[discuss] Real world Impact of multiple roots

[Michel Gauthier]

At 07:55 27/01/2014, Ben fuller wrote:
>All,
>Does anyone out there know of studies on the economic impact that 
>having two or more root zones. I've been wondering what might happen 
>to Namibia where we have mining, tourism, financial and fishing 
>sectors — all of which are very important to our economy — if the 
>country were to switch over to another Internet with another route. 
>When I think about it I can only come up with very bad scenarios and 
>it would be nice to see if I am missing something.
>
>Also, what are the mechanics of switching to another root? I'm 
>thinking of questions like; How do you program routers? Can undersea 
>cables carry both types of traffic? Could BIND handle two roots? Etc.

The most authoritative analysis and conclusions in this controverted 
area is certainly the ICANN ICP-3 document. This Internet 
Coordination Policy is the statement of the ICANN positions and 
policy currently followed in administering the authoritative root of 
the Domain Name System.

This document promotes testing, lists the constraints of such a 
testing (operational and technical), and openly considers the 
possibility of  an Internet with several authoritative roots.

It clarifies that the internet already counts a very large number of 
private root files. This document does not however underlines two 
points that are obvious to experts but that the public often confuses:
- "DNS" has many meanings: as a system, a service, a syntax, a 
protocol, an industry, etc
- the notion of "root file" and of "top zone data". Data belong to 
history and ISO 3166, the file is owned by the NTIA. The same the 
root servers system is a voluntary cooperation. The sponsoring by the 
USA and other Govs can be completed/replaced by everyone.

Technically the only problem several *root files* might create is in 
using different data. This would result in a pollution of the name 
servers' buffers that might degenerate in a global DNS denial.

What one should remember is that several root server systems would 
first mean a loss of data for the NSA, since root servers logs would 
be scattered among several systems. Correlation of the root servers 
log dig data is a source of rel time information on the world's and 
different national's lifes.

Without a the use of a single file, the top zone data could not be 
tempered with by the USA when they decide to block a site in the root.

The best way to protect oneself against the DNS risks and control, 
and loss of privacy, is to maintain its own root file. Various 
technical and social issues plead in favor of such a practice (in 
particular response time, protection against advertizing, etc.). 
Standard DNS tool can be used, but there is no very easy/advertaized 
Bind installation tool. This is not really complex: 
http://alex.charrett.com/bind-on-windows

The development of an open source Personal DNS Master with a Windows 
version, would most probably totally change the picture of the 
so-called "IG". The difficulty in this development is the lack of a 
precise, compact and exhaustive documentation of the DNS by the IETF 
over 30 years.

I understand such a system is planned as part of the InterPLUS 
project.and that several works have been engaged in that direction 
with the priority to support IDNA2008. The US WCIT attitude was 
against a politically coordinated development of such efforts. It is 
likely that an open-code effort should be more productive.

M G

M G