On Mar 7 2010, George Barwood wrote:
The dependency on .net for the root name servers seems strange to me.
Intuitively, I should not have to trust .net to get a validated set
of root name servers.
The names of the root name servers are somewhat arbitrary, and since
they are very integral to the root zone, it would seem more straight-
<forward to not put them into a public registry TLD, but rather to use
a special TLD ( e.g. "root-servers" or possibly a sub-domain of ARPA ).
I don't see any reason to use a sub-zone, the records may as well go
in the root I think ( allows a secure resolver to start up slightly
faster ).
I have a lot of sympathy with that PoV.
It's notable that draft-jabley-reverse-servers intends to put
nameservers for the "arpa" sub-domains in matching sub-domains
of "arpa" (but still seems to mandate more zone cuts than seem
advisable to me).
I note that .se does sign it's name servers.
And indeed ns.se is in the se zone (no zone cut). But the consequence
is that a DO=1 "priming" query for "se" returns 2706 bytes while one for
"." from the (DURZ-signed) root servers returns only 801 bytes.
--
Chris Thompson University of Cambridge Computing Service,
Email: [email protected] New Museums Site, Cambridge CB2 3QH,
Phone: +44 1223 334715 United Kingdom.
_______________________________________________
DNSOP mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dnsop
