[rssac-caucus] NSID or other identifying support by rootops?
Warren Kumari
warren at kumari.net
Mon Sep 21 19:24:57 UTC 2015
On Mon, Sep 21, 2015 at 2:58 PM, Paul Hoffman <paul.hoffman at icann.org> wrote:
> Greetings again. In a definitely non-exhaustive survey, it appears that F,
> H, K, and L respond to the EDN0 NSID (RFC 5001) query.
>
> 1) Are there others that do so, at least on some of their hosts?
>
> 2) Are there rootops who do per-host identification in some other way?
>
> 3) Is this an appropriate topic for the RSSAC Caucus?
I think one of the questions is "should rootops expose this information" ?
I can see 2 sides:
1: it makes debugging easier ("My latency to f.root-servers.net just
went from 22ms to 143ms?! Oh, I'm now hitting the node in Timbuktu...
", "The I root node in Uzbekistan is returning 123.123.123.1 for
queries that contain www.facebook.com... hmmmm...." )
2: it *may* make attackers lives easier -- could attackers try select
bots that all hit a specific node to disrupt in a specific area?
Personally I think that the information should be made available, but
I'm not really sure, nor do I know if this is something that RSSAC
should have a view on or if it should be left to each operator.
I'm wondering if this has already been discussed in RSSAC? I don't
remember seeing it on the Caucus list...
W
>
> --Paul Hoffman
>
> _______________________________________________
> rssac-caucus mailing list
> rssac-caucus at icann.org
> https://mm.icann.org/mailman/listinfo/rssac-caucus
>
--
I don't think the execution is relevant when it was obviously a bad
idea in the first place.
This is like putting rabid weasels in your pants, and later expressing
regret at having chosen those particular rabid weasels and that pair
of pants.
---maf
More information about the rssac-caucus
mailing list