IETF Logo Mail Archive

Re: [DNSOP] draft-wkumari-dnsop-dist-root-01.txt

David Conrad <drc@virtualized.org> Mon, 07 July 2014 19:47 UTC

Return-Path: <drc@virtualized.org>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C17261B28A6 for <dnsop@ietfa.amsl.com>; Mon, 7 Jul 2014 12:47:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BY7SUhMHiHOz for <dnsop@ietfa.amsl.com>; Mon, 7 Jul 2014 12:47:07 -0700 (PDT)
Received: from mail-pa0-f46.google.com (mail-pa0-f46.google.com [209.85.220.46]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2949E1B28CB for <dnsop@ietf.org>; Mon, 7 Jul 2014 12:47:07 -0700 (PDT)
Received: by mail-pa0-f46.google.com with SMTP id eu11so5994900pac.33 for <dnsop@ietf.org>; Mon, 07 Jul 2014 12:47:06 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:content-type:mime-version:subject:from :in-reply-to:date:cc:message-id:references:to; bh=bOdLMjquS0kyoNMoAWCYVB95GDK+sMF2tf9Tfr/ndi8=; b=EViTEogE8/Sg9p67BUfeppyGZ/MF6B8a6AFJSNwaBQfo4liF2wEkRnAJCnvT9ofM7p ZS00qz1r1hzGaISbQ6Hd+ejv3yKHn2OPQGcgObQ6MKZi4kXM6jhgzDXMjvgUFdiJu+Ba Z0/Wv/b5Ut/m5PodxBfnP7RM3D++iICw1iYdlM7c0HIYVgrxHsswXb1BncmpzpZeWikM YmYWwYLAbzQTxYnOIjIsliRerKr8iOA0MYrUQQPwk9gVRdp0rlJ3nLBcEMrqww2wnmv6 Y7AjRtPvwjqKIeTaTeeIqWnos5tabgwzc5FzvN/z42d+Uza722Mfnj7iTnhaSOK5StMC RlgQ==
X-Gm-Message-State: ALoCoQkch+XOq5msialdQB587Pt/zxQ2Iz3cPDtxidH7S2vOOPVsKeiNu2qB13z2eJeBAwWHUiRA
X-Received: by 10.66.193.5 with SMTP id hk5mr453pac.146.1404762426654; Mon, 07 Jul 2014 12:47:06 -0700 (PDT)
Received: from [10.0.1.3] (c-24-6-168-86.hsd1.ca.comcast.net. [24.6.168.86]) by mx.google.com with ESMTPSA id vk5sm53475155pbc.44.2014.07.07.12.47.05 for <multiple recipients> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Mon, 07 Jul 2014 12:47:05 -0700 (PDT)
Content-Type: multipart/signed; boundary="Apple-Mail=_875FA1D1-BC53-47D0-AC1C-92FCD9F60FDF"; protocol="application/pgp-signature"; micalg="pgp-sha1"
Mime-Version: 1.0 (Mac OS X Mail 7.3 \(1878.6\))
From: David Conrad <drc@virtualized.org>
In-Reply-To: <53BA1E98.9030408@redbarn.org>
Date: Mon, 07 Jul 2014 12:47:03 -0700
Message-Id: <0D727467-10E2-4AF4-89A3-6BC84B59832E@virtualized.org>
References: <20140703211746.18462.44333.idtracker@ietfa.amsl.com> <1C377AE9-2B16-4FCB-9612-48AB0E6EB2B3@vpnc.org> <etPan.53b82396.4353d0cd.38df@walrus.hopcount.ca> <20140707004020.3B27D19B7B9A@rock.dv.isc.org> <53BA1E98.9030408@redbarn.org>
To: Paul Vixie <paul@redbarn.org>
X-Mailer: Apple Mail (2.1878.6)
Archived-At: http://mailarchive.ietf.org/arch/msg/dnsop/uNA-SdKsPf68x0k2Auo9iBZ_jaU
Cc: dnsop WG <dnsop@ietf.org>
Subject: Re: [DNSOP] draft-wkumari-dnsop-dist-root-01.txt
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 07 Jul 2014 19:47:09 -0000

Paul,

On Jul 6, 2014, at 9:14 PM, Paul Vixie <paul@redbarn.org> wrote:
> there are far more errors encountered below .com or .de than by their siblings in the root. any argument in favour of wide scale slaving of the root zone begs the question, why not every tld and every pseudo-tld (such as no-ip.org)? the root isn't special in regards to a goal of preventing junk queries.

The operators of the authorities for .com and .de and others have a natural incentive to augment their systems to deal with issues such as errors or DDoS or whatever.  As we have seen multiple times in the past, most individual root operators simply do not have this incentive. 

> that's why query minimization is the preferred solution to this problem.

This isn't either/or.

> right now, root name servers are part of an explicit, hand-maintained NOTIFY tree. thus, all internet actions depending on root zone content have up-to-the-minute data if not up-to-the-second data in many cases. we should treat this as an invariant,

I'm a bit (ok, a lot) skeptical of this claim, particularly given arguments made by some root server operators during the ICANN root scaling discussions about having instances at the end of long, thin, and fragile pipes and thus the size of the root zone must be limited.

However, ignoring that, one key point of slaving the root is that folks who do slave the root are accepting the responsibility to keep it up to date.  Failure to do so only impacts their own customer base. This is a self-correcting problem -- get too stale and your (presumably paying) customer scream at you (cue Vijay Gill's talk on the cost of customer calls in relation to the profit that customer will bring over their lifetime of being a customer).  As a customer, you can also always choose to run your own resolver (which is, of course, the right answer for other reasons).

Regards,
-drc

v2.46.0 | Report a Bug | By Email | System Status