[discuss] Options for root zone (was Re: Interesting article)

Andrew Sullivan ajs at anvilwalrusden.com
Fri Jan 17 14:52:38 UTC 2014

On Thu, Jan 16, 2014 at 08:17:26PM -0500, Suzanne Woolf wrote:
> of oversight for the contents of the root zone is that the US
> government (or, to generalize, any government) *can't* act in the
> way described. This requirement has not been met to date.

Something along those lines became clear to me in an off-list
discussion with someone else (someone whose technical judgement I
respect a great deal), and it made me realise that we may be facing a
case where people are trying to solve a problem with the technology in
place rather than by stating the problem more generally.

The way Suzanne frames it above, this problem is not about multiple
roots.  It is about a root zone provisioning regime that allows all
and only the relevant players change control over what affects them.

We currently think of "the root zone" as a file (because we say "zone
file"), but we could as easily conceive of some other provisioning
system.  In that case, the provisioning system could be developed and
tested in the open before all the relevant parties (roughly, all the
operators of any zone actually in the root, plus whoever might be
interested in root zone operations generally).  I'm imagining here a
kind of rough consensus procedure, but something else might have to be
devised; anyway, that's procedural politics and above my pay grade.

Once the code for this system is up and working, the provisioning
system becomes a master database into which changes are submitted.
The relevant parties (I guess in most cases, the root zone maintainer
IANA functionary and the relevant zone operator) then each have to
signal their approval of a change (including deletion) for it to take
effect in the zone.   In order to cope with dangerous zones (I'm
thinking particularly not ccTLDs here) that are abusing their
position, we'd probably also need some sort of n of m provision under
which a zone could be pulled from the root over the objections of one
of the relevant parties.  N probably needs to be high :)

Root nameserver operators would fetch the data as they ever did,
except that probably the "master DNS server" they'd talk to would just
be this provisioning system (which presumably we'd teach to speak DNS
zone transfer).  Most (if not all) of this technology is already
pretty well-developed in the existing competitive registration market
for many TLDs, so this wouldn't be a major undertaking.

The point here is that this kind of approach removes the control by
the US, and it does it without any important effects on the basic DNS
technology.  It does _not_ do any of the other things that partisans
of "alternate roots" seem to want, but I've never been able to to be
clear enough about what those requirements would be in order to have
an idea of what you could do about it.

Best regards,


Andrew Sullivan
ajs at anvilwalrusden.com

More information about the discuss mailing list