<Root server> ::= Any DNS server that has final authority for a <domain
tier/level>;
<domain tier/level> ::= root, TLD, SLD, 3LD, ... nLD (0LD, 1LD, 2LD, ...
,nLD).
This is not to be confused with root level servers that have specific
authority for dot, at the root level (0LD).
One thing missing from the RFC specs for authoritative name servers, which
Kashpureff demonstrated so nicely, cache poisoning is possible at ALL
levels. Ergo, I thought that it was determined as best practice that; Name
Servers that were offered up, as references, should be root for that level.
That is, they should be non-recursive. This includes all NS references in
all zone files. What should occur is that an org setup zone level roots and
then use separate resolving servers for client access to the DNS. This is a
two-tier structure with the primary tier being non-resursive. Ergo, within a
<domain tier> there are operational tiers for root services and resolving
services, per zone authority. RFC2870 only discusses this at the 0LD and
only touches it lightly at other LDs.
Another thing missing is a further definition of <authoritative>. Some of us
have been working with the following;
<Authoritative servers> ::= <zone authority>|<domain level
<authoritative resolvers>
<zone authority> ::= Final authority for a zone, non recursive.
<domain level authority> ::= Final authority for a DL, non recursive (ie
a.root-servers.net, gtld-servers.net, etc).
<authoritative resolvers> ::= recursive servers, intended for use by
clients, that claim authority for their specific zones. These include
stub-resolvers.
BTW, I consider RFC2870 antiquated, because it presupposes an architecture
which may be outmoded or becoming outmoded rapidly. Load balancing and
clustering technology makes RFC2870 an unnecessary waste of resources and
can even get you into trouble.
Yes, some of this is from work done on the ORSC roots. Yes, one of the
largest problems we have had to overcome, at ORSC, IFWP, and ICANN/DNSO
discussions, were semantic problems caused by overly simplistic and generic
semantics. This in some part, explains why MSFT had to develop their own
semantics, the current semantics are inadequate. As we all should know,
semantics constrains design concepts. However, in such a case, designers
will create their own semantics to route around the problem. This happened
at MSFT, ORSC, and other places that didn't join/agree/submit to
namedroppers.