I think there are three confluences which tend to support the notion of
national root nameservers:
1) Root Server scalability
2) Foriegn distrust of US control on the internet
3) Isolation due to technical or political issues.
On Fri, 5 Dec 2003, Iljitsch van Beijnum wrote:
On 5-dec-03, at 17:16, Dean Anderson wrote:
Indeed, this is what they do when the agree to put the "national" root
nameservers in their own nameserver root configs. It is far easier to
have per-country stealth root slaves than it is to make every
nameserver
the stealth slave of every other domain in that country.
I don't think this stealth business is a very good idea. If you want a
root servers somewhere, use anycast. That means importing BGP problems
into the DNS, which is iffy enough as it is.
That seems to argue against anycast...
But for a small network island just having a single set of resolvers and
make sure those have all the needed information isn't a huge deal.
Obviously such a place doesn't have a huge number of ISPs so the number
of DNS servers will be quite limited in the first place.
Its the same "deal" as distributing the "official" root nameserver
updates. Some people don't pay attention to this until they can't get
nameservice to work. Its a problem, but it isn't made better or worse.
Yet a stealth root is comparably easy: You just tell your nameserver
operators to configure in the IP addresses for your national root
servers, instead of the "official" root servers.
So I have to trust these fake roots a 100%: not only that they don't
change the root zone, but also that they're always up to date and never
down. Tall order. An official anycast setup is much better: updates are
done the way they should be (last year when I wrote an article I
checked this: there is no policy anywhere on access to the root
zonefile. You can download it through FTP or even do a zone transfer in
a few places, but nothing official) and when your local root clone is
down there should be at least 12 others elsewhere.
They aren't exactly fake. They are just not listed by the "dig . ns"
query, so they aren't technically authoritative. Though, I suppose they
could be--I'm just assuming they aren't. As far as trust goes, since they
are run by your government, yes, you can trust them. Since these zones
don't change much, they can be updated by zone transfers, or by other
official distribution. As far as reliability goes, that's why you have
more than one. And you scale it just like any other part of
infrastructure.
Anycast doesn't make this job easier--it makes it harder. An Anycast
server can't easily do a zone transfer from itself. This is just another
complication of running anycast. Anycast is just a means of scaling up
server infrastructure. There are other methods of scaling. Anycast
doesn't particularly match the political interests.
I also don't conceive of a single national stealth server. I assume that
they may be many. Probably at least 2, and certainly more depending on the
size of the country. The US would probably have a lot.
Indeed, it is probably sensible for ISPs to do the same. This would
keep things working internally in the event of an effective isolation
due to a DOS attack, for example.
I think what we need to really solve this is a redesign of the DNS, as
the way it is now it breaks a fundamental design principle of the
internet: when two nodes have reachability, they should be able to
communicate, regardless of what else is (un)reachable. (I'm not
volunteering, though.)
I agree completely, but I don't think anything needs to change other than
management of existing services. The internet has to continue to work
when it is partitioned, regardless of the reasons for the partitioning.
Those reasons could be technical, or political. And the internet should
then just work when its glued back together again. But address and DNS
delegations are hierarchical, so there is not reason that this can't be
done.
I've been in a situation where root servers where unavailable for the
better part of a day, and it's pretty frustrating to see your resolver
cache disappear over tiem so you can no longer reach places to which
you still have connectivity.
This is fixed by stealth slaves at large ISPs. Small ISPs, if isolated
probably don't have enough customers to really care about getting to the
other customers. But this might not be true for large ISPs, and might not
be true of islands and small countries. A small island in the Pacific
might have several ISPs but only one underwater cable. If the cable is
cut, they could be isolated for a while. But there is no reason they
shouldn't be able to get to other sites that are on the island.