[dns-operations] The (very) uneven distribution of DNS root servers on the Internet
David Conrad
drc at virtualized.org
Wed May 16 23:20:14 UTC 2012
On May 16, 2012, at 11:56 AM, Joe Abley wrote:
>> While I would agree that it would be more measurable, I'm not convinced that it actually is more measured.
> Well, some people at least are doing measurement.
Not sure why you'd assume new entrants would refuse to do measurement. I'd expect the opposite actually, although perhaps not universally (but we don't have that now as far as I'm aware).
> If we mad that measurement infeasible, there would surely be less :-)
Perhaps I'm misunderstanding: what would make doing measurement infeasible?
>> Let's spell this out. Benefits I see:
>> - increased resilience to DoS attack
>> - reduced dependence on a single point (ok, 13 points) of failure
>> - potentially improved performance
>> - reduced political whinage about not having a root server
> I don't understand why you're singling those out as benefits of the slave-the-root scheme, when they are just as applicable to the current model of (e.g.) L-Root deployment.
The assumption I'm making is that there would be wider deployment than has occurred in the current model. While I commend your efforts with "L", I suspect there are a number of folks who would prefer not to enter into any form of contract ($0 or not) with ICANN.
> I don't really understand your second point, though; there are many hundreds more than 13 servers, if that's what you're counting.
I'm (of course) counting the IP addresses. My assumption is that a slave-the-root scheme would mean less reliance on responses from queries sent to the 13 root IP addresses.
> Is there an assumption is that there are orders of magnitudes more people who would slave the root zone for $0 under contract to (say) the L-Root operator than would let ICANN run a local root server for $0 under a different contract?
Where did contracts come in again?
>> - greater autonomy
>> - greater openness and transparency
>
> These are subjective, I guess.
Autonomy, no. Openness and transparency, probably.
> Greater autonomy in what way?
In the sense that you would be less dependent on entities outside of your control. If you slave the root, you (objectively) operate autonomously of any events that might occur to the root servers.
> If the model was that people could deploy whatever infrastructure they wanted, and there were many of them, that would surely make it more difficult to characterise things like DNS software and operating systems than it is today. Doesn't that mean less openness and transparency, and more uncertainty?
I was, of course, speaking about the often expressed disquiet about the root operators cabal/secret handshake society. Regardless of the reality, I have frequently encountered concerns about perceived inappropriate/unnecessary secrecy, opaqueness, and exclusion regarding root operations.
In any event, this isn't either/or, particularly since folks can and do slave the root today. The question is how can we improve root service and/or address (perhaps non-technical) concerns folks have regarding that service in the most effective/efficient way. I'll admit it isn't clear to me that gating everything through the 12 organizations that through historical accident provide root service today is the best answer to that question, however it may well be. On balance though, I still believe that decentralized, locally slaved root service has more advantages than disadvantages.
Regards,
-drc
More information about the dns-operations
mailing list