RSSAC028 was published on 3 August 2017. All RSSAC publications can be found at https://www.icann.org/groups/rssac/documents.
Recommendation | Description | Current Phase |
---|---|---|
Recommendation 1 | No changes should be made to the current naming scheme used in the root server system until more studies have been conducted. | CLOSED |
Recommendation 2 | Conduct studies to understand the current behavior of DNS resolvers and how each naming scheme discussed in this document would affect these behaviours. | Phase 4 | Implement |
Recommendation 3 | Conduct a study to understand the feasibility and impact of node re-delegation attacks. | Phase 4 | Implement |
Recommendation 4 | Study reducing the priming response size. When considering the priming response under DNSSEC, the scheme explained in Section 5.6 generated the smallest possible size, as expected. However, some implementations would become brittle if this naming scheme was adopted. Future work in this area could include modeling and proposing protocol changes to support this configuration, noting that the total cost shown by such a model might exceed the accompanying total benefit. RSSAC should study having a specific upper limit on the size of priming responses where the query has DO=1. Research to reduce the response size might consider:
| CLOSED |
Recommendation 5 | The fundamental recommendation of the RSSAC is to not change the current root server system naming scheme until the studies listed in section 7.2 can be completed. However, during the preparation of this document, the RSSAC Caucus Root Server Naming Work Party also made some observations that could be considered as recommendations based on particular outcomes in the further studies, and based on the risk analysis in Section 6. If node re-delegation attacks pose a serious risk that needs to be mitigated, the following seem reasonable to consider:
| CLOSED |