prospect of having multiple differing
instances of the root zone in the Internet makes me very 
uncomfortable. In fact it would mean that we will have
no Internet any longer but different networks,
that one cannot trust any longer that a hyperlink will
end up in a single place, that a server is really the one
one intends to talk to etc. pp. Unfortunately we do not have
the security techologies deployed yet that will alleviate
this problem. So we have to keep things together for some
time or end up with no Internet left.