RE: .mil domain

Counter: leave everything as it is. If they are willing to provide the
hardware, bandwidth, and administrative costs to run root servers, they can
block whoever they want. Just like if you run a web server you can block
anyone from accessing it that you want. If you don't like it, start up your
own root zone, there isn't anything stopping you.

Not that it matters much in the big scheme of things; most modern resolvers
will give preference to root servers they can actually reach.

I for one am pretty happy with where E, G, and H are. Cogent and VeriSign's
networks can hardly handle power cycles, let alone nuclear wars.

You're either smoking the finest quality crack I've ever seen, or using
the common sense of a flea on dope.

RFC2870, Root Name Server Operational Requirements, quite clearly
   2.6 Root servers MUST answer queries from any internet host, i.e. may
       not block root name resolution from any valid IP address, except
       in the case of queries causing operational problems, in which
       case the blocking SHOULD last only as long as the problem, and be
       as specific as reasonably possible.

I highly doubt that the maintainers of the two .mil hosted servers are
actually blocking queries from them.

In fact, this is very much like saying Mr Vixie and the ISC cannot block
people accessing the remainder of their network, just because they host
a root name server.

Yes, I think I go with the smoking crack option.