Revision [345]
This is an old revision of DnsSpec made by AvoYager on 2007-07-03 00:05:28.
Status: working draft
The DNS architecture for OpenNIC into 2007 has been pretty sound, with the exception of the "single point of failure" at ns0 due to a policy of all TLDs, both OpenNIC and ICANN, being aggregated into a single distributed root zone on that host alone.
Important and useful elments of this structure are preserved in the following suggestion for moving forward..
- each TLD sponsors one tier1 and one tier2 DNS server
- each TLD's tier1 server is authoritative master for their TLD zone, and slave for the other TLDs and root.
- each TLD's tier2 server provides for resolving the zone, all zones, to the public. Ideally user ISPs would do this, but somebody has to, and more is better.
- all tier1 servers provide non-recursive response and zone transfer for all OpenNIC TLDs, and the root, publicly so that new tier2 hosts don't have to be known by the tier1 group.
- for Bind configurations, tier1 hosts will have 'zone' declarations for each OpenNIC TLD and the root
- DNSSEC required for transfer between tier1 hosts ??
- all tier2 servers provide recursive response to anybody and everybody so that the public can use them for all internet access.
- for Bind configurations, tier2 hosts need only one 'zone' declaration for the root zone '.'
- Zone files must specify the authoritative master in the SOA record, and should provide NS records for tier1 hosts
A single ns0 (tier0) host could aggregate all the ICANN, and other, root zones for integration into the tier1 distribution. Each tier1 host should have the ability to become tier0/ns0 in the event ns0 goes out of service.
The tricky part about a distributed root is that the root zone which is authoritative for '.' must contain ALL served TLDs, merging OpenNIC's zones with ICANN's and others.
CategoryArchitecture
CategoryHostmastering