[dns-operations] .com/.net DNSSEC operational message

Joseph S D Yao jsdy at tux.org
Fri Oct 29 22:27:34 UTC 2010


On Fri, Oct 29, 2010 at 05:47:20PM -0400, Joe Abley wrote:
> On 2010-10-29, at 17:26, Lutz Donnerhacke wrote:
...
> > If the root-server is also
> > responsible for a delegated zone (like GTLD-SERVERS.NET), it will include
> > signed glue (if there is enough space). So Florians fears can be caught be
> > preventing root-servers from serving additional zones at the same time.
> 
> ... note that the root servers serve ROOT-SERVERS.NET as well as the root zone.
...


RFC 2870 (Root Name Server Operational Requirements) states (2.5):
	"They [the root name servers] also MUST NOT provide secondary
	 service for any zones other than the root and root-servers.net
	 zones."
I had not remembered the second zone in this sentence.  Clearly, serving
"root-servers.net" is considered part of providing root name service,
while serving any other zone (like "gtld-servers.net") is not.

It does (1.2) note that the root servers were currently serving other
domains, but expressed confidence that that would change.  Although the
RFC mentions them as zones that should change, "arpa" and "in-addr.arpa"
are still being served from the root name servers.  "ip6.arpa" is not.

ISTM that other, private internets that are rooted at, e.g.,
"mycompany.com" might have different sets of DNS domains that are
considered part of their root name services.


--
/*********************************************************************\
**
** Joe Yao				jsdy at tux.org - Joseph S. D. Yao
**
\*********************************************************************/



More information about the dns-operations mailing list