Re: [DNSOP] the root is not special, everybody please stop obsessing over it

Paul Vixie <paul@redbarn.org> Fri, 15 February 2019 00:05 UTC

Return-Path: <paul@redbarn.org>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8EE8412F1A6 for <dnsop@ietfa.amsl.com>; Thu, 14 Feb 2019 16:05:26 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fVtgIMB6fHeK for <dnsop@ietfa.amsl.com>; Thu, 14 Feb 2019 16:05:25 -0800 (PST)
Received: from family.redbarn.org (family.redbarn.org [IPv6:2001:559:8000:cd::5]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0E388128B36 for <dnsop@ietf.org>; Thu, 14 Feb 2019 16:05:25 -0800 (PST)
Received: from [IPv6:2001:559:8000:c9:b448:8ed0:27c1:2c1b] (unknown [IPv6:2001:559:8000:c9:b448:8ed0:27c1:2c1b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client did not present a certificate) by family.redbarn.org (Postfix) with ESMTPSA id 7AF01892C6; Fri, 15 Feb 2019 00:05:23 +0000 (UTC)
To: Evan Hunt <each@isc.org>
Cc: IETF DNSOP WG <dnsop@ietf.org>
References: <b45edb5e-1508-0b02-a14c-a5be4ca9c0e6@redbarn.org> <20190214235614.GB87001@isc.org>
From: Paul Vixie <paul@redbarn.org>
Message-ID: <6c3d6894-c584-c4fd-d09e-55903b34bead@redbarn.org>
Date: Thu, 14 Feb 2019 16:05:22 -0800
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 PostboxApp/6.1.10
MIME-Version: 1.0
In-Reply-To: <20190214235614.GB87001@isc.org>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/wGPo4TOai9XGDVCcXHTsDy3pYUo>
Subject: Re: [DNSOP] the root is not special, everybody please stop obsessing over it
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 15 Feb 2019 00:05:26 -0000


Evan Hunt wrote on 2019-02-14 15:56:
> On Thu, Feb 14, 2019 at 01:57:14PM -0800, Paul Vixie wrote:
>> indeed nothing which treats the root zone as special is worth 
>> pursuing, since many other things besides the root zone are also 
>> needed for correct operation during network partition events.
> 
> This point is well taken, but sometimes the root zone is a useful 
> test case for innovations that might be more generically useful 
> later. It's relatively small, relatively static, *XFR accessible, 
> signed but uses NSEC not NSEC3, etc. It's pleasantly free of 
> annoyances.

it's distraction value, where countries lacking root server _operators_
of their own, feel diminished thereby, and where technology solutions
that affect the root zone in some way, feel unduly relevant... makes it
an _unuseful_ test case. recall that AAAA and DS came to every other
zone in the DNS before it was grudgingly admitted into the root zone.

we have to stop using the root zone as any kind of test case. it's not
special and should be treated unspecially. any technology which focuses
on it should be suspected immediately of "shiny object syndrome."

> So, zone mirroring fell out of 7706, and I suspect it will
> eventually have broader applications than just local root cache.

nope. because it did not prototype any partial replication. i'm not
going to mirror COM because i need it to reach FARSIGHTSECURITY.COM. we
needed to focus on partial replication, and avoid any solution that
would only work for small zones that changed infrequently, so as to
avoid wasting years of opportunity on a solution that changed nothing
and led nowhere.

> I think some of the early work on aggressive negative caching was 
> root-specific as well.

no. in fact, the opposite was true. the first ANC was OTWANC (off the
wire ANC), which had to be specified as part of DLV, which was
instigated in the first place principally because noone knew how many
more years we'd have to wait before a DS RR could be placed into the
root zone.

> I wouldn't assume an idea is bad just because it's currently focused
> on the root, it might not always be.

for reasons stated above, there are _no_ counterexamples showing that a 
focus on root-specific technology ever did any good, and a plethora of 
examples where focus on root-specific technology did some lasting harm.

therefore, our assumption of any root-specific proposal should be, until 
and unless proved otherwise on a case by case basis, that it's "shiny 
object syndrome", rather than a legitimate engineering exercise.

-- 
P Vixie