Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!wuarchive!ukma!uflorida!mlb.semi.harris.com!thrush.mlb.semi.harris.com!del From: del@thrush.mlb.semi.harris.com (Don Lewis) Newsgroups: comp.protocols.tcp-ip.domains Subject: Re: A plea for care when faking top-level domains Message-ID: <1990Jul25.223636.22744@mlb.semi.harris.com> Date: 25 Jul 90 22:36:36 GMT References: <1990Jul22.233936.2568@mel.dit.csiro.au> <1990Jul25.041622.15179@mlb.semi.harris.com> <1990Jul25.054936.25540@mel.dit.csiro.au> Sender: news@mlb.semi.harris.com Distribution: inet Organization: Harris Semiconductor, Melbourne FL Lines: 58 In article <1990Jul25.054936.25540@mel.dit.csiro.au> smart@mel.dit.csiro.au (Robert Smart) writes: >In article <1990Jul25.041622.15179@mlb.semi.harris.com> del@thrush.mlb.semi.harris.com (Don Lewis) writes: >>> >>>I suggest that each root name server only service a limited constituency >>>of networks. So the root nameservers in Europe would ignore requests >>>from non-European network numbers. Not only that but when they get >>>a request for "." from a European network number then they will only >>>report back with the European root nameservers. I think that with >>>this scheme you could have as many root nameservers as efficiency >>>requires. >>> Also name servers off MILNET should probably not harass the root servers on MILNET. >> >>This won't work very well either with the current versions of BIND. >>If my name server queries a European name server for a domain that it >>is supposed to be authoritative for but isn't, the European server will >>delegate my server back to the European root servers. It will list the >>European root name servers in the authority section of the response and >>their addresses in the additional section. My name server just add these >>servers to its list of root servers (and pass this information on if it >>is similarly misconfigured). I have also observered broken name servers >>responding with the root server list in the authority section just for >>the heck of it. May I remind everyone that just a few months ago many >>name servers thought that "GENTER-ADAM.ARPA" was a root server. > >This rather goes with a discussion held some months ago. Name servers >shouldn't believe things they hear from non-authoritative sources >except as "information of last resort", like the startup cache. Well, the point is that currently available versions of BIND don't behave this way, and even when the fixed version is available we all know how easy it is to get everyone to update there software. >Even >so this situation won't be drastic. The broken name server will have >the European nameservers in its list of root nameservers, but if it >tries to use them it will be ignored. On the surface, it looks like that would cut the traffic by 50%, but in reality the US name servers will just go on to try other root servers, some of which will be European. If a US name server queries two European name servers, we will have just as much traffic as if the first European name server answered in the first place. >I'm sure things would still be a >lot better than they are now. In fact packets destined for the European >(and Australian!) root nameservers could be dropped by the routers before >they leave America (unless from the other root nameservers), so the cost >on those most expensive and overloaded links could be nil. How much will this filtering impact the performance of the routers? -- Don "Truck" Lewis Harris Semiconductor Internet: del@mlb.semi.harris.com PO Box 883 MS 62A-028 Phone: (407) 729-5205 Melbourne, FL 32901