According to this page, both F-root servers in China are "local nodes",
meaning they don't advertise their route outside of the ISP they are
connected to.
In fact, all copies of F-root except 2 (below) are local nodes, and the
two that aren't, are quite close geographically. ISC doesn't publish the
customers or sites of these two servers, either.
PAO1 Palo Alto, CA, USA IPv4 and IPv6 Global Node
SFO2 San Francisco, CA, USA IPv4 and IPv6 Global Node
And we don't know if the two servers in China are in the same ISP in
different physical locations, or if they have different ISPs.
What Hierachical Anycast (the scheme variant used by ISC) in this case
means, is that a user in China may see either 3 or 4 F-root servers
(depending on how the two China F-root copies are deployed--a fact that
ISC does not report). Indeed, it is possible that some users in China
may only see the 2 global copies, both of which are located in the SF
Bay area. Any disruption between or involving China and the SF Bay area
would isolate many users in China from F-root, so Dr. Huang's
hypothetical scenario is indeed possible. Anycasting F-root would not
help *nearly* as much as is asserted by ISC. They seem to be talking
out their backside, as it were.
BTW, the two China ISPs that purchased copies of F-root could
alternatively run their own copies of F-root privately, if only ICANN
were to publish the root zone publicly instead of only to root server
operators. Indeed, if this information were public, all ISPs could run
their own private copies of root servers this way, and we could dispense
entirely with global root servers, and the threat on global root
servers. One wonders why ICANN/IANA doesn't publish this root DNS
information for public consumption.
--Dean
On Wed, 25 Jun 2008, Joao Damas wrote:
>
> On Jun 25, 2008, at 10:58 AM, é»çç¿ wrote:
> >
> > For example, the fibre cables connecting US with China was broken
> > by earthquake, then almost all web pages was unreachable even the
> > machine was in China because of root servers are located in USA.
>
> Not so. Have a look at http://www.isc.org/ops/f-root/ for the part
> that refers to f.root-servers.net
> There are at least 2 other Internet root server instances in mainland
> China, and additional ones in the Hong Kong area.
> Lack of access to root servers was definitely not at the source of any
> unreachability.
>
> Joao Damas
> ISC
> _______________________________________________
> DNSOP mailing list
> DNSOP@ietf.org
> https://www.ietf.org/mailman/listinfo/dnsop
>
--
Av8 Internet Prepared to pay a premium for better service?
www.av8.net faster, more reliable, better service
617 344 9000
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
