Revision [720]
This is an old revision of DnsSpec made by JulianDemarchi on 2007-08-01 21:53:14.
Status: second working draft
The DNS architecture for OpenNIC into 2007 has been pretty sound, with the exception of the "single point of failure" at ns0 due to a policy of all TLDs, both OpenNIC and ICANN, being aggregated into a single distributed root zone on that host alone.
Important and useful elments of this structure are preserved in the following suggestion for moving forward..
- each TLD must sponsor one tier1 and preferably one tier2 DNS server
- each TLD's tier1 server is authoritative master for their TLD zone, and slave for the other TLDs and root.
- tier1 servers should provide appropriate responses to querys from recursing (tier2) nameservers
- i.e. they do not need to provide recursive answers to the general public.
- all tier1 servers must provide public authoritative response for all OpenNIC TLDs and the root
- for Bind configurations, tier1 hosts will have 'zone' declarations for each OpenNIC TLD and the root
- all tier1 servers must provide bi-directional zone transfer with all other tier1 servers
- DNSSEC required for transfer between tier1 hosts ??
- Already proved to work.
- Policy for xfer to others than tier1 ??
- all tier2 servers provide recursive response to anybody and everybody so that the public can use them for all internet access.
- for Bind configurations, tier2 hosts need only one 'zone' declaration as slave for the root zone '.' , with tier1 masters.
- Can we provide a "hint" zonefile ??
- Ideally user ISPs would do this, but somebody has to, and more is better.
- Zone files must specify the authoritative master in the SOA record, and should provide NS records for all tier1 hosts
- ns0 should not be an authoritative host for anything other than root
PROPOSAL: add to opennic.glue:
an NS record for tier1.opennic.glue.
and for tier1.opennic.glue, individual A records for each tier1 host
as a convenient alias for all opennic tier1 servers
some means to extract a list of TLDs servedas a convenient alias for all opennic tier1 servers
?? maybe cnames for ${tld}.zones.opennic.glue -> $tld. ??
A single ns0 (tier0) host could continue to aggregate all the ICANN and other zones for integration into the tier1 distribution; however, several tier1 hosts should have the ability to become tier0/ns0 in the event ns0 goes out of service, thereby removing the historic single point of failure.
- I propose having two ns0 (tier0) hosts. Using DNS round robin.
The tricky part about a distributed root is that the root zone which is authoritative for '.' must contain ALL served TLDs, aggregating OpenNIC's zones with ICANN's and others; and discovery of which TLDs are being used/served.
CategoryArchitecture
CategoryHostmastering
