Thanks, Dean, Another disadvantages of current IPv6 Root DNS architecture is easy to attack, and even local domain names are unreachable when root servers can not be accessed. For example, the fibre cables connecting US with China was broken by earthquake, then almost all web pages was unreachable even the machine was in China because of root servers are located in USA. The draft "draft-licanhuang-dnsop-distributeddns-04.txt" can solve these problems
Lican ÔÚÄúµÄÀ´ÐÅÖÐÔø¾Ìáµ½: >From: Dean Anderson <[EMAIL PROTECTED]> >Reply-To: >To: Paul Vixie <[EMAIL PROTECTED]> >Subject: Re: [DNSOP] I-D ACTION:draft-licanhuang-dnsop-distributeddns-04.txt >Date:Tue, 24 Jun 2008 20:39:10 -0400 (EDT) > >Dr. Lican Huang > >It is perfectly clear now that the current IPv6 Root DNS architecture is >deeply flawed. It is strange that Paul Vixie asserts that there are no >future load problems, since Paul Vixie has previously asserted that DNS >Anycast is a solution to these future load problems. RFC1546 states, and >it has been experimentally demonstrated that Anycast doesn't work for >TCP connections. Recent discussion on NANOG has shown that operators >were under the mistaken impression that only AXFR uses TCP, and that >ordinary DNS queries are never performed over TCP. Perhaps this >explains why they think that DNS Anycast might be stable when TCP >Anycast is not stable; it seems they think (incorrectly) that DNS only >uses UDP. > >Furthermore, in support of Dr. Lican Huang premise: As IPv6 records are >added to already limited priming and NS responses at the expense of IPv4 >servers, IPv4 stability is reduced. Any reduction in the number of IPv4 >servers in these responses imposes stability problems on the respective >IPv4 root, TLD, and other Domains. On the other hand, adding fewer IPv6 >nameservers in NS and priming responses similarly compromises IPv6 DNS >stability. This is a hobbsian choice. This choice is only imposed >because of the mixing IPv6 and IPv4 records on the same set of root and >DNS servers. There is no need or requirement for such mixing. Using >entirely separate IPv4 and IPv6 resolvers avoids the hobbsian choice >caused by the mixing. > >So, I think that a complete set of IPv6 root nameservers should be >created, and that the scalability solution proposed by Dr. Lican Huang >should be seriously considered as a solution to the scalability problems >already experienced in IPv4, so that IPv6 DNS over TCP can be handled >reliably. > > --Dean > > >On 24 Jun 2008, Paul Vixie wrote: > >> >> thank you for your work on this. i find no support for this assertion: >> >> 1. Introduction >> >> Although DNS becomes a vital component in today's Internet >> infrastructure, the existing DNS architecture will encounter >> problems in the future for the growth of the Internet. >> ... >> DNS implementation currently used may encounter overload traffic >> in root DNS servers. ... >> >> therefore while i find your proposed solution to be of high quality, there >> is a cost in overall system complexity for adding a virtual routing layer to >> the DNS, which would have to be justified by a much more complete problem >> statement and an objective analysis of more than one alternative. >> > >-- >Av8 Internet Prepared to pay a premium for better service? >www.av8.net faster, more reliable, better service >617 344 9000 > > >_______________________________________________ >DNSOP mailing list >DNSOP@ietf.org >https://www.ietf.org/mailman/listinfo/dnsop >
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
