Thursday, 4 December 2008, 1600-1730 hrs
The purpose of this root server system workshop is to explain to people what the root server system is, how it functions, why it is important, and how it is evolving. It is meant to be a short tutorial on these subjects, with opportunity for interaction with the audience.
A similar tutorial was offered at IGF 2007 in Rio de Janeiro. That first workshop was very well attended and questions from the audience were serious and useful for clarification. Given the evolution of the system since then, as well as the significant change in venue from Brazil to India, it was felt that a revised session would be of interest to participants in Hyderabad.
The root server system is, of course, an essential part of the domain name system. It is essential in resolving domain names, and therefore, if we're going to use domain names, we have to have a root server system that works, works well, works reliably, and does not fail. It is the most critical piece of infrastructure for the domain name system.
The first speaker, Desiree Miloshevic, described the history of the root server system, starting with Host.txt files created and maintained by Jon Postel. While such an approach worked for a limited size network, it represented a single point of failure, which was remedied by the creation of the DNS by Postel and Paul Mockapetris. She the defined the terms used in the domain name space amd the history of the creation of the 13 independent root servers. She clarified the myth that oot servers channel Internet traffic; some people, when they hear the word "root server system" and are not necessarily English speakers, spell root R-O-U-T-E, as opposed to R-O-O-T. Unfortunately there is enough semantic proximity between the function of the DNS and the routing of packets through the Internet that this is a plausible error, but one that has the potential to lead to a fundamental misinterpretation how the DNS works. Finally she talked about caching properties of the DNS, which limit access to the root zone (and secondary and other zones as well), thus limiting traffic to the servers to a scalable level.
Nurani Nimpuno, who works for Autonomica which operates the I-root server, provided a thorough description of the root server community. She stressed both the functions that the root server operators actually do, and those that they do not do, stressing the common misconceptions that exist about the group. She stressed the informal, cooperative nature of the group, their tight engineering cooperation, and their relation to ICANN. She discussed in detail the deployment of the Anycast protocol, its many advantages and some of its disadvantages. The role of the regional NICs was described as very important in deploying Anycast servers to the regional Internet communities, a subject expanded upon by Paul Wilson in his talk (see below). The issue of attacks upon the root server system was described, and system monitoring processes were outlined. She concluded with a number of future issues that the root server system would face, a subject elaborated upon by Steve Crocker in the final presentation (see below).
Akinora Maemura represented JPNIC, which operates the M-root server. Among other things, he discussed the critical issue of the readiness of the root server system to provide IPv6 support. He discussed some of the details of different strategies and funding mechanisms of Anycast by the root servers that propagate them. He described the features of the M-root and its future plans, and showed in some detail charts of the traffic encountered by the M-root, both from IPv4 and IPv6. He noted that all root servers are now being made ready to support DNSSEC, and discussed the issues that are still open and contentious with respect to its ultimate deployment at the root level.
Paul Wilson discussed the development of root server hosting capability in Asia, and focused on, inter alia, the APNIC's role as provider of training, consultation and expert services for countries in the region. During the past few years, adoption of the Anycast protocol has allowed a proliferation of root servers in many areas of the world where Internet traffic is growing rapidly. Since the number of Anycast servers has no practical limit, adoption of the protocol by organizations willing to run such servers provides the possibility of a proliferation of root servers where they are needed to satisfy local demand. Further benefits of having additional root servers are that DNS services become more robust and user response time can decrease substantially. These benefits accrue mostly in developing countries, where external capacity may be limited and latencies may be significant.
Finally, Steve Crocker talked about the two major dimensions of evolution of the root server system, namely IDNs (Internationalized Domain Names); and DNSSEC. First, IDNs are probably the most important addition to the DNS since its inception, since the majority of potential users of the Internet who are not there yet use languages not based upon the Latin alphabet. Both the IETF and ICANN have done a lot of work to devise a method that would allow IDNs to map into the existing domain name system, and there are now initial implementations in a testing phase. Second, recent attacks upon the DNS have reinforced the need for additional protection for the identity of root servers, as well as for secondary and other servers in the domain name system. DNSSEC provides a method of protecting server identities by using cryptographic methods to sign the servers, providing certain recognition of authentic servers at any level. DNSSEC is now in the initial stages of deployment, so that it is important for both the user community and the ISPs and other technical personnel to understand what it is, how and when it is likely deployed, and what the remaining issues are with its deployment.
Although the workshop was not as well attended as its predecessor in Rio de Janeiro, participants were attentive and questions were to the point.