The CORE DNS and whois service are distinct parts of the SRS. The SRS
processes transactions for registrars, and keeps a database. The
zone files and whois masters are generated from that database and
distributed to DNS/whois servers at other sites..
The notion of "root servers", "secondaries", "primaries", and so on
are all DNS issues, and that part of the system really was not
impacted by the theft (as I understand it).
The security issues for the registration database are quite different
than the security issues for the DNS/whois service -- a 24 hour delay
in registering names is an inconvenience, a 24 hour delay in DNS
queries is an absolute disaster.
Registration database: The system is designed so that delayed requests
are queued at the registrar (at least it was when I was involved). So
the bottom line is that if you can rebuild the system in 24 hours at a
different location you probably have adequate security. To do that
you need 1) distributed warm backups of the current databases, 2)
distributed copies of the software and configuration data, and 3)
machines that can be converted to the purpose in a short time (and for
a relatively short time, probably, since the primary site would
certainly be insured and rebuilt).
DNS/whois:
The issue here is high availability. Multiple redundant distributed
servers are necessary. This can easily be subcontracted to a variety
of entities, including some of the registrars.
-- Kent Crispin, PAB Chair "No reason to get excited", kent@songbird.com the thief he kindly spoke... PGP fingerprint: B1 8B 72 ED 55 21 5E 44 61 F4 58 0F 72 10 65 55 http://songbird.com/kent/pgp_key.html