nanog mailing list archives
Re: F.ROOT-SERVERS.NET moved to Beijing?
From: Todd Underwood <toddunder () gmail com>
Date: Sun, 2 Oct 2011 18:07:14 -0400
valdis, all, On Sun, Oct 2, 2011 at 6:02 PM, <Valdis.Kletnieks () vt edu> wrote:
On Sun, 02 Oct 2011 17:30:37 EDT, Todd Underwood said:2) can any root server operator who serves data inside of china verify that the data that they serve have not been rewritten by the great firewall?DNSSEC should help this issue dramatically. This however could be problematic if the Chinese govt (or any repressive regime) decides to ban the use of technology that allows a user to identify when they're being repressed.
sure, but DNSSEC is still basically unused.
3) does ISC (or <Insert Root Operator Here>) have a plan for monitoring route distribution to ensure that this doesn't happen again (without prompt detection and mitigation)?Leaked routes happen External monitors and looking glasses and filters and communities are all things we should probably be doing more of, in order to minimize routing bogosity. But when all is said and done, there's no real way to have a dynamic routing protocol like BGP and at the same time *guarantee* that some chucklehead NOC monkey won't bollix things up. At best, we'll be able to get to "less than N brown-paper-bag moments per Tier-[12] per annum" for some value of N.
yep. this is a *great* argument *against* running critical information services on known-malicious network infrastructure, right? i.e.: if you are sure you're going to be interfered with regularly and you're positive you can't restrict the damage of that interference narrowly to the people who were already suffering such interference, perhaps you should choose to not locate your critical network information resource on that network. yes, i'm (again) suggesting that people take seriously not doing root name service inside of china as long as the great firewall exists. t
Current thread:
- F.ROOT-SERVERS.NET moved to Beijing? Janne Snabb (Oct 02)
- Re: F.ROOT-SERVERS.NET moved to Beijing? Jimmy Hess (Oct 02)
- Re: F.ROOT-SERVERS.NET moved to Beijing? Randy McAnally (Oct 02)
- Re: F.ROOT-SERVERS.NET moved to Beijing? Leo Bicknell (Oct 02)
- Re: F.ROOT-SERVERS.NET moved to Beijing? Todd Underwood (Oct 02)
- Re: F.ROOT-SERVERS.NET moved to Beijing? Valdis . Kletnieks (Oct 02)
- Re: F.ROOT-SERVERS.NET moved to Beijing? Todd Underwood (Oct 02)
- Re: F.ROOT-SERVERS.NET moved to Beijing? Tony Finch (Oct 03)
- Re: F.ROOT-SERVERS.NET moved to Beijing? Danny McPherson (Oct 03)
- Re: F.ROOT-SERVERS.NET moved to Beijing? Todd Underwood (Oct 03)
- ..."my" Internet... snicker :) bmanning (Oct 03)
- Re: F.ROOT-SERVERS.NET moved to Beijing? Randy Bush (Oct 03)
- Re: F.ROOT-SERVERS.NET moved to Beijing? Lindqvist Kurt Erik (Oct 04)
- Re: F.ROOT-SERVERS.NET moved to Beijing? Leo Bicknell (Oct 03)
- Re: F.ROOT-SERVERS.NET moved to Beijing? Danny McPherson (Oct 03)
- Re: F.ROOT-SERVERS.NET moved to Beijing? Christopher Morrow (Oct 03)
- Re: F.ROOT-SERVERS.NET moved to Beijing? Danny McPherson (Oct 03)
- Re: F.ROOT-SERVERS.NET moved to Beijing? Todd Underwood (Oct 02)