Quoting Ian Smith on Sunday March 05, 2006:
| "Today we are protected against malevolent DNS not by institutions but by
| people.  Today all that protects us is the good will of the people who
| have their hands on the buttons of the top (root) and intermediary (TLD)
| DNS servers.  Those groups who, through historical chance, run one of the
| 13 root servers happen, are, for the time being, honorable and
| public-minded.
| 
| "But times change, people change.  And sometimes people, or organizations
| are coerced to depart from past behavior.  One of the great failures of
| internet governance under the hand of the US Department of Commerce and
| it's unacknowledged offspring, ICANN, is that the root servers are
| answerable only to themselves."

Of course, one shouldn't forget the ability for ISPs to "route around
damage" and stop using a particular root server.

Besides, if a root operator went rogue, one would think the delegation in
the root-servers.net zone would quickly be altered to someone else.

And finally, if this were to ever to occur it would be the impetus for
deployment of DNSSEC quick smart. Then the chain of trust would be
broken and the alternate data would simply fail to work.

I only glanced at Karl's posting, but one of its 'facts' jumped out at me
as being suspect:

> Before answering that I'd like to mention some aspects of root servers:
> First is that each root servers only see a small portion of all DNS
> queries.  Root queries are spread among 13 servers (or more accurately,
> 13 groups of servers)  - thus there is about a 7.7% chance that any
> given query will land on any given root server. 

Access to the root servers is not commonly round-robinned or otherwise
evenly weighted. Thus there is about 0% chance that there is a 7.7%
chance that any given query will land on any given root server.

kim