A denial of service attack on the Internet's root DNS servers that began last night continues to vex users today.

The DNS servers resolve names queries to numbers, and the slowdown should only be apparent the first time a user hits a site. After that, your ISP's cache ought to bypass the issue.

Over at IcannWatch, Michael Froomkin revives Karl Auerbach's proposal of a CD-based "DNS in a box" for such emergencies.

"The proposed CD would have contained the configuration files for BIND plus zone files for a root and selected contents of the big TLDs, plus some sort of wildcard for in-addr.arpa.... but it would have dented ICANN's claim to being uniquely necessary, and besides the idea came from the wrong source," observes Froomkin.

Last year ICANN vowed to take security seriously, and after the latest attack it ought to explain why this is such a bad idea.®