Re: [DNSOP] the root is not special, everybody please stop obsessing over it

Evan Hunt <> Fri, 15 February 2019 04:21 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 792BC130EED for <>; Thu, 14 Feb 2019 20:21:52 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -6.9
X-Spam-Status: No, score=-6.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 6GJ__fjQuEmf for <>; Thu, 14 Feb 2019 20:21:51 -0800 (PST)
Received: from ( [IPv6:2001:4f8:0:2::2b]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 18C8E130EEA for <>; Thu, 14 Feb 2019 20:21:50 -0800 (PST)
Received: from ( [IPv6:2001:4f8:3:d::19]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 8E83A3AB05C; Fri, 15 Feb 2019 04:21:47 +0000 (UTC)
Received: by (Postfix, from userid 10292) id 71475216C1C; Fri, 15 Feb 2019 04:21:47 +0000 (UTC)
Date: Fri, 15 Feb 2019 04:21:47 +0000
From: Evan Hunt <>
To: Paul Vixie <>
Message-ID: <>
References: <> <> <>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <>
User-Agent: Mutt/1.5.23 (2014-03-12)
Archived-At: <>
Subject: Re: [DNSOP] the root is not special, everybody please stop obsessing over it
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Fri, 15 Feb 2019 04:21:53 -0000

On Thu, Feb 14, 2019 at 04:05:22PM -0800, Paul Vixie wrote:
> nope. because it did not prototype any partial replication. i'm not
> going to mirror COM because i need it to reach FARSIGHTSECURITY.COM.

I didn't say anybody's going to mirror COM, I said I suspect zone
mirroring will find applications other than pre-caching the root.
The fact that it isn't a complete solution to the problem space you're
interested in at the moment doesn't mean it was useless. That wasn't a major
motivation for the work anyway, I don't believe -- my recollection is that
it was mainly about reducing garbage traffic, with latency reduction for
some resolvers a happy side-effect.

Keeping cache data warm and available during network partitions is a
largely solved problem; we have prefetch/hammer, we have serve-stale.
(Also apparently we have whatever generates all that zombie DNS traffic
Geoff discovered back in 2016, but I'd rather avoid perpetuating that
mistake, which seems *quite* perpetual enough as it is.)

Keeping cache data coherent is less solved: we don't have the trusted
invalidation piece you mentioned. I agree that might be a useful line of
inquiry.  I guess that's the point you were trying to make; I didn't get
it immediately because you started off discussing the shortcomings of an
RFC that doesn't seem particularly directly related.  So let's get
specific about the problem and discuss requirements for a solution.

Evan Hunt --
Internet Systems Consortium, Inc.