[dns-operations] root server address in whois

Paul Vixie paul at vix.com
Mon May 26 15:49:49 UTC 2008

> > So, that leaves the issue of what happens if one of the root operators
> > gets replaced.  From my understanding of the current agreements,
> Hold on! Which agreements? Where can I find them? AFAIK, there is no formal
> agreement for any of the 12 operators (with the possible exception of
> http://www.icann.org/froot/ICANN-ISC-MRA-26dec07.pdf). No agreement, no
> contract, no SLA. (And some people think it is a good thing.)

in some private discussions last week, DRC reminded me of why this is not a
good thing.  since <http://www.icann.org/froot/ICANN-ISC-MRA-26dec07.pdf> is
nonbinding, ISC still has a theoretical capacity to go insane (for example,
we could add a wildcard to the root zone before we publish it, or, we could
sell off our NXDOMAIN traffic to paxfire, or whatever.)

ISC is a particularly bad example of what could go wrong, since we are a
public benefit non profit 501(c)(3) with regulators in California, Delaware,
and the IRS demanding various kinds of oversight, and our board of directors,
while self-selecting (vs. elected), is a bunch of internet graybeards with no
particular fear about replacing me as president if i misbehave.  further,
f-root has 40 or so sponsors around the world, each of whom has their own
agreement with us where they provide resources and we operate an f-root node
for them.  i really do think we've done a great job in giving f-root good
constraints to operate in.  and i'm proud of how much data we share, and how
easy we are to reach when someone wants to know something about f-root or
wants to get involved with f-root.

further, every rootop has done everything in their power to provide as much
accountability and transparency as their organizational structure allows for,
and <http://www.icann.org/froot/ICANN-ISC-MRA-26dec07.pdf> may be a template
that others will follow -- every rootop shares the spirit of that agreement,
but sometimes it takes time to explain to one's lawyers why a nonbinding
agreement like this is "good for the organization."  so while i'm proudest
of ISC's achievements in the internet governance area, i'm also very proud
of "the rootops as a whole" for keeping these trains running on time even
without anybody having any kind of recourse against us if we don't.

but i accept DRC's position, which is that this is all well and good, but it
does not go far enough.  the world has no recourse if ISC, or any rootop,
"goes insane."  all of the agreements are non-binding.  things happen to work
because of the way things happen to be structured, and some really great
people have carried a great legacy from jon postel... but without binding
agreements which is to say "some kind of recourse by the world's meatspace
governments" then all that could change tomorrow.  the recent ep.net debacle
around old-L ought to be a wake-up call to anyone who thought that the root
name server operators can be entirely self-governing in perpetuity.

that said, i think DRC accepts my position, which is that ICANN is not really
recognized as an agent of "the world's meatspace governments", and as long as
it is exclusively controlled at any level by the US government, ISC or any
rootop would have to look to a broader coalition if we want to give the world
some recourse without being an unintentional kingmaker for the US government.
to that end i'm trying to assemble a list of organizations who could, if they
agreed to act together, offer a less controversial administrative umbrella
than ICANN could offer alone.  my list at the moment is: ICANN, ITU, and NRO;
and possibly some direct government involvement from the perrenial G-8 and/or
other interested countries.  (please feel free to educate me about this.)

i don't mean replace ICANN in any way.  i mean a set of agencies who, if ISC
or any other rootop had a multilateral operations agreement for root name
service, the world could stop worrying about one of us "going insane".  the
signatories to such a multilateral agreement would be expected to distrust
each other but be willing to work together to help ISC or any other rootop
out of our internet governance "lack of recourse" tough spot.  all ISC wants
is to continue operating a service the world needs, but if the world won't be
satisfied until they have recourse if we go insane, then we can go further.

More information about the dns-operations mailing list