[dns-operations] root? we don't need no stinkin' root!

Mark Allman mallman at icir.org
Wed Dec 18 19:50:48 UTC 2019 

Hi Stephane!

Thanks for the note.  I have been thinking about this point a bit.

> IMHO, this is by far the biggest issue with your proposal: TLDs
> change from one technical operator to another and, when it
> happens, all name servers change at once. Should your proposal be
> implemented, we would have to debug problems with root zones
> outdated by 1, 2, 3 months and some TLD working for some resolvers
> but not all. (True, we already have resolver-specific issues, but
> I think it would aggravate the problem.)
>
> This would have anti-competitive consequences, discouraging TLD
> holders to swap technical operators.

I get your point.  But, it's predicated on resolvers using a local
zone file that is "outdated by 1, 2, 3 months".  And, I can't really
quite figure out if that is realistic or, if it is, how much we
should care.  A few comments:

  - To be clear, the scenario is that someone has taken the step to
    grab a root zone file and use it in the resolution process, but
    then (a) have no effective update process to update the zone file or
    (b) have a process that goes bad some point without anyone
    noticing.  This would without a doubt happen if we shut down the
    root nameservers and forced everyone to use local replicas.
    But, I am hard pressed to convince myself it'd happen a lot or
    that we should care about (/engineer around) such shoddy
    operations.

  - Seems like if we took this approach to run without root
    nameservers that we'd first design software to update local
    replicas in an automated and robust fashion.  In other words,
    this isn't something every operator is going to have to piece
    together themselves.

  - To the extent that this is an issue, RFC 7706-style local roots
    already have it.  So, this is not a new issue---but, the issue
    might be bigger if more local roots existed.

  - Finally, I think there is some incentive to stay up-to-date.  We
    do see problems when soft state becomes de-facto hard state
    because it doesn't change except for once every eon or so.
    E.g., the root hints file.  But, since the root zone file does
    change pretty constantly (albeit in small ways), there is an
    incentive to keep up, it seems to me.

I guess in sum, after some thought I am not ready to buy that this
situation you describe will constitute a big enough phenomenon to
exert anti-competitive pressure on TLD holders.

allman

More information about the dns-operations mailing list