Let's assume for a moment that Verisign's wildcards and Sitefinder go
back into operation.Let's also assume someone sets up a popular webpage with malware HTML
causing it, perhaps with a time delay, to issue rapid GETs to
deliberately nonexistent domains.What would be the effect on overall Internet traffic patterns if
there were one Sitefinder site? (flashback to ARPANET node
announcing it had zero cost to any route)How many Sitefinder nodes would we need to avoid massive single-point
congestion?
you may wish to review/examine the AS112 project
materials. I used to run the single instance of
the authoritative DNS service for RFC 1918 space.
We were periodically hammered and discovered an
interesting "local" optimization from one vendor
who did not respect the "negative-caching" timers.
The upshot was that the normal "blow-the-bolts"
tactic that usually compartmentalizes failures
actually aggrevated the problem.
The single instance was migrated to the anycast
model under the AS112 folks.
I am NOT suggesting this simply as an argument against Sitefinder,
and I'd like to see engineering analysis of how this vulnerability
could be prevented.
--bill