I wish to correct several misstatements made by Brock Meeks in his article, "Fort N.O.C.'s”, published January 20. I am speaking as an operator of the "F" root name server which was mentioned several times in this story.
1. "A" root is not special in any way. Our "F" root server receives updates from an unrelated server called SRS which is operated under contract from the US Department of Commerce and the Internet Corporation for Assigned Names and Numbers (ICANN). These updates are received by all 13 root name servers, with "A" root a peer of the other 12, having no special capability or importance. If any one of these 13 servers (including "A" root) were temporarily unavailable due to a failure or disaster, there would be no noticeable impact on the Internet as a whole.
2. The root name servers are not "operated on a volunteer basis" as stated in the article. Each of the twelve organizations named on http://www.root-servers.org/ has funding and oversight from a local constituency. Operators include ISC (a US-based public benefit corporation) RIPE NCC (who serves the European internet community) the US Department of Defense and NASA, the WIDE consortium in Japan, and others. For all twelve of us, operating a root name server is a concrete obligation, and not merely a "sense of duty".
3. VeriSign's spending toward "A" root is irrelevant, as is the number of "backups" they might have. Even if the portion of VeriSign's spending which is directly attributable to "A" root exceeded the aggregate spending by ISC's sponsors for the distributed footprint of "F" root — which is unlikely — the fact remains that a global attack affecting (9) of the 13 root name servers had no measureable affect on overall Internet performance or availability. For details, see Events of 21-Oct-2002. Diversity is very powerful!
4. Actually, there ARE requirements placed on the security and operations of root name servers. The Internet Engineering Task Force (IETF) has published two documents on this topic, RFC 2010 and RFC 2870, and any root server operator who fell out of compliance with these standards would be shamed and otherwise pressured into "shaping up or shipping out." Paradoxically, the only root server operator who could probably ignore IETF's standards without also worrying about losing their position is VeriSign.
In closing, I'd like to point out that there is considerable divergence of viewpoint among the many people who are interested in root name service. Yet, one fact is never subject to debate: the DNS root server system is one of the most robust and reliable services in the history of data communications.
|Cybersquatting||Policy & Regulation|
|DNS Security||Registry Services|
|IP Addressing||White Space|
Neustar DDoS Protection
Minds + Machines
Neustar DNS Services