Patrick, thanks for this. Comment below:
http://www.betanews.com/article/With-three-months-to-go-to-DNSSEC-someones-f...
To summarize: last week, an anycast instance of the I root server stated exhibiting a strange behaviour. Some replies appeared to be spoofed.
Autonomica, the Swedish company managing the I root, claims their anycast instance in China is identical to the other instances they have around the world. In other words, they serve the same root zone, not something that would be "adapted" to the Chinese Internet regulations. CNNIC, on their side, say they are just supplying the power and the bandwidth.
There is a lively discussion on the origin of this malfunction on the SSAC list. Opinions differ, but the research is going on. However, some raised the issue of the accountability of root server operators, and the fact that the absence of a contractual framework (minus L-root) between them and ICANN means that no-one is able to formally complain and seek redress. It is all a question of good faith and willingness on the side of the rootops.
I think indeed that ICANN will have to think about a contractual framework with the root zone operators in the future, along the lines of the registry agreements.
ICANN "Coordinates the operation and evolution of the DNS root name server system". To my mind any contractual framework along the lines of registry agreements would be a large bit of mission creep. Why should the agreement be with ICANN rather than between the root server operators themselves to operate under/meet certain standards and criteria? The ICANN community should have a role in advising on any such framework, but I don't think ICANN should run it. The root operators are presented as independent entities and that's been an important part of the global governance discussion.
After all, the Internet users deserve the same level of service from the root that they get from gTLD operators. I am not saying that the rootops have done a bad job. Quite the contrary. They have done an outstanding volunteer job. However, there should be a mechanism to replace a root operator that fails for whatever reason.
Yes, but should (could) ICANN take on that role? Would we trust it? Adam
-- Patrick Vande Walle Blog: http://patrick.vande-walle.eu Twitter: http://twitter.vande-walle.eu Facebook: http://facebook.vande-walle.eu _______________________________________________ ALAC mailing list ALAC@atlarge-lists.icann.org http://atlarge-lists.icann.org/mailman/listinfo/alac_atlarge-lists.icann.org
At-Large Online: http://www.atlarge.icann.org ALAC Working Wiki: http://st.icann.org/alac