[dns-operations] The (very) uneven distribution of DNS root servers on the Internet

Thu May 17 00:52:26 UTC 2012

On 2012-05-16, at 19:20, David Conrad wrote:

> On May 16, 2012, at 11:56 AM, Joe Abley wrote:
>>> While I would agree that it would be more measurable, I'm not convinced that it actually is more measured.  
>> Well, some people at least are doing measurement.
> 
> Not sure why you'd assume new entrants would refuse to do measurement. I'd expect the opposite actually, although perhaps not universally (but we don't have that now as far as I'm aware).

The point was the importance of knowing who the stealth slaves are, if any coordinated measurement of the root system is going to be possible. If you can't tell who is slaving the zone, and stealth slaves are sinking a significant amount of traffic, then no measurement is possible.

This was the line of reasoning that led to you suggesting that perhaps people could slave with a TSIG key under a contract with someone.

>> Is there an assumption is that there are orders of magnitudes more people who would slave the root zone for $0 under contract to (say) the L-Root operator than would let ICANN run a local root server for $0 under a different contract?
> 
> Where did contracts come in again?

See above.

>>> - greater autonomy
>>> - greater openness and transparency
>> 
>> These are subjective, I guess.
> 
> Autonomy, no.  Openness and transparency, probably.
> 
>> Greater autonomy in what way?
> 
> In the sense that you would be less dependent on entities outside of your control. If you slave the root, you (objectively) operate autonomously of any events that might occur to the root servers.

Well, you're dependent on whoever you transfer the zone from. If that's at least 12 people, then I guess it's no worse than what people have right now. I don't know how many people are going to want to enter into twelve contracts (see above) when they could apparently make it work by signing one.

All the possible outcomes I can think of that lie in this direction winds up with pockets of broken DNS due to infrastructure that none of the current operators can identify, and failures that affect only a subset of users so that a fix is not necessarily obvious.

For example, a ccTLD is redelegated, the root zone is stale on the local ISP's resolver, and since most of that ISP's customers never have a reason to look for names under that cc, it remains broken for a long time with no alarm bells sounding. A signed root zone's signatures expire, because of an undetected zone transfer failure, and the resulting validation failures don't cause problems for enough people that anybody knows there's a problem to fix.

Whilst I agree that from a technical protocol perspective it all sounds fine, the operations sound horrible. The result will be more visibly broken DNS than there is today, with no obvious way to measure how broken it is and no coordinated pressure to apply any fixes.

> In any event, this isn't either/or, particularly since folks can and do slave the root today.  The question is how can we improve root service and/or address (perhaps non-technical) concerns folks have regarding that service in the most effective/efficient way.  I'll admit it isn't clear to me that gating everything through the 12 organizations that through historical accident provide root service today is the best answer to that question, however it may well be. On balance though, I still believe that decentralized, locally slaved root service has more advantages than disadvantages.

I agree that's the question. I guess it's probably clear to you that the suggested alternative seems worse than what we have, to me.

Joe