[dns-operations] what's actually needed (Re: root? we don't need no stinkin' root!)

Paul Vixie paul at redbarn.org
Thu Nov 28 18:39:36 UTC 2019

the ICIR paper on removing the root zone furthers the wrongheadedness of RFC 
7706, and both proceed from (at least) the misunderstanding of what metadata 
is actually needed by a recursive name server, and of the circumstances under 
which that data is sometimes not available.

most TLD's have a very small constituency of access, or in other words, most 
RDNS servers only utilize a small subset of the available root zone metadata. 
rather, it's the NS, AAAA/A glue, and DS RRsets of the whole chains leading to 
any popular (in relativized local use) domains for each/every RDNS.

the root name servers, while a political debacle, are highly available -- and 
can be made moreso if the community could decide to use DNSSEC rather than 
root server IP addresses as the primary method of verifying their content. 
this would mean making the root zone more like AS112 ("unowned anycast").

the problem of network partitions where some (perhaps large) set of distant 
resources (like DNS authority servers, including but by no means limited to 
the root zone's servers) become unavailable due to fiber cuts or government 
shutdowns, is disjoint from anything the ICIR paper, or RFC 7706, or RFC 7706-
bis, contemplates or addresses.

we need DNS leasing, or micro-secondary, depending on whether you come at this 
from a distributed file system or a distributed naming system background. 
speeds and capacities are now adequate to somewhat tighten the loose coherence 
of DNS. but it won't look like zone transfers and it won't be limited to the 
root zone.


More information about the dns-operations mailing list