Interesting People mailing list archives
comment on "Unnecessary Traffic Saturating a Key Internet'Root' Server"Newswise (01/24/03)
From: Dave Farber <dave () farber net>
Date: Fri, 24 Jan 2003 16:20:33 -0500
------ Forwarded Message From: Bob Frankston <rmfxixB () bobf Frankston com> Date: Fri, 24 Jan 2003 14:38:13 -0500 To: dave () farber net, "'ip'" <ip () v2 listbox com> Subject: RE: [IP] "Unnecessary Traffic Saturating a Key Internet'Root' Server"Newswise (01/24/03) It's no surprise that the desire for risk-averse approaches to security is a major source of insecurity. Creating a maze of complex passageways and then blaming the users for being imperfect isn't a solution. Note also that if one is worried about an attack, having the servers already handling 50x more traffic than necessary means that an attack of a given level will be one 50 times less effective because the servers are already handling so much traffic. If the load was far lower then a modest attack would represent a very large increase in traffic. I don't know the levels of traffic during the denial attempts. The report also indicates that much of the load comes because the DNS is also trying to act as a directory and thus typos and misunderstandings on the part of users create a direct load on the servers. The fear of extra .'s also forces people towards the root servers. If the DNS were just plumbing and didn't have the extra duties of acting as a commercial service to map meaningful names to IP addresses the problems would be significantly reduced. The requested would only come after the lookup had been done via directory services, the load would be distributed to secondary and tertiary nodes and the goal would be to simply do a translation and not assure authenticity. Yes, there is a lot of unnecessary traffic but bad design is the root cause (OK, it's bad pun) and making it worse won't make it better. Bob Frankston http://www.Frankston.com ------ End of Forwarded Message ------------------------------------- You are subscribed as interesting-people () lists elistx com To unsubscribe or update your address, click http://v2.listbox.com/member/?listname=ip Archives at: http://www.interesting-people.org/archives/interesting-people/
Current thread:
- comment on "Unnecessary Traffic Saturating a Key Internet'Root' Server"Newswise (01/24/03) Dave Farber (Jan 24)