Re: [DNSOP] the root is not special, everybody please stop obsessing over it

David Conrad <> Fri, 15 February 2019 05:52 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id AF38612D4E7 for <>; Thu, 14 Feb 2019 21:52:05 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id UX_48RQUVc9c for <>; Thu, 14 Feb 2019 21:52:03 -0800 (PST)
Received: from ( [IPv6:2607:f8b0:4864:20::530]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id B2DC1130ED0 for <>; Thu, 14 Feb 2019 21:52:03 -0800 (PST)
Received: by with SMTP id d72so4265626pga.9 for <>; Thu, 14 Feb 2019 21:52:03 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20150623; h=mime-version:subject:from:in-reply-to:date:cc:message-id:references :to; bh=TTbSUQZwnR3hG7JFv1ToDJTxxmldz8XpH3PsyhRfg9c=; b=sdhscTkn95fJ47kyRcl1Un7+pzaWkknF3+kAz7TJ9CZEybfTm9/JOaP9KWxfOsyG0y 5UWd2O9aOSoK4J4u7HaOovFxsM9A1z2OHuLZGZF3wfjvdlQL3Hqov7dFaV10gj7sAlG7 Jx1Ui64N9g65BT0WvpWpdc5Eq38KspsxXuTlwhtjl9CHLi2/vv2iUFNBOP5K/C6NNB5c 9NiCtXRoWehH8zelrPeYrixsS8JjNpTi4N5/DDs5R6htBd4DKvRWpJuNh6VcrgoIrR4z cCPLpj2I9YIxrt6HWkolXMHlc4Z5AveyZ9fIBsAIle0bG40syj3KjM+GZROgvEDZOoeg G0Qg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :message-id:references:to; bh=TTbSUQZwnR3hG7JFv1ToDJTxxmldz8XpH3PsyhRfg9c=; b=k4u4hz/ERBAby5F9rZvZAbI/zb2Zy1Hh39cG/4ZG9ZCwavLsZNwoujaNV/3e0bgjGk o0MgI4jG8ZA98Ozzk+jHJcEhcnhGgO4GzsSThS1FlVYAUOXPwuUBbX/oYRkPY+y/cZLX MMq8/FloTmt6FudyMvwgHuDEd8gr/gOJ2uf3RqKCrrH9RLWirwYJtY0uehlSgUXHCBrm QRcg+hZ68xKdiRK70IEpSH5/vmLwK0RnOdukPrKgUHO038HrDKjei18pUPnhXyweW6O8 NRfSnYBL7OtosXCGBXvF6F1W6Z0fB86Cb2rgaD+7gj4lRkEDvI1bwX9WpDHGJ4McQoQm acAg==
X-Gm-Message-State: AHQUAuaUNE7I5vbWfzNHwL8Nwmh+mKOpurGzhRlUH1y+oMJ2rT/4lXQ8 gjmOLGLqY6aEtAHFFb8t9R7xdg==
X-Google-Smtp-Source: AHgI3IbXanpQnSTeoR3qE+Ak1Xccz/sRLzux+Oay+HXDg/ge4tDUNgJp5MUXTJgl3AQC6IalVjWSCg==
X-Received: by 2002:a63:235c:: with SMTP id u28mr3811519pgm.400.1550209923165; Thu, 14 Feb 2019 21:52:03 -0800 (PST)
Received: from ?IPv6:2606:6000:62c7:9900:d0a9:ac13:78c0:2722? ([2606:6000:62c7:9900:d0a9:ac13:78c0:2722]) by with ESMTPSA id t3sm4452266pgp.5.2019. (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 14 Feb 2019 21:52:02 -0800 (PST)
Content-Type: multipart/signed; boundary="Apple-Mail=_4B87DCF1-1A2B-4EF5-BB68-420EB005F95D"; protocol="application/pgp-signature"; micalg="pgp-sha512"
Mime-Version: 1.0 (Mac OS X Mail 12.2 \(3445.102.3\))
From: David Conrad <>
In-Reply-To: <>
Date: Thu, 14 Feb 2019 21:51:42 -0800
X-Mailbutler-Message-Id: D79D95F6-4E1A-4AFA-A92C-5EA0E30C07B1
Message-Id: <>
References: <>
To: Paul Vixie <>
X-Mailer: Apple Mail (2.3445.102.3)
Archived-At: <>
Subject: Re: [DNSOP] the root is not special, everybody please stop obsessing over it
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Fri, 15 Feb 2019 05:52:06 -0000


On Feb 14, 2019, at 1:57 PM, Paul Vixie <> wrote:
> 7706 is wrong headed on a number of levels, but its worst offense is to think that the root zone is special.

Operationally, the root zone actually is special. It is, after all, the starting point of the name space. As far as I can tell, there are 3 ways the root zone is special:

1. How does one obtain name servers for the root zone? How does one obtain name servers for any other zone?
2. Who controls the name servers for the root zone? Who controls the name servers for
3. What happens if the root zone is unreachable? What happens if is unreachable?

7706 describes one method to improve resiliency, performance, and privacy of root name service, with no modification of the DNS protocol or name servers. It is, of course, possible to do the same thing with any zone, assuming you have enough memory, but few zones generate sufficient interest to do so. Not sure why you’re arguing against it. Could you explain?