[rssac-caucus] Distribution of Anycast Instances of the Root Name Service workparty

[Kaveh Ranjbar]

Dear caucus members,

In the last face to face meeting in Chicago, I promised to send an update on the progress of the work at “Distribution of Anycast Instances of the Root Name Service” workparty, please find my report below. If you are interested to join the work party and contribute to the this fundamental piece of work, please let me know, indicating which question(s) you are interested to contribute to and I will make sure you are added to the WP.

All the best,
Kaveh.

——————

Distribution of Anycast Instances of the Root Name Service workparty update, as of end of March 2017:

Executive summary:

This work is aiming to answer or align understanding of a few questions that came out of the first two RSSAC workshops, the questions are formed around general theme of role of coordination between root server operators in terms of: Latency, DDOS, Physical placement of instances and Security. The work is on-going and so far we have a better understanding of the problem area and working towards documenting that.

Details:

The workparty has 20 members, divided in four groups so each group can focus on answering the relevant questions.

—

Group 1, 7 Members led by Suzanne Woolf:
Question: Given the state of current internet technology, what is the maximum latency a relying party should experience when transacting with the DNS root service as opposed to with a single “root server”?

The work is ongoing, the team has broken down the original question to multiple smaller ones and now is the time to converge on answering them.

—

Group 2, 14 members, led by Suresh Krishnaswamy:
Question: Will adding more instances in more topologically diverse locations make the system more resilient to Denial of Service (DOS) attacks?

The work is ongoing, the group has made good progress in defining DOS in the context of root server system as well as systematic resilience. Next step would be compiling current findings as an answer and making decisions on some of open questions, including the need for empirical evidence, etc.

—

Group 3, 12 members, led by John Bond:
Question: If root operators were to coordinate their deployments of anycast instances, what considerations should be contemplated?

The work is ongoing, the group has some solid content, including recognising some issues as well as some recommendations, needs to organise and compile the answers.

—

Group 4, 12 members, led by Russ Mundy:
Question: What are the security considerations related to the distribution of anycast instances?

The work is ongoing, the input is sparse and right now the main recommendation refers to RFC7706, it might be the conclusion that further work should be derived from that or other sources and no specific work related to the Root Server System is required here.

—
——————
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 496 bytes
Desc: Message signed with OpenPGP
URL: <http://mm.icann.org/pipermail/rssac-caucus/attachments/20170404/5a7dde1b/signature.asc>