mailing list archives
Re: AW: Odd policy question.
From: bmanning () vacation karoshi com
Date: Fri, 13 Jan 2006 22:52:19 +0000
On Fri, Jan 13, 2006 at 12:09:51PM -1000, Randy Bush wrote:
Well, RFC2010 section 2.12 hints at cache pollution attacks, and that's
been discussed already. Note that I can't seem to find the same claim
in RFC2870, which obsoletes 2010 (and the direction against recursive
service is still there).
despite others saying that 2870 should apply to servers other
than root servers, i do not support that. and that leaves
aside that some root servers do not follow it very well.
RFC 2870 was crafted at a time when the machines hosting the
root zone also hosted several -large- TLD zones. Anycast was
not widely used when this document was written. RFC 2010 did
indicate that requirements would likely change in future, while
RFC 2870 reinforced the then status quo.
Perhaps the most fatal mistake of RFC 2870 was the ambigious
treatment of the service provisioning as distinctly different
than protecting the availability of the (single?) instance of
the hardware that provides that service.
Given the changed nature of the publication platform for the root
zone, (no big TLDs hosted there anymore) and the widescale use of
anycast in the root, while not with many TLDs - it is clear to me
that RFC 2870 applicability is oriented more toward TLD operations.
For these and a few other reasons, no root server operator that
i am aware of (save ICANN) actually tries to follow RFC 2870...
Several try and follow RFC 2010 still ... despite the I[E/V]TF's
marking of "obsolete" on RFC 2010. That said, there might be a
replacement for both offered up - if time allows.
Re: AW: Odd policy question. David W. Hankins (Jan 13)
Re: AW: Odd policy question. bmanning (Jan 13)
Re: AW: Odd policy question. Chris Owen (Jan 14)
Re: AW: Odd policy question. Simon Lyall (Jan 14)
Re: AW: Odd policy question. Florian Weimer (Jan 14)