--On Tuesday, May 18, 2004 18:01:05 +0200 jfcm <info@xxxxxxxx> wrote: > 1. first target: distribution of the root machines through a root server > matrix and core network - Yes, this is already done. It works, even if it is not top-guided as you envision. > containing local root information to make it a > need. Decrease of the pressure, risk containement, new data, new services. This is unnecessary and prone to failure. > 2. second target : a user MITM providing "hardware, software and > brainware firewalling". At root system level it means that the user is to > cache his root system. Which part of the present caching resolve server does not provide this service today? Aren't you reinventing the wheel here? > Private roots are not subject to DoS. They certainly permit to survive a > few hours, days and even probably months. In adding all the root themes > we can objectively consider today for ubiquist new services, plus a > "first necessity" software kit and root, we are probably talking of an > ASN.1 structure of less than 20 compacted K (comparable to anti-virus > updates). Private roots are subject to confusion, mis-directed micromanagement by local admins, overly sensitive to local politics, split-vision of what must by design be unified, and endless user frustration. I have tried this in a large corporate network, and it was, even there with a clear chain of command, a horrible mess. Never, ever again will I take anything like it outside a lab (except to kill it). > The figures I discussed in a previous memo, show that we could then come > back to a "486DX2". However discussing of root server the way we consider > them today would be quite meaningless. You have a strong passion for doing something to fix the DNS system. I suggest you channel this passion towards trying to fix all the b0rkened clients (cf. the studies of root server load refered to earlier here) before you try to impose breakage onto the well-functioning root server system. -- Måns Nilsson MN1334-RIPE http://vvv.besserwisser.org +46 706 81 72 04
Attachment:
pgp00437.pgp
Description: PGP signature