Skip to Content.
Sympa Menu

discuss - Re: [opennic-discuss] Root zone testing

discuss AT lists.opennicproject.org

Subject: Discuss mailing list

List archive

Re: [opennic-discuss] Root zone testing


Chronological Thread 
  • From: Guillaume Parent <gp AT gparent.net>
  • To: discuss AT lists.opennicproject.org
  • Subject: Re: [opennic-discuss] Root zone testing
  • Date: Mon, 08 Sep 2014 19:59:26 +0000

It's already hard enough to stay in sync and implement things as it is, I can't imagine the extra trouble it could be to handle other roots seamlessly.

If people want to host servers for two roots, they can run two instances of bind. I personally cannot care less.

Just like ICANN servers today have to keep up to date with the root zone when it changes, at OpenNIC we must enforce that resolvers carry the latest root zone as soon as possible. We already announce its changes unofficially, we just need to make it obligatory and official so that tier 2 operators can keep up.

On 2014-09-08 17:49, Jeff Taylor wrote:
A recent discussion has brought up the possibility that not all tier2
servers may be carrying the same root zone, or even staying up to date
with the file. This came to light when a user noticed they couldn't
resolve an icann TLD that was created this April.

So I would like to start a discussion on policies and testing
methodology. First, what should we consider to be a standard policy
for the public tier2 servers? The wiki pages on setting up a tier2
server all state that the root zone should be slaved from NS0, however
if you are not running BIND then slaving a zone may not be possible
(although this setup should be passing the queries on to one of the
tier1 servers). There is also the situation where some folks also run
servers for other alt-roots, and they may not have the tools available
to merge multiple root zones together... Do we want to enforce the
usage of the opennic root zone for tier2 servers (complete with dnssec
entries), or do we want to keep the openness that our project was
created on, and allow for the possibility of other root zones?

Second, how should we test for functionality of the root zone? If we
insist on everyone using opennic's root, then it could be as simple as
checking the serial and making sure it is within a couple days of what
NS0 has posted. However if we want to remain open, we still want to
ensure that the tier2 servers are carrying recent changes to
icann/opennic TLDs, but how do we detect that? It could be quite a
chore to try and detect every time a new TLD is added to the icann
list, and we certainly couldn't reply on matching the serial for the
root zone if everyone is using a different source.

One more point -- the server that caused the original discussion has
been updated, so at this point every tier2 server is currently
resolving an up-to-date opennic root zone. This means if we wanted to
make it a policy to require the use of our root, nobody would have to
change anything, and the policy would only have to be enforced moving
forward with new servers.



--------
You are a member of the OpenNIC Discuss list.
You may unsubscribe by emailing discuss-unsubscribe AT lists.opennicproject.org



Archive powered by MHonArc 2.6.19.

Top of Page