Concern about gTLD servers in India

Robert E. Seastrom rs at seastrom.com
Sat Mar 10 06:02:42 CST 2012


Anurag Bhatia <me at anuragbhatia.com> writes:

> Can someone share if there's huge difference in . root servers Vs gTLD
> servers? I understand that root only hold all TLD's  - cc and gTLD
> delegation that would be few hundred TLDs delegation while gTLDs hold lot
> of domain names but if one country has root, what prevents having gTLD
> also? Certainly bit more hardware, storage and processing power but such
> facilities are available mostly say in India & South Africa which have
> significant number of big telcos.

There's a huge difference in operational complexity (and capex)
between running root nameservers and gtld nameservers (to further
confuse things, there are four gtlds, only two of which are run
gtld-servers.net infrastructure, which means that Verisign is the
operator).

Root zone = a few thousand records with changes gated by people with a
high degree of DNS clue, that come at a slow pace (once or twice a day
typically).  The roots eat a fair amount of bogus traffic (mitigated
somewhat by things like the as112 project) due to poorly configured
libraries and people's mistyping.

It is trivial to run a shadow root locally by just secondarying "." on
your cacheing nameservers.  In fact, recent versions of FreeBSD have
had a config like this to replace the named.root hints file - you just
have to comment out the hints section and uncomment the secondary
section in /etc/namedb/named.conf.  You can do this on something as
small as a wall-wart firewall device assuming it's running something
like BIND.  Obviously something that is exposed to the Internet as an
anycast node will be built on much more capable hardware.

A typical gtld zone will have anywhere from a few million to high tens
of millions of records in it.  Everyone and his brother has a vanity
domain and together the update load and expectations of the customers
are that changes will be committed instantaneously and visible across
all nameservers for the gTLD within a few minutes at the outside.
This update rate is a huge pain in operational practice and the sheer
number of records eats a pretty decent sized memory footprint too.

To answer your question, to get TLD anycast stacks in any given
location, there will need to be a discussion with the TLD operator; in
the case of the GTLDs that would be Verisign (.com and .net) and
Afilias (.org and .info).  In the case of sTLDs, GeoTLDs, and CCTLDs,
the cast of actors expands considerably.  No such thing a a one-stop
shop.  There is also an issue of cost/benefit.  In the current
economic climate assuming that organizations have unlimited resources
to commit to the public good (regardles of how noble their intentions
might be) is probably unwise.

Does this help?

-r (no longer an employee of a TLD op)




More information about the NANOG mailing list