At 23:00 06/08/02, Fred Baker wrote:
At 03:13 PM 8/6/2002 -0500, Stephen Sprunk wrote:
Perhaps having multiple roots *with identical information* would be
stable and
workable, but that requirement inherently negates the motivation for having
multiple roots.
from that perspective, we have multiple roots now - 13 of them - and call
it a "single root". The reason we can call it that is that they are
indistinguishable from one another from the perspective of the information
they deliver - ask any of them for example.com and they will invariably
point you to a .com server, and if you ask a .com server, it will point
you to the appropriate prefix for that name.
Dear Fred,
This is a very interesting comment. Actually what you call "root" in here
is the master file.
1. the data of this master file must be collected
2. that master file must be generated
3. it must be loaded into the alpha server
4. it must stay uncorrupted in the alpha server
5. the alpha server must stay in operations
6. it must be disseminated to the other root servers
7. it must stay uncorrupted in each server
8. the servers must stay in operation in a large number enough (nine right
now?)
9. it must be responded to resolvers
a. connectivity and delays to the resolvers must be reasonable enough
b. the global demand load must be match by the root server system capacity
c. all this under any circumstances: incidents, war, terrorism, hacking,
catastrophe, development, new technologies
d. in ways matching 189 local national laws, governmental emergency decisions
e. through the evolution I suggested towards DNS2 and DNS+ services
etc.
No process is fool/hacker/manager/politically/military etc. proof: some of
the processes above are definitely not, or are at least subject to real
world threads, loads, instabilities and states' sovereign decisions.
Multiple parallel asynchronous root servers clusters are the only response
to that problem (at least three clusters and probably much more). Each
cluster being managed asynchronously according to identical specifications,
separately accessing possibly mirrored information sources and possibly,
operating different technologies, each cluster monitoring the others for
consistency. When a cluster reports an inconsistency the reported and the
reporting clusters are to be frozen and investigated. Secure requests being
obtained by multiple identical responses.
As ICANN ICP-3 suggests it, this calls for investigation, testing,
development, validation and documentation. This is the target of the
"dot-root" project we started one year ago. So far we have worked on the
stability of the management of an experimental mini-root system, on the TLD
data collection process and a generic TLD manager. We have also carried one
year of active political lobbying to get support for that project. From the
obtained interest/support we started organizing it (still mostly documented
in French). I informed ICANN as it may affect their ERC thinking. The plan
is to have the site in French, Spanish and English, an open mailing list
and some prospective partners (we target 30) by early September. The target
is to enter the EU R&D sponsoring cycle to have four initial projects
sponsored: a request simulator, an e-learning system, a generic TLD manager
and the data collection system.
All this is intended to be "done in a manner that does not threaten the
stability of name resolution in the authoritative DNS. Responsible
experimentation is essential to the vitality of the Internet." (ICP-3). We
certainly aim at studying the possible "ultimate introduction of new
architectures that may ultimately obviate the need for a unique,
authoritative root'" (ICP-3). A draft memo on that can be found under
http://dot-root.com/icp3.pdf .
I took advantage from your mail to introduce the project. But let me be
clear, this is just a project open to all those who want to bring a machine
and their competence in. At this stage we just try to gather machines,
teams, basic objectives and competences. I do not know if this will go
through, but from the intelligence we gathered, multiple roots will be more
than probably under test operations by end of 2003. My hope is that it can
also be through a project like dot-root and not only by Govs, even if we
are certainly willing to participate into any mutual experimentation.
jfc