root-servers.net replaced?

Mon Apr 1 09:42:23 UTC 2002

>>>>> "CJ" == CJ  <cozzmo1 at hotmail.com> writes:

    >> Verisign has nothing to do with root-servers.

    CJ> Not true.

    CJ> Verisign (Previously Network solutions) houses the "A Root"
    CJ> server at their Herndon VA location.  They also maintain
    CJ> multiple Root servers in the area.  

This must presumably come as a surprise to the root server operators
in the Washington DC area at the University of Maryland, PSInet, the
Department of Defense and the US Army. NSI/Verisign operate two of the
thirteen root servers.

    CJ> With the advent of and ICANN ruling and the Central Registry
    CJ> they can no longer deny other registrars equal access to these
    CJ> servers. 

Eh? Registry operations and policy have no bearing whatsoever on the
operation of any name server. Access to the root servers has always
been the same for everyone. Anybody can query any of them. That's what
they are there for after all. Physical access the root servers is not
universal for obvious reasons. Registrars do not have the ability to
change the contents of the root zone, just like almost everybody else
on the planet.

    CJ> The ultimate hack would have been (Still might be) to get NSI
    CJ> to delete the domain name ROOT-SERVERS.NET.  This would have
    CJ> taken down the root servers and every top level domain for
    CJ> every country and .com .net .* (Yes country top levels also
    CJ> depended on the 13 servers and are at the mercy of NSI as the
    CJ> registrar for their top level).

Deletion of the root-servers.net zone would have no real impact on the
running of the DNS, assuming that nobody ever checked before the zone
got deleted. Which is somewhat unlikely. The IP addresses for
[a-m].root-servers.net live in the root zone as glue: they have to. So
they'll always be included in answers from the root servers even if
root-servers.net zone didn't exist or if those servers didn't serve
root-servers.net, which they do of course. And even then, the names
and addresses of the root servers are in the root hints file that
almost every name server has.

Your comments about being "at the mercy of NSI" are over the top. Yes,
NSI/Verisign operate the registry for the root zone. However there are
contracts in place governing that. In essence this means NSI only make
changes to the root zone whenever ICANN/IANA tell them to make a
change and that change is approved by the US Department of Commerce.
ICANN/IANA make those requests whenever a TLD gets added or removed or
has its NS and glue records changed. And there's a process that TLDs
have to go through to submit those change requests to ICANN/IANA.