how many roots must DNS have before it's considered broken (Re: ISP network design of non-authoritative caches)

Steve Gibbard scg at
Thu Nov 22 05:23:19 UTC 2001

24 seems way too young to be an old timer, but I keep reading these DNS
arguments and wondering if everybody else has forgotten that we've already
seen something very similar to multiple roots, and that the market has
already taken care of it.  While I could possibly be proven wrong if
Microsoft were to get involved, it seems very unlikely that the alternate
roots will ever be an issue worth worrying about.  This isn't because
their catching on wouldn't be a mess, but because they don't have a chance
of catching on.

Several years ago there were lots of "on-line services" with widely used
e-mail systems that didn't talk to eachother.  It was not uncommon for
people to list several different e-mail addresses for themselves, from
Prodigy, Genie, AOL, MCIMail, Compuserve, Internet, Bitnet, and so forth,
on the assumption that many of their correspondants could only send mail
to one of those.  Those with accounts on only one such system could only
talk to other people using the same service.  This was horribly
inconvenient, and as the Internet became more popular the other services
either assimilated or died.  Once everybody else was using the Internet,
there was no reason to do e-mail on a system that wouldn't talk to it.

I expect the alternate roots to go the same way.  Right now we have the
Internet with a DNS namespace that, whether it's well liked or not, works
for everybody.  For somebody setting up a service they want other people
to access it makes sense to put that service in the usual DNS namespace
that works for everybody, rather than in some alternate namespace that
only works for some people.  In the absense of useful services in the
alternate namespace, there's no reason for the end users to care whether
they can get to the alternate name space or not, meaning they won't do any
work to make it reachable.  If you expect people to switch from something
that works reliably to something that works sometimes, you have to give
them a good reason.

This is not to say that ICANN is good, evil, or anywhere inbetween.  It's
not to say that we have to blindly follow standards documents, whatever
the consequences.  However, the root servers are both the
official and de facto standard root servers for the Internet, and those
who want a standard namespace in which things just work are unlikely to
walk away from them.

This is also not to say that there isn't a place for alternate roots.  If
you want to set up your own private network, running it over the Internet
and following Internet protocol standards but running your own namespace
will likely be easier than building your network from scratch.  If you
want to do this without giving up your real Internet connectivity, you
might even run your own namespace alongside the usual namespace, as some
of the alternate root networks are doing.  However, using an alternate
root for a small group of people is far more likely to work than expecting
an alternate root to find universal acceptance all over the world.


On Mon, 19 Nov 2001, Simon Higgs wrote:

> At 05:21 AM 11/19/01 +0000, you wrote:
> >Once we start down the slippery slope of "I'm a root too", how
> >many different ad hoc DNS "universes" (for lack of better
> >term) must we have before we decide that things are "broken"?
> Two. That happened back in 1996 when the IANA TLD applicants began getting 
> their glue added to AlterNIC. Today lack of entry in the root has created a 
> dozen or so more alt.roots. Now people are beginning to notice the 
> consequences (i.e. the .US zone is now causing cache pollution outside the 
> legacy root since it's using the ICANN .BIZ name servers - and that .BIZ 
> isn't recognized by all the alt.roots).
> But it's OK. Really. There's only one root. Honest. Except for this one, 
> which is being run with all the usual I* blessings:
> >Maintaining a single, authoritative root seems, IMHO, to be a
> >Good Thing.  Given multiple registries, namespace collisions
> >would get ugly -- and, even in the absence of collisions, let us
> >consider "reachability" issues.
> That's the point. Getting the alt.root "universes" to cooperate is an 
> exercise similar to "cat herding", but it has to start somewhere.
> Best Regards,
> Simon
> --
> DNS is not a sacred cow that cannot be replaced by something better.

Steve Gibbard				scg at	

More information about the NANOG mailing list