[LINK] Top five reasons for Australia to Get a Root-Server.
Tom Koltai
tomk at unwired.com.au
Tue Oct 13 10:45:11 AEDT 2009
> -----Original Message-----
> From: Kim Davies [mailto:kim at cynosure.com.au]
> Sent: Tuesday, 13 October 2009 2:24 AM
> To: Tom Koltai
> Cc: link at anu.edu.au
> Subject: Re: [LINK] Top five reasons for Australia to Get a
> Root-Server.
>
>
> Quoting Tom Koltai on Tuesday October 13, 2009:
> |
> | I have empirical evidence that F-Root server is not an
> exact clone of
> | US eastern state servers, therefore there are either
> problems with the
> | anycasting protocol or where are being fed a sanitised subset.
>
> While I find this highly unlikely, please share your
> empirical evidence and it will be addressed immediately. I am
> in a position to do so.
It's a big job Kim. I have worked around the problem by using a Maryland
US based proxy DNS.
Mainly because I got fed up with the "page not found 404's" when I knew
they were there.
But here's a simple example - destination Akamai Whitehouse:
Tracing route to e2561.g.akamaiedge.net [118.215.34.135] over a maximum
of 30 hops:
1 <1 ms <1 ms <1 ms 192.168.0.1
2 * 145 ms 219 ms r220-101-48-1.gwy.unwired.net.au
[220.101.48.1]
3 238 ms 109 ms 104 ms v1678-cr1.equ.syd.bbn.unwired.net.au
[220.101.190.161]
4 103 ms 109 ms 109 ms ge-2-2.br2.equ.syd.bbn.unwired.net.au
[220.101.190.206]
5 143 ms 229 ms 119 ms 202.167.228.102
6 247 ms * 115 ms 118.215.34.135 Trace complete.
And via Optus:
Performing trace to www.whitehouse.gov...
1 FastEth8-1-0.sb1.optus.net.au (192.168.34.2) 1.432 ms 1.052 ms
0.990 ms
2 ge3-3.22rrc76f000.optus.net.au (61.88.241.229) 1.563 ms 1.524 ms
1.304 ms
3 ge3-3.22rrc76f000.optus.net.au (61.88.241.229) 1.269 ms 1.344 ms
1.386 ms
4 internode.22rrc76f000.optus.net.au (59.154.10.30) 1.408 ms 1.361
ms 1.325 ms
5 gi1-24-132.cor2.syd6.internode.on.net (150.101.120.254) 1.437 ms
1.475 ms 1.393 ms
6 150.101.197.205 (150.101.197.205) 1.511 ms 1.375 ms 1.501 ms
7 * * *
8 * * *
9 * * *
10 * * *
11 * * *
12 * * *
13 * * *
14 * * *
15 * * *
16 * * *
17 * * *
18 * * *
19 * * *
20 * * *
21 * * *
22 * * *
23 * * *
24 * * *
25 * * *
26 * * *
27 * * *
28 * * *
29 * * *
30 * * *
Oh dear.
> How this has escaped the redundant and diverse monitoring
> networks that check the root server's contents for
> consistency is beyond me.
And me. Unless it's deliberate.
> | A clone of the clone is two units removed from the origin. I would
> | prefer that Australia's e-commerce initiatives were not and
> could not
> | be interdicted by a third party.
>
> As the link I provided explained, Anycasted servers are not
> "clones of a clone". Furthermore, as I am sure you aware, the
> root zone will be cryptographically signed in the coming
> months and it will be proveably intamperable by root server operators.
>
> Given that root servers only contain delegations of top-level
> domain, any tampering would in effect remove TLDs from the
> Internet (or add new ones that shouldn't exist). Which RR
> sets are you having alter in your evidence?
>
Actually anycasting of multiple IP numbers to multiple different hosts.
But I will ask one further question.
If there is no difference between A to M and the clones of the f-servers
and k-servers, then why are BCDEGHJ still in America.
(Note I omtted the A and the F)
If the anycast clones are just as good, why don't the originals get
redistributed and replaced with anycast clones?
<http://www.zdnetasia.com/news/internet/printfriendly.htm?AT=61964200-39
001260c>
The key to the U.S. government's influence is a master list of top-level
domains that the California-based Internet Corporation for Assigned
Names and Numbers distributes to root servers, which guide traffic to
each one of those top-level domains. The U.S. Commerce Department has
final approval of the list.
<https://www.isc.org/node/491>
Response to "L" Root Server Scaling Report released by ICANN 17
September 2009
However, I would suggest the problem was political in nature and not
technical.
And:
<http://atlarge-lists.icann.org/pipermail/at-large_atlarge-lists.icann.o
rg/2009q1/005335.html>
"There is an agreement now between ICANN and ISC for the F root server.
But is is very much a contract that says "don't tread on me" rather than
one that defines obligatory service levels and imposes constraints
against using the advantages of the root server position for
discriminatory actions or as a vehicle to make piles of money."
Kim, one final question, can you categorically tell me that with the
anycast f-server you have any control over spam, phishing or malware via
email distribution?
I would posit that with our own root server, Australia would be able to
instigate a far more rigourous defence against these attacks.
Specifically if the new server was authoritative for all apnic address
space.
Tom
_______________________________________
No viruses found in this outgoing message
Scanned by iolo AntiVirus 1.5.6.4
http://www.iolo.com
More information about the Link
mailing list