[sdnog] DNS root server in Sudan
Nishal Goburdhan
nishal at controlfreak.co.za
Wed Feb 18 16:25:59 SAST 2015
Manhal Mohammed wrote:
> what i want to ask about is : who are the operators that run those two
> DNS root servers ? because when i checked the root-servers map , i found
> that the D root is operated by University of Maryland ; which as we can
> see under the US law !!
hi manhal,
the URL that you have at the bottom does indeed show the current DNS
root operators.
"D" is operated by the university of maryland
"E" is operated by NASA (also a US based organisation)
to be clear, PCH does *NOT* operate any DNS root services; PCH operates
their own anycast DNS services. they also provide bare-bones
infrastructure, that enables DNS operators to benefit from their
wide-spread presence, without having to roll out their own
infrastructure. which, if you're going to do globally, costs quite a
bit to maintain. you can read more about PCH at http://www.pch.net.
but i digress ... :-)
> is that can affect us as a banned country by the US government ? " as
> i know root DNSs are not govern under any country law ".
i am not a lawyer, so i'll only provide technical advice.
is your concern that, as a trade-embargoed country, you could be fed
wrong information from the local DNS roots? (that would be my concern...)
it's super-easy to check. remember that the DNS root is signed now, so
you *can* perform DNSSEC validation of the data that you are getting.
you *should* be doing this; it's a Good Thing (even my laptop runs a
DNSSEC validator[1])
if you run a network learn how to do this for BIND here:
http://users.isc.org/~jreed/dnssec-guide/dnssec-guide.html
if you're just after the juicy bits, look here:
https://dnssec.surfnet.nl/?p=402
...and the same article provides a link to how to do this for unbound as
well. once your software is validating, you should be able to verify
quite easily, the integrity of the data that you are getting.
please don't take my word for it. go ahead and do it. it's good for
you, and good for the internet as a whole. and no, it will not break
your network...
> and last question , why i can't see the E root server on the map at this
> link http://www.root-servers.org/ ?
not all the DNS root operators provide this level of information.
simply put, they are not required to. "B" for example, is famous for
being very secretive; in earlier versions of this website, you would
see that "B" was hosted in the atlantic ocean just outside nigeria ...
(of course this isn't where it was; that was just the 0,0 longitude and
latitude position - a joke, really...)
besides, this is a website, so it means that someone/something has to
actually update this, and co-ordinating this between the 12
organisations that operate DNS roots is sometimes a lot of work...a good
way to see the data from a *network* perspective, is to look at the
analysis taken from live network devices...i'm sure you see where i'm
going with this - look at the atlas.ripe.net pages.
there are many presentations that show how atlas data was used to find
"B"'s approximate location :-)
--n.
More information about the sdnog
mailing list