[dns-operations] the thread of the week
Ed.Lewis at neustar.biz
Thu Aug 2 14:12:15 UTC 2007
Having tried to consume as much of the thread on FreeBSD's slaving of
the root zones as possible I wanted to add a few things.
1) Besides preventing junk from getting to the root server operators,
slaving the roots locally also means more reliable access - i.e., if
the information is local then network events (link down, packet
flood) between the resolver and the root are not an obstacle.
1a) A good example to me of this was a network demonstration I
participated in for DARPA in 2000, at an Active Networks conference.
I hoped to be able to provide a reference to a document on this
lesson learned but haven't found a reference to give.
1b) In Tannenbaum's textbook on networking there is a discussion on
the design of a transport protocol that is very applicable. One of
the sub-optimal solutions to setting up end-to-end state is a network
was to limit the scope of the underlying network. Obviously
ludicrous, the optimal solution eventually revealed is the three-way
handshake. Still, the notion that simplifying the underlying network
has some alluring ideas - and in this case - having everyone slave
the roots simplifies the underlying network during the operation of
queries and responses.
I think that there is a general underestimation of the advantages of
locally slaving roots. OTOH, Mark Andrews has expressed full support
(for one), so I don't think it's that none of us see the advantages.
2) A solution to retrieving the zone does not need to rely on the SOA
parameters, the implementer can refresh by other means. The zone
could be checked (query for SOA) every so often.
3) As much as it is startling than an OS vendor would make a
wholesale change to the way their product works, I also find it
startling that root zone operators can unilaterally place
restrictions on the access to the root zone they publish in the
public interest. As much as the OS vendor did not consult it's
customers, did the root operators consult with their customers?
3a) As far as I know, the root operators do not have a public forum
to discuss their services, there is no place for the public to make
requests of the root operators as far as service levels, etc - and
let me emphasize here "as far as I know." I do know of
http://www.root-servers.org/, but I am told that is not an official
representation of the root zone operator community. There's no
"contact us" link there, for instance.
4) We often talk of wanting stability in the network. If that is a
goal and we feel that the network is too unstable (in the sense of
churn) to make locally slaved infrastructure zones (like the root)
feasible, we have a large fish still to fry - namely making the
network stable. Once it is indeed stable, then the fears that local
copies are stale diminish.
4a) What's the difference in not getting a root zone copy for 24
hours and having a stale cache entry with a TTL of 24 hours?
These are just some observations from reading the thread over the
past few days.
Edward Lewis +1-571-434-5468
Think glocally. Act confused.
More information about the dns-operations