- Category: Root Zone
- Topic: SSAC and RSSAC DNS Root Zone Stability Study
- Board meeting date: 3 February 2009
- Resolution number: 2009-02-03-04
- URL for Board minutes/resolution: http://www.icann.org/en/minutes/minutes-03feb09.htm
- Status: Ongoing
Summary
Board requested the SSAC and RSSAC jointly conduct a study analyzing the impact to security and stability within the DNS root server system of the proposed, referenced implementations.
Text
Whereas, over a short period of time, significant changes to root zone operations are anticipated, including the still-recent addition of IPv6 records to the root, and planned implementation of DNSSEC, IDNs, new cc IDNs, and new generic top level domains.
Whereas, the aggregate impact of these anticipated changes should be formally analyzed for impacts on scalability and stability.
It is hereby resolved (2009-02-03-04) the Chairman of ICANN's Board communicate with the Chairpersons of SSAC and RSSAC and ICANN President to request an overall root zone stability study a letter setting out some of the following points that should be addressed:
Various important technology and policy initiatives related to the root zone and root zone operations are now coming to fruition. These include the still-recent addition of IPv6 access to root services, and the planned addition of Internationalized Domain Names at the root level, signing the root zone with DNSSEC technology, new country code IDN top level domains, and new generic top level domains.
ICANN has conducted a number of efforts to understand the potential security and stability impacts of these changes individually. The RSSAC and SSAC jointly issued an analysis of adding IPv6 records to the root in 2007 (see http://www.icann.org/committees/security/sac018.pdf and IANA's report at http://www.iana.org/reports/2008/root-aaaa-announcement.html). The addition of IDNs to the root has been the subject of significant advance planning, and an extended real-world testbed (see for example SSAC's report at http://www.icann.org/committees/security/sac020.pdf, and IANA's report at http://www.iana.org/reports/2007/testetal-report-01aug2007.html). DNSSEC has benefited from extensive root zone test bed experience and been extensively analyzed though not specifically for the root (see for example http://www.net.informatik.tumuenchen. de/~anja/feldmann/papers/dnssec05.pdf, and the RSTEP report on PIR's DNSSEC implementation at http://www.icann.org/registries/rsep/rstepreport- (http://www.icann.org/registries/rsep/rstepreport\-) pir-dnssec-04jun08.pdf.). Finally, an ICANN staff paper on root zone impact of new TLDs was published for public comment in February, 2008 (see http://icann.org/topics/dns-stability-draft-paper-06feb08.pdf ); this document was based in part on conversations with SSAC and RSSAC members, though not adopted/approved by either committee.
Given that these changes – IPv6 records in the root zone, DNSSEC, IDNs, and new TLDs (country code and generic) – have not been analyzed for their combined impact on root zone operations, the ICANN Board requests the SSAC and RSSAC jointly conduct a study analyzing the impact to security and stability within the DNS root server system of these proposed implementations. The analysis should address the implications of initial implementation of these changes occurring during a compressed time period. ICANN must ensure that potential changes in the technical management of the root zone and scope of activity at the TLD level within the DNS will not pose significant risks to the security and stability of the system. The study should address the capacity and scaling of the root server system to address a stressing range of technical challenges and operational demands that might emerge as part of the implementation of proposed changes.
The ICANN Board requests the Committee develop a terms of reference for the Study and appoint a steering committee to guide the effort by 28 February 2009.
The Board further requests the study involve direct participation by senior ICANN technical staff involved with its planned implementations of these activities and to provide necessary support to implement aspects of this study under terms and with ultimate approval of the advisory committees. Additionally, the Board seeks to ensure the process for establishing the study terms, design and implementation will address the technical and operational concerns regarding expanding the DNS root zone that have been expressed on this topic. The Board seeks study findings and recommendations by 15 May 2009.
Implementation Actions
- RSSAC and SSAC develop terms of reference for the Study and appoint a steering committee.
- Responsible entity: RSSAC and SSAC
- Due date: 28 February 2009
- Completion date: TBD
- Senior ICANN technical staff involved and providing support.
- Responsible entity: ICANN Security Staff
- Due date: None specified
- Completion date: TBD
- Process for establishing the study terms, design and implementation addresses the technical and operational concerns regarding expanding the DNS root zone that have been expressed on this topic.
- Responsible entity: RSSAC and SSAC
- Due date: 28 February 2009
- Completion date: TBD
- Study findings and recommendations provided to Board
- Responsible entity: RSSAC and SSAC
- Due date: 15 May 2009
- Completion date: TBD
Other Related Resolutions
- TBD
Additional Information
- No additional funding provided.
Explanatory text does not modify or override Resolutions. See Board Resolutions Page for more information.
