[dns-operations] FreeBSD and the slaving of the root zone

bmanning at vacation.karoshi.com bmanning at vacation.karoshi.com
Wed Aug 1 16:45:13 UTC 2007 

On Tue, Jul 31, 2007 at 10:36:50AM -0700, David Conrad wrote:
> On Jul 31, 2007, at 9:13 AM, Edward Lewis wrote:
> > At 15:50 +0000 7/31/07, Paul Vixie wrote:
> >
> >> it's not my turn.  does everybody else think this is a good idea?   
> >> start
> >> with the fact that root nameservers renumber from time to time,  
> >> and go from
> >> there.
> >
> > Let's start with the potential renumbering of the root servers.
> 
> Perhaps I'm dense, but I don't see how renumbering root servers is a  
> big deal in this context.  Renumbering root servers is already hard.   
> I'm not sure why this would make it any harder.  Of course, the  
> difficulty in renumbering root servers argues for the /32s and /128s  
> for root service to be fixed in concrete (that is, becoming  
> essentially protocol elements standardized in an RFC), but I know  
> some of the root server operators get the twitches when I raise this.

	renumbering is not hard (having done it a couple of times
	over the years) but performing tricks like these (local zones,
	hardcoding IP's) certainly reduces flexability/agility and
	re-enforces a requirement for top-down, centralization.

	one might argue that rigid, top-down, central planning is
	an impediment to inovation and growth. one might also argue
	that without rigid, top-down, central planning (casting IP's
	in concrete) - the Internet as we know it will cease to be.

	both arguements may be right.

> > An upside of having the root zone local is that the recursive server
> > (assuming that's the function to cite) will not recurse to the root.
> > Not for "good queries" and not for "bad queries."
> 
> Upsides include:
> - greater decentralization that should reduce load

	is loading a problem?  what numbers do you have to back this
	implied assertion?  (for example, reducing the load from 0.2% to 0.0098%
	does not seem credible)

> - DDoS attacks against the root servers would have less impact

	on the contrary, the effect is that there are many, many, many more root
	servers out there, so the impact is more broadly deluted. One might
	be more concerned with the root SERVICE than any given root server.
	imho, that pov would be the most productive.
	
> Downsides include:
> - increased load on the root servers as a result of the zone transfers
> 
> This downside could be alleviated by having the zone transfer source  
> be different than the actual root servers.
> 
> Rgds,
> -drc
> 
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.oarci.net
> http://lists.oarci.net/mailman/listinfo/dns-operations

More information about the dns-operations mailing list