BTW, the IESG response implied that the allegations of scientific fraud were (somehow) not substantiated. Following is a summary of the allegations, and after that is the DNSMON source code for sending packets. The source code plainly constructs a UDP (and only UDP) packet. ------- What the full community may not know, [but ISC, RIPE, Joe Abley, David Kessens, Brian Carpenter, and the IESG do know], is that the report claiming that stateful anycast was stable was fabricated, and that no stateful testing was performed by the DNSMON program. Contrary to assurances given by Karrenberg, there is no data which supports the notion that stateful DNS Anycast is safe, nor any data that disputes data and assertions that show DNS Anycast is unsafe. The notion of a safe stateful anycast operation as asserted by Daniel Karrenberg (http://www.nanog.org/mtg-0505/pdf/karrenberg.pdf) has now been discredited. Karrenberg's document misled people to believe that stateful anycast was safe, when in fact Karrenberg didn't perform any stateful testing whatsoever. The controversy began in 2002 with announcements by RIPE NCC and ISC (operators of K-root and F-root, respectively) to sell Anycast instances of K and F servers. In October, 2004, Mark Kosters reports on data gathered at J root: http://www.nanog.org/mtg-0410/pdf/kosters.pdf + Expected to see a saw tooth distribution . instead have a noisy distribution in many cases + Does not affect UDP + DO NOT RUN Anycast with Stateful Transport http://www.rssac.org/meetings/04-08/2004WashDC.html At the November 7th, 2004 RSSAC meeting, Kosters repeats warning on stateful DNS Anycast, but is disputed by Karrenberg. In May 2005, after one day after suppressing discussion on Nanog by Anderson, Karrenberg unqualified assurance that Anycast is safe, and please "do not to spread this false rumor" http://www.nanog.org/mtg-0505/pdf/karrenberg.pdf It is later found (January, 2006) [reported to IESG March, 2006] that Karrenberg has done no stateful testing whatsoever, and that Karrenberg did not reveal that his testing was only for stateless DNS, and therefore had no relevance to the safety of stateful DNS Anycast. [To put this in context of current news, this is the difference between creating a stem cell line, and creating a new stem cell line. It was a scientific fraud to describe the former as the latter. A one-word difference] This discovery was only made when Anderson examined the source code to the DNSMON program written by Karrenberg to conduct this testing. Now put this in context along with repeated assertions from Joe Abley and others associated with ISC and RIPE that stateful anycast is safe and even non-controversial. More history is found at http://www.av8.net/IETF-watch/DNSRootAnycast/History.html ---------- copyright from main.c: /* * Copyright (c) 2003, 2004 RIPE Network Coordination Center * Mark Santcroos <marks@xxxxxxxx> * * All Rights Reserved * * Permission to use, copy, modify, and distribute this software and its * documentation for any purpose and without fee is hereby granted, * provided that the above copyright notice appear in all copies and that * both that copyright notice and this permission notice appear in * supporting documentation, and that the name of the author not be * used in advertising or publicity pertaining to distribution of the * software without specific, written prior permission. * * THE AUTHOR DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING * ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS; IN NO EVENT SHALL * AUTHOR BE LIABLE FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY * DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. * * $Id: main.c,v 1.12 2005/05/23 12:35:43 kevin Exp $ * */ sendpacket function from sending_process.c: /* * Sendpacket * takes a buffer and send it out to socket */ struct timeval sendpacket(char *packet, struct server list[], int entry) { int ret; int size; struct ip *iphdr; struct udphdr *udphdr; char *sndbuf = (char *)malloc(512); int udplen; int iplen; int datalen; struct sockaddr_in saddr; struct timeval send_time; datalen = list[entry].size; iplen = sizeof(struct ip); udplen = sizeof(struct udphdr); iphdr = (struct ip *) sndbuf; udphdr = (struct udphdr *) (sndbuf + sizeof(struct ip)); /* copy to the actual send buffer */ memcpy(sndbuf+iplen+udplen, packet, datalen); iphdr->ip_v = IPVERSION; iphdr->ip_hl=sizeof(struct ip) >> 2; iphdr->ip_id = 0; /* 0 means kernel set appropriate value */ iphdr->ip_len = sizeof(struct ip) + sizeof(struct udphdr) + datalen; iphdr->ip_tos = 0; iphdr->ip_off = 0; iphdr->ip_p = IPPROTO_UDP; iphdr->ip_ttl = 0x40; /* set aquired first ip address */ iphdr->ip_src.s_addr = htonl(src_ip); iphdr->ip_dst.s_addr = inet_addr(list[entry].address); size = iplen + udplen + datalen; udphdr = (struct udphdr *) (sndbuf + sizeof(struct ip)); udphdr->uh_sport = htons(UDP_SRC_PORT); udphdr->uh_dport = htons(53); udphdr->uh_ulen = htons(sizeof(struct udphdr) + datalen); udphdr->uh_sum = do_checksum(sndbuf, IPPROTO_UDP, sizeof(struct udphdr) + datalen); /* this will be the time the measurements get logged */ gettimeofday(&send_time, NULL); ret = sendto(raw_fd, sndbuf, size, 0, (struct sockaddr *)&saddr, sizeof(saddr)); if (ret < 0) { perror("sendto"); exit(1); } #ifdef SENDING_DEBUG printf("%d bytes send.\n", ret); #endif /* SENDING_DEBUG */ free(sndbuf); return (send_time); } -- Av8 Internet Prepared to pay a premium for better service? www.av8.net faster, more reliable, better service 617 344 9000 _______________________________________________ Ietf@xxxxxxxx https://www1.ietf.org/mailman/listinfo/ietf