Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!sdd.hp.com!usc!samsung!munnari.oz.au!mel.dit.csiro.au!smart From: smart@mel.dit.csiro.au (Robert Smart) Newsgroups: comp.protocols.tcp-ip.domains Subject: Re: A plea for care when faking top-level domains Message-ID: <1990Jul25.054936.25540@mel.dit.csiro.au> Date: 25 Jul 90 05:49:36 GMT References: <9007191733.AA01412@venera.isi.edu> <1990Jul22.233936.2568@mel.dit.csiro.au> <1990Jul25.041622.15179@mlb.semi.harris.com> Distribution: inet Organization: CSIRO DIT (Melb.) Lines: 35 In article <1990Jul25.041622.15179@mlb.semi.harris.com> del@thrush.mlb.semi.harris.com (Don Lewis) writes: >> >>I suggest that each root name server only service a limited constituency >>of networks. So the root nameservers in Europe would ignore requests >>from non-European network numbers. Not only that but when they get >>a request for "." from a European network number then they will only >>report back with the European root nameservers. I think that with >>this scheme you could have as many root nameservers as efficiency >>requires. >> > >This won't work very well either with the current versions of BIND. >If my name server queries a European name server for a domain that it >is supposed to be authoritative for but isn't, the European server will >delegate my server back to the European root servers. It will list the >European root name servers in the authority section of the response and >their addresses in the additional section. My name server just add these >servers to its list of root servers (and pass this information on if it >is similarly misconfigured). I have also observered broken name servers >responding with the root server list in the authority section just for >the heck of it. May I remind everyone that just a few months ago many >name servers thought that "GENTER-ADAM.ARPA" was a root server. This rather goes with a discussion held some months ago. Name servers shouldn't believe things they hear from non-authoritative sources except as "information of last resort", like the startup cache. Even so this situation won't be drastic. The broken name server will have the European nameservers in its list of root nameservers, but if it tries to use them it will be ignored. I'm sure things would still be a lot better than they are now. In fact packets destined for the European (and Australian!) root nameservers could be dropped by the routers before they leave America (unless from the other root nameservers), so the cost on those most expensive and overloaded links could be nil. Bob Smart