Technical Analysis of the Naming Scheme Used For Individual Root Servers (R5)
| Date Issued | Document | Reference ID | Current Phase |
|---|---|---|---|
| Technical Analysis of the Naming Scheme Used For Individual Root Servers (R5) | RSSAC028 | CLOSED |
Description:
The fundamental recommendation of the RSSAC is to not change the current root server system naming scheme until the studies listed in section 7.2 can be completed. However, during the preparation of this document, the RSSAC Caucus Root Server Naming Work Party also made some observations that could be considered as recommendations based on particular outcomes in the further studies, and based on the risk analysis in Section 6.
If node re-delegation attacks pose a serious risk that needs to be mitigated, the following seem reasonable to consider:
- The root server addresses should be signed with DNSSEC to enable a resolver to authenticate resource records within the priming response. The root server addresses should be signed in a way that reduces the potential for operational breakage.
- Because the root server IP address information and the root zone are closely correlated, both sets of information should continue to be hosted on the same servers. This can be done using delegation or including the root server names in the root zone. All information necessary to validate the root-servers’ A/AAAA RRsets and the root zone should be hosted on the root servers.
- Among the various options considered in this document, moving the root server names to the root zone (5.3), or adding a new TLD under the root zone (5.4) are both viable options that would result in signing the root server addresses. Additional studies are needed to determine which of these options, if any, would be more favorable than the other in practice.
STATUS UPDATES
| Date | Phase | Type | Status Updates |
|---|---|---|---|
