[ih] Re: anyone remember when the root servers were hi-jacked? (fwd)
Craig Simon
cls at rkey.com
Tue Nov 12 11:42:14 PST 2002
I'm including Jon Postel's response to my request for a copy of the
original message he sent out initiating the so-called "test." The note
he sent me included three messages.
It's important to note that the first of these messages -- a statement
to the press -- refers to a test. So does the last of these -- an
operational directive sent to various operators of root zone secondary
servers -- in which Jon stated, "The root zone transfer verification
test has been completed."
However, the directive initiating the action (apparently there was an
earlier email which included the same text, but without a PGP signature)
does not refer to a test. Instead, Jon announced a "small step" in the
"transitions" of the Internet's "management arrangements." Nothing was
said about testing or an expected reversion back to the original
arrangement.
One can argue the case that there were some technical and administrative
aspects of testing going on, but to stress that what occurred was really
a technically-oriented test is to obscure the fundamentally political
nature of Jon's action. Calling it a test of power would be more on
target, but that characterization oversimplifies things as well.
Furthermore, I have a taped interview in which Ira Magaziner says that
during their famous phone conversation, Jon Postel proposed the idea of
using the word "test" as a face saving gesture.
Yes, the message to the press refers also refers to a "transition" as a
justification of the test, but in my judgment, the language is highly
finessed. The statement hints that the "verification" was performed in
support of the government's desires, but it certainly was not. We know
this for certain, in light of the response from the government's officers.
Also, to respond directly to Dave Crocker's note: If the directive was
justified on the basis that NSI was on the verge of "going rogue," then
why even bother to call the directive a test? I'm aware of the very
longstanding worry in some circles that NSI might do such a thing, but
it would be useful to see any documentation that might have prompted the
perception that -- just as the Green Paper was being released --
*URGENT* action was necessary, either to pre-empt NSI, or to be ready
"just in case."
Without such documentation, it's hard to uphold the position that Jon's
primary motivation was a defensive move against possible action by NSI.
And, for what it's worth, his statement to the press makes no mention of
that worry.
It is fair to assume that the USG's agents would have been rather tough
on NSI if it had added any "rogue" zones to the root. I would also infer
that the USG's strong threats against Postel served to constrain NSI's
willingness to risk "going rogue" thereafter.
I agree that the main players of the USG didn't have a particularly
strong technical understanding of how the DNS operated. This largely
explains their reticence to permit operational changes, even as they
interrupted the "engineering community's" own administrative processes.
The government's mantra was "stability," after all.
Magaziner, Burr, et al were willing to intervene because, in their view,
that commmunity's processes had less than nominal legitimacy to
determine the deployment of such important resources. But questions of
responsibility and legitimacy are a different matter.
Dave Crocker wrote:
> Just to add this to the archive for this mailing list:
>
> Things were fragile back then. That included concern over the possibility
> that NSI would go rogue. NSI controlled the master root. The one that all
> others took their data from. Jon needed to test the ability to switch
to a
> different master DNS root, to make sure that there were ways to "route
> around" this concern over NSI.
>
> That's all the test was. Jon was clear about the need for this, weeks
before
> the test. All anyone needed to do was ask him, rather than engage in
> unfounded, inflammatory speculation.
-------- Original Message --------
Subject: Re: The famous test
Date: Thu, 5 Feb 1998 23:27:50 -0800 (PST)
From: Jon Postel <postel at ISI.EDU>
To: cls at flywheel.com
CC: postel at ISI.EDU
Craig Simon:
Hello, i'll send you the statement i've made about it and the actual
messages.
--jon.
1 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
This statement was sent to the press and others that asked about the
test.
==================================================================
Hello:
It is contemplated in the discussion draft issued by the government
that the operation of the root zone will be transferred to a new
organization performing the IANA functions.
While the time period for the transition of operational services to the
new orgaization is rather flexible in the discussion draft, it is
possible that the transition of the root zone operation may be
appropriate very soon.
As a verification that such a transfer can be accomplished smoothly and
without interruption to the operational service, a test is being
performed to rearrange the flow of root zone information. Once this
test is completed the arrangements may revert to the previous
arrangements.
There is very high confidence that these transitions can be
accomplished without impact on the operational service, and experienced
technical experts are assisting in this verification.
It should be understood that there is no change to the data in the root
zone. The contents of the root zone are decided on and prepared in
exactly the same way as they have been, and distributed through the
primary server at NSI (the A root server).
--jon.
=======================================================================
2 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
----- Begin Included Message -----
Date: Wed, 28 Jan 1998 17:04:11 -0800
From: postel at ISI.EDU
Subject: root zone secondary service
Cc: postel at ISI.EDU, iana at ISI.EDU
The following messages is pgp signed by "iana <iana at iana.org>".
-----BEGIN PGP SIGNED MESSAGE-----
========================================================================
Hello.
As the Internet develops there are transitions in the management
arrangements. The time has come to take a small step in one of those
transitions. At some point on down the road it will be appropriate for
the root domain to be edited and published directly by the IANA.
As a small step in this direction we would like to have the
secondaries for the root domain pull the root zone (by zone transfer)
directly from IANA's own name server.
This is "DNSROOT.IANA.ORG" with address 198.32.1.98.
The data in this root zone will be an exact copy of the root zone
currently available on the A.ROOT-SERVERS.NET machine. There is no
change being made at this time in the policies or procedures for
making changes to the root zone.
This applies to the root zone only. If you provide secomdary service
for any other zones, including TLD zones, you should continue to
obtain those zones in the way and from the sources you have been.
- --jon.
Jon Postel
Internet Assigned Numbers Authority
c/o USC - ISI, Suite 1001
4676 Admiralty Way
Marina del Rey, CA 90292-6695
Talk: +1-310-822-1511
Fax: +1-310-823-6714
EMail: IANA at ISI.EDU
========================================================================
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
iQCVAwUBNM/OggXEg/2i5jY1AQFOSgQAmFKo34Ytxi+8R78qG7/2BUP3KdWqH2Aj
zufrv5sYkfQDNeW+02JA5LZT6ZW5AgRgTDJpQkZlKKvBfzD52GCsDpgt1yUdxxUJ
3VfmK48AIEV9LVKAwlDmOqia++cp1nA8Jd7en35HnKAuFVFEKN0fYEq8FHXEAuOJ
TXXrSiVyCHE=
=qZXq
-----END PGP SIGNATURE-----
----- End Included Message -----
3 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
----- Begin Included Message -----
Date: Tue, 3 Feb 1998 22:31:13 -0800 (PST)
From: Jon Postel <postel at ISI.EDU>
Subject: root zone transfer verification completed
Cc: postel at ISI.EDU, iana at ISI.EDU
-----BEGIN PGP SIGNED MESSAGE-----
========================================================================
Hello.
The root zone transfer verification test has been completed.
Please return to the previous method of obtaining the root zone
information from the A.ROOT-SERVERS.NET machine (located at NSI).
This applies to the root zone only. If you provide secondary service
for any other zones, including TLD zones, you should continue to
obtain those zones in the way and from the sources you have been.
- --jon.
Jon Postel
Internet Assigned Numbers Authority
c/o USC - ISI, Suite 1001
4676 Admiralty Way
Marina del Rey, CA 90292-6695
Talk: +1-310-822-1511
Fax: +1-310-823-6714
EMail: IANA at ISI.EDU
========================================================================
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
iQCVAwUBNNf6wQXEg/2i5jY1AQFvMQP+OFAhN1Uge7m2RlUOIROZidF+4poBCtTi
Ax75fOBB1Mcd7FrYfxDQZgz/wq5hTL5JcCNjqu8mJBtBzWbz5DFGKcVlTqrUJko/
uVTx8pInJl0N8Zb9Dg4DT0kaMTJkUBehjJdcQWSs4eEvxmpH9OOFaxHVzXyaGpZa
gP5mdZBjDDI=
=Yp7o
-----END PGP SIGNATURE-----
----- End Included Message -----
More information about the Internet-history
mailing list