[dns-operations] The (very) uneven distribution of DNS root servers on the Internet

paul vixie paul at redbarn.org
Thu May 17 08:46:18 UTC 2012

On 5/16/2012 3:33 PM, Joe Abley wrote:
> On 2012-05-16, at 02:04, paul vixie wrote:
>> now that i've been reminded that the SOA timers are shorter than the
>> update frequency and that no NOTIFY is required for up-to-date stealth
>> slave service; and now that the root is signed, making it unlikely that
>> stealth copies will be amended or that their namespaces will be
>> overloaded with other stealth slaves... i agree with drc here. let's
>> start encouraging widespread stealth slavery for the root zone.
> I'm not convinced that this is a good idea.

i'm not convinced that the goodness of this idea matters.

let me go further, i am convinced that the goodness of this idea does
not matter.

it's happening now; it's attractive in ways that persuasion and
education can't change.

our choice now is to document in an RFC the best way to do it, or not.
note: even then we won't get universal implementation of that best way,
but at least if we document it, there's a better chance.

> Right now we have a root server system that is measurable, and that is operated by people who understand the implications of operational choices, and who are a small enough group that coordination and communication with other actors in the root zone management is practical.

agreed. yay us.

> Ad-hoc distribution of root zone operation to an unbounded set of operators would result in a system that was much more challenging to measure, that was operated by people whose focus was (properly) elsewhere, and with whom reliable communication was probably not possible.

s/would result/has resulted and will continue to result/

> I am generally in favour of decentralisation, but in this specific instance I can't see much benefit to offset the deficiencies.

i feel similarly. but none of that matters. let's be realistic not
idealistic and see how that goes.


"I suspect I'm not known as a font of optimism." (VJS, 2012)

More information about the dns-operations mailing list