[dns-operations] what's actually needed (Re: root? we don't need no stinkin' root!)
paul at redbarn.org
Thu Nov 28 18:39:36 UTC 2019
the ICIR paper on removing the root zone furthers the wrongheadedness of RFC
7706, and both proceed from (at least) the misunderstanding of what metadata
is actually needed by a recursive name server, and of the circumstances under
which that data is sometimes not available.
most TLD's have a very small constituency of access, or in other words, most
RDNS servers only utilize a small subset of the available root zone metadata.
rather, it's the NS, AAAA/A glue, and DS RRsets of the whole chains leading to
any popular (in relativized local use) domains for each/every RDNS.
the root name servers, while a political debacle, are highly available -- and
can be made moreso if the community could decide to use DNSSEC rather than
root server IP addresses as the primary method of verifying their content.
this would mean making the root zone more like AS112 ("unowned anycast").
the problem of network partitions where some (perhaps large) set of distant
resources (like DNS authority servers, including but by no means limited to
the root zone's servers) become unavailable due to fiber cuts or government
shutdowns, is disjoint from anything the ICIR paper, or RFC 7706, or RFC 7706-
bis, contemplates or addresses.
we need DNS leasing, or micro-secondary, depending on whether you come at this
from a distributed file system or a distributed naming system background.
speeds and capacities are now adequate to somewhat tighten the loose coherence
of DNS. but it won't look like zone transfers and it won't be limited to the
More information about the dns-operations