Interesting People mailing list archives

Previous By Date Next
Previous By Thread Next

Protecting the Internet's Domain Name System and my rave note

From: David Farber <dave () farber net>
Date: Fri, 25 Oct 2002 16:47:04 -0400
[By the way, this is an excellent example of the problem I talked about
in the rave message. We have known for years (as the results of millions
of dollars in research money and development) how to build highly
distributed data base systems that are robust and hard to break. Yet
many insist that that can not be done -- that it is too hard a problem. 

An excellent example of -- I don't see how to do it therefore. (luckily
Karl is not one of these.

Dave]



 Karl Auerbach <[mailto:karl () cavebear com]> wrote a rather thought
provoking note that follows:
 
http://www.cavebear.com/rw/steps-to-protect-dns.htm )

Protecting the Internet's Domain Name System

ICANN is now taking a look at the actual stability of the net - this is
both refreshing and proper.  And it's about time.

Let us take a moment and ask ourselves: Why, on an Internet that was
originally designed to survive a nuclear holocaust, is this DNS thing
seemingly so vulnerable?

The reason is pretty obvious: Nearly every other part of the Internet is
based on the concept that the individual parts should be able to operate
independently.  But of all the parts of the Internet, the Domain Name
System has a clear heart, a singular point from which all other parts
radiate.  On most of the net, if one damages a part, the rest of the net
will remain and will function.  With DNS as it is presently deployed, if
one damages the heart, then the rest of DNS becomes uprooted and lost.

(This note will come back to this singular vulnerability of DNS and ask
the question "why", but that will be a bit later.  In case you need
instant gratification - here's a preview: DNS could be more fully
distributed and its singular point of vulnerability eliminated.  The
deeper question will thus be: Are we intentionally refusing to consider,
much less adopt, a solution that could give to DNS the same near
invulnerability that adheres to the rest of the Internet?  Are we
captives of our own dogma and blinding ourselves to solution,

snip



-------------------------------------
You are subscribed as interesting-people () lists elistx com
Archives at: http://www.interesting-people.org/archives/interesting-people/
Previous By Date Next
Previous By Thread Next

Current thread: