nanog mailing list archives
Re: Photo Op: You too can have your picture taken with a.root-servers.net
From: "Christopher A. Woodfield" <rekoil () semihuman com>
Date: Wed, 14 Nov 2001 09:15:21 -0500
However, do not forget that only Verisign operates the .com, .net, and .org name servers. While it seems that the government meeting yesterday was focused on physical security, which as pointed out below, is somewhat a moot point given the physical diversity of the multiple gtld-servers.net boxes, we can't forget about the network security of these machines. IIRC, Verisign operates every gtld-servers.net server, and as such, I'm presuming that they feature very similar software builds. As such, a security exploit found on one of them could potentially be present on all of them. If such an exploit were to be found and used, the results could be catastrophic for anyone with servers (or trying to access servers) in the .com, .net and .org namespaces. Does Verisign use the same hardware and OS on all of these servers, or are the vendors distributed? -Chris On Wed, Nov 14, 2001 at 01:03:14AM -0500, Sean Donelan wrote:
I don't whether to laugh or cry. Its just a computer. http://www.washtech.com/news/netarch/13672-1.html If you destroyed the copy of the US Constitution in the National Archives in Washington DC, would that mean the end of the US Government? If someone broke into NARA and scribbled a new amendment on the tail of the parchment, would the US Government be bound to follow what ever he wrote on the Constitution? No, of course not. The Root Zone files aren't unique historical documents, and there is nothing special about the copy on a.root-servers.net. If a tornado blew through Verisign's offices tomorrow, would it mean the end of the Internet? No. If someone corrupted Verisign's files, would that mean we have to follow the bogus records? No, we'd clean them up. Or more likely, the other operators would rollback their zone files to the previous known good copy. Would it disrupt our operations. Yes. Would it be irrecoverable? No. The root files are important business records, and I expect the custodian to take reasonable precautions appropriate for their value. Do I expect to see machine-gun nests outside Verisign's office? No. a.root-servers.net is just a piece of hardware. If it was destroyed, we've got more. http://www.sms800.com/ http://www.dtc.org/
-- --------------------------- Christopher A. Woodfield rekoil () semihuman com PGP Public Key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xB887618B
Current thread:
- Photo Op: You too can have your picture taken with a.root-servers.net Sean Donelan (Nov 13)
- Re: Photo Op: You too can have your picture taken with a.root-servers.net Christopher A. Woodfield (Nov 14)
- RE: Photo Op: You too can have your picture taken with a.root-servers.net Daniel Golding (Nov 14)
- RE: Photo Op: You too can have your picture taken with a.root-servers.net Deepak Jain (Nov 14)
- Re: Photo Op: You too can have your picture taken with a.root-servers.net bmanning (Nov 14)
- RE: Photo Op: You too can have your picture taken with a.root-servers.net Deepak Jain (Nov 14)
- RE: Photo Op: You too can have your picture taken with a.root-servers.net Sean Donelan (Nov 14)
- RE: Photo Op: You too can have your picture taken with a.root-servers.net Deepak Jain (Nov 14)
- RE: Photo Op: You too can have your picture taken with a.root-servers.net Sean Donelan (Nov 14)
- RE: Photo Op: You too can have your picture taken with a.root-servers.net Patrick Greenwell (Nov 14)
- Re: Photo Op: You too can have your picture taken with a.root-servers.net/rff reply Richard Forno (Nov 15)