In an effort to protect the Internet from future hacking attacks, VeriSign
(Nasdaq: VRSN - news) has moved one of the Net's root servers to an
undisclosed physical and virtual location.
http://story.news.yahoo.com/news?tmpl=story2&cid=620&ncid=738&e=9&u=/nf/2002
1108/bs_nf/19918
Funny read.
Signed,
Gil
It's kept under Vice-President Cheney's bed. You can't get more
undisclosed than that.
- Daniel Golding
It's kept under Vice-President Cheney's bed. You can't get more
undisclosed than that.
The Verisign delima, do they bus the politicians to undisclosed location
"A" to have their pictures taken with a root server; or to undisclosed
location "J" for their photo-op?
From tha archives, "J" was only supposed to be at NSI for a temporary
period before moving to a different location (and organization), much like
"L" and "M" moved to LINX and WIDE after a brief period at ISI and NSI.
The real question isn't why "J" has moved a few miles to a different
Verisign building, but where in the world should "J" move?
From my limited understanding of the data, Hong Kong appears to be the
most technically sound location for a new root server. Asia-Pacific rim
is heavly dependant on "M" now. Yes, a lot of A-P traffic is exchanged on
the west coast of the US. But HK is probably the second most central
telcomm location for the regiona. South America, Africa, Russia, India
have lots of people, but aren't very central network-wise. Root servers
need to be able to serve the world, not just a local region or country.
The real question isn't why "J" has moved a few miles to a different
Verisign building, but where in the world should "J" move?
i have been pushing bejing for a few years. except it would be
nice to have built some operational understanding and trust with
those folk first, perhaps by asking them to secondary arpa for a
while.
randy
Hi Everyone,
We have a customer who needs to be able to identify unused tails throughout
their large Cisco-based network. What are the groups thoughts regarding a
bullet-proof set of characteristics that could be used to 'discover' unused
tails?
(using SNMP queries and/or telnet/ssh access to the devices)
I guess clocking would be a good start......
regards,
Matthew.
Would that be in front of, or behind Big Red (firewall)?
Seriously...would their policies affect the integrity of the root zone server files?
> The real question isn't why "J" has moved a few miles to a different
> Verisign building, but where in the world should "J" move?i have been pushing bejing for a few years. except it would be
nice to have built some operational understanding and trust with
those folk first, perhaps by asking them to secondary arpa for a
while.
China! I agree. Bejing or Hong Kong is a toss-up.
It won't be long till most of us on NANOG will know where geographically
it's located. The network community is not that big, and thanks to the
various trade related conferences fairly closely knit, that if you really
wanted to know, someone at verisign will tell you which building it's in.
Secrecy of where it's located isn't really going to stop the ddos attacks,
most packeters know how to do a traceroute, and slam the routers a few hops
in front of host. And it's kind of hard to run into a data center with a
bucket full of water anyways, even if you knew which data center and rack it
was located in.
Sameer
:
:Would that be in front of, or behind Big Red (firewall)?
:
:Seriously...would their policies affect the integrity of the root
:zone server files?
Rhetorical question? 
Obviously, such a move would be unrealistic if subjective filtering could
affect the viability of J. I'm sure the powers that be in that region
would understand that.
I'm partial to Randy's thoughts regarding trust; though, Hong Kong would
seem, for many (albeit political) reasons to be a better/simpler choice.
IMHO, of course.
:
:At 15:43 -0800 11/8/02, Randy Bush wrote:
:>> The real question isn't why "J" has moved a few miles to a different
:>> Verisign building, but where in the world should "J" move?
:>
:>i have been pushing bejing for a few years. except it would be
:>nice to have built some operational understanding and trust with
:>those folk first, perhaps by asking them to secondary arpa for a
:>while.
:>
:>randy
Thus spake "Gil Cohen" <gcohen@saturnbandwidth.net>
In an effort to protect the Internet from future hacking attacks, VeriSign
(Nasdaq: VRSN - news) has moved one of the Net's root servers to an
undisclosed physical and virtual location.
Maybe I'm missing something... J's "virtual location" aka IP address is now
available from every DNS server in the world, not to mention the public
announcement that VeriSign made to various lists. How is this undisclosed?
S
Stephen Sprunk wrote:
Thus spake "Gil Cohen" <gcohen@saturnbandwidth.net>
In an effort to protect the Internet from future hacking attacks, VeriSign
(Nasdaq: VRSN - news) has moved one of the Net's root servers to an
undisclosed physical and virtual location.Maybe I'm missing something... J's "virtual location" aka IP address is now
available from every DNS server in the world, not to mention the public
announcement that VeriSign made to various lists. How is this undisclosed?
And how does it help anybody if a root server's address is made secret?
Wouldn't an off-line backup be just as useful and cheaper to implement?
-- David
You know that, and think it's silly. I know that, and think it's silly.
But it keeps the CEOs from getting distracted from their "management by
buzzword" path. Something Is Being Done, and It's All OK Now.