IETF Logo Mail Archive

[DNSOP] Re: DNSOP4 documents for consideration about the future of LocalRoot behavior.

Wes Hardaker <wjhns1@hardakers.net> Thu, 22 January 2026 03:43 UTC

Return-Path: <wjhns1@hardakers.net>
X-Original-To: dnsop@mail2.ietf.org
Delivered-To: dnsop@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 5E901AB479FA for <dnsop@mail2.ietf.org>; Wed, 21 Jan 2026 19:43:51 -0800 (PST)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -0.2
X-Spam-Level:
X-Spam-Status: No, score=-0.2 tagged_above=-999 required=5 tests=[BAYES_40=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (1024-bit key) header.d=hardakers.net
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id i7SK-KKSChRI for <dnsop@mail2.ietf.org>; Wed, 21 Jan 2026 19:43:50 -0800 (PST)
Received: from mail.hardakers.net (mail.hardakers.net [107.220.113.177]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id C247FAB479F5 for <dnsop@ietf.org>; Wed, 21 Jan 2026 19:43:50 -0800 (PST)
Received: from localhost (unknown [205.220.129.29]) by mail.hardakers.net (Postfix) with ESMTPA id F0E992083B; Wed, 21 Jan 2026 19:43:47 -0800 (PST)
DKIM-Filter: OpenDKIM Filter v2.11.0 mail.hardakers.net F0E992083B
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hardakers.net; s=default; t=1769053429; bh=gBZ9W333TyHVGwf+FywNud9tM37SJRcTt6VKiWUVrl8=; h=From:To:Cc:Subject:In-Reply-To:References:Date:From; b=DUAGK7IlvidNiV4vT929+sn7JczjiA4fFYh6KAr7XpGKWmae3GRfqomlle5Viz4NK kjLfa6N4P5+7me86bQtmRA3JXKy8s7vgzRdJqFGhkSdPhP/deQJ3uBO1T40uHwU98J lS8APJ2vrth5cN3bFEtIANidGc5CmPX9abr6KR30=
From: Wes Hardaker <wjhns1@hardakers.net>
To: George Michaelson <ggm@algebras.org>
In-Reply-To: <CAKr6gn0yUL1X87+BavA569LGMaWe2VY4a6-iqTAmzwdrZVPx_g@mail.gmail.com> (George Michaelson's message of "Thu, 22 Jan 2026 09:00:36 +1000")
References: <ybla4y6lwjf.fsf@wx.hardakers.net> <CAKr6gn0yUL1X87+BavA569LGMaWe2VY4a6-iqTAmzwdrZVPx_g@mail.gmail.com>
Date: Wed, 21 Jan 2026 19:43:38 -0800
Message-ID: <ybla4y6ia6t.fsf@wx.hardakers.net>
User-Agent: Gnus/5.13 (Gnus v5.13)
MIME-Version: 1.0
Content-Type: text/plain
Message-ID-Hash: 5GI7R6AJXVO6B7W3G4DFZUICHHV37KYF
X-Message-ID-Hash: 5GI7R6AJXVO6B7W3G4DFZUICHHV37KYF
X-MailFrom: wjhns1@hardakers.net
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-dnsop.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: dnsop@ietf.org
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [DNSOP] Re: DNSOP4 documents for consideration about the future of LocalRoot behavior.
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/FjH90CNqkcLvYZMk3Hr0Jr9KShI>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Owner: <mailto:dnsop-owner@ietf.org>
List-Post: <mailto:dnsop@ietf.org>
List-Subscribe: <mailto:dnsop-join@ietf.org>
List-Unsubscribe: <mailto:dnsop-leave@ietf.org>

George Michaelson <ggm@algebras.org> writes:

[adding gas to the fire....]

> I'm broadly comfortable with the document separation but it does beg
> the question what is the impact of one or other of them being blocked,
> or left to rot? Because if we're in an all-or-nothing world it needs
> to be called out (I am pretty sure we aren't btw)

Well, that's fair though to some extent some of them are independent
(eg, the URL scheme should probably be done regardless) and some of the
separation, as I said, is to separate the discussion a bit into the very
different components.  We may want to merge them.  Or not.  But we could
fail the two IANA ones and the main LocalRoot document and the URL
scheme documents are still likely helpful on their own.

> I am least comfortable with the last one. I think IANA would not want to be
> given the task of judging suitability to list.

Well, that's actually part of the goal of providing guidance about what
types of providers should go in there.  Some people I've talked to think
we should just trust IANA to build the list.  I think "some" guidance
would be good.  But it could be a more standard process too.  And I
agree this is a larger component of the discussion.  I do need to have a
(another actually) good heart to heart with Kim too.

But the reality is that with ZONEMD and DNSSEC in play, it really
doesn't matter how you get the contents as long as you can.  Though the
document doesn't say or suggest you can use carrier pigeons, you
certainly can (assuming a good fleet of pigeons that make regular
trips).  The providers of the data need to be robust, but as long as you
can reach some you should be good.

Yes I'm hand waving a lot, but the underlying goal should be: the IANA
root zone data provider list should be easier to fill and change than
the existing root server addresses that actually serve the root zone.
There aren't privacy trust issues. It can be longer.  They only need to
be queried occasionally.  They can reuse existing well established CDN
infrastructure.  And if one fails, you shouldn't care as much if others
work. A complete failure to contact any due to local outages won't
matter as much Just make sure you use and trust the object protection.
IANA needs to house a default list.  But operators can build their own
list if they like.  Just check the data.

-- 
Wes Hardaker
Google

v2.46.0 | Report a Bug | By Email | System Status