[dns-operations] Domain Name System without Root Servers

Tony Finch dot at dotat.at
Tue Oct 3 11:23:07 UTC 2017

Daniel Karrenberg <dfk at ripe.net> wrote:
> Methinks we could do even better by just loading the whole root zone
> into resolvers.

I was interested by Petr Špaček's presentation on RFC 7706 root slaving
vs. RFC 8198 negative answer synthesis.


One of the things he discusses is actively pre-populating the cache, which
made me wonder what effect Hammer Time early refresh has. I don't know if
the Petr's resolvers were configured to do this...


> As this paper shows nicely lameness will be very limited even if a
> resolver operator chooses to do this only every couple of weeks.

Hmm, I get the impression from https://twitter.com/diffroot that TLDs
flip DS records fairly frequently - in the last two weeks,


and a couple with different rollover timing,

.mil (5 day overlap)
.lat (16 day overlap)

so it looks to me like you would need frequent updates to avoid bogosity,
unless TLDs commit to following RFC 5011 timing constraints.

f.anthony.n.finch  <dot at dotat.at>  http://dotat.at/  -  I xn--zr8h punycode
Hebrides, Bailey, Fair Isle, Faeroes: West or southwest 7 to severe gale 9.
Very rough, occasionally high. Squally showers. Moderate or good.

More information about the dns-operations mailing list