[governance] India's communications minister - root server misunderstanding (still...)
Riaz K Tayob
riaz.tayob at gmail.com
Wed Aug 8 05:30:55 EDT 2012
Thanks for all this openness and candour David, really! Like a cool
breeze on a hot summers day : )
On 2012/08/07 05:01 PM, David Conrad wrote:
> Carlos,
>
> On Aug 7, 2012, at 6:20 AM, "Carlos A. Afonso" <ca at cafonso.ca> wrote:
>> there is only one server, the "distribution
>> master" (the a.root-servers.net) called by David where the root zone
>> file is stored and modified.
> A clarification:
>
> a.root-servers.net, the machine(s) that resides at IP address 198.41.0.4, is NOT the distribution master. Long ago, it used to be, however now it is merely one of 13 and is different only in the number of queries it receives (a bit higher than the others, probably due to people not-so-arbitrarily picking it to run "is the Internet working"-type tests).
>
> As mentioned, the real "distribution master" is a special machine that is not exposed to the public and which responds only to a limited set of queries related to zone transfer that have a shared secret password (a transaction signature (TSIG) key) in them. The technical term describing this architecture is "stealth master" but I hesitate to use that term given your aside related to the CIA and the risk of inflaming interest/paranoia (:-)).
>
>> NTIA also must become aware of *any* modification intended in existing
>> ccTLD or gTLD records in the root zone file, whatever the Affirmation of
>> Commitments says.
> Yes. In a previous note, I described the root zone management process. All root zone changes go from ICANN to NTIA for authorization before they are processed by Verisign who edits the root zone and notifies the root servers of those changes. I do not believe the Affirmation of Commitments references this process -- it is part of the IANA Functions contract.
>
>> If there is a worldwide revolt agains the USA regarding the DNS, can the
>> Anycast net operate and be modified without resorting to one of the 13
>> servers (an Anycast server is by agreement used tied to one of the 12
>> "master replicators", the F, I, J and L being the most popular for this)?
>>
>> Technically, yes, of course, but...hmmm... I think it is better to keep
>> a dialogue with the USA instead. :)
> Exactly. The scenario that has been posited in the past was the US government "going rogue" and making inappropriate root zone changes. My argument is that theoretically, this is possible, but would be ridiculously unlikely as it would be political suicide. Just as theoretically, the non-US root server operators could choose not to honor those changes. Given the latter, it is even less likely the former would occur.
>
>> Is this talk necessary at all? I think this is abundantly common
>> knowledge since the root system's 13 servers started to operate...
> I would like to believe not, however given the comments made by the Indian minister and on this list, I'm unsure whether this knowledge is 'abundantly common'.
>
> Regards,
> -drc
>
>
-------------- next part --------------
____________________________________________________________
You received this message as a subscriber on the list:
governance at lists.igcaucus.org
To be removed from the list, visit:
http://www.igcaucus.org/unsubscribing
For all other list information and functions, see:
http://lists.igcaucus.org/info/governance
To edit your profile and to find the IGC's charter, see:
http://www.igcaucus.org/
Translate this email: http://translate.google.com/translate_t
More information about the Governance
mailing list