[dns-operations] the thread of the week

Edward Lewis Ed.Lewis at neustar.biz
Thu Aug 2 14:12:15 UTC 2007


Having tried to consume as much of the thread on FreeBSD's slaving of 
the root zones as possible I wanted to add a few things.

1) Besides preventing junk from getting to the root server operators, 
slaving the roots locally also means more reliable access - i.e., if 
the information is local then network events (link down, packet 
flood) between the resolver and the root are not an obstacle.

1a) A good example to me of this was a network demonstration I 
participated in for DARPA in 2000, at an Active Networks conference. 
I hoped to be able to provide a reference to a document on this 
lesson learned but haven't found a reference to give.

1b) In Tannenbaum's textbook on networking there is a discussion on 
the design of a transport protocol that is very applicable.  One of 
the sub-optimal solutions to setting up end-to-end state is a network 
was to limit the scope of the underlying network.  Obviously 
ludicrous, the optimal solution eventually revealed is the three-way 
handshake.  Still, the notion that simplifying the underlying network 
has some alluring ideas - and in this case - having everyone slave 
the roots simplifies the underlying network during the operation of 
queries and responses.

I think that there is a general underestimation of the advantages of 
locally slaving roots.  OTOH, Mark Andrews has expressed full support 
(for one), so I don't think it's that none of us see the advantages.

2) A solution to retrieving the zone does not need to rely on the SOA 
parameters, the implementer can refresh by other means.  The zone 
could be checked (query for SOA) every so often.

3) As much as it is startling than an OS vendor would make a 
wholesale change to the way their product works, I also find it 
startling that root zone operators can unilaterally place 
restrictions on the access to the root zone they publish in the 
public interest.   As much as the OS vendor did not consult it's 
customers, did the root operators consult with their customers?

3a) As far as I know, the root operators do not have a public forum 
to discuss their services, there is no place for the public to make 
requests of the root operators as far as service levels, etc - and 
let me emphasize here "as far as I know." I do know of 
http://www.root-servers.org/, but I am told that is not an official 
representation of the root zone operator community.  There's no 
"contact us" link there, for instance.

4) We often talk of wanting stability in the network.  If that is a 
goal and we feel that the network is too unstable (in the sense of 
churn) to make locally slaved infrastructure zones (like the root) 
feasible, we have a large fish still to fry - namely making the 
network stable.  Once it is indeed stable, then the fears that local 
copies are stale diminish.

4a) What's the difference in not getting a root zone copy for 24 
hours and having a stale cache entry with a TTL of 24 hours?

These are just some observations from reading the thread over the 
past few days.
-- 
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Edward Lewis                                                +1-571-434-5468
NeuStar

Think glocally.  Act confused.



More information about the dns-operations mailing list