[dns-operations] The (very) uneven distribution of DNS root servers on the Internet

Stephane Bortzmeyer bortzmeyer at nic.fr
Thu May 17 15:46:59 UTC 2012


On Wed, May 16, 2012 at 08:52:26PM -0400,
 Joe Abley <jabley at hopcount.ca> wrote 
 a message of 50 lines which said:

> For example, a ccTLD is redelegated, the root zone is stale on the
> local ISP's resolver, and since most of that ISP's customers never
> have a reason to look for names under that cc, it remains broken for
> a long time with no alarm bells sounding. [...]

> Whilst I agree that from a technical protocol perspective it all
> sounds fine, the operations sound horrible. The result will be more
> visibly broken DNS than there is today,

While, technically, I agree with you (it will be bad, awful and hard
to debug and many people will fingerpoint in the wrong direction), it
will happen. Yes, in theory, root zone slaving is dangerous and should
be done only by Mark Andrews and Doug Barton because they know what
they are doing. But, in practice, it will happen, for political
reasons, because it seems cool, because it seems easy, etc.

Also, the problem you mention (different results from different
resolvers, unlike the original DNS model of eventual consistency, with
eventual meaning a very short time) is already a reality: we have
DNSSEC issues, we have network issues, we have censorship, we have
lying resolvers... Today, we already cannot assume that a DNS answer
will be the same everywhere. dig is no longer sufficient to debug, we
need a distributed monitoring.




More information about the dns-operations mailing list