[dns-operations] Domain Name System without Root Servers
Daniel Karrenberg
dfk at ripe.net
Tue Oct 3 07:49:42 UTC 2017
On 03/10/2017 00:01, Stephane Bortzmeyer wrote:
> On Mon, Oct 02, 2017 at 06:32:09PM -0700,
> Daniel Karrenberg <dfk at ripe.net> wrote
> a message of 42 lines which said:
>
>> Methinks we could do even better by just loading the whole root zone
>> into resolvers.
>
> Isn't it what RFC 7706 document?
Not exactly. My emphasis is not on diminishing nonsense queries to the
root but on replacing DNS/UDP as a protocol to distribute the root zone
and, indeed, reducing the dependence on root name servers themselves in
the long run.
>
>> As this paper shows nicely lameness will be very limited even if a
>> resolver operator chooses to do this only every couple of weeks. No
>> protocol changes needed. No IETF politics and over-engineering. No
>> special action by TLD operators. No ICANN process required.
>
> One important thing about the paper I mentioned is that, if
> implemented, it would introduce a shift in root governance: from ICANN
> to resolvers authors/packagers (because they would distribute a
> compilation of NS and DS records in the software).
Only if resolvers use root zone content without validating signatures
against the ICANN trust anchor(s).
Daniel
More information about the dns-operations
mailing list