[dns-operations] The (very) uneven distribution of DNS root servers on the Internet
drc at virtualized.org
Wed May 16 18:04:33 UTC 2012
On May 16, 2012, at 8:33 AM, Joe Abley wrote:
> Right now we have a root server system that is measurable,
While I would agree that it would be more measurable, I'm not convinced that it actually is more measured.
> Ad-hoc distribution of root zone operation to an unbounded set of operators would result in a system that was much more challenging to measure, that was operated by people whose focus was (properly) elsewhere, and with whom reliable communication was probably not possible.
Ignoring the fact that anyone can set themselves up as a root zone operator now, I believe there are more options than either 12 XOR infinity. For example, one could imagine a subscription-type of system where in order to "join the club" and get a TSIG key to a particular server or (say) NOTIFYs of zone updates, you have to agree to share name server stats, agree to have a 24x7 contact, etc. Other models are, of course, feasible.
> I am generally in favour of decentralisation, but in this specific instance I can't see much benefit to offset the deficiencies.
Let's spell this out. Benefits I see:
- increased resilience to DoS attack
- reduced dependence on a single point (ok, 13 points) of failure
- potentially improved performance
- greater autonomy
- reduced political whinage about not having a root server
- greater openness and transparency
Deficiencies I see:
- reduced opportunities of control (could be argued to be a benefit)
- reduction in theoretical measurement points
- potentially reduce performance if a mirror is operated poorly
What are the benefits and deficiencies you see?
More information about the dns-operations