Revision [343]
This is an old revision of DnsSpec made by AvoYager on 2007-07-02 23:28:13.
Status: working draft
The DNS architecture for OpenNIC into 2007 has been pretty sound, with the exception of the "single point of failure" at ns0 due to a policy of all TLDs, both OpenNIC and ICANN, being aggregated into a single distributed root zone on that host alone.
Important and useful elments of this structure are preserved in the following suggestion for change.
- each TLD sponsors one tier1 and one tier2 DNS server
- each TLD's tier1 server is authoritative for their TLD zone
- all tier1 servers provide non-recursive response and zone transfer for all OpenNIC TLDs, and the root, publicly so that new tier2 hosts don't have to be known by the tier1 group.
- DNSSEC required for transfer between tier1 hosts ??
- all tier2 servers provide recursive response to anybody and everybody so that the public can use them for all internet access.
In this scenario, each TLD's representative tier1 server would be solely responsible for maintaining and distributing the zone file for its TLD.
A single ns0 (tier0) host could aggregate all the ICANN, and other, root zones for integration into the tier1 distribution. Each tier1 host should have the ability to become tier0/ns0 in the event ns0 goes out of service.
The tricky part about a distributed root is that the root zone, which is authoritative for '.' , must contain ALL served TLDs.
But does it have to be in a single file with Bind9?
Maybe not, with the $INCLUDE Directive
CategoryArchitecture
CategoryHostmastering
