[At-Large] Review of the DNS Root Server Advisory Committee

Karl Auerbach karl at cavebear.com
Wed Feb 25 05:26:28 EST 2009 

There is much history here - the root server operators, or rather the 
operators of the primary system of root servers (there are other systems 
of root servers) have never pledged allegiance to ICANN.  Rather they 
run their systems as their own systems, set their own rules, adopt their 
own procedures.

In a way this has been good because those folks who are doing this have 
done a spectacular job.

Indeed they once acted in a way that pretty much saved the net when 
ICANN was (and perhaps still is) trapped in stasis:  Once upon a time 
there but 12 (or 13) actual root servers.   Their geographic 
distribution was causing political consternation and they were being 
overloaded.  And they were a very obvious point of attack on the net.

There is a routing technology called Anycast.  While I was at Cisco 
several of us talked about Anycast for DNS servers - and about actual 
deployments showing proof-of-concept at lower levels of the DNS 
hierarchy.  We (at Cisco) just talked, but we did mention the idea to 
ICANN, perhaps not formally.  ICANN didn't even respond.

But a couple of root server operators - most notably the F server folks 
at ISC - picked up their tools and started deploying anycast servers. 
Today they have a constellation of well over 100 clones of the F root, 
all working very well.

We owe these root server folks a great debt of gratitude.

But on the other hand, there needs to be some formality of obligation. 
There needs to be some constraint that keeps the root server operators 
from giving into financial pressures and doing bad things.

I wrote up a note on this several years ago - 
http://www.cavebear.com/cbblog-archives/000192.html - The interesting 
part for this discussion is down a couple of screens, starting with the 
line "And finally - what should be the terms in those agreements?"

I refined that list of obligations a bit further in a note I wrote about 
what I thought should be ICANN's application form for a new TLD - 
http://www.cavebear.com/cbblog-archives/000324.html

There is an agreement now between ICANN and ISC for the F root server. 
But is is very much a contract that says "don't tread on me" rather than 
one that defines obligatory service levels and imposes constraints 
against using the advantages of the root server position for 
discriminatory actions or as a vehicle to make piles of money.

		--karl--

More information about the At-Large mailing list