The Root of All E-Mail 324
wiredog writes "A Washington Post story about the DNS, the VeriSign NOC, and some of the security therein." Especially interesting in light of the recent security lockdowns throughout much of the Western world. The havoc of losing the A root server would be bad, like Staypuft Marshmallow Man bad.
What the---- (Score:5, Insightful)
They are apparently okay with featuring the place in an article in the Washington Post, though. Sheesh.
Re:What the---- (Score:2)
They never mention the Herndon, VA address of the facility.
oops! did I say Herndon, VA?
Re:What the---- (Score:5, Insightful)
Gosh....then maybe they should take this ( http://www.verisign-grs.com/partner.html ) cocktail party invitation down from their web site?
VeriSign Registrar Partner Reception: A cocktail party to showcase VeriSign's Network Operations Center (NOC). VeriSign will provide tours of our NOC, complimentary beverages and heavy appetizers will be served.
Date: Friday, February 15th
Time: 7:30 p.m. - 9:30 p.m. ET
Location:
VeriSign Network Operations Center
21345 Ridgetop Circle
Sterling, VA 20166
Dress: Business Casual
Complimentary transportation will be provided by VeriSign. A bus will pick up guests in front of the Dulles Marriott at 7:00 pm ET. Return transportation will leave VeriSign facilities at 9:30pm ET.
R.S.V.P. to cbinko@verisign.com or Tel. +1-703-948-3877.
Re:What the---- (Score:2, Insightful)
There are other posts here which claim pretty much the same thing, including an AC poster saying he's in the know.
With the number of brick buildings in the northern Virginia area, the root's building is as obscure as a blonde woman in California.
Re:What the---- (Score:5, Funny)
You see, the _actual_ A list server is sitting in the basement of somebody's house, humming away like it has for the last 20 years (it hasn't been upgraded at all). What was described in the article is the server they show government officials and journalists, so that we, the masses, can sleep better at night. They then hire geeky looking actors to stare at quicktime movies of "net traffic" while the big wig is there.
15 minutes after the person is gone, the building is shut off, and everyone goes home.
Re:What the---- (Score:2, Funny)
tracert Aroot
state.of.la 10 ms
1 state.of.va 34 ms
2 sterling.va 15 ms
3 beltway.sterling.va 33 ms
4 fewmiles.beltway.sterling.va 12 ms
5 building.sterling.va 10 ms
6 mantrap.building.sterling.va 3 ms
7 room.building.sterling.va 8 ms
8 Aroot.building.sterling.va 7 ms
Trace Complete
Re:What the---- (Score:2)
Tracing route to A.ROOT-SERVERS.NET [198.41.0.4]
over a maximum of 30 hops:
Stuff deleted for good reason
sl-gw11-sj-1-0.sprintlink.net [144.228.44.13]
sl-bb20-sj-8-1.sprintlink.net [144.232.3.137]
sl-bb22-rly-14-0.sprintlink.net [144.232.9.217]
sl-gw13-rly-0-0.sprintlink.net [144.232.25.226]
Request timed out.
198.41.1.201
198.41.1.245
a.root-servers.
Trace complete.
Well then... (Score:2)
Since terrorist attacks (hackers == terrorists, right?) are the largest threat to this system, it is obvious that such vital machines should not be put inside the backyard of Uncle Sam.
This might also be helpfull if the system actually turns out to be helping in circumventing any US patents, and thus violating the DMCA or whatever strange stuff you do over there.
Re:Well then... (Score:3, Funny)
Blindfolded (Score:2, Funny)
Re:Blindfolded (Score:3, Funny)
Weirded me out the first time; now I'm pretty much used to it. It's really weird when you're hiking the Appalachian trail. But that's an entirely different story.
Re:Blindfolded (Score:2, Funny)
Re:Blindfolded (Score:3, Funny)
You mean, put a sign inside the building that says "By opening that door a few minutes ago, you agreed to be shot."
Great Article (Score:4, Insightful)
Still fascinating though.
Jason
Re:Great Article (Score:2)
Because that won't actually make it any more secure than it is right now. The building access is just as restrictive as "high level security" facilities in the area.
Also, contrary to popular belief, every soldier is not walking around post packing heat. The weapons are locked up in an arms room, ammunition locked up in a different location, and the rank-in-file soldiers get to see them when getting ready to go to a firing range. Except for the MPs of course.
"Hiding" the building in plain sight keeps the random vandals away, other security keps them in one place until Fairfax County or Herndon Police (oops, did I say that?
Besides, the 12 other servers in the country pickup the tasks if A goes down. And you need to take out a total of 8 to make a real impact on the net.
Re:Great Article (Score:2)
Hell... they could put it in that super secure underground bunker in Kansas that houses the Sabre system (Airline scheduling system) for all I care.
I think that having the mere illusion that the US has control of the Internet is much better than there NOT BEING an Internet.
My $0.02
Jason
This is what'll screw us all in the end (Score:3, Insightful)
Security through obscurity will never solve anything when used as the first line of defense.
If you're going to build a place like this, someone unauthorized will eventually find out about it. Hell, just look at the security of the government's nuclear research labs and the whole Wen Ho Lee fiasco a few years back. And nuclear secrets are far more dangerous than a temporary internet slowdown.
If I was them, I'd quit worrying about how plain looking and unmarked the building is and start worrying about how hardended it was made. Ideally, they would place it inside a mountain so it would be immune to various airliners falling out of the sky. Also, it would have a myriad of redundant network links.
Secrets have never worked in security before, and they won't work now. If they want to protect the root servers, they'll have to base it on sound engineering, not the assumption that no one will ever find which building it's located in (any network engineer with a sense of adventure and a flashlight can prowl the sewers tracing data lines, anyway.).
Re:This is what'll screw us all in the end (Score:5, Insightful)
Security through obscurity will never solve anything when used as the first line of defense.
Dude, it's the first line of defense, not the ONLY line of defense. Read the article.
There is nothing wrong with security through obscurity as one facet of security. It's when it's the only security that it's a problem.
physical security vs electronic security (Score:2, Insightful)
anyways, just food for thought.
Re:This is what'll screw us all in the end (Score:2, Funny)
So, can I please have the recipe for making Coke? I'm tired of buying those silly bottles.
Re:This is what'll screw us all in the end (Score:5, Insightful)
Oh, I don't know about that. Sure, it's bad when it's the only line of defence, but as a mere "first" line I think it's perfectly reasonable. (Just as it's a reasonable defence to, say, have your web server misidentify itself, or to have an unlisted phone number, or what have you.) As long as the layers of security behind this first one are robust, obscurity is perfectly reasonable as a front line defense.
No offence, but thank god you're not, buddy... :)
Oh baloney, they work all the time. Maybe you should consider putting down the standard /. party line and try putting some of this hyperbole into perspective. If secrets have never worked then why is the story of the Trojan Horse so famous? If secrets have never mattered then why is the element of surprise considered to be so tactically valuable? If secrets didn't matter to security then why did Nixon have those 18 minutes of blank tape, and why did Cheney turn in thousands of blank documents, and why do all governments bother classifying things as top secret?
If you're in a position of just stupendously overwhelming strength -- like say if the US were to invade Bermuda tomorrow -- then no I don't suppose you need to be all that secretive about things. For everyone else, in every other situation, secrets can have an important role to play. Even if trolls would suggest otherwise.
Re: (Score:2)
Re:This is what'll screw us all in the end (Score:2)
They're not saying, "Our building doesn't have a lock on the door, but nobody knows where it is, so we're okay."
They're saying, "Not only is our site secure, but we're also very low-key, since in our business it's not good to attract attention."
Another example: Everyone knows where the NSA building is, but they still don't exactly put a big neon sign on the roof and run ads daring people to break in.
As i said in my reply to your other post, you need to read RFC 2870 [ietf.org] ASAP.
Re:This is what'll screw us all in the end (Score:5, Interesting)
Also, before every enterence to the CIA there is a sign that says "CIA Next Left" or "CIA Next Right (just pas the Shell station)." Dolly Madison Parkway I think, or is that Chain bridge Rd? Forgot since I don't drive by there any more.
NRO enterance is on a small road off Rt. 28 in Chantilly, VA (I can see it from my office cube). There are not any signs on 28 announcing it, but on the entrence side there is a big giant NRO sign and another NRO sign that marks the Contractor's entrence.
The Mapping and Imaging HQ has a big giant sign in front of it, on Sunrise Valley Rd. in Reston, VA, corner at Fairfax County Parkway with Dulles Tollroad on the other side. No signs on the tollroad for it though. Sprint runs AOL's backbone from right down Sunrise Valley with no sign (other than the address) out front. Right next to the INRI building. No Shell station nearby.
At "Station C" in Remington, VA (see "numbers stations") there is a big historical marker inside the fence, right by zads of antennas. Just a couple of miles past the Shell station.
Yes, all of the Shell station refrences are real and an odd "coincidence", since there is not a Shell station right by the NRO, nor is there one right by the Herndon NOC for VeriSign.
Hummm... watch out for the Shell stations of you want to find something kinda secret I gues
Re:This is what'll screw us all in the end (Score:3, Interesting)
This being the true threat anyways.
....
That and whitetrash with backhoes. They ALWAYS manage to take out some part of the internet on at least a somewhat annual basis. . .
Seriously though, 8 dudes in scuba gear and / or who don't mind getting stinky, could take out the required 8 root servers needed to slow things down. Bit whoop. So I would be stuck using a cached copy from someplace
^^ Mod this parent down (Score:2)
Anyone following the Wen Ho Lee scandal would know that the whole thing was enormously overblown. In the end, he was let go with a misdimeanor dealing with improper storage of data, and the judge sincerely apologized for the government.
Bob
Wen Ho Lee (OT) (Score:2)
Yes, he broke a lot of regulations by allowing his daughter to login, copying data onto floppies to keep safe, etc. I know his daughter and we used to play the same MUD [mume.org] and she used to login to his account in order to get a better network connection yet they made it out as if he was letting Chinese secret agents into his account instead.
Shades of Dilbert (Score:3, Funny)
"He who controls the information controls you. I CONTROL THE INFORMATION!!"
Re:Shades of Dilbert (Score:3, Funny)
Secret? (Score:3, Informative)
Hmmm....
VeriSign Network Operations Center
21345 Ridgetop Circle
Sterling, VA 20166
I don't think security is *quite* as tight as they say. Course, if A root where to go down, I wouldn't know the difference betweent that and the crappy windows DNS servers here....
Re:Secret? (Score:2)
Re:Secret? (Score:3, Informative)
. start of authority A.ROOT-SERVERS.NET nstld.verisign-grs.com(
% whois verisign-grs.com
(...)
Registrant:
Network Solutions, Inc. (VERISIGN-GRS2-DOM)
505 Huntmar Park Drive
Herndon, VA 20170
US
Re:Secret? (Score:2)
and yes, they now own the netscape statue...
.. the fuckers..
Re:Secret? (Score:2)
So losing the A root server wouldn't much immediate effect, giving time for a failover to one of the other root servers. This, of course, is the theory. :^)
Bad? (Score:5, Funny)
Egon - "Try to imagine all life as you know it stopping instantaneously and every molecule in your body exploding at the speed of light."
Ray - "Total protonic reversal..."
Venkman - "Alright, important safety tip. Thanks, Egon."
Ah, one of the great comedies of the 80's...
Re:Bad? (Score:5, Funny)
$11,500 a Year. (Score:2)
Hey... this Staypuft guy isn't so bad... He's a sailor... he's in New York.... We get this guy laid, we got nothing to worry about...
Winston: This job is definitely not worth $11,500 a year.
Re:Bad? (Score:4, Interesting)
However, if just a human body's protons converted to antiprotons... there would be quite a bit of energy released as they annihilated the surrounding protons. Woo!
Sheesh (Score:5, Informative)
Hemos said...
Especially interesting in light of the recent security lockdowns throughout much of the Western world. The havoc of losing the A root server would be bad, like Staypuft Marshmallow Man bad.
Absolute proof that the Slashdot editors don't even bother to read the articles, and just depend on their wrong understanding of things.
From the article...
"The DNS is built so that eight or more of the world's 13 master root servers would have to fail before ordinary Internet users started to see slowdowns, according to John Crain, manager of technical operations for the Internet Corporation for Assigned Names and Numbers (ICANN).
ICANN manages the DNS and sets policies for registry operators and domain name retailers.
"Theoretically, if 'A' were to disappear, we could pick it up from one of the other servers," Crain said. "Moving the place where the zone is picked up is very simple."
In other words, don't panic. The A server is just the highest profile target.
Re:Sheesh (Score:2)
Someone should thank the post for pointing this out to us. Now this place is just a little higher in profile. I like the part about it being on the top floor. Seems to me that if you wanted to HERF gun the place you know where to point it now.
Re:Sheesh (Score:2)
So how easy is it to get a window washing job in Herndon, VA? :-)
Re:Sheesh (Score:2)
root servers are redundant, how 'bout MAE? (Score:5, Interesting)
The article seemed to be a little scare-mongery, considering how they go on to describe that the other root servers can easily take over.
A bigger question is: how well protected are the public peering points, like MAE East and MAE West? Since even international traffic is often routed through them, we would see an instant slowdown if one of those two nerve centers were destroyed. Big businesses might have private peering arrangements that would survive, but you can bet that a ton of smaller sites would be affected by a loss of a MAE.
Re:root servers are redundant, how 'bout MAE? (Score:3)
Kintanon
MAEs not as important as they once were (Score:3, Informative)
However, that's not so much the case today. The fact is that most traffic (in the US at least) goes between the Big Three (UUNET/WorldCom, Sprint and Cable & Wireless), or at least it could go because most networks have an upstream multihomed connection to one or more of the big three. And those guys have plenty of private interconnections, some of which are outside of the NAPs.
Networks have also shifted away from the old MAE model (FDDI connections into these huge mother-f***er DEC gigaswitches housed in the MAE buildings) and towards ATM-based NAPs, where you just get a virtual circuit in a "cloud" in the area. The weakness of the FDDI-gigaswitches model that caused people to move away from them was not the security aspect, but rather that they were a huge pain to upgrade and became a huge sinkhole for packet loss when they were overburdened (e.g., MAE-East in late 1997).
Of course, the MAEs still are important - there's a hell of a lot of fiber running through there, and taking it out would require everyone to route around it, causing a HUGE temporary disruption - but they're not the tremendous choke point/security risk that they once were.
Re:root servers are redundant, how 'bout MAE? (Score:2, Funny)
siri
OT: Software for those wall-size displays? (Score:3, Interesting)
Re:OT: Software for those wall-size displays? (Score:2, Informative)
it takes data from router SNMP and displays it graphically.
i would imagine some custom work goes on for converting it into a wall mounted display.
some companies must be doing minor custom work on it as consultants.
Edited out o fthe original article.... (Score:5, Funny)
"We see a lot of spikes or peaks or things that might indicate [denial of service] attacks," Rippe said. Rippe pointed out a huge spike beginning to appear at that very moment, "Oops, slashdot just posted a link to a new Star Wars trailer! I've got to head down to the shelter."
.
Made me think of Goonies... (Score:5, Funny)
"Copper bones, westward foams... triple stones."
They should just go all the way and have elaborate One-Eyed Willy/Rube Goldbergian traps.
mark
Security in the NOCs (Score:5, Informative)
The NOC in VA that someone referred to isn't the one that the article describes. Its actually 'site B'. VeriSign has a backup center thats identical to the real one. The storage units are on a SAN and replicate daily before the zone is generated. Even if the building blows up, the other one automatically kicks in.
Even if both are destroyed (sp?), the next tier will transparently take over. Like the article says, 8 have to go down before you'd even notice, and even then, theres backups that can be up within an hour to take over. The DNS system is as impervious to physical attack as any system on the planet.
Re:Security in the NOCs (Score:4, Insightful)
No that it hasn't, or wouldn't work, i'm just cutious.
Re:Security in the NOCs (Score:4, Interesting)
Re:Security in the NOCs (Score:3, Funny)
Marshmallow Man?? (Score:3, Insightful)
But the article further goes to mention how important the Internet is to our economy. Is this true?? I don't really think of the internet as critical infrastructure.
If the Net went down tomorrow, and was down for a week, would this really affect the economy in a signifigant way?? (Well, aside from the panic of investors...)
I understand that more and more comapnies are using the Net in a part of their workflows, but I don't think the internet provides and unique service that couldn't be done without.
E-mail: Use the phones.
Web: Read a book
Any data that is transferred could just as easily go by modem.
The internet serves as a convenience in many ways, but I dont think this almost 10 year old (less in the corporate mind) bit of infrastructure has become crucial to us yet. It has really been just the last few years that anybody started doing anything with the net at all, and mostly that has been VPN and changing communication methods. (i.e. Use the net instead of UUCP and a modem.)
So, my question is, what kind of critical services would be missing if the net suddenly went away. Sorry, I do not consider e-mail a critical service.
~Hammy
nothing4sale.org
Re:Marshmallow Man?? (Score:2)
Re:Marshmallow Man?? (Score:2, Insightful)
Many, many companies have replaced dedicated T1's with VPNs (or just SSL sessions) over the internet. My employer (unnnamed, large [several billion in assets] bank) is one of them. Yes, important financial stuff.
To put it briefly, we'd be really hurting if the internet was down more than a day, and *really* screwed if it was down for any extended amount of time. It takes a long time to get Ma Bell to provision new circuits.. 2 weeks for a "rush" job.
Re:Marshmallow Man?? (Score:2, Interesting)
Re:Marshmallow Man?? (Score:2)
You make the fatal mistake of assuming that every company's business is like yours.
I work at a hosting facility. I'd say the Internet is indeed pretty crucial to our business. Sure, we're just one business, but there's enough companies in the same situation that if the Internet goes tits-up and all our companies tank, the economy will be severely dented.
Look at the effect of the economy of the dot-com bust of the past couple years. Completely caused by the Internet.
Re:Marshmallow Man?? (Score:2, Interesting)
Ummm.... Well.... I don't know... no, wait.... yeah, you're right.
If the Internet hadn't sucked up all of that investor venture capital, it wouldn't have been tied up in Aeron chairs in San Francisco, and we probably wouldn't have had a recession at all because it would have been invested in more reasonable ways.
Don't get me wrong - the internet's a great thing - but let's be realistic here. The Internet bubble was caused by a large number of investors willing to take big risks in an unproven market. "Foolish"? I prefer "risky". I just wish it hadn't been so painful for so many.
Here's the point: For the overwhelming majority of the world population, it is possible to lead a completely fulfilling, active, healthy life without ever logging on. The only way the Internet will become a necessity is if it can prove to provide things cheaper, not just better, but cheaper than the old non-Internet way of doing things. Except for email, it hasn't yet provided proof that this is the case.
Re:Marshmallow Man?? (Score:2)
E-mail: Use the phones.
What if you only have an email address for someone you need to contact?
Web: Read a book
What if there is no book on the topic, only a web page?
Any data that is transferred could just as easily go by modem.
Oh yeah, a hundred telecommuters are going to hit each companies two or three remaining modems. Now maybe thousands of telecommuters out of work for a week is not quite an economic shock comparable to September 11 but it sure wouldn't be good for the economy.
Re:Marshmallow Man?? (Score:2)
There's no failover for something like that (Score:2)
Think about any business that uses a PBX phone system. You may have 2,000 internal phone numbers, but only 500 outside lines. Suddenly the PBX goes down. Most likely your entire company loses communications. Within a couple of days you could have those 500 lines distributed to your workers, giving 1/4 of them direct lines. Then you have to worry about getting those hundreds of phone numbers out to every client and potential client.
Business use this scheme because it is much cheaper than having as many outside lines as employees. And it's more convenient to administer. Could businesses go on without it? Sure. But the short-term dislocation would be horrendous. It's the same with the internet. Those businesses that rely on it use it for cost and convenience. They could do without it, but the transition would be painful.
Top Floor (Score:2)
It would seem that you would be better off going w/the basement. In fact the deeper the better, I would think.
Airplane strikes come to mind as one reason.
Or the fact that if someone took out the ground floor- the floors above it go too, but if you are deep enough that could be avoided.
Apparently physical security isn't of the utmost importance, as they say.
The raised floor is always good- or the night guy's beer wouldn't stay cold.
.
Re:Top Floor (Score:2)
Re:Top Floor (Score:2)
And I would think that power, connectivity, etc. would be generated down there as well.
Like NORAD but not quite so extreme.
Apparently it is not that big a deal if this thing gets taken out anyways.
Though, the more I think about it- if 8 public locations need to be destroyed to cause a problem, well how hard would it be to coordinate that?
.
All Your A Root Server Are Belong To Us! (Score:4, Funny)
(Scene: Verisign Data Center inside Washington DC. Huge explosion on top floor of red brick office building, sending flaming servers flying through the night sky)
(Cut to home of Verisign CEO, he is in bed with his fat wife, snoring loudly. The phone rings, and he wakes up, wiping the slobber from his chin while answering)
Verisign CEO: "What you want!"
Voice on the phone: "Somebody set us up the bomb!"
CEO: "What you say!"
Phone voice: "We get signal!"
(static on phone, all of a sudden a voice breaks in)
Arabian voice: "How are you gentlemen? By the Grace of Allah, All your A Root Servers are belonging to us! You have no chance to survive, make your time!"
CEO: "It's YOU! Restore backup! Implement Emergency Response Plan A! Move every server! For great justice!"
Arabian voice: "HA HA HA HA HA HA HA!"
This will probably never be a problem (Score:4, Interesting)
Physical security maybe not as important (Score:3, Interesting)
The last thing I'd want someone to think is that they could put a bomb around their waist and hug the A root and think they're going to significantly impact the Internet," Rippe said.
Rippe said that while such an attack could kill many employees, the Internet's addressing system is designed to withstand the destruction of much of the physical infrastructure that houses it.
So the threat of someone cracking the DNS server and screwing it up in such a way that it wouldn't get noticed immediately could be worse. Let's say you start altering the records. Once that starts to replicate from the root server on down, you can cause a lot of trouble. Do that to just eBay's or Amazon's domain (or gasp! Slashdot's), and you could cause quite a stir.
Say what now? (Score:5, Funny)
While the location of the building is not a true secret -- dozens if not hundreds of Internet addressing insiders know where it is -- it would be difficult for a casual vandal or criminal to stumble across it, Rippe said.
And the casual vandal or criminal would be interested in it because?
For crying out loud, a 1 second Google search on "Verisign NOC" reveals the COMPLETE ADDRESS in a PARTY INVITATION!?!? in the very first result!
Yeah, I feel safe.
Taking down enough DNSs... not easy! (Score:5, Informative)
I found a link to the same pic on the net:
cs.ucla.edu [ucla.edu]
...or maybe just nuke the whole area and you take down 6 of them
Why go for the hardware? (Score:2)
Just snipping the connection between these machines and the rest of the world would suffice. I hope its more complicated than it sounds, but each of those machines has to plug into something, right? Just find where that something (all 10 zillion fiber cables or what not) exits the building in which it is housed and SNIP! All done!
Re:Why go for the hardware? (Score:2)
Re:Why go for the hardware? (Score:2)
I would not be surprised if they have a microwave relay backup available.
Heh... A huge dish on the top of the building... I guess it fits in perfectly with the "security through obscurity" model. No one will ever notice that!
If this is the case, that might even easier to take down (if this was the backup), its quite easy to destroy an object outside of a building from the outside.
8 out of 13 (Score:3, Interesting)
Where did this magic number 8 out of 13 come from?
Re:8 out of 13 (Score:2)
Overrated (Score:4, Insightful)
As briefly noted in the Post article, the DNS infrastructure, like most essential net technology, pretty much doesn't have any single points of failure. It's immune to local physical attacks or natural disasters. The article is just a sensationalist trip into a modern high security datacenter full of Ooh-ing and Aah-ing, and doesn't have much relevance at all to the security or stability of the 'net.
Only one machine? Hardware failure? (Score:3, Insightful)
a slowdown? (Score:3)
Ummm... no. It wouldn't slow down. DNS resolution would stop. Thats it. Most users might think the entire internet came to a complete halt, but thats not the case.
Re:a slowdown? (Score:3, Informative)
Uhm...what?!? I don't think so...even if all 13 root servers died, DNS resolution would -not- stop. The world's DNS servers rely on the root servers for updates, not for connectivity...if the root servers died, the hierarchically lower servers would keep on truckin', and simply wouldn't be updated until someone promoted a new server to root status.
Near Dulles Airport... (Score:2)
Hows THAT for security?
-db
Hrmm Interesting... (Score:3, Insightful)
"> How often do you guys "flush" your database so
that expired domain names
> become public again? There are some domain names (even ones I've owned
> but not renewed that after a year are still in the database)."
and they say:
"Please know we genuinely want to help you in this matter.
In order for us to assist you please send the following to:
customerservice@networksolutions.com
a) A detailed description of your concern or question
b) The domain name
c) account number (if applicable)
d) Any NIC tracking numbers you may have received. These
appear in the subject line of the header of all messages
sent from VeriSign (example: NIC-010409.3ee1)"
What Ever! I included more then enough information in my e-mail. Perhaps the fact that Verisng is "god" of internet domains and NSI is the reason they haven't expired domains that have expired since 1 - 1 1/2 years ago!!!?!?
Not too important (Score:3, Insightful)
root-servers vs gtld-servers vs cc-servers (Score:5, Interesting)
The root-servers know where to find everything which is below the root (like com, edu, net, nl, au, cn, tw, us).
The gtld-servers (global top level domain, i.e. the non-country codes) know where to find everything which is like philips.com, freebsd.org and berkely.edu.
The country-code-servers know where to find xs4all.nl, org.au and co.uk.
In the past I've made a small tool called dnstracer [mavetju.org] (shameless plug) which shows you what queries your DNS server is doing to get the answer for a hostname.
If you play a little bit around with it you'll see how easy it is to live without connectivity to the root-servers.net machines, thanks to caching etc. Well, for the first two days that is
Forget the NOC (Score:3, Insightful)
In any security situation all you would need to find is the weakest link. It doesn't matter how well that building is protected it needs to comunicate with the world and therfore this issue is more complex than it sounds.
OUTLOOK (Score:2)
Hugs (Score:3, Funny)
Forget the bomb. What techie wouldn't get a boner for the chance to "hug the A root"?!?
Idiot Spokesman Quote (Score:2)
"The reason why you're seeing such a focus on VeriSign is that the safety and the integrity of these systems needs to be analyzed and needs to be improved upon regardless of how safe they currently are." -- Commerce Department spokesman Trevor Francis
No matter how good it is, we need to improve it. That makes a whole lot of sense. 'Hey people, we're doing something to make you safer!'. What a bunch of loons.
Slashdot IP (Score:4, Funny)
Psh! I don't care if all DNS servers collapsed! I've got 64.28.67.150 tattoed on the back of my hand.
Bad Reasoning? (Score:3, Interesting)
Attacking portions of the Internet might make more sense, but I still do not think that terrorists would try to destroy or criple extremely vital portions of the Internet that affect it as a whole.
Re:Next target for terrorists? (Score:2, Informative)
Re:Next target for terrorists? (Score:5, Informative)
The article states that 8 of the 13 root servers (which are located throughout the US) would have to fail simultaneously before internet users would even notice something was wrong. I think that qualifies as "a little redundancy"...
Re:Next target for terrorists? (Score:2)
Throughout the world, I would imagine.
Re:Next target for terrorists? (Score:2)
From the article:
Re:Next target for terrorists? (Score:3, Informative)
Re:Next target for terrorists? (Score:3, Informative)
Re:Next target for terrorists? (Score:2)
Here is the current list:
formerly NS.INTERNIC.NET - A.ROOT-SERVERS.NET.
formerly NS1.ISI.EDU - B.ROOT-SERVERS.NET.
formerly C.PSI.NET - C.ROOT-SERVERS.NET.
formerly TERP.UMD.EDU - D.ROOT-SERVERS.NET.
formerly NS.NASA.GOV - E.ROOT-SERVERS.NET.
formerly NS.ISC.ORG - F.ROOT-SERVERS.NET
formerly NS.NIC.DDN.MIL - G.ROOT-SERVERS.NET.
formerly AOS.ARL.ARMY.MIL - H.ROOT-SERVERS.NET.
formerly NIC.NORDU.NET - I.ROOT-SERVERS.NET.
temporarily housed at NSI (InterNIC) - J.ROOT-SERVERS.NET.
housed in LINX, operated by RIPE NCC - K.ROOT-SERVERS.NET.
temporarily housed at ISI (IANA) - L.ROOT-SERVERS.NET.
housed in Japan, operated by WIDE - M.ROOT-SERVERS.NET.
bbh
Re:Any Smart Company (Score:2)
/read/ the ferkin article.
Re:Distributed DNS? (Score:5, Informative)
Re:Distributed DNS? (Score:3, Informative)
[Your] friendly neighborhood ISP caches the most often used DNS info, and 80% of internet traffic is resolved there...That's why, as the article said, 8 of the 13...
Actually, the reason you'd have to take out 8 of the 13 has nothing to do with caching. It's because the root DNS servers MUST be able to handle three times the peak traffic of any one server at any time; that is, normal traffic, with all servers operating, MUST never exceed 1/3 capacity of the server in question. This is part of RFC 2870 [ietf.org], the RFC that specifies operational details for the root servers. The RFC specifies this level of capacity to provide for redundancy; that capacity means that we can lose 2/3 of the servers without overloading the remaining boxen. 8 is just a shade less than 2/3 of 13, so that's where we get the number.
(Grammar correction mine.)