On Sat, 23 Nov 2002, vinton g. cerf wrote: > joe, this makes no sense to me - the cacheing mechanisms are essentially > doing what you suggest. That's one of the reasons the system is resilient. I agree and beutifully so. I take my hat off to the crew which put the dns together in the first place. A good example is discussed from time to time on the GA@dnso.org mailing lists. As you may know ICANN has refused to update some cctld records - but those cctlds continue to resolve. SO yes I agree it is very resilient. > But you need to invalidate the cache to deal with changes to the binding > of domain name and IP address. Simply mirroring everything doesn't improve > things, in my estimation. In fact, trying to mirror everything everywhere > has a massive update problem. Cacheing spreads the update process over time. But does it matter. We both agree it's a resilient system. Eventually the updates are done. I don't see an issue here. Like I said before the USG root file has carried incorrect information on cctlds and the system still resolved. > The USG doesn't actually run the root server (although some of the root > servers are in fact housed at USG supported laboratories). The Dept of > Commerce in effect delegates the actual operation to the root server operators. Well who owns this monopoly. Whoever has control of the roots has control of the 70% USG monopoly. > The issue is less the size of the file than the problem of updating many > copies of it reliably. The root server operators find it a challenge to > assure that even the modestly sized root zone file is correctly distributed > to all root servers accurately and in a timely fashion. well .. maybe the root committee or the security committee could investigate sponsoring root servers systems worldwide and work on solving the update issue and the ietf i'm sure can help. After all the icann through GAC is an international organization - or at least wants to be. Your mission should be to reduce international dependence on a US centric root system. I feel the single root approach that stuart lynn advcated and established as icann policy is a bit lame for todays high speed web servers. Of course I always appreciate your views on this. regards joe baptista > > At 09:10 AM 11/23/2002 -0500, Joe Baptista wrote: > >To survive a sustained DDOS attack against the roots, the best solution > >an ISP has is to run its own system and eliminate any dependence on the US > >government for basic internet services. It would also be prudent for other > >primary namespaces like .com. Unfortunately, though, it would require a > >considerable amount of resources -- the .com zone file alone is well over > >a gigabyte in size. But the root file is very manageable and can easily > >be run on an ISP's local domain name servers. > > Vint Cerf > SVP Architecture & Technology > WorldCom > 22001 Loudoun County Parkway, F2-4115 > Ashburn, VA 20147 > 703 886 1690 (v806 1690) > 703 886 0047 fax >