[dns-operations] FreeBSD and the slaving of the root zone

David Conrad drc at virtualized.org
Tue Jul 31 22:56:54 UTC 2007

On Jul 31, 2007, at 2:56 PM, Patrik Fältström wrote:
> Before doing anything like this I think:
> - We need a distribution mechanism for the root zone that scales


> - We need the root zone signed with DNSSEC (tsig is not enough for me)

I think this is orthogonal, but https://ns.iana.org/dnssec/ 
status.html  (:-)).  More seriously, it may be possible that  
separating the zone publication from zone serving could result in  
getting a signed root zone out more quickly (the rationale being that  
in theory at least, you have to be slightly more DNS cognizant to be  
able to set up a root slave and thus, would be willing to participate  
in a root zone DNSSEC experiment).  I don't know if anyone has  
seriously proposed something like this, but there might be a remote  
chance it could fly...

> - We need to know that the actual level of broken queries to the root
> servers will go down (if people today query for "localhost.", that
> indicate a broken full service resolver, so how will a similarly
> broken slave for root zone behave?)

I thought Malone's paper indicated it did have that effect (albeit  
the effect was negated by the zone transfers)...


More information about the dns-operations mailing list