Public Forum: Root Server Advisory Committee

Jun Murai reports. Basic introduction to root servers; locations and global distribution of the servers. Had 13 meetings so far. Mostly meet at IETF meetings. Security and stability issue: Root name servers are a distributed system. Carefully desi…

Jun Murai reports. Basic introduction to root servers; locations and global distribution of the servers. Had 13 meetings so far. Mostly meet at IETF meetings. Security and stability issue: Root name servers are a distributed system. Carefully designed robustness. 7 different hardware platforms, 8 different operating systems (Unix variants), from 5 different vendors (?). There are contingency plans for server outages. Kept in professional facilities with strong physical security. Strong social network. Established encrypted network. Number of out-of-band ways to coordinate. Technical guidelines: RFC 2870 for root server operators.

Incident report on DDoS in october. Presents bits per seconds diagram; presentation disturberd by a number of Nimda virus warnings coming up on the presentation screen. Back to presentation: Attack on Monday 21, 2200 UTC. Coordinated distributed DOS attack. No degradation on three servers. Network congestion caused by this attack made several of the servers effectively unreachable. Enough servers remained reachable and continued the service. No reports about user-visible service errors. Health monitoring worked. In 90 minutes some recovered, in 120 minutes all did. Robust and diverse enough to sustain this particular attack. More capacity should be added to the system in order to resist predicted future attacks. Improve communication channels.

DNSsec, IPv6: Skipping some slides. Carefully studied all this. IDN: No impact on root servers expected. Need test period to deploy technology.

Question from Karl about recovery from attack: Recovery due to active measures or because attack stopped happening? Murai: Both. (Other explanations remain extremely unclear.) Cerf follows up: Can we assume that mechanisms used in defending against denial of service attack against any host would ber useful in defending attack. (Norton Antivirus comes up again; Murai: “I don’t know how to stop that, but I think I know how to stop the root server attack, I hope.”) Primititve way: Identify traffic, remove or filter traffic. Andy MM: Can data be distributed from something else than the A root? Murai: Design new structure of distributing original root zone file to the server. Has been tested in non real-life server basis.