> But I said "direct themselves to any DNS server," not "direct themselves to
> any root server." Aren't we agreeing that any intermediary can set up a
> DNS resolver, which in turn gets its info from any root server it chooses,
> and then consumers can point to whatever intermediaries they please. And
> Richard Sexton has written an app to make it as easy as a click for
> consumers to choose.
Yes, it is easy for most end-users to repoint his/her individual computer
to use any intermediary server/resolver that one choses (absent firewall
considerations that force one to use a particular intermediary inside the
firewall.)
Some "operating systems" tend to require a reboot to do this unless one
uses some non-OS-vendor software to do the switch.
Thus, as you say, for me as an individual to use a particular DNS resolver
(and hence by indirect reference) a particular root server system, I would
need to re-aim my personal computer to an intermediary server that, in
turn, uses the root system I want to use.
Most people who use ISP services or who live in organizations have this
information configured for them, so, they could be re-aimed en-masse by
the ISP or organization should that ISP or organization chose to use a new
root system.
But suppose I were a member of a community of some sort (a church for
example), I could easily set up such an intermediary DNS server and send
to my members by e-mail or otherwise the steps to switch to that
intermediary.
This may not be best in terms of the network traffic matrix, but there are
always some prices that we pay for flexibility.
> So what's stopping market forces, as you say, from creating the nicely
> nested (but still not completely overlapping) competitive set of DNS
> services? I'd imagine only the market itself so far--which has been known
> to miss good opportunities in the space, to be sure. ...JZ
There's a couple of reasons why multiple root systems have not really
happened in any big way, yet.
(I might note that I have heard that some of the larger providers and
corporations do actually run their own root systems, but that they are
exact mimics of the "legacy" root system and are there to prevent
reflecting NSI-derived problems onto their customer/employee base.)
Here's my list of reasons:
- The current root system has worked reasonably well so far.
(Although if one looks at the talk on NANOG today, there are a
lot of reports of NSI foul-ups, but those are in the TLDs, not
the root zone.) So theres a strong, but diminishing, feeling of
"if it ain't broke, don't fix it"
- There has been a technical and personal prejudice against
multiple roots. Those who have suggested it have been belittled
by some.
- There is a fear of network instability. There is technical
basis for these fears. (Although in my mind people ought to be
more afraid of our Internet routing systems creating unreachable
areas as peering/transit arrangements get more complicated.)
The issue is how much fear is reasonable fear. To me, this is
where the main part of the dissussion needs to happen.
- There is a concern (in my mind at least) of the potential of ISC
changing the BIND [the most common form of DNS server] license or code
to restrict the creation of multiple root systems.
- Few have yet thought of using a root system as an entrapreneural
vehicle.
- There have been many eminations from NTIA and ICANN through the
last couple of years that there is and shall be but one and only
one "authoritative" root system. By implication, all other root
systems would not be "authoritative", an untrue statement.
In other words, most of the hesitation has been mental/attitudinal rather
than technical.
--karl--
