[dns-operations] Domain Name System without Root Servers

Daniel Karrenberg dfk at ripe.net
Tue Oct 3 07:49:42 UTC 2017

On 03/10/2017 00:01, Stephane Bortzmeyer wrote:
> On Mon, Oct 02, 2017 at 06:32:09PM -0700,
>  Daniel Karrenberg <dfk at ripe.net> wrote 
>  a message of 42 lines which said:
>> Methinks we could do even better by just loading the whole root zone
>> into resolvers.
> Isn't it what RFC 7706 document?

Not exactly. My emphasis is not on diminishing nonsense queries to the
root but on replacing DNS/UDP as a protocol to distribute the root zone
and, indeed, reducing the dependence on root name servers themselves in
the long run.

>> As this paper shows nicely lameness will be very limited even if a
>> resolver operator chooses to do this only every couple of weeks. No
>> protocol changes needed. No IETF politics and over-engineering. No
>> special action by TLD operators. No ICANN process required.
> One important thing about the paper I mentioned is that, if
> implemented, it would introduce a shift in root governance: from ICANN
> to resolvers authors/packagers (because they would distribute a
> compilation of NS and DS records in the software).

Only if resolvers use root zone content without validating signatures
against the ICANN trust anchor(s).


More information about the dns-operations mailing list