IETF Logo Mail Archive

[DNSOP] Re: root zone transfers and CDNs

Philip Homburg <pch-dnsop-7@u-1.phicoh.com> Fri, 30 January 2026 14:48 UTC

Return-Path: <pch-b55F8B228@u-1.phicoh.com>
X-Original-To: dnsop@mail2.ietf.org
Delivered-To: dnsop@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 14D10AF85E8A for <dnsop@mail2.ietf.org>; Fri, 30 Jan 2026 06:48:35 -0800 (PST)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id R_KrtSWNYt9l for <dnsop@mail2.ietf.org>; Fri, 30 Jan 2026 06:48:34 -0800 (PST)
Received: from stereo.hq.phicoh.net (stereo.hq.phicoh.net [IPv6:2a10:3781:2413:1:2a0:c9ff:fe9f:17a9]) (using TLSv1.2 with cipher ECDHE-ECDSA-CHACHA20-POLY1305 (256/256 bits)) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id 1DA82AF85E85 for <dnsop@ietf.org>; Fri, 30 Jan 2026 06:48:33 -0800 (PST)
Received: from stereo.hq.phicoh.net (localhost [::ffff:127.0.0.1]) by stereo.hq.phicoh.net with esmtp (TLS version=TLSv1.2 cipher=ECDHE-ECDSA-CHACHA20-POLY1305) (Smail #158) id m1vlpnU-0000MsC; Fri, 30 Jan 2026 15:48:32 +0100
Message-Id: <m1vlpnU-0000MsC@stereo.hq.phicoh.net>
To: dnsop@ietf.org
From: Philip Homburg <pch-dnsop-7@u-1.phicoh.com>
Sender: pch-b55F8B228@u-1.phicoh.com
References: <ybla4y6lwjf.fsf@wx.hardakers.net> <CAKr6gn0yUL1X87+BavA569LGMaWe2VY4a6-iqTAmzwdrZVPx_g@mail.gmail.com> <ybla4y6ia6t.fsf@wx.hardakers.net> <CAKr6gn1L=hHOj2he0Rs_38B5n3pnNZw3xFMx36QLcjthJfUosQ@mail.gmail.com> <yblwm1agppa.fsf@wx.hardakers.net> <25556.1769124242@obiwan.sandelman.ca> <DS0PR15MB567499ECC061876A8A244F35B394A@DS0PR15MB5674.namprd15.prod.outlook.com> <ybl8qdng7r4.fsf@wx.hardakers.net> <20260124030638.D7CFBF2E6F2E@ary.qy> <ybly0lneka7.fsf@wx.hardakers.net> <CAKr6gn2nV+B0mjdCixKG+2UpdmtHFxp_1ZqzK5WFuK4Hxd9GGg@mail.gmail.com> <DS0PR15MB5674E9944F3090E1D48F62CFB393A@DS0PR15MB5674.namprd15.prod.outlook.com> <ybl1pjc8324.fsf@wx.hardakers.net> <DS0PR15MB5674B258DE6F9A2AC9EEF9D2B393A@DS0PR15MB5674.namprd15.prod.outlook.com> <yblfr7p7n5t.fsf@wx.hardakers.net> <m1vlp0d-0000NnC@stereo.hq.phicoh.net> <D2B519F5-D28F-4BF0-9413-B0EA5887C34B@rfc1035.com>
In-reply-to: Your message of "Fri, 30 Jan 2026 14:25:35 +0000 ." <D2B519F5-D28F-4BF0-9413-B0EA5887C34B@rfc1035.com>
Date: Fri, 30 Jan 2026 15:48:31 +0100
Message-ID-Hash: FW2M3UYST2U2YPRVXYXUP47CEHU6W3WQ
X-Message-ID-Hash: FW2M3UYST2U2YPRVXYXUP47CEHU6W3WQ
X-MailFrom: pch-b55F8B228@u-1.phicoh.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-dnsop.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [DNSOP] Re: root zone transfers and CDNs
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/lfOKYD15CxkkCC0L3PsBcVZR9gE>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Owner: <mailto:dnsop-owner@ietf.org>
List-Post: <mailto:dnsop@ietf.org>
List-Subscribe: <mailto:dnsop-join@ietf.org>
List-Unsubscribe: <mailto:dnsop-leave@ietf.org>

> > Unfortunately, the IETF only standardized full transfers of the root zone
> 
> Where? Which RFC?

In the hypothetical case that we would look at the current operation
of the root create a standard based on that.

> I very much doubt any distribution network would notice transfers
> of the root zone even if they went looking for them. It'll be lost
> in the noise of serving up cat videos, smut, social media garbage,
> OS updates, etc.

It's been a while, and I don't recall the exact numbers, but some time ago
I looked at an estimate of how often a copy of the root would be needed if
all recursors switch to local root. I used root priming queries for that.

If you take that number and multiply it by the 1.4 MB that an AXFR of the
root currently takes then you'll get a pretty big number.

That doesn't say we must do or do not do something. Just that in my opinion
we shouldn't give too much weight to how the root is currently signed.

If we think that CDNs for the root are essentially for free, then let's just
write that down.

v2.46.0 | Report a Bug | By Email | System Status