[Yeti DNS Discuss] 转发: [dns-operations] Domain Name System without Root Servers

Davey Song(宋林健) ljsong at biigroup.cn
Wed Oct 11 10:37:59 UTC 2017

Hi Stephane,

It is interesting to see this paper on "Rootless DNS". Thanks for your
introduction. I found it is relevant for this mailing list so I forward it
here. But I have some questions on how it works and how much it reuse the
existing DNS protocol and implementation.

As much as I understand: 

1) The resolver can work with at least two trust anchors, right? One TLD's
KSK and IANA's KSK. If yes, it needs to change heavily the DNS specification
on resolver and the implementation. 

2) Or the resolver actually run multiple processes or threads, one for
normal TLD query , (more than) one for opt-in TLD query ? So that each
thread have compliance to only-one trust anchor.

3) Is it necessary for TLD server to host root zone? If there is no root
zone hosted by TLD serve, how .com TLD server resolve the request for .cn


发件人: dns-operations [mailto:dns-operations-bounces at dns-oarc.net] 代表
Stephane Bortzmeyer
发送时间: 2017年10月3日 3:24
收件人: dns-operations at dns-oarc.net
主题: [dns-operations] Domain Name System without Root Servers

Nice paper, for resolver managers and TLD managers: how to get rid of the
root for some TLDs (the system would be opt-in):


The idea is to reuse priming (RFC 8109). The resolvers would know the NS and
DS resource record sets of TLDs, and use priming to refresh their knowledge.
It works as long as a TLD does not change everything at once.

The most interesting part of the paper is a survey of the TLD changes in the
last four years: most TLD kept at least one IP address of the original set
during these four years. So, the idea could work.
dns-operations mailing list
dns-operations at lists.dns-oarc.net
dns-operations mailing list

More information about the discuss mailing list