[discuss] Real world Impact of multiple roots

David Conrad drc at virtualized.org
Mon Jan 27 07:29:45 UTC 2014


Ben,

On Jan 26, 2014, at 10:55 PM, Ben fuller <ben at fuller.na> wrote:
> Does anyone out there know of studies on the economic impact that having two or more root zones.

As far as I am aware, current technology does not support more than one root zone, so I'm not sure how such studies could have been done.

> I’ve been wondering what might happen to Namibia where we have mining, tourism, financial and fishing sectors — all of which are very important to our economy — if the country were to switch over to another Internet with another route.

Err, root?

> When I think about it I can only come up with very bad scenarios and it would be nice to see if I am missing something.

As long as the alternative root does not now and will never in the future duplicate names in the existing root and the existing root delegations are mirrored in the alternate root, it might sort of work.  The problems that would occur would likely be related to references made to names visible within Namibia using the alternate root but which were not visible in the rest of the Internet that is using the existing root (e.g., if someone in Namibia sends email to someone outside of Namibia with a URL that uses a name that is only found on the alternate root). However, I'm unsure how you'd be able to guarantee the "never in the future" bit.

> Also, what are the mechanics of switching to another root?

There are a variety of implementation options, none of which are particularly appealing:

- mandate all resolver operators in country use the alternate root name servers (doesn't help end users (etc) that configure (say) 8.8.8.8 for their resolver).
- intercept DNS queries at all international connections aimed for the root servers and rewrite the destination address for the alternate roots (won't work with DNSSEC).
- hijack the root server routing announcements (won't work with DNSSEC).
- mandate everyone use some sort of plugin that intercepts DNS queries and rewrites them towards the alternate root servers.
- etc.

All of these have plusses and (a whole bunch of) minuses.

> I’m thinking of questions like; How do you program routers?

Unsure what you mean.

> Can undersea cables carry both types of traffic?

It's all just bits to undersea cables.

> Could BIND handle two roots? Etc. 

Sort of. BIND does have a way of having multiple namespaces that are selected based on (e.g.) source IP address (google "BIND views"), but I don't think that addresses the problem you're trying to solve. In theory, BIND supports multiple Classes, but the actual semantics of how Classes work has never been fully specified and there is the tiny problem of figuring out how to get every network-aware application on the Internet to understand Classes (oh yeah, and getting non-BIND servers to actually implement Classes).

Popping up a level, I'm curious: what is the problem you think an alternate root will solve?

Regards,
-drc

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 495 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://1net-mail.1net.org/pipermail/discuss/attachments/20140126/b8946e26/signature.asc>


More information about the discuss mailing list