[dns-operations] The (very) uneven distribution of DNS root servers on the Internet

Mark Andrews marka at isc.org
Thu May 17 00:47:05 UTC 2012

In message <F6A7C6B8-B12F-400D-AAF3-EB32C52B938A at proper.com>, Paul Hoffman writ
> On May 15, 2012, at 11:04 PM, paul vixie wrote:
> > On 5/15/2012 11:56 PM, David Conrad wrote:
> >> ... In the context of this blog posting, I personally think having
> >> folks (ISPs in particular) pre-fetch/mirror the root zone in their
> >> caches is the right answer to pretty much any useful definition of
> >> "fair and equitable" related to serving the root zone :-).
> > 
> > now that i've been reminded that the SOA timers are shorter than the
> > update frequency and that no NOTIFY is required for up-to-date stealth
> > slave service; and now that the root is signed, making it unlikely that
> > stealth copies will be amended or that their namespaces will be
> > overloaded with other stealth slaves... i agree with drc here. let's
> > start encouraging widespread stealth slavery for the root zone.
> I'm deeply confused by the threads that followed this proposal. It seems that
>  the problem is "some ISP's recursive resolvers have not great connections to
>  a local root server".
> If so, why are the solutions proposed heavy-weight protocols and policy initi
> atives? Instead, suggest to the ISPs with the problem that they run a simple 
> program every six hours. The program is in essence:
>   for ThisTLD in ListOfKnownTLDs:
>     dig @yourdnsserver ThisTLD NS
> This fills their cache, well within the TTL of any of the TLDs.
> Doesn't that solve the problem?

No.  The main job the root servers do, in practice, is send back
NXDOMAIN.  Failure to get NXDOMAINs back overloads ISP's servers
and makes everything seem slower.

Note this is not their primary purpose which is to send referrals
for the TLDs.

Having ISP's have a local copy of the root is mostly a win.  They
don't have to wait for roots to respond to the garbage queries.
They don't have to cache the garbage query results.  24 SOA queries
a day per server is not a lot, nor is a couple of XFR requests.


> --Paul Hoffman
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
> dns-jobs mailing list
> https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka at isc.org

More information about the dns-operations mailing list