[stefan_]

Why on earth is there someone with shell access to the DNS root zone and running tcpdump?

[pilif]

how would they maintain the root servers and correct issues without shell access or tcpdump? Make blind guesses and restart the server until the problem goes away (it won't)?

No matter how high-profile the environment, eventually, the rubber will hit the road and some human will be in a privileged position to be able to fix a problem.

That is true for every single service out there. Yes. Including Gmail. Including AWS. Including Twitter. Everywhere.

Depending on size and profile of the service it's more or less people in need of jumping through more or less hoops to get there, but this must be true for any service.

Always keep this in mind when you make the decision to move your data to a cloud service.

[stefan_]

Why is a server with a problem still part of the root zone? And no, this is absolutely not the case for serious operators. Access to production systems is highly regulated.

[nickelpro]

Yes, highly regulated access with lots of hoop jumping, that's what they said. And there exists a person who has jumped through all the hoops and has that access. And that hoop jumping person ran tcpdump on the root server.

[parliament32]

I don't want to make this a personal attack, but it really sounds like you haven't done much work in a real production environment in a high-sec company. There may be a lot of red tape and safeguards in place, but you will always have someone with access to do anything, anywhere. It's the only way to respond to "interesting" incidents.

[teddyh]

OK, so say you remove it, and the problem goes away. Now what do you do? How do you find out what was actually going on?

[gsich]

How do you remove it?

[fanf2]

This study used the DITL “day in the life” DNS data collection exercise https://www.dns-oarc.net/oarc/data/ditl which is formally organized regular research activity.