Full Disclosure mailing list archives
Re: Petition against VeriSlime's DNS abuse
From: Valdis.Kletnieks () vt edu
Date: Thu, 18 Sep 2003 12:00:56 -0400
On Thu, 18 Sep 2003 09:01:27 EDT, "Jonathan A. Zdziarski" said:
* Establish a new set of root servers and top level registry * Publish a new root server list over 80% of ISPs will likely use, resulting in Verisign's root servers to become obsolete * Provide the legal and financial backing it will take to accomplish this
The financial backing is non-trivial. You're going to need some pretty serious big iron, and some pretty bad-ass bandwidth. Remember - there's 13 root server addresses - and most of them are anycast, meaning there's actually like 5-10 identical copies all over the place. So be ready to pay for 20-30 machines that have *real* reliability - you don't want to be trying this with a Dell 2U rackmount. http://www.caida.org/~kkeys/dns/2002-08-14/2002-08-14-queries.png That's normal traffic. 5K queries/second per server. That's a 10-minute average, so statistically you're going to have short bursts of MUCH higher that you need to handle to keep the latency down. Did I mention that you need to have enough muscle to survive a DDoS attack? "Filter it all at the upstream" isn't a viable defense when you're a root nameserver, since if you don't answer, things start to suck. Oh.. and you'll need trusted and experienced people, and be willing to pay them. And this is overlooking the fact that it isn't the root servers that are the problem. Those have been rock solid and remarkably controversy free. In fact, the root is *SO* solid that in close to 20 years, the *biggest* controversy was that Postel switched the primary one night without written permission - by feeding a different root server the same exact config file and letting it propagate it rather than the usual server that did the propagation. Your culprits are elsewhere: Don't like the selection of top-level domains? Talk to ICANN. Don't like how a TLD is run? Talk to ICANN and the administrator of that TLD.
Attachment:
_bin
Description:
Current thread:
- Petition against VeriSlime's DNS abuse Dennis Oelkers (Sep 18)
- Re: Petition against VeriSlime's DNS abuse Jonathan A. Zdziarski (Sep 18)
- Re: Petition against VeriSlime's DNS abuse Dennis Oelkers (Sep 18)
- Re: Petition against VeriSlime's DNS abuse Jonathan A. Zdziarski (Sep 18)
- Re: Petition against VeriSlime's DNS abuse Dennis Oelkers (Sep 18)
- Is Verisign Breaking the Law [Was: Re: Petition against Verislime's DNS Abuse] Jonathan A. Zdziarski (Sep 18)
- Re: Petition against VeriSlime's DNS abuse Dennis Oelkers (Sep 18)
- Re: Petition against VeriSlime's DNS abuse Jonathan A. Zdziarski (Sep 18)
- Re: Petition against VeriSlime's DNS abuse Todd Vierling (Sep 18)
- Re: Petition against VeriSlime's DNS abuse Jonathan A. Zdziarski (Sep 18)
- Re: Petition against VeriSlime's DNS abuse Valdis . Kletnieks (Sep 18)
- Re: Petition against VeriSlime's DNS abuse Jonathan A. Zdziarski (Sep 18)
- Gator / Scumware research n30 (Sep 18)
- Re: Gator / Scumware research Anthony Saffer (Sep 18)
- Re: Gator / Scumware research morning_wood (Sep 19)
- RE: [inbox] Re: Petition against VeriSlime's DNS abuse Exibar (Sep 19)
- RE: [inbox] Re: Petition against VeriSlime's DNS abuse Michael J McCafferty (Sep 19)
- RE: [inbox] Re: Petition against VeriSlime's DNS abuse Exibar (Sep 20)
- RE: [inbox] Re: Petition against VeriSlime's DNS abuse Michael J McCafferty (Sep 20)
- Re: [inbox] Re: Petition against VeriSlime's DNS abuse Joshua Levitsky (Sep 20)
- Using your HOSTS file to avoid seeing sightfinder (WAS: Petition against VeriSlime's DNS abuse) Exibar (Sep 20)