March 9, 2007

ICANN's DNS Attack Fact Sheet

It is good that ICANN has prepared a "fact sheet" about the recent attacks on DNS root servers.  Personally I would have preferred something with a lot more technical substance and less of a tutorial, but this is a lot better than nothing.

However, there are a couple of points to note.

First, and most importantly, by publishing this document ICANN is implicitly making a statement that ICANN has something to do with the technical stability and robustness of the primary system of DNS roots.  Much as many at ICANN might want to believe that such is the case, in reality ICANN has divorced itself from such matters and they have fallen, by default, to the independent root server operators.

In other words, when it comes to the actual operational technical reliability and security of root layer DNS, ICANN is a mere observer not a principal.

Second is that the credit for deploying anycast technology goes to the root server operators, not to ICANN.

(When I was on ICANN's board (which was pre-anycast of DNS roots) I tried to raise the question of whether ICANN should encourage experiments with this technology.  I was met with an institutional yawn.)

Posted by karl at March 9, 2007 1:30 AM