Re: Update of RFC 2606 based on the recent ICANN changes ?

Dave Crocker <> Mon, 07 July 2008 18:06 UTC

Return-Path: <>
Received: from [] (localhost []) by (Postfix) with ESMTP id B1A143A691C; Mon, 7 Jul 2008 11:06:23 -0700 (PDT)
Received: from localhost (localhost []) by (Postfix) with ESMTP id 5145A3A691C for <>; Mon, 7 Jul 2008 11:06:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.284
X-Spam-Status: No, score=-2.284 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, SARE_MILLIONSOF=0.315]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id gAFUmFzIOvay for <>; Mon, 7 Jul 2008 11:06:22 -0700 (PDT)
Received: from (unknown [IPv6:2001:470:1:76:0:ffff:4834:7146]) by (Postfix) with ESMTP id 7FB8A3A67E3 for <>; Mon, 7 Jul 2008 11:06:21 -0700 (PDT)
Received: from [] ( []) (authenticated bits=0) by (8.13.8/8.13.8) with ESMTP id m67I67sr023930 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 7 Jul 2008 11:06:12 -0700
Message-ID: <>
Date: Mon, 07 Jul 2008 11:06:07 -0700
From: Dave Crocker <>
Organization: Brandenburg InternetWorking
User-Agent: Thunderbird (Windows/20080421)
MIME-Version: 1.0
To: John Levine <>
Subject: Re: Update of RFC 2606 based on the recent ICANN changes ?
References: <>
In-Reply-To: <>
X-Virus-Scanned: ClamAV 0.92/7655/Mon Jul 7 07:57:40 2008 on
X-Virus-Status: Clean
X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.0 ( []); Mon, 07 Jul 2008 11:06:13 -0700 (PDT)
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: IETF-Discussion <>
List-Unsubscribe: <>, <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii"; Format="flowed"

John Levine wrote:
>> What will be the impact of having, perhaps,
>>   1)  millions of entries in the root servers, and
> Let's start by considering thousands of entries, since I see little
> reason to expect even that many from ICANN's current plans.

When making a paradigm change to a core, infrastructure mechanism, it is best to 
assume the worst-case conditions, rather than best.

For example, I can assure you from first-hand knowledge that US$ 100K cost for a 
domain name a company deems desirable is not all that rare.  I would certainly 
not assume the global limit to be a few thousand.

More generally, the difference between allowing unbounded TLDs, versus limiting 
them by a price, involves very different strategic decision-making.  The former 
is massive and fundamental.  The latter is rather minor and likely to be viewed 
as tweaking.

So any analysis had better be made on the assumption that limits are from more 
natural and persistent characteristics, rather than from a current charging or 
operations constraints decision.

>>   2)  constant traffic banging on those servers?
> * The proportion of invalid traffic, i.e., DNS pollution, hitting the
>   roots is still high, over 99% of the queries should not even be sent
>   to the root servers. 
> That suggests that if the legit traffic increased by an order of
> magnitude, it would still be down in the noise compared to the junk.

Not if, for example, the 99% also grew with the added legitimate traffice.

Again, the operations rule I've been taught is to base analyses based on the 
limit of worst-case scenarios that one can tolerate, not to make assumptions 
about reasonableness (other than there won't be any.)


ps. I assume (and hope) that the real DNS root experts will weigh in on this, 
here, soon...


   Dave Crocker
   Brandenburg InternetWorking
Ietf mailing list