[LINK] Top five reasons for Australia to Get a Root-Server.

Kim Davies kim at cynosure.com.au
Tue Oct 13 11:20:30 AEDT 2009


Quoting Tom Koltai on Tuesday October 13, 2009:
| > 
| > While I find this highly unlikely, please share your 
| > empirical evidence and it will be addressed immediately. I am 
| > in a position to do so.
| 
| It's a big job Kim. I have worked around the problem by using a Maryland
| US based proxy DNS.
| Mainly because I got fed up with the "page not found 404's" when I knew
| they were there.

You have just proven that it has nothing to do with the DNS, let alone
the root servers. DNS alterations will never give you a 404 message, or
a "page not found" error, because 404 is at the HTTP layer and requires
a successful TCP connection be established with a web server. If the
root zone was tampered to remove a delegation you would get a "Host not
found" error.

| But here's a simple example - destination Akamai Whitehouse:  
| 
| Tracing route to e2561.g.akamaiedge.net [118.215.34.135] over a maximum
| of 30 hops:    
| 1    <1 ms    <1 ms    <1 ms  192.168.0.1    
| /snip/
| 
| And via Optus:
| 
| Performing trace to www.whitehouse.gov...
| 
|  1  FastEth8-1-0.sb1.optus.net.au (192.168.34.2)  1.432 ms  1.052 ms
| 0.990 ms

What does this have to do with the root servers? Absolutely nothing.
I have no idea what you are trying to illustrate except perhaps that
Akamai has mirrors of the Whitehouse website in different places, and
that you are surprised from different ISPs your traceroute goes to
different mirrors.

| Actually anycasting of multiple IP numbers to multiple different hosts.

I am not sure if you know what anycast is, but it is precisely not using
"multiple IP numbers", rather the contrary. Anycast was particularly
attractive for adding more root server locations because there is a DNS
technical limit that stops the creation of an "N", "O", "P"... root
server. Anycast allowed the same IP address to be used at multiple
sites.

http://en.wikipedia.org/wiki/Anycast

| If there is no difference between A to M and the clones of the f-servers
| and k-servers, then why are BCDEGHJ still in America.
| (Note I omtted the A and the F)

So what about "J" being present in Sydney is considered "still in
America"? Are you saying the operators of "J" should stop providing
service in America?

Perhaps what you are really asking is why are US-based organisations
running these root server networks. Well, the answer is historical. The
root server operators were assigned in a time when the Internet was
rather US-centric and there has been no compelling reasons to kick out
any of the operators because after almost 30 years, the DNS root server
ecosystem has operated practically flawlessly.

| If the anycast clones are just as good, why don't the originals get
| redistributed and replaced with anycast clones?

I don't get what you are saying... There is no difference between
"originals" and "anycast clones". What is the distinction you are
making? If an IP address is anycasted it is not as though some instances
are anycasted, and some are not.

| The key to the U.S. government's influence is a master list of top-level
| domains that the California-based Internet Corporation for Assigned
| Names and Numbers distributes to root servers, which guide traffic to
| each one of those top-level domains. The U.S. Commerce Department has
| final approval of the list. 

This comment refers to the contents of the root zone, not the root
servers. I hope you realise they are two different things.

| Kim, one final question, can you categorically tell me that with the
| anycast f-server you have any control over spam, phishing or malware via
| email distribution?

I have no control over those things, and nothing one could do in the
root zone would impact them. Unless you want to delete an entire
top-level domain to curb spam (I guess if you removed ".COM" or ".AU"
you'd get less spam.)

| I would posit that with our own root server, Australia would be able to
| instigate a far more rigourous defence against these attacks.
| Specifically if the new server was authoritative for all apnic address
| space.

This makes no sense. Now I get a feeling you must be trying to pull a
leg - you aren't equating IP addresses with top-level domains?

And for what its worth, APNIC already funds a number of root server
instances throughout the Asia-Pacific.

kim



More information about the Link mailing list