Slashdot Mirror

Might I suggest you have a look at http://www.root-servers.org/?
I'm sure you will find that there is a world outside the U.S, and that the rest of the world does not rely exclusively on American root servers.
Nice troll though:)

Erm. No. You obviously have no idea how the root server system works. Not all of the servers are maintained by ICANN (only one, which is rarely used, most resolvers just use the verisign cluster), therefore ICANN has no actual say, just influence.

A majority of the root servers are maintained by VeriSign and the government. The others are maintained by various ISP's and Universities, with only one maintained by ICANN, which could easily be removed without any problem -- the network is overly redundant.

You are right though, it would only take a few phone calls to launch a new TLD, but calling ISP's would be the stupid way of doing it, especially when the root servers themselves would take less effort and provide more overall value.

No, ICANN doesn't matter. These people do, however.

Verisign owns the .com and .org TLD servers, which are the ones all the root servers refer .com and .org queries to.

Does this make me a DNS guru? :-P

My mistake, they aren't "all in california" like i said.

BUT, take a look at this page

just eyeballing it i'd say 50% are in the US. so my point is still valid. no way it's just going to be handed over to the UN because some guy from China wants to regulate the internet.

for all you dns diggers

Here is me new patent pending idea Wiki DNS. No more lock in with registrations. Create an entry for you favorite web site and add an IP address. Think you have a better slashdot than slashdot? Update the DB and let the world be the judge. Develop a mesh query policy and dump the root servers. The DNS DB could live all over the net rather than in some sealed bunker somewhere. Power to the people.

SD

This has nothing to do with the root servers. The slashdot article is inaccurate.

Verisign are publishing delegations in the DNS from their registry for the COM and NET domains much more frequently than they were before. The TTL on records in the COM and NET zones is not changed.

The affected nameservers are a.gtld-servers.net through m.gtld-servers.net. These are not root servers. They are authority servers for the COM and NET zones.

Verisign also runs two root servers (a.root-servers.net and j.root-servers.net). There has been no announced change in the way A and J are being run.

Check here: http://www.root-servers.org/

Currently B, F, H, and M-roots have IPv6 addresses.

I know you were being funny... but you raise a good point. In reality the reason why the root servers are diverse is because they're run by different organizations Check it out: www.root-servers.org. That's why they have different server setups. And different locations, and etc.

So in reality the sys admins admin just one system (or copies of it in multiple loactions) and there isn't a helpdesk for the root servers. The sys admins KNOW their shit at the root servers. Can you imagine if they had a root-server helpdesk they could call... that would be wild.

it's about the root name servers

No, it's about "one" particular root nameserver, F-root, which is the root ISC operate. It's one IPv4 address, but actually a whole bunch of machines located across the world.

of all the things to forget to check on preview...

correct link to www.root-servers.org.

You are dead wrong.

Verisign runs the A and J root name servers.

The A root server holds a special position above the other 12 in that the other 12 query A to get the zone file for each TLD. While it's true that they don't run ALL the root name servers, they run 2/13 of them, including the most important one.

*footnote: Verisign does, however, operate 2 of the root servers, A and J. In fact, Verisign operates them quite well, and in co-operation with the other root-server operators. But all root servers have the same data, provided by ICANN. The list of root servers (and who operates them) can be found here.

Frankly, they deserve to have all authority over the root servers taken away from them before they do more harm in their quest for profits.

Your comment is otherwise excellent, but this line deserves correction. Verisign does *not* have control over the root servers*. ICANN does. This is an important distinction because control over the root servers is what gives ICANN it's authority. What Versign DOES control are the so-called 'GTLD' servers, which serve the .com and .net zones. (and the .org zone, once upon a time) And it's on those zones they are acting unilaterally. Sitefinder, when it was active, only worked on non-existant .com and .net hostnames, no others

*footnote: Verisign does, however, operate 2 of the root servers, A and J. In fact, Verisign operates them quite well, and in co-operation with the other root-server operators. But all root servers have the same data, provided by ICANN. The list of root servers (and who operates them) can be found here.

No single organization owns the entire root nameserver. There are thirteen root nameservers, and Verisign owns two of them. Verisign did that little sitefinder trick because they also own the .com and .net nameservers.

Why yes, I did!

Verisign runs "two" of them. I put "two" in quotes because J is a cluster located in eight locations (Dulles VA; Mountain View CA; Sterling VA (2 locations); Seattle WA; Amsterdam; Atlanta GA; Los Angeles CA). I can see another couple (Cogent and Autonomica) of commercial entities on the list, and we also have NASA, the ISC, and the US Military, together with the very generic ICANN, all making appearances. Only two or three appear to be housed by academic institutions.

http://www.root-servers.org/

You have to remember what allows verisign todo wildcarding, the fact that they still manage the root servers.

Verisign does not manage the root servers (except for A root). The root servers are managed by a bunch of different folks and you can find them at root-servers.org, but that is completely orthogonal to this discussion.

What is relevant is that Verisign manages the .com and .net TLD servers (dig com. SOA). This is NOT the same as the root (dig . SOA). The only "thing" of real importance that Verisign has is the master zone files for these domains, but others have those, too.

They have some monthly and other name server statistic plots available showing the changes in traffic before and after the upgrade.
These graphs were processed using Orca.

They have some monthly and other name server statistic plots available showing the changes in traffic before and after the upgrade.
These graphs were processed using Orca.

MY DNS IS TEH BORKEN!

your mom is such a slut, her pants get more traffic than f!

You'd have to carpet bomb the entire USA to be sure of taking out all 13 of them

Yeah, it would still take a lot of effort, but not "the resources to turn the entire country into a self-illuminating glass-floored parking lot". Not even close.

The stats for the h.root servers are available for the time period of the attack. Seems as though the h servers were taking in close to 94Mbits/second for a while.

More links to server stats can be found at Root Servers.org and some background is available at ICANNWatch.

The stats for the h.root servers are available for the time period of the attack. Seems as though the h servers were taking in close to 94Mbits/second for a while.

More links to server stats can be found at Root Servers.org and some background is available at ICANNWatch.

I think I can. The US Army-operated root server looks like it took the brunt of the attack, as opposed to the JPNIC servers, which seem to have had a much lower rate (perhaps because most of the attacking hosts were US-based?).

I think I can. The US Army-operated root server looks like it took the brunt of the attack, as opposed to the JPNIC servers, which seem to have had a much lower rate (perhaps because most of the attacking hosts were US-based?).

If you want to see in gory detail what a DDOS attack looks like in relation to what NORMALLY happens to these servers, try here. Notice the really big spike. As if you could miss it.

first, an aside...

the sad thing is that ANY corporation will sink to the same levels through the sheer pressures of capitalism.

Untrue. Corporations will sink to this level through the immorality and lack of accountability of the people that run them. Capitalism does not imply immorality. The two are completely unrelated concepts.

Second, a quick point, non-profits need less revenue because they strictly cover their economic costs. Level of profit or revenue does not imply anything about the quality of service. Anyway, it's irrelevant in this case since presumably the initial demand and revenue for either non-profits or for-profits will be the same.

Last, some opinions on who should run dot-org:

get some people in there who will keep on doing their job no matter what the stock market / investors / board of directors say. Note that above all three groups are interlinked. . . . one goes to shit and bye bye goes the rest of them.

Again, not quite true. The only things intrinsically linked in our market economy are buyers and sellers. One produces a good or service, the other consumes it. So in this case, it shouldn't really matter who provides the service in question (management of the dot-org registry), so long as they are able to provide said service to consumers.

Now, their policies will dictate what kind of service they provide, which is where we see advantages for choosing non-profits. Non-profits have no use for additional revenue once they have satisfied their economic costs (much in the way a firm running in a perfectly competetive market will operate at zero economic profit). This provides non-profits with the incentives to do two things:

1. Reinvest excess revenue back into the capital equipment of the service they are providing (managing dot-org)
2. Lowering prices, making their service much more attractive and affordable to the huge number of consumers in this market. Considering the democratic nature of the internet (and dot-org), I personally think this is important, as it lowers the barriers to entry into the internet namespace.

If you are familiar with the applications, you'll notice that this is the position of the IMS/ISC proposal. This is probably one of the most important points, besides technical implementation (which IMS/ISC also seems very strong on; heck, they run a root server, maintain BIND and DHCP, and have the grit to make all their code Open Source and publically accountable). This point of where the money goes is important because when the money starts going toward corporate pockets and non-profit programs, you can bet you won't see your better service, lower prices, and lower barriers to entry in the future.

Two additional points:

• Funding non-profit programs (such as ISOC's) are important, sure. But I say let me keep the extra money from my dot-org beyond what it costs to maintain it, and I'll donate individually if I want to.
• ICANN and the current status-quo insiders must be discouraged. The provider of dot-org services must be fully responsible to its consumers alone, not its vested interests in the perpetrators of the current DNS-profiteering mess.

To suggest that it would be No Big Deal to setup a competiting DNS system is bunk. You do realize that the top level DNS server handles over 1 million queries a second?

You're on crack.

Look at the stats for one of the better-connected (and hence more-queried) of the 13 root servers. It's receiving about 2.2Mb/second between two interfaces, which - assuming about 100 bytes per request - is 2750 queries per second. Even charitably assuming all the servers get the same load, that's 35,750 queries per second worldwide.

I've run DNS servers almost that busy on $5K boxes. Bandwidth is the bigger issue. Free it ain't, but it's nowhere near the pipe dream you make it.