DNSO Archives: [ga]

ICANN/DNSO DNSO Mailling lists archives

[ga]

<<< Chronological Index >>> <<< Thread Index >>>

Re: [ga] who are the root server operators?

To: ga@dnso.org
Subject: Re: [ga] who are the root server operators?
From: kent@songbird.com
Date: Tue, 5 Nov 2002 21:24:06 -0800
In-Reply-To: <20021105095303.GB22599@nic.fr>; from bortzmeyer@nic.fr on Tue, Nov 05, 2002 at 10:53:03AM +0100
Mail-Followup-To: ga@dnso.org
References: <20021104211142.17977.qmail@web14205.mail.yahoo.com> <Pine.LNX.4.33.0211041853410.9728-100000@dot-god.com> <20021105095303.GB22599@nic.fr>
Sender: owner-ga@dnso.org
User-Agent: Mutt/1.2.5.1i

On Tue, Nov 05, 2002 at 10:53:03AM +0100, Stephane Bortzmeyer wrote:
> On Mon, Nov 04, 2002 at 07:07:11PM -0500,
>  Joe Baptista <baptista@dot-god.com> wrote 
>  a message of 33 lines which said:
> 
> > > Are there any plans to expand the list of root-servers, maybe to 26
> > > from 13, for greater internet stability?
> > 
> > they can't.  the limit is 13 mainly due to protocol limitations.
> 
> I'm not aware of any such limitation in the DNS protocol. Read RFC
> 1035. 

From RFC1035:
    "4.2.1. UDP usage

    "Messages sent using UDP user server port 53 (decimal).

    "Messages carried by UDP are restricted to 512 bytes (not counting the IP
    or UDP headers).  Longer messages are truncated and the TC bit is set in
    the header."

> If you refer to the 512-bytes limit of UDP packets (you can check the
> size of the current root with 'dig . ns' and read the MSG SIZE field:
> there is room for two more servers),

The record of interest is the soa record, not ns records.

> I do not regard it as a good
> reason:
> 
> * with DNSSEC (cryptographical signatures in the DNS replies) and IDN
>   (long labels), the DNS will have to move to TCP anyway,

The DNS protocol will have to change (and is changing) to deal with new
requirements.  That is obviously true, but has nothing really to do 
with the current reality, which is that the root servers have to deal 
with all currently deployed infrastructure.

> * there is never a DNS query for the root name servers: they are
>   hardwired in the hints file (/etc/bind/db.root or something like
>   that).

That is not true.  The hints file is just a hints file, and can easily
be badly out of date.  Bind, at least, uses it look for root servers,
and when it finds one, gets a copy of the current set of root servers. 
The hints file is basically a bootstrap, and does not replace the
authoritative records which come from the dns. 

n
> Unlike the TLD name servers (which ICANN limit to 13 per
>   TLD),

ICANN has absolutely nothing to do with it.

>  there is no good technical reason to limit the number of root
>   name servers.

There are numerous technical reasons.
--
This message was passed to you via the ga@dnso.org list.
Send mail to majordomo@dnso.org to unsubscribe
("unsubscribe ga" in the body of the message).
Archives at http://www.dnso.org/archives.html

References:
- Re: [ga] who are the root server operators?
  - From: George Kirikos <gkirikos@yahoo.com>
- Re: [ga] who are the root server operators?
  - From: Joe Baptista <baptista@dot-god.com>
- Re: [ga] who are the root server operators?
  - From: Stephane Bortzmeyer <bortzmeyer@nic.fr>
- Re: [ga] who are the root server operators?
  - From: Stephane Bortzmeyer <bortzmeyer@nic.fr>

<<< Chronological Index >>> <<< Thread Index >>>