I’m going to make a giant proposal to the web. Identifiers suck. Email, IM, Phone, etc. Most people have more than one of each. Lets fix that. Step by step.
Several weeks ago the root servers were attacked. CNet is running a story that says Anycast played a role in preventing larger problems.
It would be interesting to see if all the root servers switch to Anycast. Where would the new distributed servers go? Does Verisign etc. own that many data centers? Or would they be in data centers and colo’s all over the world?
There is an interesting slideshow (PDF link) that discusses the effects of switching k-root to Anycast. It doesn’t really go into foiling DoS attacks though.
The root servers were attacked this morning. My guess would be few (if any) really felt the effects. This just goes to show that the net, despite being a distributed mess of networks still has a few critical points in its infrastructure. They didn’t take them down, and didn’t even get them all. Here’s a creepy graph. For the record there are more than just the physical A-M servers. C,F, I-K, M are using anycast so they are distributed among many networks, making it even more redundant, and closer to most users. Because it was done by a botnet, and all but one of the targets were using anycast (according to Wikipedia), the load would be distributed across the servers, making it even harder for an attack to succeed.
RFC 1918 defines the following IP blocks as designated for private intranets:
10.0.0.0 – 10.255.255.255 (10/8 prefix)
172.16.0.0 – 172.31.255.255 (172.16/12 prefix)
192.168.0.0 – 192.168.255.255 (192.168/16 prefix)
I think it’s about time we have the same thing for DNS, for example:
The logic is as follows.
.dev for intranet based development instances of a site. For example this website’s dev instance on my intranet is
.intra for intranet url’s such as
yourdomain.intra. This can be used for any intranet purpose (internal homepage, email system, blogs, wiki, etc.).
This is a much more logical system than using intranet DNS servers to hijack a domain for internal purposes, or reserving subdomains for the purpose.
Someone should go pester ICANN about such a standard. Btw:
.local is stupid, if it’s local, it’s localhost.
Seems google.com is down. Who turned off the lights? I wonder what happened? Did Googlefox cause a power surge?
Update #1 [7:13 PM EST]: It’s DNS related as this still works.
Update #2 [7:15 PM EST]: Seems to be coming back now.
Update #3 [7:39 PM EST]: Engadget suggests a DNS Hack, perhaps poisoning, but that’s unlikely as the site they are talking about is likely www.google.com.net
Domain-name registration surges according to a CNET news article.
How much is legitimate, and how many are just blog/email spammers treating domains as disposable?