Slashdot Mirror

← Back to Stories (view on slashdot.org)

The Root of All E-Mail

Posted by ryuzaki0 on from the must-keep-safe dept.

wiredog writes "A Washington Post story about the DNS, the VeriSign NOC, and some of the security therein." Especially interesting in light of the recent security lockdowns throughout much of the Western world. The havoc of losing the A root server would be bad, like Staypuft Marshmallow Man bad.

13 of 311 comments (clear)

  1. root servers are redundant, how 'bout MAE? by ethereal · · Score: 5, Interesting

    The article seemed to be a little scare-mongery, considering how they go on to describe that the other root servers can easily take over.

    A bigger question is: how well protected are the public peering points, like MAE East and MAE West? Since even international traffic is often routed through them, we would see an instant slowdown if one of those two nerve centers were destroyed. Big businesses might have private peering arrangements that would survive, but you can bet that a ton of smaller sites would be affected by a loss of a MAE.

    --

    Your right to not believe: Americans United for Separation of Church and

  2. OT: Software for those wall-size displays? by Fastolfe · · Score: 3, Interesting

    Out of curiosity, I've seen pictures of lots of NOCs that have similar setups as what's described in the article. What kind of software is usually used for putting real-time "war room" statistics up on NOC displays? Is it usually custom-written for each setup?

  3. This will probably never be a problem by mnordstr · · Score: 4, Interesting

    The DNS system is probably one of the least problematic systems. The zone files that are spread out to the root servers are also "publicly" availiable. No, you can't get them (would be a problem because of spam, etc.) but ie. large ISPs can get them to run their own root level hiearchy. This is good for large ISPs as it will cut down on bandwidth usage. This might also be a great solution for the future. If ISPs hosted the root level zones themselves, the DNS system would be virtually unbreakable and the bandwidth usage due to DNS requests would dissapear.

  4. Physical security maybe not as important by YouAreFatMan · · Score: 3, Interesting
    According to the article, even if the NOC were blown to bits, it wouldn't impact the internet overall that much.

    The last thing I'd want someone to think is that they could put a bomb around their waist and hug the A root and think they're going to significantly impact the Internet," Rippe said.

    Rippe said that while such an attack could kill many employees, the Internet's addressing system is designed to withstand the destruction of much of the physical infrastructure that houses it.

    So the threat of someone cracking the DNS server and screwing it up in such a way that it wouldn't get noticed immediately could be worse. Let's say you start altering the records. Once that starts to replicate from the root server on down, you can cause a lot of trouble. Do that to just eBay's or Amazon's domain (or gasp! Slashdot's), and you could cause quite a stir.

    --
    Robotiq.com is heavily tested on animals
  5. Re:This is what'll screw us all in the end by Com2Kid · · Score: 3, Interesting

    "(any network engineer with a sense of adventure and a flashlight can prowl the sewers tracing data lines, anyway.)."

    This being the true threat anyways.

    ....

    That and whitetrash with backhoes. They ALWAYS manage to take out some part of the internet on at least a somewhat annual basis. . . .

    Seriously though, 8 dudes in scuba gear and / or who don't mind getting stinky, could take out the required 8 root servers needed to slow things down. Bit whoop. So I would be stuck using a cached copy from someplace ::yawns:: no more NEW .coms or dynamic IP linked to a Domain warez sites. Oh no the horror!

    --
    Need help treating your acne? Come here!
  6. 8 out of 13 by unixwin · · Score: 3, Interesting

    "The DNS is built so that eight or more of the world's 13 master root servers would have to fail before ordinary Internet users started to see slowdowns, according to John Crain, manager of technical operations for the Internet Corporation for Assigned Names and Numbers (ICANN)."

    Where did this magic number 8 out of 13 come from?

    --
    -- everyones not everybody and neither is everybody like everyone.
  7. That's already happened! by Anonymous Coward · · Score: 1, Interesting

    Well, some operator put in "The internet doesn't exist any more" into the root server, and all the so-called backups blindly copied it.

  8. Re:Marshmallow Man?? by vinyl1 · · Score: 2, Interesting

    Do you really need DNS for what you do, or could you just type in IP addresses?

  9. Re:Bad? by jonnythan · · Score: 4, Interesting

    I don't think protonic reversal would involve protons -> electrons. Electrons have a couple orders of magnitude less mass than protons.. you should be thinking along the lines of proton - antiproton. Since there would be no protons left, i don't think there would be a massive release of energy... but the electrostatic changed would wreak quite a bit of havoc.

    However, if just a human body's protons converted to antiprotons... there would be quite a bit of energy released as they annihilated the surrounding protons. Woo!

  10. Re:This is what'll screw us all in the end by GMontag · · Score: 5, Interesting

    Ummm... on the highway in front of the NSA HQ the exit sign says NSA. After you make the exit, there is a big giant NSA sign with the seal and everything. Just past the Shell station.

    Also, before every enterence to the CIA there is a sign that says "CIA Next Left" or "CIA Next Right (just pas the Shell station)." Dolly Madison Parkway I think, or is that Chain bridge Rd? Forgot since I don't drive by there any more.

    NRO enterance is on a small road off Rt. 28 in Chantilly, VA (I can see it from my office cube). There are not any signs on 28 announcing it, but on the entrence side there is a big giant NRO sign and another NRO sign that marks the Contractor's entrence.

    The Mapping and Imaging HQ has a big giant sign in front of it, on Sunrise Valley Rd. in Reston, VA, corner at Fairfax County Parkway with Dulles Tollroad on the other side. No signs on the tollroad for it though. Sprint runs AOL's backbone from right down Sunrise Valley with no sign (other than the address) out front. Right next to the INRI building. No Shell station nearby.

    At "Station C" in Remington, VA (see "numbers stations") there is a big historical marker inside the fence, right by zads of antennas. Just a couple of miles past the Shell station.

    Yes, all of the Shell station refrences are real and an odd "coincidence", since there is not a Shell station right by the NRO, nor is there one right by the Herndon NOC for VeriSign.

    Hummm... watch out for the Shell stations of you want to find something kinda secret I gues

    --
    Eve Fairbanks says I drive a hybrid!LOL
  11. root-servers vs gtld-servers vs cc-servers by MavEtJu · · Score: 5, Interesting

    Just FYI:

    The root-servers know where to find everything which is below the root (like com, edu, net, nl, au, cn, tw, us).

    The gtld-servers (global top level domain, i.e. the non-country codes) know where to find everything which is like philips.com, freebsd.org and berkely.edu.

    The country-code-servers know where to find xs4all.nl, org.au and co.uk.

    In the past I've made a small tool called dnstracer (shameless plug) which shows you what queries your DNS server is doing to get the answer for a hostname.

    If you play a little bit around with it you'll see how easy it is to live without connectivity to the root-servers.net machines, thanks to caching etc. Well, for the first two days that is :-)

    --
    bash$ :(){ :|:&};:
  12. Re:Marshmallow Man?? by Asprin · · Score: 2, Interesting

    Look at the effect of the economy of the dot-com bust of the past couple years. Completely caused by the Internet.

    Ummm.... Well.... I don't know... no, wait.... yeah, you're right.

    If the Internet hadn't sucked up all of that investor venture capital, it wouldn't have been tied up in Aeron chairs in San Francisco, and we probably wouldn't have had a recession at all because it would have been invested in more reasonable ways.

    Don't get me wrong - the internet's a great thing - but let's be realistic here. The Internet bubble was caused by a large number of investors willing to take big risks in an unproven market. "Foolish"? I prefer "risky". I just wish it hadn't been so painful for so many.

    Here's the point: For the overwhelming majority of the world population, it is possible to lead a completely fulfilling, active, healthy life without ever logging on. The only way the Internet will become a necessity is if it can prove to provide things cheaper, not just better, but cheaper than the old non-Internet way of doing things. Except for email, it hasn't yet provided proof that this is the case.

    --
    "Lawyers are for sucks."
    - Doug McKenzie
  13. Bad Reasoning? by sunryder · · Score: 3, Interesting

    Why would terrorists want to attempt to destroy or cripple the Internet? It would be naive to think that they do not use it for communication and information. I could be wrong, but to me it would not make sense for them to try and destroy or harm the Internet as a whole.

    Attacking portions of the Internet might make more sense, but I still do not think that terrorists would try to destroy or criple extremely vital portions of the Internet that affect it as a whole.