[dns-operations] N-Root
Robert Edmonds
edmonds at isc.org
Mon Apr 1 20:17:36 UTC 2013
hi,
it occurred to me today that a 14th root server could be added to the
DNS by making a few simple changes.
currently, a root zone priming response might look like this:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29789
;; flags: qr aa; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 15
;; QUESTION SECTION:
;. IN NS
;; ANSWER SECTION:
. 518400 IN NS a.root-servers.net.
. 518400 IN NS b.root-servers.net.
. 518400 IN NS c.root-servers.net.
. 518400 IN NS d.root-servers.net.
. 518400 IN NS e.root-servers.net.
. 518400 IN NS f.root-servers.net.
. 518400 IN NS g.root-servers.net.
. 518400 IN NS h.root-servers.net.
. 518400 IN NS i.root-servers.net.
. 518400 IN NS j.root-servers.net.
. 518400 IN NS k.root-servers.net.
. 518400 IN NS l.root-servers.net.
. 518400 IN NS m.root-servers.net.
;; ADDITIONAL SECTION:
a.root-servers.net. 3600000 IN A 198.41.0.4
b.root-servers.net. 3600000 IN A 192.228.79.201
c.root-servers.net. 3600000 IN A 192.33.4.12
d.root-servers.net. 3600000 IN A 199.7.91.13
e.root-servers.net. 3600000 IN A 192.203.230.10
f.root-servers.net. 3600000 IN A 192.5.5.241
g.root-servers.net. 3600000 IN A 192.112.36.4
h.root-servers.net. 3600000 IN A 128.63.2.53
i.root-servers.net. 3600000 IN A 192.36.148.17
j.root-servers.net. 3600000 IN A 192.58.128.30
k.root-servers.net. 3600000 IN A 193.0.14.129
l.root-servers.net. 3600000 IN A 199.7.83.42
m.root-servers.net. 3600000 IN A 202.12.27.33
a.root-servers.net. 3600000 IN AAAA 2001:503:ba3e::2:30
d.root-servers.net. 3600000 IN AAAA 2001:500:2d::d
;; WHEN: Mon Apr 1 15:07:32 2013
;; MSG SIZE rcvd: 492
this response fits the complete NS RRset, all of the 13 A-records for
each nameserver in the NS RRset, and a few AAAA-records into a pre-EDNS
sized UDP packet. we could fit another root nameserver and its A-record
into the packet while still respecting the traditional size limit (of
course, modern EDNS-compliant nameservers can fit much more DNS data
into a single response packet when the client requests a larger buffer
size). all that has to be done are the following simple changes:
1) replace the existing ./NS RRset where the nameservers have lengthy
names ending in "root-servers.net":
. IN NS a.root-servers.net.
. IN NS b.root-servers.net.
. IN NS c.root-servers.net.
. IN NS d.root-servers.net.
. IN NS e.root-servers.net.
. IN NS f.root-servers.net.
. IN NS g.root-servers.net.
. IN NS h.root-servers.net.
. IN NS i.root-servers.net.
. IN NS j.root-servers.net.
. IN NS k.root-servers.net.
. IN NS l.root-servers.net.
. IN NS m.root-servers.net.
with single-character names, like this:
. IN NS a.
. IN NS b.
. IN NS c.
. IN NS d.
. IN NS e.
. IN NS f.
. IN NS g.
. IN NS h.
. IN NS i.
. IN NS j.
. IN NS k.
. IN NS l.
. IN NS m.
(per ICANN, "Applied-for gTLD strings in ASCII must be composed of three
or more visually distinct characters", so there's currently no danger
that a new gTLD application could clash with a valuable infrastructural
use like this.)
this saves 17 octets by omitting "root-servers.net" from the packet
entirely, and by using single-character nameserver names we end up
replacing two-octet compression pointers with one-octet root labels,
saving another 12 octets of record data in the answer section, for a
total savings of 29 octets (17 + 12).
2) now that we have some additional space in the response, a new NS
record can be added:
;1 octet 4 2 2 2+3 = 14 octets
. 518400 IN NS n.
this requires 14 octets (1 octet owner name + 4 octets TTL + 2 octets RR
class + 2 octets RRtype + 2 octets record data length + 3 octets record
data).
3) and the corresponding A-record for the new NS record:
;2 octets 4 2 2 2+4 = 16 octets
n. 3600000 IN A 198.51.100.41
(since this is a hypothetical, we'll just use "198.51.100.41" as a
placeholder IP for the new nameserver's address.)
this requires another 16 octets (2 octets owner name + 4 octets TTL + 2
octets RR class + 2 octets RRtype + 2 octets record data length + 4
octets record data).
the net effect with 29 octets saved and 30 octets consumed is that only
a single extra byte is needed to add a 14th root server:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61787
;; flags: qr aa; QUERY: 1, ANSWER: 14, AUTHORITY: 0, ADDITIONAL: 16
;; QUESTION SECTION:
;. IN NS
;; ANSWER SECTION:
. 518400 IN NS a.
. 518400 IN NS b.
. 518400 IN NS c.
. 518400 IN NS d.
. 518400 IN NS e.
. 518400 IN NS f.
. 518400 IN NS g.
. 518400 IN NS h.
. 518400 IN NS i.
. 518400 IN NS j.
. 518400 IN NS k.
. 518400 IN NS l.
. 518400 IN NS m.
. 518400 IN NS n.
;; ADDITIONAL SECTION:
a. 518400 IN A 198.41.0.4
b. 518400 IN A 192.228.79.201
c. 518400 IN A 192.33.4.12
d. 518400 IN A 199.7.91.13
e. 518400 IN A 192.203.230.10
f. 518400 IN A 192.5.5.241
g. 518400 IN A 192.112.36.4
h. 518400 IN A 128.63.2.53
i. 518400 IN A 192.36.148.17
j. 518400 IN A 192.58.128.30
k. 518400 IN A 193.0.14.129
l. 518400 IN A 199.7.83.42
m. 518400 IN A 202.12.27.33
n. 518400 IN A 198.51.100.41
a. 518400 IN AAAA 2001:503:ba3e::2:30
d. 518400 IN AAAA 2001:500:2d::d
;; WHEN: Mon Apr 1 16:04:17 2013
;; MSG SIZE rcvd: 493
(compare to the original response which shows "MSG SIZE rcvd: 492".)
so that just leaves the decision of who gets to operate the new N-root
DNS server.
--
Robert Edmonds
edmonds at isc.org
More information about the dns-operations
mailing list