SlideShare a Scribd company logo

Revisiting the Root

โ€ข
โ€ข
APNIC
APNIC

Presentation by David Huberman at APRICOT 2019 on Tuesday, 26 February 2019.

Internet
1 of 38
| 1 Revisiting the Root David Huberman ICANNโ€™s Office of the CTO
| 2 Overview ยค The Root Server System at a Glance ยค Security Threats to the Root Server System ยค Evolution: Possible Steps Forward
| 3| 3 The Root Server System at a Glance
| 4| 4 1983DNS defined
| 5| 5 1984First root server established at University of Southern Californiaโ€™s Information Sciences Institute (USC ISI)
| 6 1985Four root servers: two on each U.S. coast
| 7 1987Seven root servers: SRI โ€“ ISI โ€“ RPI โ€“ U. of Maryland โ€“ U.S. Air Force โ€“ NASA โ€“ U.S. Army
| 8 1991NORDU.NET replaces U.S. Air Force
| 9 1993Nine root servers: InterNIC and ISC are added
| 10 1995Labels changed to [X].ROOT-SERVERS.NET to allow more root servers in a 512-byte priming response
| 11 199713 Root Servers
| 12 The Root Server System Today ยค 13 labels: A through M ยค 26 IP addresses (13 IPv4, 13 IPv6) ยค Operated by 12 Root Server Operators ยค Assigned to 900+ instances thanks to โ€œanycastโ€ routing ยค On 1 December 2018 there were 77.7 billion queries received by the root zone servers (*excludes G-root)
| 13
| 14| 14 Root Server Operators A: Verisign B: USC ISI C: Cogent D: University of Maryland E: NASA - AMES F: ISC G: U.S. DoD H: U.S. Army Research Lab I: Netnod J: Verisign K: RIPE NCC L: ICANN M: WIDE
| 15| 15 Root Server Operators A: Verisign B: USC ISI C: Cogent D: University of Maryland E: NASA - AMES F: ISC G: U.S. DoD H: U.S. Army Research Lab I: Netnod J: Verisign K: RIPE NCC L: ICANN M: WIDE
| 16| 16 We have had no process to add or replace root server operators since Jon Postel died in 1998
| 17 A Path Forward ยค RSSAC Advisory 037: โ€œA Proposed Governance Model for the DNS Root Server Systemโ€
| 18 RSSAC 037: A Proposed Governance Model for the DNS Root Server System 1. Secretariat Function (SF) 2. Strategy, Architecture, and Policy Function (SAPF) 3. Designation and Removal Function (DRF) 4. Performance Monitoring and Measurement Function (PMMF) 5. Financial Function (FF)
| 19 Designation and Removal Function (DRF) ยค Establishes whenever there is a need for a new Root Server Operator (RSO). ยค Only when there is a need, obtain applications from organizations willing to be designated as RSOs. ยค RSO candidates are evaluated by PMMF. ยค Recommending the designation of an RSO from a pool of candidates based on the evaluations. ยค Handling removal cases where an RSO should no longer operate the root service. ยค Participating in accountability efforts by evaluating existing operators for compliance with policies and metrics. ยค The DRF will use information that the PMMF provides to recommend whether to remove or replace any existing RSOs.
| 20 Making RSSAC037 a Reality ยค Needs community approval that the model makes sense ยค Needs an implementation plan. ยค The implementation plans need input and support of key stakeholders (IAB/IETF, ICANN community, RSOs, ...). ยค Realistically looking at 2020 or 2021 before ICANN can execute on RSSAC037.
| 21| 21 Security Threats to the Root Server System
| 22 DDoS Attacks The root server system is currently vulnerable to a large-scale DDoS from a widely distributed set of sources. State of the Art should allow for larger and more tailored attacks.
| 23 IoT: It is Going to Get Worse Billions of devices offering substantial bandwidth. Poor security practices among IoT vendors, service providers, and end users. Challenges to upgrading devices.
| 24 Routing Attacks The Internet routing system is currently insecure. BCP38: filtering/cleaning impacts router performance. Nothing special about root server prefixes.
| 25 Economic Threats RSOs are unpaid volunteers. Whatโ€™s the ROI? Traditional DDoS Solution is to throw money at the problem.
| 26 The rate at which DDoS capacity is increasing is outpacing the ability of RSOs to expand headroom
| 27 DNS Software Ecosystem Root servers typically run on commodity (open source) software. Long-term viability and vitality of this software is dependent on community involvement, donations, and feature requests.
| 28 Politics DNS root has long been politically charged. Some governments, IGOs, and NGOs see the DNS root as a point of control. Ongoing Internet governance discussions frequently involve questions about โ€œHow do I get a root server?โ€
| 29| 29 Evolution: Possible Steps Forward
| 30 โ€œMoney can solve this!โ€ Who is paying? For DDoS, an unwinnable race. Mitigating Threats: Money
| 31 โ€œProtocols can solve this!โ€ Getting people to turn on DNSSEC is difficult. Getting people to participate in RPKI is even more difficult. Mitigating Threats: Protocols
| 32 Mitigating Threats: Bring the Root to your LAN HYPERLOCAL
| 33 What is Hyperlocal? RFC 7706bis: Decreasing Access Times to Root Servers by Running One on the Same Server. โ€œSome DNS recursive resolvers have longer-than-desired round-trip times to the closest DNS root server. Some DNS recursive resolver operators want to prevent snooping of requests sent to DNS root servers by third parties. Such resolvers can greatly decrease the round-trip time and prevent observation of requests by running a copy of the full root zone โ€ โ€ฆ on the same server
| 34 Hyperlocal Root Service Mirror the root zone into/near local resolver (7706bis). DNSSEC = source of root zone data does not matter. When local resolver has root information, no way for a query for root information to be misrouted. Much harder to snoop on.
| 35 Some Challenges Deploying hyperlocal requires some DNS expertise. Whence root data?
| 36| 36 Summary
| 37 ยค Itโ€™s probably time to evolve from 1997. ยค A new governance model for root service. ยค Hyperlocal. ยค DNSSEC and RPKI are really important.
| 38 Visit us at icann.org Thank You

Recommended

5 mngmt idd130115jd
5 mngmt idd130115jd5 mngmt idd130115jd
5 mngmt idd130115jd
ARCFIRE ICT
ย 
ION Hangzhou - Why Deploy DNSSEC?
ION Hangzhou - Why Deploy DNSSEC?ION Hangzhou - Why Deploy DNSSEC?
ION Hangzhou - Why Deploy DNSSEC?
Deploy360 Programme (Internet Society)
ย 
Understanding and Deploying DNSSEC, by Champika Wijayatunga [APRICOT 2015]
Understanding and Deploying DNSSEC, by Champika Wijayatunga [APRICOT 2015]Understanding and Deploying DNSSEC, by Champika Wijayatunga [APRICOT 2015]
Understanding and Deploying DNSSEC, by Champika Wijayatunga [APRICOT 2015]
APNIC
ย 
8 technical-dns-workshop-day4
8 technical-dns-workshop-day48 technical-dns-workshop-day4
8 technical-dns-workshop-day4
DNS Entrepreneurship Center
ย 
Making domain name and IP address policy at ICANN
Making domain name and IP address policy at ICANNMaking domain name and IP address policy at ICANN
Making domain name and IP address policy at ICANN
Stephane Van Gelder
ย 
Bringing the Cloud Back to Earth
Bringing the Cloud Back to EarthBringing the Cloud Back to Earth
Bringing the Cloud Back to Earth
Sri Chalasani
ย 
Cyclone DDS Unleashed: ROS & Cyclone DDS.pdf
Cyclone DDS Unleashed: ROS & Cyclone DDS.pdfCyclone DDS Unleashed: ROS & Cyclone DDS.pdf
Cyclone DDS Unleashed: ROS & Cyclone DDS.pdf
ZettaScaleTechnology
ย 
Internet Resource Management Tutorial at SANOG 24
Internet Resource Management Tutorial at SANOG 24Internet Resource Management Tutorial at SANOG 24
Internet Resource Management Tutorial at SANOG 24
APNIC
ย 

Recommended

5 mngmt idd130115jd
5 mngmt idd130115jd5 mngmt idd130115jd
5 mngmt idd130115jd
ARCFIRE ICT
ย 
ION Hangzhou - Why Deploy DNSSEC?
ION Hangzhou - Why Deploy DNSSEC?ION Hangzhou - Why Deploy DNSSEC?
ION Hangzhou - Why Deploy DNSSEC?
Deploy360 Programme (Internet Society)
ย 
Understanding and Deploying DNSSEC, by Champika Wijayatunga [APRICOT 2015]
Understanding and Deploying DNSSEC, by Champika Wijayatunga [APRICOT 2015]Understanding and Deploying DNSSEC, by Champika Wijayatunga [APRICOT 2015]
Understanding and Deploying DNSSEC, by Champika Wijayatunga [APRICOT 2015]
APNIC
ย 
8 technical-dns-workshop-day4
8 technical-dns-workshop-day48 technical-dns-workshop-day4
8 technical-dns-workshop-day4
DNS Entrepreneurship Center
ย 
Making domain name and IP address policy at ICANN
Making domain name and IP address policy at ICANNMaking domain name and IP address policy at ICANN
Making domain name and IP address policy at ICANN
Stephane Van Gelder
ย 
Bringing the Cloud Back to Earth
Bringing the Cloud Back to EarthBringing the Cloud Back to Earth
Bringing the Cloud Back to Earth
Sri Chalasani
ย 
Cyclone DDS Unleashed: ROS & Cyclone DDS.pdf
Cyclone DDS Unleashed: ROS & Cyclone DDS.pdfCyclone DDS Unleashed: ROS & Cyclone DDS.pdf
Cyclone DDS Unleashed: ROS & Cyclone DDS.pdf
ZettaScaleTechnology
ย 
Internet Resource Management Tutorial at SANOG 24
Internet Resource Management Tutorial at SANOG 24Internet Resource Management Tutorial at SANOG 24
Internet Resource Management Tutorial at SANOG 24
APNIC
ย 
ICANN Update
ICANN UpdateICANN Update
ICANN Update
APNIC
ย 
IPv6 Adoption by ASEAN Government Agencies
IPv6 Adoption by ASEAN Government AgenciesIPv6 Adoption by ASEAN Government Agencies
IPv6 Adoption by ASEAN Government Agencies
APNIC
ย 
Cisco Connect Halifax 2018 Application insight and zero trust policies with...
Cisco Connect Halifax 2018 Application insight and zero trust policies with...Cisco Connect Halifax 2018 Application insight and zero trust policies with...
Cisco Connect Halifax 2018 Application insight and zero trust policies with...
Cisco Canada
ย 
Improving routing security through concerted action
Improving routing security through concerted actionImproving routing security through concerted action
Improving routing security through concerted action
CSUC - Consorci de Serveis Universitaris de Catalunya
ย 
The World is Flat
The World is FlatThe World is Flat
The World is Flat
Dheeraj Pandey
ย 
ARM 7: ICANN - Security, stability and resilience of the Internet
ARM 7: ICANN - Security, stability and resilience of the InternetARM 7: ICANN - Security, stability and resilience of the Internet
ARM 7: ICANN - Security, stability and resilience of the Internet
APNIC
ย 
PLNOG15 :Scale and Secure the Internet of Things with Intelligent DNS Services
PLNOG15 :Scale and Secure the Internet of Things with Intelligent DNS ServicesPLNOG15 :Scale and Secure the Internet of Things with Intelligent DNS Services
PLNOG15 :Scale and Secure the Internet of Things with Intelligent DNS Services
PROIDEA
ย 
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf Ali
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf AliPLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf Ali
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf Ali
PROIDEA
ย 
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf Ali
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf AliPLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf Ali
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf Ali
Marta Pacyga
ย 
IEEE HPSR 2017 Keynote: Softwarized Dataplanes and the P^3 trade-offs: Progra...
IEEE HPSR 2017 Keynote: Softwarized Dataplanes and the P^3 trade-offs: Progra...IEEE HPSR 2017 Keynote: Softwarized Dataplanes and the P^3 trade-offs: Progra...
IEEE HPSR 2017 Keynote: Softwarized Dataplanes and the P^3 trade-offs: Progra...
Christian Esteve Rothenberg
ย 
ccTLD Infrastructure & IDN Operation
ccTLD Infrastructure & IDN OperationccTLD Infrastructure & IDN Operation
ccTLD Infrastructure & IDN Operation
Bangladesh Network Operators Group
ย 
NetFlow Best Practices - Tips and Tricks to Get the Most Out of Your Network ...
NetFlow Best Practices - Tips and Tricks to Get the Most Out of Your Network ...NetFlow Best Practices - Tips and Tricks to Get the Most Out of Your Network ...
NetFlow Best Practices - Tips and Tricks to Get the Most Out of Your Network ...
SolarWinds
ย 
NetFlow Best Practices - Tips and Tricks to Get the Most Out of Your Network ...
NetFlow Best Practices - Tips and Tricks to Get the Most Out of Your Network ...NetFlow Best Practices - Tips and Tricks to Get the Most Out of Your Network ...
NetFlow Best Practices - Tips and Tricks to Get the Most Out of Your Network ...
SolarWinds
ย 
Redis for Fast Data Ingest
Redis for Fast Data IngestRedis for Fast Data Ingest
Redis for Fast Data Ingest
Redis Labs
ย 
Mris network architecture proposal r1
Mris network architecture proposal r1Mris network architecture proposal r1
Mris network architecture proposal r1
Craig Burma
ย 
Jeff Simpson - Cyber Maneuver Warfare and Active Cyber Defense - from ICCWS 16
Jeff Simpson - Cyber Maneuver Warfare and Active Cyber Defense - from ICCWS 16 Jeff Simpson - Cyber Maneuver Warfare and Active Cyber Defense - from ICCWS 16
Jeff Simpson - Cyber Maneuver Warfare and Active Cyber Defense - from ICCWS 16
Jeff Simpson
ย 
ICANN Engagement Update
ICANN Engagement UpdateICANN Engagement Update
ICANN Engagement Update
Bangladesh Network Operators Group
ย 
Cloud computing overview
Cloud computing overviewCloud computing overview
Cloud computing overview
Dimitar Georgiev
ย 
SDN and NFV Paving the Way for Network Monetization with Value-Added Services
SDN and NFV Paving the Way for Network Monetization with Value-Added ServicesSDN and NFV Paving the Way for Network Monetization with Value-Added Services
SDN and NFV Paving the Way for Network Monetization with Value-Added Services
Radisys Corporation
ย 
DNS Measurements
DNS MeasurementsDNS Measurements
DNS Measurements
AFRINIC
ย 
APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...
APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...
APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...
APNIC
ย 
APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53
APNIC
ย 

More Related Content

Similar to Revisiting the Root

IEEE HPSR 2017 Keynote: Softwarized Dataplanes and the P^3 trade-offs: Progra...
IEEE HPSR 2017 Keynote: Softwarized Dataplanes and the P^3 trade-offs: Progra...IEEE HPSR 2017 Keynote: Softwarized Dataplanes and the P^3 trade-offs: Progra...
IEEE HPSR 2017 Keynote: Softwarized Dataplanes and the P^3 trade-offs: Progra...
Christian Esteve Rothenberg
ย 

Similar to Revisiting the Root (20)

ICANN Update
ICANN UpdateICANN Update
ICANN Update
ย 
IPv6 Adoption by ASEAN Government Agencies
IPv6 Adoption by ASEAN Government AgenciesIPv6 Adoption by ASEAN Government Agencies
IPv6 Adoption by ASEAN Government Agencies
ย 
Cisco Connect Halifax 2018 Application insight and zero trust policies with...
Cisco Connect Halifax 2018 Application insight and zero trust policies with...Cisco Connect Halifax 2018 Application insight and zero trust policies with...
Cisco Connect Halifax 2018 Application insight and zero trust policies with...
ย 
Improving routing security through concerted action
Improving routing security through concerted actionImproving routing security through concerted action
Improving routing security through concerted action
ย 
The World is Flat
The World is FlatThe World is Flat
The World is Flat
ย 
ARM 7: ICANN - Security, stability and resilience of the Internet
ARM 7: ICANN - Security, stability and resilience of the InternetARM 7: ICANN - Security, stability and resilience of the Internet
ARM 7: ICANN - Security, stability and resilience of the Internet
ย 
PLNOG15 :Scale and Secure the Internet of Things with Intelligent DNS Services
PLNOG15 :Scale and Secure the Internet of Things with Intelligent DNS ServicesPLNOG15 :Scale and Secure the Internet of Things with Intelligent DNS Services
PLNOG15 :Scale and Secure the Internet of Things with Intelligent DNS Services
ย 
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf Ali
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf AliPLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf Ali
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf Ali
ย 
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf Ali
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf AliPLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf Ali
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf Ali
ย 
IEEE HPSR 2017 Keynote: Softwarized Dataplanes and the P^3 trade-offs: Progra...
IEEE HPSR 2017 Keynote: Softwarized Dataplanes and the P^3 trade-offs: Progra...IEEE HPSR 2017 Keynote: Softwarized Dataplanes and the P^3 trade-offs: Progra...
IEEE HPSR 2017 Keynote: Softwarized Dataplanes and the P^3 trade-offs: Progra...
ย 
ccTLD Infrastructure & IDN Operation
ccTLD Infrastructure & IDN OperationccTLD Infrastructure & IDN Operation
ccTLD Infrastructure & IDN Operation
ย 
NetFlow Best Practices - Tips and Tricks to Get the Most Out of Your Network ...
NetFlow Best Practices - Tips and Tricks to Get the Most Out of Your Network ...NetFlow Best Practices - Tips and Tricks to Get the Most Out of Your Network ...
NetFlow Best Practices - Tips and Tricks to Get the Most Out of Your Network ...
ย 
NetFlow Best Practices - Tips and Tricks to Get the Most Out of Your Network ...
NetFlow Best Practices - Tips and Tricks to Get the Most Out of Your Network ...NetFlow Best Practices - Tips and Tricks to Get the Most Out of Your Network ...
NetFlow Best Practices - Tips and Tricks to Get the Most Out of Your Network ...
ย 
Redis for Fast Data Ingest
Redis for Fast Data IngestRedis for Fast Data Ingest
Redis for Fast Data Ingest
ย 
Mris network architecture proposal r1
Mris network architecture proposal r1Mris network architecture proposal r1
Mris network architecture proposal r1
ย 
Jeff Simpson - Cyber Maneuver Warfare and Active Cyber Defense - from ICCWS 16
Jeff Simpson - Cyber Maneuver Warfare and Active Cyber Defense - from ICCWS 16 Jeff Simpson - Cyber Maneuver Warfare and Active Cyber Defense - from ICCWS 16
Jeff Simpson - Cyber Maneuver Warfare and Active Cyber Defense - from ICCWS 16
ย 
ICANN Engagement Update
ICANN Engagement UpdateICANN Engagement Update
ICANN Engagement Update
ย 
Cloud computing overview
Cloud computing overviewCloud computing overview
Cloud computing overview
ย 
SDN and NFV Paving the Way for Network Monetization with Value-Added Services
SDN and NFV Paving the Way for Network Monetization with Value-Added ServicesSDN and NFV Paving the Way for Network Monetization with Value-Added Services
SDN and NFV Paving the Way for Network Monetization with Value-Added Services
ย 
DNS Measurements
DNS MeasurementsDNS Measurements
DNS Measurements
ย 

More from APNIC

More from APNIC (20)

APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...
APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...
APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...
ย 
APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53
ย 
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
ย 
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
ย 
On Starlink, presented by Geoff Huston at NZNOG 2024
On Starlink, presented by Geoff Huston at NZNOG 2024On Starlink, presented by Geoff Huston at NZNOG 2024
On Starlink, presented by Geoff Huston at NZNOG 2024
ย 
Networking in the Penumbra presented by Geoff Huston at NZNOG
Networking in the Penumbra presented by Geoff Huston at NZNOGNetworking in the Penumbra presented by Geoff Huston at NZNOG
Networking in the Penumbra presented by Geoff Huston at NZNOG
ย 
IP addressing and IPv6, presented by Paul Wilson at IETF 119
IP addressing and IPv6, presented by Paul Wilson at IETF 119IP addressing and IPv6, presented by Paul Wilson at IETF 119
IP addressing and IPv6, presented by Paul Wilson at IETF 119
ย 
draft-harrison-sidrops-manifest-number-01, presented at IETF 119
draft-harrison-sidrops-manifest-number-01, presented at IETF 119draft-harrison-sidrops-manifest-number-01, presented at IETF 119
draft-harrison-sidrops-manifest-number-01, presented at IETF 119
ย 
Making an RFC in Today's IETF, presented by Geoff Huston at IETF 119
Making an RFC in Today's IETF, presented by Geoff Huston at IETF 119Making an RFC in Today's IETF, presented by Geoff Huston at IETF 119
Making an RFC in Today's IETF, presented by Geoff Huston at IETF 119
ย 
IPv6 Operational Issues (with DNS), presented by Geoff Huston at IETF 119
IPv6 Operational Issues (with DNS), presented by Geoff Huston at IETF 119IPv6 Operational Issues (with DNS), presented by Geoff Huston at IETF 119
IPv6 Operational Issues (with DNS), presented by Geoff Huston at IETF 119
ย 
Is DNS ready for IPv6, presented by Geoff Huston at IETF 119
Is DNS ready for IPv6, presented by Geoff Huston at IETF 119Is DNS ready for IPv6, presented by Geoff Huston at IETF 119
Is DNS ready for IPv6, presented by Geoff Huston at IETF 119
ย 
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...Benefits of doing Internet peering and running an Internet Exchange (IX) pres...
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...
ย 
APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85
APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85
APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85
ย 
NANOG 90: 'BGP in 2023' presented by Geoff Huston
NANOG 90: 'BGP in 2023' presented by Geoff HustonNANOG 90: 'BGP in 2023' presented by Geoff Huston
NANOG 90: 'BGP in 2023' presented by Geoff Huston
ย 
DNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff Huston
DNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff HustonDNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff Huston
DNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff Huston
ย 
APAN 57: APNIC Report at APAN 57, Bangkok, Thailand
APAN 57: APNIC Report at APAN 57, Bangkok, ThailandAPAN 57: APNIC Report at APAN 57, Bangkok, Thailand
APAN 57: APNIC Report at APAN 57, Bangkok, Thailand
ย 
Lao Digital Week 2024: It's time to deploy IPv6
Lao Digital Week 2024: It's time to deploy IPv6Lao Digital Week 2024: It's time to deploy IPv6
Lao Digital Week 2024: It's time to deploy IPv6
ย 
AINTEC 2023: Networking in the Penumbra!
AINTEC 2023: Networking in the Penumbra!AINTEC 2023: Networking in the Penumbra!
AINTEC 2023: Networking in the Penumbra!
ย 
CNIRC 2023: Global and Regional IPv6 Deployment 2023
CNIRC 2023: Global and Regional IPv6 Deployment 2023CNIRC 2023: Global and Regional IPv6 Deployment 2023
CNIRC 2023: Global and Regional IPv6 Deployment 2023
ย 
AFSIG 2023: APNIC Foundation and support for Internet development
AFSIG 2023: APNIC Foundation and support for Internet developmentAFSIG 2023: APNIC Foundation and support for Internet development
AFSIG 2023: APNIC Foundation and support for Internet development
ย 

Recently uploaded

Call Girls in Prashant Vihar, Delhi ๐Ÿ’ฏ Call Us ๐Ÿ”9953056974 ๐Ÿ” Escort Service
Call Girls in Prashant Vihar, Delhi ๐Ÿ’ฏ Call Us ๐Ÿ”9953056974 ๐Ÿ” Escort ServiceCall Girls in Prashant Vihar, Delhi ๐Ÿ’ฏ Call Us ๐Ÿ”9953056974 ๐Ÿ” Escort Service
Call Girls in Prashant Vihar, Delhi ๐Ÿ’ฏ Call Us ๐Ÿ”9953056974 ๐Ÿ” Escort Service
9953056974 Low Rate Call Girls In Saket, Delhi NCR
ย 
Dubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls Dubai
Dubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls DubaiDubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls Dubai
Dubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls Dubai
kojalkojal131
ย 
VIP Call Girls Himatnagar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Himatnagar 7001035870 Whatsapp Number, 24/07 BookingVIP Call Girls Himatnagar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Himatnagar 7001035870 Whatsapp Number, 24/07 Booking
dharasingh5698
ย 
6.High Profile Call Girls In Punjab +919053900678 Punjab Call GirlHigh Profil...
6.High Profile Call Girls In Punjab +919053900678 Punjab Call GirlHigh Profil...6.High Profile Call Girls In Punjab +919053900678 Punjab Call GirlHigh Profil...
6.High Profile Call Girls In Punjab +919053900678 Punjab Call GirlHigh Profil...
@Chandigarh #call #Girls 9053900678 @Call #Girls in @Punjab 9053900678
ย 
Wadgaon Sheri $ Call Girls Pune 10k @ I'm VIP Independent Escorts Girls 80057...
Wadgaon Sheri $ Call Girls Pune 10k @ I'm VIP Independent Escorts Girls 80057...Wadgaon Sheri $ Call Girls Pune 10k @ I'm VIP Independent Escorts Girls 80057...
Wadgaon Sheri $ Call Girls Pune 10k @ I'm VIP Independent Escorts Girls 80057...
SUHANI PANDEY
ย 
( Pune ) VIP Baner Call Girls ๐ŸŽ—๏ธ 9352988975 Sizzling | Escorts | Girls Are Re...
( Pune ) VIP Baner Call Girls ๐ŸŽ—๏ธ 9352988975 Sizzling | Escorts | Girls Are Re...( Pune ) VIP Baner Call Girls ๐ŸŽ—๏ธ 9352988975 Sizzling | Escorts | Girls Are Re...
( Pune ) VIP Baner Call Girls ๐ŸŽ—๏ธ 9352988975 Sizzling | Escorts | Girls Are Re...
nilamkumrai
ย 
๐Ÿ’š๐Ÿ˜‹ Salem Escort Service Call Girls, 9352852248 โ‚น5000 To 25K With AC๐Ÿ’š๐Ÿ˜‹
๐Ÿ’š๐Ÿ˜‹ Salem Escort Service Call Girls, 9352852248 โ‚น5000 To 25K With AC๐Ÿ’š๐Ÿ˜‹๐Ÿ’š๐Ÿ˜‹ Salem Escort Service Call Girls, 9352852248 โ‚น5000 To 25K With AC๐Ÿ’š๐Ÿ˜‹
๐Ÿ’š๐Ÿ˜‹ Salem Escort Service Call Girls, 9352852248 โ‚น5000 To 25K With AC๐Ÿ’š๐Ÿ˜‹
nirzagarg
ย 
VVIP Pune Call Girls Sinhagad WhatSapp Number 8005736733 With Elite Staff And...
VVIP Pune Call Girls Sinhagad WhatSapp Number 8005736733 With Elite Staff And...VVIP Pune Call Girls Sinhagad WhatSapp Number 8005736733 With Elite Staff And...
VVIP Pune Call Girls Sinhagad WhatSapp Number 8005736733 With Elite Staff And...
SUHANI PANDEY
ย 
Sarola * Female Escorts Service in Pune | 8005736733 Independent Escorts & Da...
Sarola * Female Escorts Service in Pune | 8005736733 Independent Escorts & Da...Sarola * Female Escorts Service in Pune | 8005736733 Independent Escorts & Da...
Sarola * Female Escorts Service in Pune | 8005736733 Independent Escorts & Da...
SUHANI PANDEY
ย 
๐Ÿ“ฑDehradun Call Girls Service ๐Ÿ“ฑโ˜Ž๏ธ +91'905,3900,678 โ˜Ž๏ธ๐Ÿ“ฑ Call Girls In Dehradun ๐Ÿ“ฑ
๐Ÿ“ฑDehradun Call Girls Service ๐Ÿ“ฑโ˜Ž๏ธ +91'905,3900,678 โ˜Ž๏ธ๐Ÿ“ฑ Call Girls In Dehradun ๐Ÿ“ฑ๐Ÿ“ฑDehradun Call Girls Service ๐Ÿ“ฑโ˜Ž๏ธ +91'905,3900,678 โ˜Ž๏ธ๐Ÿ“ฑ Call Girls In Dehradun ๐Ÿ“ฑ
๐Ÿ“ฑDehradun Call Girls Service ๐Ÿ“ฑโ˜Ž๏ธ +91'905,3900,678 โ˜Ž๏ธ๐Ÿ“ฑ Call Girls In Dehradun ๐Ÿ“ฑ
@Chandigarh #call #Girls 9053900678 @Call #Girls in @Punjab 9053900678
ย 
Russian Call Girls Pune (Adult Only) 8005736733 Escort Service 24x7 Cash Pay...
Russian Call Girls Pune (Adult Only) 8005736733 Escort Service 24x7 Cash Pay...Russian Call Girls Pune (Adult Only) 8005736733 Escort Service 24x7 Cash Pay...
Russian Call Girls Pune (Adult Only) 8005736733 Escort Service 24x7 Cash Pay...
SUHANI PANDEY
ย 
valsad Escorts Service โ˜Ž๏ธ 6378878445 ( Sakshi Sinha ) High Profile Call Girls...
valsad Escorts Service โ˜Ž๏ธ 6378878445 ( Sakshi Sinha ) High Profile Call Girls...valsad Escorts Service โ˜Ž๏ธ 6378878445 ( Sakshi Sinha ) High Profile Call Girls...
valsad Escorts Service โ˜Ž๏ธ 6378878445 ( Sakshi Sinha ) High Profile Call Girls...
Call Girls In Delhi Whatsup 9873940964 Enjoy Unlimited Pleasure
ย 
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
EleniIlkou
ย 
Katraj ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...
Katraj ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...Katraj ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...
Katraj ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...
tanu pandey
ย 
Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...
Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...
Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...
tanu pandey
ย 

Recently uploaded (20)

Call Girls in Prashant Vihar, Delhi ๐Ÿ’ฏ Call Us ๐Ÿ”9953056974 ๐Ÿ” Escort Service
Call Girls in Prashant Vihar, Delhi ๐Ÿ’ฏ Call Us ๐Ÿ”9953056974 ๐Ÿ” Escort ServiceCall Girls in Prashant Vihar, Delhi ๐Ÿ’ฏ Call Us ๐Ÿ”9953056974 ๐Ÿ” Escort Service
Call Girls in Prashant Vihar, Delhi ๐Ÿ’ฏ Call Us ๐Ÿ”9953056974 ๐Ÿ” Escort Service
ย 
Dubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls Dubai
Dubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls DubaiDubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls Dubai
Dubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls Dubai
ย 
VIP Call Girls Himatnagar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Himatnagar 7001035870 Whatsapp Number, 24/07 BookingVIP Call Girls Himatnagar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Himatnagar 7001035870 Whatsapp Number, 24/07 Booking
ย 
6.High Profile Call Girls In Punjab +919053900678 Punjab Call GirlHigh Profil...
6.High Profile Call Girls In Punjab +919053900678 Punjab Call GirlHigh Profil...6.High Profile Call Girls In Punjab +919053900678 Punjab Call GirlHigh Profil...
6.High Profile Call Girls In Punjab +919053900678 Punjab Call GirlHigh Profil...
ย 
Wadgaon Sheri $ Call Girls Pune 10k @ I'm VIP Independent Escorts Girls 80057...
Wadgaon Sheri $ Call Girls Pune 10k @ I'm VIP Independent Escorts Girls 80057...Wadgaon Sheri $ Call Girls Pune 10k @ I'm VIP Independent Escorts Girls 80057...
Wadgaon Sheri $ Call Girls Pune 10k @ I'm VIP Independent Escorts Girls 80057...
ย 
( Pune ) VIP Baner Call Girls ๐ŸŽ—๏ธ 9352988975 Sizzling | Escorts | Girls Are Re...
( Pune ) VIP Baner Call Girls ๐ŸŽ—๏ธ 9352988975 Sizzling | Escorts | Girls Are Re...( Pune ) VIP Baner Call Girls ๐ŸŽ—๏ธ 9352988975 Sizzling | Escorts | Girls Are Re...
( Pune ) VIP Baner Call Girls ๐ŸŽ—๏ธ 9352988975 Sizzling | Escorts | Girls Are Re...
ย 
๐Ÿ’š๐Ÿ˜‹ Salem Escort Service Call Girls, 9352852248 โ‚น5000 To 25K With AC๐Ÿ’š๐Ÿ˜‹
๐Ÿ’š๐Ÿ˜‹ Salem Escort Service Call Girls, 9352852248 โ‚น5000 To 25K With AC๐Ÿ’š๐Ÿ˜‹๐Ÿ’š๐Ÿ˜‹ Salem Escort Service Call Girls, 9352852248 โ‚น5000 To 25K With AC๐Ÿ’š๐Ÿ˜‹
๐Ÿ’š๐Ÿ˜‹ Salem Escort Service Call Girls, 9352852248 โ‚น5000 To 25K With AC๐Ÿ’š๐Ÿ˜‹
ย 
VVIP Pune Call Girls Sinhagad WhatSapp Number 8005736733 With Elite Staff And...
VVIP Pune Call Girls Sinhagad WhatSapp Number 8005736733 With Elite Staff And...VVIP Pune Call Girls Sinhagad WhatSapp Number 8005736733 With Elite Staff And...
VVIP Pune Call Girls Sinhagad WhatSapp Number 8005736733 With Elite Staff And...
ย 
Trump Diapers Over Dems t shirts Sweatshirt
Trump Diapers Over Dems t shirts SweatshirtTrump Diapers Over Dems t shirts Sweatshirt
Trump Diapers Over Dems t shirts Sweatshirt
ย 
Sarola * Female Escorts Service in Pune | 8005736733 Independent Escorts & Da...
Sarola * Female Escorts Service in Pune | 8005736733 Independent Escorts & Da...Sarola * Female Escorts Service in Pune | 8005736733 Independent Escorts & Da...
Sarola * Female Escorts Service in Pune | 8005736733 Independent Escorts & Da...
ย 
๐Ÿ“ฑDehradun Call Girls Service ๐Ÿ“ฑโ˜Ž๏ธ +91'905,3900,678 โ˜Ž๏ธ๐Ÿ“ฑ Call Girls In Dehradun ๐Ÿ“ฑ
๐Ÿ“ฑDehradun Call Girls Service ๐Ÿ“ฑโ˜Ž๏ธ +91'905,3900,678 โ˜Ž๏ธ๐Ÿ“ฑ Call Girls In Dehradun ๐Ÿ“ฑ๐Ÿ“ฑDehradun Call Girls Service ๐Ÿ“ฑโ˜Ž๏ธ +91'905,3900,678 โ˜Ž๏ธ๐Ÿ“ฑ Call Girls In Dehradun ๐Ÿ“ฑ
๐Ÿ“ฑDehradun Call Girls Service ๐Ÿ“ฑโ˜Ž๏ธ +91'905,3900,678 โ˜Ž๏ธ๐Ÿ“ฑ Call Girls In Dehradun ๐Ÿ“ฑ
ย 
20240507 QFM013 Machine Intelligence Reading List April 2024.pdf
20240507 QFM013 Machine Intelligence Reading List April 2024.pdf20240507 QFM013 Machine Intelligence Reading List April 2024.pdf
20240507 QFM013 Machine Intelligence Reading List April 2024.pdf
ย 
Microsoft Azure Arc Customer Deck Microsoft
Microsoft Azure Arc Customer Deck MicrosoftMicrosoft Azure Arc Customer Deck Microsoft
Microsoft Azure Arc Customer Deck Microsoft
ย 
Russian Call Girls Pune (Adult Only) 8005736733 Escort Service 24x7 Cash Pay...
Russian Call Girls Pune (Adult Only) 8005736733 Escort Service 24x7 Cash Pay...Russian Call Girls Pune (Adult Only) 8005736733 Escort Service 24x7 Cash Pay...
Russian Call Girls Pune (Adult Only) 8005736733 Escort Service 24x7 Cash Pay...
ย 
valsad Escorts Service โ˜Ž๏ธ 6378878445 ( Sakshi Sinha ) High Profile Call Girls...
valsad Escorts Service โ˜Ž๏ธ 6378878445 ( Sakshi Sinha ) High Profile Call Girls...valsad Escorts Service โ˜Ž๏ธ 6378878445 ( Sakshi Sinha ) High Profile Call Girls...
valsad Escorts Service โ˜Ž๏ธ 6378878445 ( Sakshi Sinha ) High Profile Call Girls...
ย 
best call girls in Hyderabad Finest Escorts Service ๐Ÿ“ž 9352988975 ๐Ÿ“ž Available ...
best call girls in Hyderabad Finest Escorts Service ๐Ÿ“ž 9352988975 ๐Ÿ“ž Available ...best call girls in Hyderabad Finest Escorts Service ๐Ÿ“ž 9352988975 ๐Ÿ“ž Available ...
best call girls in Hyderabad Finest Escorts Service ๐Ÿ“ž 9352988975 ๐Ÿ“ž Available ...
ย 
"Boost Your Digital Presence: Partner with a Leading SEO Agency"
"Boost Your Digital Presence: Partner with a Leading SEO Agency""Boost Your Digital Presence: Partner with a Leading SEO Agency"
"Boost Your Digital Presence: Partner with a Leading SEO Agency"
ย 
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
ย 
Katraj ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...
Katraj ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...Katraj ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...
Katraj ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...
ย 
Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...
Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...
Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...
ย 

Revisiting the Root

  • 1. | 1 Revisiting the Root David Huberman ICANNโ€™s Office of the CTO
  • 2. | 2 Overview ยค The Root Server System at a Glance ยค Security Threats to the Root Server System ยค Evolution: Possible Steps Forward
  • 3. | 3| 3 The Root Server System at a Glance
  • 4. | 4| 4 1983DNS defined
  • 5. | 5| 5 1984First root server established at University of Southern Californiaโ€™s Information Sciences Institute (USC ISI)
  • 6. | 6 1985Four root servers: two on each U.S. coast
  • 7. | 7 1987Seven root servers: SRI โ€“ ISI โ€“ RPI โ€“ U. of Maryland โ€“ U.S. Air Force โ€“ NASA โ€“ U.S. Army
  • 8. | 8 1991NORDU.NET replaces U.S. Air Force
  • 9. | 9 1993Nine root servers: InterNIC and ISC are added
  • 10. | 10 1995Labels changed to [X].ROOT-SERVERS.NET to allow more root servers in a 512-byte priming response
  • 11. | 11 199713 Root Servers
  • 12. | 12 The Root Server System Today ยค 13 labels: A through M ยค 26 IP addresses (13 IPv4, 13 IPv6) ยค Operated by 12 Root Server Operators ยค Assigned to 900+ instances thanks to โ€œanycastโ€ routing ยค On 1 December 2018 there were 77.7 billion queries received by the root zone servers (*excludes G-root)
  • 13. | 13
  • 14. | 14| 14 Root Server Operators A: Verisign B: USC ISI C: Cogent D: University of Maryland E: NASA - AMES F: ISC G: U.S. DoD H: U.S. Army Research Lab I: Netnod J: Verisign K: RIPE NCC L: ICANN M: WIDE
  • 15. | 15| 15 Root Server Operators A: Verisign B: USC ISI C: Cogent D: University of Maryland E: NASA - AMES F: ISC G: U.S. DoD H: U.S. Army Research Lab I: Netnod J: Verisign K: RIPE NCC L: ICANN M: WIDE
  • 16. | 16| 16 We have had no process to add or replace root server operators since Jon Postel died in 1998
  • 17. | 17 A Path Forward ยค RSSAC Advisory 037: โ€œA Proposed Governance Model for the DNS Root Server Systemโ€
  • 18. | 18 RSSAC 037: A Proposed Governance Model for the DNS Root Server System 1. Secretariat Function (SF) 2. Strategy, Architecture, and Policy Function (SAPF) 3. Designation and Removal Function (DRF) 4. Performance Monitoring and Measurement Function (PMMF) 5. Financial Function (FF)
  • 19. | 19 Designation and Removal Function (DRF) ยค Establishes whenever there is a need for a new Root Server Operator (RSO). ยค Only when there is a need, obtain applications from organizations willing to be designated as RSOs. ยค RSO candidates are evaluated by PMMF. ยค Recommending the designation of an RSO from a pool of candidates based on the evaluations. ยค Handling removal cases where an RSO should no longer operate the root service. ยค Participating in accountability efforts by evaluating existing operators for compliance with policies and metrics. ยค The DRF will use information that the PMMF provides to recommend whether to remove or replace any existing RSOs.
  • 20. | 20 Making RSSAC037 a Reality ยค Needs community approval that the model makes sense ยค Needs an implementation plan. ยค The implementation plans need input and support of key stakeholders (IAB/IETF, ICANN community, RSOs, ...). ยค Realistically looking at 2020 or 2021 before ICANN can execute on RSSAC037.
  • 21. | 21| 21 Security Threats to the Root Server System
  • 22. | 22 DDoS Attacks The root server system is currently vulnerable to a large-scale DDoS from a widely distributed set of sources. State of the Art should allow for larger and more tailored attacks.
  • 23. | 23 IoT: It is Going to Get Worse Billions of devices offering substantial bandwidth. Poor security practices among IoT vendors, service providers, and end users. Challenges to upgrading devices.
  • 24. | 24 Routing Attacks The Internet routing system is currently insecure. BCP38: filtering/cleaning impacts router performance. Nothing special about root server prefixes.
  • 25. | 25 Economic Threats RSOs are unpaid volunteers. Whatโ€™s the ROI? Traditional DDoS Solution is to throw money at the problem.
  • 26. | 26 The rate at which DDoS capacity is increasing is outpacing the ability of RSOs to expand headroom
  • 27. | 27 DNS Software Ecosystem Root servers typically run on commodity (open source) software. Long-term viability and vitality of this software is dependent on community involvement, donations, and feature requests.
  • 28. | 28 Politics DNS root has long been politically charged. Some governments, IGOs, and NGOs see the DNS root as a point of control. Ongoing Internet governance discussions frequently involve questions about โ€œHow do I get a root server?โ€
  • 29. | 29| 29 Evolution: Possible Steps Forward
  • 30. | 30 โ€œMoney can solve this!โ€ Who is paying? For DDoS, an unwinnable race. Mitigating Threats: Money
  • 31. | 31 โ€œProtocols can solve this!โ€ Getting people to turn on DNSSEC is difficult. Getting people to participate in RPKI is even more difficult. Mitigating Threats: Protocols
  • 32. | 32 Mitigating Threats: Bring the Root to your LAN HYPERLOCAL
  • 33. | 33 What is Hyperlocal? RFC 7706bis: Decreasing Access Times to Root Servers by Running One on the Same Server. โ€œSome DNS recursive resolvers have longer-than-desired round-trip times to the closest DNS root server. Some DNS recursive resolver operators want to prevent snooping of requests sent to DNS root servers by third parties. Such resolvers can greatly decrease the round-trip time and prevent observation of requests by running a copy of the full root zone โ€ โ€ฆ on the same server
  • 34. | 34 Hyperlocal Root Service Mirror the root zone into/near local resolver (7706bis). DNSSEC = source of root zone data does not matter. When local resolver has root information, no way for a query for root information to be misrouted. Much harder to snoop on.
  • 35. | 35 Some Challenges Deploying hyperlocal requires some DNS expertise. Whence root data?
  • 37. | 37 ยค Itโ€™s probably time to evolve from 1997. ยค A new governance model for root service. ยค Hyperlocal. ยค DNSSEC and RPKI are really important.
  • 38. | 38 Visit us at icann.org Thank You