Hello,
ICANN has posted a *cough* "factsheet" *cough* on the recent DNS
attacks, see:
http://blog.icann.org/?p=37
http://www.icann.org/announcements/factsheet-dns-attack-08mar07.pdf
The timing of the report is perfect, as I just posted:
http://gnso.icann.org/mailing-lists/archives/ga/msg06114.html
Everytime I see these reports of "attacks", my wallet starts to tingle,
as the scaremongering seems to always result in later demands for "more
money".
I'll take issue with 1 specific example of disinformation. On page 2,
it says "In theory, if even one of the 13 root servers is up and
running, then the Internet will continue to run unhindered as the
directory will still be visible to the network."
This is very misleading. Indeed, due to caching, the internet can
function with only minor hiccups if ZERO root servers are up and
running. The root zone file is very tiny. You can see a copy of it at:
http://www.internic.net/zones/root.zone
How long did that file take to load? Not long, since it is only 68
KBytes in size! And, if you ignore all the minor banana republic
countries and TLDs, there really is much less "important" information
in that 68 KByte file (i.e. due to Zipf's law, see:
http://nms.lcs.mit.edu/papers/dns-ton2002.pdf
http://www.cs.cornell.edu/people/egs/papers/codons-prenanog.pdf
http://en.wikipedia.org/wiki/Zipf's_law
i.e. for most people, .com, .net, .org, .gov, and a few major ccTLDs
matter most).
What's really important is what happens when the "cache" is stale (i.e.
the time-to-live (TTL) of the data has expired). Using a telephone book
analogy, the "TTL" is related to "how often you should check to make
sure that a phone number has changed." DNS itself can be considered
like a hierarchical directory of phonebooks, i.e. the root is the
directory of addresses of where to find the white pages for each
country (or city), all the way down to the local city phonebook which
is typically published once per year.
Of course, with DNS, the "TTL" is typically a lot less than the 1 year
of physical phonebooks. However, this notion that the internet "breaks"
if zero root servers are available is like saying that the telephone
system will break if you don't get a copy of this year's phonebook.
An expired cache is similar to using the 2006 phonebook, instead of the
current 2007. If you look up my phone number in 2006's phonebook, or
even 2005's whitepages, you'll be fine, as the number is the same as it
for me in 2007. For a few people, though, the number will be incorrect.
In a DNS context, thus, having expired cache data need not be greatly
costly. For example, the IP address for ICANN's website has been the
same for the past 2 years:
http://whois.domaintools.com/icann.org
IP History: 1 change. Using 1 unique IP address in 2 years.
I suspect you'll find ICANN's website at 192.0.34.163 tomorrow, and the
day after that too...these things don't change very often.
For its nameservers: NS History: 6 changes. Using 3 unique name servers
in 6 years.
Our pals at VeriSign:
http://whois.domaintools.com/verisign.com
IP History: 1 change. Using 1 unique IP address in 2 years
NS History: 2 changes. Using 2 unique name servers in 5 years.
So, what *really* matters is how often the data in the root zone file
changes. That will determine how much damage occurs if a stale cache is
used (i.e. like the damage that would occur if you used 2006's
phonebook instead of 2007's). I suspect most TLD operators are not
constantly renumbering their networks, so the root zone file should be
changing very slowly over time, and ICANN should provide data to prove
otherwise. Indeed, if the root zone was static, and non changing, we'd
have no need for root zone servers at all. Since memory and hard disks
are cheap these days, caching is *very* cheap (68 KB is trivial),
indeed one can have a basically infinite cache (or multi-Gigabytes at
the very least).
The 2nd prong is distribution of the root zone file. Back in the early
days of the internet, there was no BitTorrent. There was no RSS. There
is no reason that the 68 KB file at the heart of the internet could not
be distributed to the biggest ISPs using alternative measures. e.g. do
you really think that AOL couldn't get a copy of the 68 KB root zone
file (to serve its 20 million users) through some "push" mechanism like
RSS or even email, or "pull" methods like FTP or BitTorrent? Heck, you
can even have a dialup modem distribute the 68 KB file to AOL just like
the Fidonet BBS days of the 1980's. The same goes for other big ISPs.
The reliability of those torrent networks in serving up movies and
music show that they're highly scalable and resilient to attacks (if
they were easily attacked, I assume the MPAA and RIAA would have taken
them down by now). How difficult would it be to serve up 68 KB files
(signed appropriately, to ensure authenticity) to thousands, if not
millions of users? Too trivial to ponder, if there's a will to do so.
What percentage of the internet worldwide users would be represented by
the top 1000 ISPs? I suspect more than half, and if not, it wouldn't be
hard to scale this to the top 10,000 or 100,000. How many millions of
people receive multi-megabyte Windows or Mac operating system security
updates daily, without incident?
Instead of fear-mongering and trying to justify its exploding $30+
million annual budget:
http://gnso.icann.org/mailing-lists/archives/ga/msg06091.html
with pretty graphs, ICANN should talk about real solutions. Real
solutions don't put caviar on the table for lazy bureaucrats, but they
definitely benefit the public through lower costs and greater
reliability.
Sincerely,
George Kirikos
http://www.kirikos.com/