Indeed, this is what they do when the agree to put the "national" root
nameservers in their own nameserver root configs. It is far easier to
have per-country stealth root slaves than it is to make every nameserver
the stealth slave of every other domain in that country.
When that country is isolated from the rest of the net, (due to single
connection failure, multiple connection failure, war, etc), then they
still have nameservice for their CCtld and its delegations, and those of
whatever other countries they remain connected to.
Stealth root slaves are such a far better solution, in terms of
configuration, maintenance, and scaling than configuring every nameserver
to be a stealth slave of every other domain. Imagine the difficulty of
doing that... Even a small country with a few tens of thousands of
domains makes that unrealistic. Yet a stealth root is comparably easy:
You just tell your nameserver operators to configure in the IP addresses
for your national root servers, instead of the "official" root servers.
Now all you have to do is keep that set operating, which isn't that hard,
and can be done even if the country becomes isolated from the world net,
and the official nameservers.
Indeed, it is probably sensible for ISPs to do the same. This would keep
things working internally in the event of an effective isolation due to a
DOS attack, for example.
--Dean
On Fri, 5 Dec 2003, Iljitsch van Beijnum wrote:
On 5-dec-03, at 1:37, Franck Martin wrote:
Finally before a root-server is installed somewhere, someone will do
an assessment of the local conditions and taylor it adequately. I want
countries to request installation of root servers, and I know about 20
Pacific Islands countries that need root-servers in case their
Internet link goes dead.
Might I suggest that there is a much easier way to do this: if the
constituency for such a root server is so small and so homogenous (=
they all share a single link to the rest of the net) then it would be
much simpler for all of these users to simply share a single set of
nameservers, which can then all be primary or secondary for all the
domains used locally. This allows communication to continue even if the
root servers are unreachable AND it allows users to register domain
names under any TLD they like.