Revision history for DnsSpec
Additions:
~~- Policy for xfer to others than tier1 ?? ref. Xfer Deliberation
Deletions:
Additions:
~~- DNSSEC required for transfer between tier1 hosts ?? ref. DNSSEC deliberation
Deletions:
Additions:
~- Zone file SOA serials shall be in the form of yyyymmddnn where yyyy=year, mm=month(numeric), dd=date, n is in the range 0..9
Revision [1197]
Edited on 2008-02-20 07:42:03 by BrianKoontz [alternative link created...compare the two]Additions:
~~- DNSSEC required for transfer between tier1 hosts ?? ref. [[DnsSecDeliberation DNSSEC deliberation]]
Deletions:
Additions:
~~- DNSSEC required for transfer between tier1 hosts ?? ref. DnsSecDeliberation
~~- Policy for xfer to others than tier1 ?? ref. XferDeliberation
~~~- Can/Should we provide/support a "hint" zone file ?? ref. HintDeliberation
~~- Policy for xfer to others than tier1 ?? ref. XferDeliberation
~~~- Can/Should we provide/support a "hint" zone file ?? ref. HintDeliberation
Deletions:
~~- Policy for xfer to others than tier1 ?? ref. [[XFER_Deliberation]]
~~~- Can/Should we provide/support a "hint" zone file ?? ref. [[Hint_Deliberation]]
Additions:
~~~- Can/Should we provide/support a "hint" zone file ?? ref. [[Hint_Deliberation]]
Deletions:
Revision [1193]
Edited on 2008-02-20 00:11:21 by AvoYager [remove deliberations from spec to own pages]Additions:
@@=====""OpenNIC"" DNS Specification=====@@
The DNS architecture for ""OpenNIC"" into 2007 has been pretty sound, with the exception of the "single point of failure" at ns0 due to a policy of all TLDs, both ""OpenNIC"" and ICANN, being aggregated into a single distributed root zone on that host alone.
~- all tier1 servers must provide public authoritative response for all ""OpenNIC"" TLDs and the root
~~- for Bind configurations, tier1 hosts will have 'zone' declarations for each ""OpenNIC"" TLD and the root
~~- DNSSEC required for transfer between tier1 hosts ?? ref. [[DNSSEC_Deliberation]]
~~- Policy for xfer to others than tier1 ?? ref. [[XFER_Deliberation]]
~~~- Can/Should we provide/support a "hint" zone file ?? see [[Hint_Deliberation]]
~~- Ideally user ISPs would provide this service, but somebody has to, and more is better.
The tricky part about a distributed root is that the root zone which is authoritative for '.' must contain ALL served TLDs, aggregating ""OpenNIC""'s zones with ICANN's and others; and discovery of which TLDs are being used/served.
The DNS architecture for ""OpenNIC"" into 2007 has been pretty sound, with the exception of the "single point of failure" at ns0 due to a policy of all TLDs, both ""OpenNIC"" and ICANN, being aggregated into a single distributed root zone on that host alone.
~- all tier1 servers must provide public authoritative response for all ""OpenNIC"" TLDs and the root
~~- for Bind configurations, tier1 hosts will have 'zone' declarations for each ""OpenNIC"" TLD and the root
~~- DNSSEC required for transfer between tier1 hosts ?? ref. [[DNSSEC_Deliberation]]
~~- Policy for xfer to others than tier1 ?? ref. [[XFER_Deliberation]]
~~~- Can/Should we provide/support a "hint" zone file ?? see [[Hint_Deliberation]]
~~- Ideally user ISPs would provide this service, but somebody has to, and more is better.
The tricky part about a distributed root is that the root zone which is authoritative for '.' must contain ALL served TLDs, aggregating ""OpenNIC""'s zones with ICANN's and others; and discovery of which TLDs are being used/served.
Deletions:
The DNS architecture for OpenNIC into 2007 has been pretty sound, with the exception of the "single point of failure" at ns0 due to a policy of all TLDs, both OpenNIC and ICANN, being aggregated into a single distributed root zone on that host alone.
~- all tier1 servers must provide public authoritative response for all OpenNIC TLDs and the root
~~- for Bind configurations, tier1 hosts will have 'zone' declarations for each OpenNIC TLD and the root
~~- DNSSEC required for transfer between tier1 hosts ??
~& Already proved to work.
~~- Policy for xfer to others than tier1 ?? When we grow so will this idea.
~~~- Can we provide a "hint" zonefile ??
~~~~- Suggested [[HintFile Hint File]] - Debatable subject.
~~- Ideally user ISPs would do this, but somebody has to, and more is better.
The tricky part about a distributed root is that the root zone which is authoritative for '.' must contain ALL served TLDs, aggregating OpenNIC's zones with ICANN's and others; and discovery of which TLDs are being used/served.
Revision [1192]
Edited on 2008-02-19 21:34:58 by JulianDemarchi [remove deliberations from spec to own pages]Additions:
~~- Policy for xfer to others than tier1 ?? When we grow so will this idea.
Deletions:
Revision [1191]
Edited on 2008-02-19 21:33:58 by JulianDemarchi [remove deliberations from spec to own pages]Additions:
~~~~- Suggested [[HintFile Hint File]] - Debatable subject.
Deletions:
Revision [1144]
Edited on 2008-02-16 02:23:02 by AvoYager [remove deliberations from spec to own pages]Additions:
~- ns0 should not be an authoritative host for anything other than root, but may serve as tier1
Deletions:
PROPOSAL: add to opennic.glue:
~an NS record for tier1.opennic.glue.
~~and for tier1.opennic.glue, individual A records for each tier1 host
~~as a convenient alias for all opennic tier1 servers
~some means to extract a list of TLDs served
~~ ?? maybe cnames for ${tld}.zones.opennic.glue -> $tld. ??
Revision [1138]
Edited on 2008-02-15 19:28:35 by JulianDemarchi [remove deliberations from spec to own pages]Additions:
~~~~- Suggested [[HintFile Hint File]]
Deletions:
Additions:
~& I propose having two ns0 (tier0) hosts. Using DNS round robin. This will provide greater redundancy. The second ns0 should also run the root generation script nightly.
Deletions:
Additions:
~& I propose having two ns0 (tier0) hosts. Using DNS round robin.
Additions:
~& Already proved to work.
Deletions:
Additions:
@~ Already proved to work.
Additions:
~- tier1 servers should provide appropriate responses to querys from recursing (tier2) nameservers
~~- i.e. they do not need to provide recursive answers to the general public.
~~- i.e. they do not need to provide recursive answers to the general public.
Revision [404]
Edited on 2007-07-09 12:29:05 by AvoYager [significant revision to "release candidate"]Additions:
===Status: second working draft===
~- each TLD must sponsor one tier1 and preferably one tier2 DNS server
~- all tier1 servers must provide public authoritative response for all OpenNIC TLDs and the root
~- all tier1 servers must provide bi-directional zone transfer with all other tier1 servers
~~- Policy for xfer to others than tier1 ??
~~- for Bind configurations, tier2 hosts need only one 'zone' declaration as slave for the root zone '.' , with tier1 masters.
~~~- Can we provide a "hint" zonefile ??
~~- Ideally user ISPs would do this, but somebody has to, and more is better.
~- Zone files must specify the authoritative master in the SOA record, and should provide NS records for all tier1 hosts
~- ns0 should not be an authoritative host for anything other than root
~~and for tier1.opennic.glue, individual A records for each tier1 host
~~as a convenient alias for all opennic tier1 servers
~some means to extract a list of TLDs served
~~ ?? maybe cnames for ${tld}.zones.opennic.glue -> $tld. ??
A single ns0 (tier0) host could continue to aggregate all the ICANN and other zones for integration into the tier1 distribution; however, several tier1 hosts should have the ability to become tier0/ns0 in the event ns0 goes out of service, thereby removing the historic single point of failure.
The tricky part about a distributed root is that the root zone which is authoritative for '.' must contain ALL served TLDs, aggregating OpenNIC's zones with ICANN's and others; and discovery of which TLDs are being used/served.
~- each TLD must sponsor one tier1 and preferably one tier2 DNS server
~- all tier1 servers must provide public authoritative response for all OpenNIC TLDs and the root
~- all tier1 servers must provide bi-directional zone transfer with all other tier1 servers
~~- Policy for xfer to others than tier1 ??
~~- for Bind configurations, tier2 hosts need only one 'zone' declaration as slave for the root zone '.' , with tier1 masters.
~~~- Can we provide a "hint" zonefile ??
~~- Ideally user ISPs would do this, but somebody has to, and more is better.
~- Zone files must specify the authoritative master in the SOA record, and should provide NS records for all tier1 hosts
~- ns0 should not be an authoritative host for anything other than root
~~and for tier1.opennic.glue, individual A records for each tier1 host
~~as a convenient alias for all opennic tier1 servers
~some means to extract a list of TLDs served
~~ ?? maybe cnames for ${tld}.zones.opennic.glue -> $tld. ??
A single ns0 (tier0) host could continue to aggregate all the ICANN and other zones for integration into the tier1 distribution; however, several tier1 hosts should have the ability to become tier0/ns0 in the event ns0 goes out of service, thereby removing the historic single point of failure.
The tricky part about a distributed root is that the root zone which is authoritative for '.' must contain ALL served TLDs, aggregating OpenNIC's zones with ICANN's and others; and discovery of which TLDs are being used/served.
Deletions:
~- each TLD sponsors one tier1 and one tier2 DNS server
~~- each TLD's tier2 server provides for resolving the zone, all zones, to the public. Ideally user ISPs would do this, but somebody has to, and more is better.
~- all tier1 servers must provide non-recursive response for all OpenNIC TLDs, and the root, publicly so that new tier2 hosts don't have to be known by the tier1 group.
~- all tier1 servers must provide bi-directional zone transfer with other tier1 servers, as slave zones
~~- for Bind configurations, tier2 hosts need only one 'zone' declaration for the root zone '.'
~- Zone files must specify the authoritative master in the SOA record, and should provide NS records for tier1 hosts
~and for tier1.opennic.glue, individual A records for each tier1 host
as a convenient alias for all opennic tier1 servers
A single ns0 (tier0) host could continue to aggregate all the ICANN, and other, root zones for integration into the tier1 distribution; however, each tier1 host should have the ability to become tier0/ns0 in the event ns0 goes out of service, thereby removing the historic single point of failure.
The tricky part about a distributed root is that the root zone which is authoritative for '.' must contain ALL served TLDs, aggregating OpenNIC's zones with ICANN's and others.
Revision [348]
Edited on 2007-07-03 00:40:12 by AvoYager [significant revision to "release candidate"]Additions:
A single ns0 (tier0) host could continue to aggregate all the ICANN, and other, root zones for integration into the tier1 distribution; however, each tier1 host should have the ability to become tier0/ns0 in the event ns0 goes out of service, thereby removing the historic single point of failure.
The tricky part about a distributed root is that the root zone which is authoritative for '.' must contain ALL served TLDs, aggregating OpenNIC's zones with ICANN's and others.
The tricky part about a distributed root is that the root zone which is authoritative for '.' must contain ALL served TLDs, aggregating OpenNIC's zones with ICANN's and others.
Deletions:
The tricky part about a distributed root is that the root zone which is authoritative for '.' must contain ALL served TLDs, merging OpenNIC's zones with ICANN's and others.
Revision [347]
Edited on 2007-07-03 00:31:43 by AvoYager [significant revision to "release candidate"]Additions:
PROPOSAL: add to opennic.glue:
~an NS record for tier1.opennic.glue.
~and for tier1.opennic.glue, individual A records for each tier1 host
as a convenient alias for all opennic tier1 servers
~an NS record for tier1.opennic.glue.
~and for tier1.opennic.glue, individual A records for each tier1 host
as a convenient alias for all opennic tier1 servers
Revision [346]
Edited on 2007-07-03 00:21:47 by AvoYager [significant revision to "release candidate"]Additions:
~- all tier1 servers must provide non-recursive response for all OpenNIC TLDs, and the root, publicly so that new tier2 hosts don't have to be known by the tier1 group.
~- all tier1 servers must provide bi-directional zone transfer with other tier1 servers, as slave zones
~- all tier1 servers must provide bi-directional zone transfer with other tier1 servers, as slave zones
Deletions:
Revision [345]
Edited on 2007-07-03 00:05:28 by AvoYager [significant revision to "release candidate"]Additions:
Important and useful elments of this structure are preserved in the following suggestion for moving forward..
~~- each TLD's tier1 server is authoritative master for their TLD zone, and slave for the other TLDs and root.
~~- each TLD's tier2 server provides for resolving the zone, all zones, to the public. Ideally user ISPs would do this, but somebody has to, and more is better.
~~- for Bind configurations, tier2 hosts need only one 'zone' declaration for the root zone '.'
~- Zone files must specify the authoritative master in the SOA record, and should provide NS records for tier1 hosts
The tricky part about a distributed root is that the root zone which is authoritative for '.' must contain ALL served TLDs, merging OpenNIC's zones with ICANN's and others.
~~- each TLD's tier1 server is authoritative master for their TLD zone, and slave for the other TLDs and root.
~~- each TLD's tier2 server provides for resolving the zone, all zones, to the public. Ideally user ISPs would do this, but somebody has to, and more is better.
~~- for Bind configurations, tier2 hosts need only one 'zone' declaration for the root zone '.'
~- Zone files must specify the authoritative master in the SOA record, and should provide NS records for tier1 hosts
The tricky part about a distributed root is that the root zone which is authoritative for '.' must contain ALL served TLDs, merging OpenNIC's zones with ICANN's and others.
Deletions:
~~- each TLD's tier1 server is authoritative for their TLD zone
~~- for Bind configurations, tier2 hosts need only one 'zone' declaration for the root zone '.'
In this scenario, each TLD's representative tier1 server would be solely responsible for maintaining and distributing the zone file for its TLD.
The tricky part about a distributed root is that the root zone, which is authoritative for '.' , must contain ALL served TLDs.
But does it have to be in a single file with Bind9?
Maybe not, with the $INCLUDE Directive
Revision [344]
Edited on 2007-07-02 23:34:43 by AvoYager [significant revision to "release candidate"]Additions:
~~- for Bind configurations, tier1 hosts will have 'zone' declarations for each OpenNIC TLD and the root
~~- for Bind configurations, tier2 hosts need only one 'zone' declaration for the root zone '.'
~~- for Bind configurations, tier2 hosts need only one 'zone' declaration for the root zone '.'
Revision [343]
Edited on 2007-07-02 23:28:13 by AvoYager [significant revision to "release candidate"]Additions:
~~- each TLD's tier1 server is authoritative for their TLD zone
~- all tier1 servers provide non-recursive response and zone transfer for all OpenNIC TLDs, and the root, publicly so that new tier2 hosts don't have to be known by the tier1 group.
~~- DNSSEC required for transfer between tier1 hosts ??
~- all tier2 servers provide recursive response to anybody and everybody so that the public can use them for all internet access.
~- all tier1 servers provide non-recursive response and zone transfer for all OpenNIC TLDs, and the root, publicly so that new tier2 hosts don't have to be known by the tier1 group.
~~- DNSSEC required for transfer between tier1 hosts ??
~- all tier2 servers provide recursive response to anybody and everybody so that the public can use them for all internet access.
Deletions:
~- all tier1 servers provide non-recursive response to tier2 servers for all TLDs
~~- DNSSEC required?
~~- permissible to respond to non-tier2 servers?
~- all tier2 servers provide recursive response to anybody and everybody
Revision [327]
Edited on 2007-07-01 23:34:52 by AvoYager [significant revision to "release candidate"]Additions:
CategoryHostmastering
Revision [201]
Edited on 2007-06-27 20:47:57 by AvoYager [significant revision to "release candidate"]Additions:
Maybe not, with the $INCLUDE Directive
Revision [200]
Edited on 2007-06-27 20:44:09 by AvoYager [significant revision to "release candidate"]Additions:
The DNS architecture for OpenNIC into 2007 has been pretty sound, with the exception of the "single point of failure" at ns0 due to a policy of all TLDs, both OpenNIC and ICANN, being aggregated into a single distributed root zone on that host alone.
Important and useful elments of this structure are preserved in the following suggestion for change.
In this scenario, each TLD's representative tier1 server would be solely responsible for maintaining and distributing the zone file for its TLD.
A single ns0 (tier0) host could aggregate all the ICANN, and other, root zones for integration into the tier1 distribution. Each tier1 host should have the ability to become tier0/ns0 in the event ns0 goes out of service.
The tricky part about a distributed root is that the root zone, which is authoritative for '.' , must contain ALL served TLDs.
But does it have to be in a single file with Bind9?
Important and useful elments of this structure are preserved in the following suggestion for change.
In this scenario, each TLD's representative tier1 server would be solely responsible for maintaining and distributing the zone file for its TLD.
A single ns0 (tier0) host could aggregate all the ICANN, and other, root zones for integration into the tier1 distribution. Each tier1 host should have the ability to become tier0/ns0 in the event ns0 goes out of service.
The tricky part about a distributed root is that the root zone, which is authoritative for '.' , must contain ALL served TLDs.
But does it have to be in a single file with Bind9?
