DNS ROOT understanding
Jim Reid
jim at rfc1035.com
Thu Nov 18 20:00:51 UTC 2004
>>>>> "Jonathan" == Jonathan de Boyne Pollard <J.deBoynePollard at Tesco.NET> writes:
Jonathan> Anyone who is concerned enough about "." content DNS
Jonathan> service that they consider the step of regularly
Jonathan> checking that it is there, should really be instead
Jonathan> considering running *their own* (private) "." content
Jonathan> DNS server, whose connectivity and fault tolerance they
Jonathan> can manage themselves, replicating the DNS database of
Jonathan> the "." organisation of their choice.
This is perhaps the most foolish piece of advice I've ever seen posted
here.
First of all it verges on the impossible that anybody -- and I mean
anybody -- could possibly run an instance of the root zone that
provides better connectivity and fault tolerance than the existing
internet root servers. There are now root servers in over 80 locations
around the world. [See http://www.root-servers.org.] Most of those
servers are in secure co-lo facilities and internet exchanges that
have lots of connectivity: bandwidth, peering, carriers, etc. They use
different hardware platforms, operating systems and DNS software. They
are operated and funded by diverse organisations, so that's not a
single point of failure either.
Secondly, the concept of an alternate root is an oxymoron.
More information about the bind-users
mailing list