RE: How common is lack of DNS server diversity?

Roeland_M.J_Meyer · January 27, 2001, 9:52pm

<Root server> ::= Any DNS server that has final authority for a <domain
tier/level>;
<domain tier/level> ::= root, TLD, SLD, 3LD, ... nLD (0LD, 1LD, 2LD, ...
,nLD).
This is not to be confused with root level servers that have specific
authority for dot, at the root level (0LD).

One thing missing from the RFC specs for authoritative name servers, which
Kashpureff demonstrated so nicely, cache poisoning is possible at ALL
levels. Ergo, I thought that it was determined as best practice that; Name
Servers that were offered up, as references, should be root for that level.
That is, they should be non-recursive. This includes all NS references in
all zone files. What should occur is that an org setup zone level roots and
then use separate resolving servers for client access to the DNS. This is a
two-tier structure with the primary tier being non-resursive. Ergo, within a
<domain tier> there are operational tiers for root services and resolving
services, per zone authority. RFC2870 only discusses this at the 0LD and
only touches it lightly at other LDs.

Another thing missing is a further definition of <authoritative>. Some of us
have been working with the following;
<Authoritative servers> ::= <zone authority>|<domain level

<authoritative resolvers>

<zone authority> ::= Final authority for a zone, non recursive.
<domain level authority> ::= Final authority for a DL, non recursive (ie
a.root-servers.net, gtld-servers.net, etc).
<authoritative resolvers> ::= recursive servers, intended for use by
clients, that claim authority for their specific zones. These include
stub-resolvers.

BTW, I consider RFC2870 antiquated, because it presupposes an architecture
which may be outmoded or becoming outmoded rapidly. Load balancing and
clustering technology makes RFC2870 an unnecessary waste of resources and
can even get you into trouble.

Yes, some of this is from work done on the ORSC roots. Yes, one of the
largest problems we have had to overcome, at ORSC, IFWP, and ICANN/DNSO
discussions, were semantic problems caused by overly simplistic and generic
semantics. This in some part, explains why MSFT had to develop their own
semantics, the current semantics are inadequate. As we all should know,
semantics constrains design concepts. However, in such a case, designers
will create their own semantics to route around the problem. This happened
at MSFT, ORSC, and other places that didn't join/agree/submit to
namedroppers.

Adam_D_McKenna1 · January 27, 2001, 10:18pm

<Root server> ::= Any DNS server that has final authority for a <domain
tier/level>;
<domain tier/level> ::= root, TLD, SLD, 3LD, ... nLD (0LD, 1LD, 2LD, ...
,nLD).
This is not to be confused with root level servers that have specific
authority for dot, at the root level (0LD).

Roeland, do you make this shit up as you go along, or what?

RFC 1034:

3.1. Name space specifications and terminology

The domain name space is a tree structure. Each node and leaf on the
tree corresponds to a resource set (which may be empty). The domain
system makes no distinctions between the uses of the interior nodes and
leaves, and this memo uses the term "node" to refer to both.

Each node has a label, which is zero to 63 octets in length. Brother
nodes may not have the same label, although the same label can be used
for nodes which are not brothers. One label is reserved, and that is
the null (i.e., zero length) label used for the root.

The domain name of a node is the list of the labels on the path from the
node to the root of the tree. By convention, the labels that compose a
domain name are printed or read left to right, from the most specific
(lowest, farthest from the root) to the least specific (highest, closest
to the root).

RFC 2010:

1 - Rationale and Scope

   1.1. Historically, the name servers responsible for the root (".")
   zone have also been responsible for all international top-level
   domains (iTLD's, for example: COM, EDU, INT, ARPA). These name
   servers have been operated by a cadre of highly capable volunteers,
   and their administration has been loosely coordinated by the NIC
   (first SRI-NIC and now InterNIC). Ultimate responsibility for the
   correct operation of these servers and for the content of the DNS
   zones they served has always rested with the IANA.

RFC 2870:

   1.2 The root servers serve the root, aka ".", zone. Although today
       some of the root servers also serve some TLDs (top level domains)
       such as gTLDs (COM, NET, ORG, etc.), infrastructural TLDs such as
       INT and IN-ADDR.ARPA, and some ccTLDs (country code TLDs, e.g. SE
       for Sweden), this is likely to change (see 2.5).

BTW, I consider RFC2870 antiquated

Is it antiquated because it does not use the Roeland Meyer definition of
"root server"?

--Adam

Havard_Eidnes · January 27, 2001, 10:28pm

<Root server> ::= Any DNS server that has final authority for a
<domain tier/level>;

That's what's commonly referred to as an "authoritative name
server" for the zone in question.

I'll side with Bill M: a "root DNS name server" serves the root
zone, aka. ".".

Regards,

- H�vard

Jay_Ashworth · January 28, 2001, 2:48am

I was right. Roeland *did* mean "a zone server" in oppoisition to "a
customer resolver server".

Cheers,
-- jra