[dns-operations] the thread of the week

Paul Vixie paul at vix.com
Thu Aug 2 17:50:03 UTC 2007


> > 1) Besides preventing junk from getting to the root server operators,
> > slaving the roots locally also means more reliable access - i.e., if the
> > information is local then network events (link down, packet flood) between
> > the resolver and the root are not an obstacle.
> 
> Yep.

among cooperating wizards, i think this has a real benefit over its costs.
but for the rest of the world, we'll keep adding anycast root server nodes
to serve the same purpose but without the end user wizardry.  (and even if
kato did it first and ohta talked about it first, *i* heard about root server
anycast from david conrad, and i started doing it in f-root on that basis.)

> > I think that there is a general underestimation of the advantages of
> > locally slaving roots.  OTOH, Mark Andrews has expressed full support (for
> > one), so I don't think it's that none of us see the advantages.
> 
> I also support it, albeit I think it should use an alternative zone transfer
> infrastructure instead of relying on the root server system itself.

i remain perplexed about the general perception that AXFR is bad for a root
name server.  it's not.  RFC1035 describes some resource management techniques
for TCP state blobs, which the root servers follow.  the chance that an AXFR
will be blown away by a TCP query is very high, and so, it's bad for clients
to make production use of AXFR from busy servers.  some kind of AXFR-only
service seems indicated.  we could put one up on 192.5.5.242 in a few days if
IANA asked for it.  (that's F+1 as IP addresses go.)

> > 3a) As far as I know, the root operators do not have a public forum to
> > discuss their services, there is no place for the public to make requests
> > of the root operators as far as service levels, etc - and let me emphasize
> > here "as far as I know." I do know of http://www.root-servers.org/, but I
> > am told that is not an official representation of the root zone operator
> > community.  There's no "contact us" link there, for instance.
> 
> Indeed.  I could rant on this for quite a bit, but I won't.

i've long ranted about this myself.  perhaps if IANA had a mailing list where
the topic of root name service could be publically and openly discussed, all
the existing rootops (and hundreds of other people) would join it?  or are we
doing ok now that there's this (dns-operations@) mailing list to use for that?



More information about the dns-operations mailing list