Re: how many roots must DNS have before it's considered broken (Re: ISP network design of non-authoritative caches)
At 05:21 AM 11/19/01 +0000, you wrote:
Once we start down the slippery slope of "I'm a root too", how many different ad hoc DNS "universes" (for lack of better term) must we have before we decide that things are "broken"?
Two. That happened back in 1996 when the IANA TLD applicants began getting their glue added to AlterNIC. Today lack of entry in the root has created a dozen or so more alt.roots. Now people are beginning to notice the consequences (i.e. the .US zone is now causing cache pollution outside the legacy root since it's using the ICANN .BIZ name servers - and that .BIZ isn't recognized by all the alt.roots). But it's OK. Really. There's only one root. Honest. Except for this one, which is being run with all the usual I* blessings: http://www.isi.edu/otdr/
Maintaining a single, authoritative root seems, IMHO, to be a Good Thing. Given multiple registries, namespace collisions would get ugly -- and, even in the absence of collisions, let us consider "reachability" issues.
That's the point. Getting the alt.root "universes" to cooperate is an exercise similar to "cat herding", but it has to start somewhere. Best Regards, Simon -- DNS is not a sacred cow that cannot be replaced by something better.
But it's OK. Really. There's only one root. Honest. Except for this one, which is being run with all the usual I* blessings:
Simon
Hum... this project, while it meets the technical criteria that describes an alternate root structure, differs in several aspects from the others in this space. ) It does not add any new code points, i.e. its the root zone that you would find in the production system. ) It is -NOT- a production system. It can/has/does go away on a regular basis for service and configuration changes. ) It is -ONLY- for the testing of IETF standards track protocols, like DNSSEC, IPv6, et.al. ) It does not have any I* blessing or approval. The various I* bodies have been made aware of this projects existance. ) To use this projects services, you must publish a testplan with specific goals and timeframes before authorization is given. this is not an exuastive list of the differences or of the criteria for using this engineering evnironment. So your insinuations that this is an approved alternate structure are disingenious at best. Please get your facts straight first. --bill
24 seems way too young to be an old timer, but I keep reading these DNS arguments and wondering if everybody else has forgotten that we've already seen something very similar to multiple roots, and that the market has already taken care of it. While I could possibly be proven wrong if Microsoft were to get involved, it seems very unlikely that the alternate roots will ever be an issue worth worrying about. This isn't because their catching on wouldn't be a mess, but because they don't have a chance of catching on. Several years ago there were lots of "on-line services" with widely used e-mail systems that didn't talk to eachother. It was not uncommon for people to list several different e-mail addresses for themselves, from Prodigy, Genie, AOL, MCIMail, Compuserve, Internet, Bitnet, and so forth, on the assumption that many of their correspondants could only send mail to one of those. Those with accounts on only one such system could only talk to other people using the same service. This was horribly inconvenient, and as the Internet became more popular the other services either assimilated or died. Once everybody else was using the Internet, there was no reason to do e-mail on a system that wouldn't talk to it. I expect the alternate roots to go the same way. Right now we have the Internet with a DNS namespace that, whether it's well liked or not, works for everybody. For somebody setting up a service they want other people to access it makes sense to put that service in the usual DNS namespace that works for everybody, rather than in some alternate namespace that only works for some people. In the absense of useful services in the alternate namespace, there's no reason for the end users to care whether they can get to the alternate name space or not, meaning they won't do any work to make it reachable. If you expect people to switch from something that works reliably to something that works sometimes, you have to give them a good reason. This is not to say that ICANN is good, evil, or anywhere inbetween. It's not to say that we have to blindly follow standards documents, whatever the consequences. However, the root-servers.net root servers are both the official and de facto standard root servers for the Internet, and those who want a standard namespace in which things just work are unlikely to walk away from them. This is also not to say that there isn't a place for alternate roots. If you want to set up your own private network, running it over the Internet and following Internet protocol standards but running your own namespace will likely be easier than building your network from scratch. If you want to do this without giving up your real Internet connectivity, you might even run your own namespace alongside the usual namespace, as some of the alternate root networks are doing. However, using an alternate root for a small group of people is far more likely to work than expecting an alternate root to find universal acceptance all over the world. -Steve On Mon, 19 Nov 2001, Simon Higgs wrote:
At 05:21 AM 11/19/01 +0000, you wrote:
Once we start down the slippery slope of "I'm a root too", how many different ad hoc DNS "universes" (for lack of better term) must we have before we decide that things are "broken"?
Two. That happened back in 1996 when the IANA TLD applicants began getting their glue added to AlterNIC. Today lack of entry in the root has created a dozen or so more alt.roots. Now people are beginning to notice the consequences (i.e. the .US zone is now causing cache pollution outside the legacy root since it's using the ICANN .BIZ name servers - and that .BIZ isn't recognized by all the alt.roots).
But it's OK. Really. There's only one root. Honest. Except for this one, which is being run with all the usual I* blessings:
Maintaining a single, authoritative root seems, IMHO, to be a Good Thing. Given multiple registries, namespace collisions would get ugly -- and, even in the absence of collisions, let us consider "reachability" issues.
That's the point. Getting the alt.root "universes" to cooperate is an exercise similar to "cat herding", but it has to start somewhere.
Best Regards,
Simon
-- DNS is not a sacred cow that cannot be replaced by something better.
-------------------------------------------------------------------------------- Steve Gibbard scg@gibbard.org
On Wed, 21 Nov 2001, Steve Gibbard wrote:
24 seems way too young to be an old timer, but I keep reading these DNS arguments and wondering if everybody else has forgotten that we've already seen something very similar to multiple roots, and that the market has already taken care of it. While I could possibly be proven wrong if
I found an archive of NAMEDROPPERS going back to 1983. If you are interested in the subject, or just want to know how we got here, its an interesting read. Anonymous FTP at ftp://ops.ietf.org/lists/ in 1983, 1984, etc. If you don't know the past, you are doomed to repeat it. Even though I disagree with some of them, I understand some of the decisions a bit better.
Did you mean ftp://ops.ietf.org/pub/lists/ ? -----Original Message----- From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu]On Behalf Of Sean Donelan Sent: Wednesday, November 21, 2001 9:10 PM To: Steve Gibbard Cc: nanog@merit.edu Subject: Re: how many roots must DNS have before it's considered broken (Re: ISP network design of non-authoritative caches) On Wed, 21 Nov 2001, Steve Gibbard wrote:
24 seems way too young to be an old timer, but I keep reading these DNS arguments and wondering if everybody else has forgotten that we've already seen something very similar to multiple roots, and that the market has already taken care of it. While I could possibly be proven wrong if
I found an archive of NAMEDROPPERS going back to 1983. If you are interested in the subject, or just want to know how we got here, its an interesting read. Anonymous FTP at ftp://ops.ietf.org/lists/ in 1983, 1984, etc. If you don't know the past, you are doomed to repeat it. Even though I disagree with some of them, I understand some of the decisions a bit better.
Did you mean ftp://ops.ietf.org/pub/lists/ ?
i presume he did. and, from the credit where due department, thanks for the older data should go to mark kosters of the netsol internic. randy
participants (6)
-
bmanning@vacation.karoshi.com
-
Randy Bush
-
Sean Donelan
-
Simon Higgs
-
Steve Gibbard
-
W.D.McKinney