Technical Analysis of the Naming Scheme Used For Individual Root Servers (R4)

Date IssuedDocumentReference IDCurrent Phase

Technical Analysis of the Naming Scheme Used For Individual Root Servers (R4)RSSAC028

CLOSED



  1. Phase 1 Receive
  2. Phase 2 Understand
  3. Phase 3 Evaluate
  4. Phase 4 Implement
  5. Phase 5 Close
  6. Closed


Description:

Study reducing the priming response size.

When considering the priming response under DNSSEC, the scheme explained in Section 5.6 generated the smallest possible size, as expected. However, some implementations would become brittle if this naming scheme was adopted. Future work in this area could include modeling and proposing protocol changes to support this configuration, noting that the total cost shown by such a model might exceed the accompanying total benefit. RSSAC should study having a specific upper limit on the size of priming responses where the query has DO=1. Research to reduce the response size might consider:

  • Choosing a naming scheme with a single root server name
  • Testing the consequences of all large responses having the TC bit set
  • Backward-compatible protocol enhancements using EDNS0 to support a priming specific single signature over the entire priming set (NS, A, AAAA, DNSKEYs). Further, more speculative studies about how to reduce the response size might include:
    • Using different cryptographic algorithms
    • Advertising what is expected in the Additional section (this would require modifying the DNS protocol)
    • Having a single key for the root zone instead of the current KSK + ZSK scheme
    • Effects of leaving the Additional section in priming responses empty


STATUS UPDATES

DatePhaseTypeStatus Updates

 

ClosedPhase ChangeThis Advice Item is now Closed

 

Phase 2Phase UpdateICANN received confirmation of Understanding from the RSSAC.

 

Phase 2Phase UpdateUnderstanding sent to RSSAC for review.

 

Phase 2Board UnderstandingThe ICANN organization understands that RSSAC028 Recommendation 4 to mean that the RSSAC should conduct a study regarding the priming response size with a goal of reducing the priming response. This would include modeling different scenarios and options, and providing an analysis of the cost-benefit-ratio of different models against the current priming response size scenario, and against each other. If the study determines that the cost-benefit-ratio yields a positive benefit, then proposed protocol changes to support the new scenarios should be developed. The ICANN organization understands there is no action for the ICANN Board.

 

Phase 2Phase ChangeNow in Phase 2: Understand

 

Phase 1Phase UpdateICANN acknowledged receipt of Advice.

 

Phase 1Phase UpdateRSSAC published RSSAC028: Technical Analysis of the Naming Scheme Used For Individual Root Servers Link: https://www.icann.org/en/system/files/files/rssac-028-03aug17-en.pdf.