Re: Root Servers not updated

[George Herbert <gherbert () crl com>]

David Holtzman wrote:
> There's a lot of smoke going around this list and others about the root
> servers.  The internic generated a corrupt zone file on Tuesday which Bind
> did not load and prevented XFERs to the secondaries.  We became aware of it
> last night and it is currently fixed.  New zones will be ready for XFER
> within the next hour.  

Thank you for the information.

> The issue with requiring a login for retrieving the zone files was designed
> to help reduce spamming.  We are currently experiencing a huge system load
> due to several individuals who are trying to register recently deleted
> domain names.  The requests are being repeated and fired off every few
> milliseconds.  One individual has over 50,000 templates in the system as we
> speak.  We believe that  by requiring an identity to download the zone
> files we will better protect the community.
>
> Note that this ftp policy has not yet gone into effect.

Also thank you for the information...

> Lastly, it appears irresponsible to fan the flames of "the internic is
> trying to get over" via lists like these.  How about giving us the benefit
> of the doubt?  We generally stay silent on these issues, but feel that it
> is important to explain what we are doing and why.  No, we are not trying
> to take over the net.  Sorry for the confusion.

I had some long conversations with Chuck Gomes there following the
great PR debacle of the InterNIC billing cleanup earlier this year.
One of the aspects of this covered the need for more proactive
information releases by InterNIC when things go wrong.

InterNIC, being a singular and critical resource, is in a particularly
touchy situation with regards to the general question of trust on
the internet.  What with all the policy issues that are also flying,
as well as a moderately bad history (some of which was bad PR/info
release rather than actual problems), InterNIC suffers from an ongoing
problem that large segments of the network operator community fear you.

That is, obviously, not a good thing to have.  The only solution is that
InterNIC has to become actively proactive about informing the community
when things go wrong.  I don't think it's too much of a stretch to say
that at the very least the operators of all the root nameservers should
have had the problem report mailed to them on Tuesday, if not made more
publically available via the nanog mailing list, etc.  Again, I urge
InterNIC to understand how important it is that you push this information
out to people rather than have us get flustered and come looking for
it when things go wrong.


-george william herbert
gherbert () crl com