[dns-operations] The (very) uneven distribution of DNS root servers on the Internet

Joe Abley jabley at hopcount.ca
Wed May 16 18:56:12 UTC 2012 

On 2012-05-16, at 14:04, David Conrad wrote:

> On May 16, 2012, at 8:33 AM, Joe Abley wrote:
>> Right now we have a root server system that is measurable,
> 
> While I would agree that it would be more measurable, I'm not convinced that it actually is more measured.  

Well, some people at least are doing measurement. If we mad that measurement infeasible, there would surely be less :-)

>> I am generally in favour of decentralisation, but in this specific instance I can't see much benefit to offset the deficiencies.
> 
> Let's spell this out.  Benefits I see: 
> - increased resilience to DoS attack
> - reduced dependence on a single point (ok, 13 points) of failure
> - potentially improved performance
> - reduced political whinage about not having a root server

I don't understand why you're singling those out as benefits of the slave-the-root scheme, when they are just as applicable to the current model of (e.g.) L-Root deployment.

I don't really understand your second point, though; there are many hundreds more than 13 servers, if that's what you're counting. Is there an assumption is that there are orders of magnitudes more people who would slave the root zone for $0 under contract to (say) the L-Root operator than would let ICANN run a local root server for $0 under a different contract?

> - greater autonomy
> - greater openness and transparency

These are subjective, I guess. Greater autonomy in what way? If the model was that people could deploy whatever infrastructure they wanted, and there were many of them, that would surely make it more difficult to characterise things like DNS software and operating systems than it is today. Doesn't that mean less openness and transparency, and more uncertainty?

> Deficiencies I see: 
> - reduced opportunities of control (could be argued to be a benefit)
> - reduction in theoretical measurement points
> - potentially reduce performance if a mirror is operated poorly
> 
> What are the benefits and deficiencies you see?

I see the same deficiencies (although I might have chosen to word them less mildly), I just don't really see any benefits.


Joe

More information about the dns-operations mailing list