[ Top-post ] Gulp. What, someone gave you a worm can opener for your birthday?! Yah, this sounds fun / interesting. If a work party if formed I'd like to participate.... W On Tue, May 19, 2015 at 12:16 PM, Joe Abley <jabley@hopcount.ca> wrote:

Hi all,

I have a suggestion for a new work item for RSSAC. If RSSAC thinks this work would be of value, and there are people willing to work on it, I'd be happy to (co-) lead a work party.

A rough sketch of a charter follows.

Comments would be most welcome!

Thanks,

Joe

Back in the dim mists of time, individual root servers had names chosen by the organisation that operated them. Some/all of these names are recorded for posterity in the canonical root hints file, e.g. A was originally NS.INTERNIC.NET, B was originally NS1.ISI.EDU, F was originally NS.ISC.ORG, etc.

ftp://rs.internic.net/domain/named.cache

The naming scheme was subsequently changed to <letter>.ROOT-SERVERS.NET, with the intent that the response to the priming query (using label compression for the ROOT-SERVERS.NET domain) would be smaller, and would allow an additional four root servers to be specified without causing the priming response to grow beyond the specified non-EDNS(0) message size limit using UDP transport. I have seen this cleverness attributed to Bill Manning in the past.

ROOT-SERVERS.NET was delegated from the NET zone to all root servers. The domain exists in the NET registry, defended by a platoon of registry locks, and the zone itself is (if I recall correctly) maintained and distributed by Verisign to root server operators as part of the root zone maintainer function, with changes following a similar process to that used for the root zone, including interactions between the three root zone partners.

In the opinions of some (but not all) people, the existence of the ROOT-SERVERS.NET zone is a historical mistake, and it would have been better to name the root servers in a way that avoided the necessity for a separate zone, e.g. bare single-label names (A, B, C, ...) or multi-label names with no delegation (A.ROOT-SERVERS, B.ROOT-SERVERS) provisioned directly in the root zone.

The presence of a label like ROOT-SERVERS might in effect constitute a reserved TLD label, with corresponding impact on ICANN policy for root zone management, the technical direction and remit of the IETF/IAB, and the intersection of the two. So, there are dragons^Wpolitical considerations, although I think RSSAC should constrain itself to technical commentary and leave any dragon baiting to others.

SAC53 has a thing or two to say about "dotless domains" like A, B, C, etc which could no doubt provide a useful citation. A client that sends a priming query with EDNS0.DO=1 (which, I gather, is how most priming queries are observed to arrive today) does not currently receive a response with signatures in the additional section of the response, because the ROOT-SERVERS.NET zone is not signed. The lack of signatures in the ROOT-SERVERS.NET zone is either a feature or a bug, depending on your perspective; if it was to be signed, the question of key management would arise. If signatures were present, there might be some operational impact caused by the increased size of the priming response.

Rather than the naming scheme for root servers remaining a collection of partially-remembered anecdotes plus occasional yet regular memes on mailing lists about what a mistake the current naming scheme was, I think it would be good if RSSAC could produce a document that:

1. Provides a citeable history on how root nameservers were originally named and how they are named today, recording the reasons for the change;

2. Considers the risks and benefits of a new naming scheme that avoids the zone cut, including impact on root zone partners' processes, on operational issues like priming response sizes and backed-in assumptions elsewhere about root server names and on security issues relating to DNSSEC validation;

3. Considers the risks associated with any transition from the current naming scheme to a different one;

4. Makes recommendations as to whether a change from the current scheme should be made and, if the recommendation is to make a change, makes further recommendations that might frame the way a transition is planned and managed operationally. A recommendation that there be no change is an equally reasonable outcome; either way the document should include high-quality justification and reasoning.

All recommendations made would be actionable by ICANN (rather than recommendations actionable by the other two partners or anybody else with skin in the game), since that is the scope of our role. _______________________________________________ rssac-caucus mailing list rssac-caucus@icann.org https://mm.icann.org/mailman/listinfo/rssac-caucus

-- I don't think the execution is relevant when it was obviously a bad idea in the first place. This is like putting rabid weasels in your pants, and later expressing regret at having chosen those particular rabid weasels and that pair of pants. ---maf

Hi, Joe, You just came up with an interesting topic. This issue seems valuable to me, too. I would like to work on this with you. Declan Ma ZDNS Ltd.

在 2015年5月20日，上午12:16，Joe Abley <jabley@hopcount.ca> 写道：

Hi all,

I have a suggestion for a new work item for RSSAC. If RSSAC thinks this work would be of value, and there are people willing to work on it, I'd be happy to (co-) lead a work party.

A rough sketch of a charter follows.

Comments would be most welcome!

Thanks,

Joe

Back in the dim mists of time, individual root servers had names chosen by the organisation that operated them. Some/all of these names are recorded for posterity in the canonical root hints file, e.g. A was originally NS.INTERNIC.NET, B was originally NS1.ISI.EDU, F was originally NS.ISC.ORG, etc.

ftp://rs.internic.net/domain/named.cache

The naming scheme was subsequently changed to <letter>.ROOT-SERVERS.NET, with the intent that the response to the priming query (using label compression for the ROOT-SERVERS.NET domain) would be smaller, and would allow an additional four root servers to be specified without causing the priming response to grow beyond the specified non-EDNS(0) message size limit using UDP transport. I have seen this cleverness attributed to Bill Manning in the past.

ROOT-SERVERS.NET was delegated from the NET zone to all root servers. The domain exists in the NET registry, defended by a platoon of registry locks, and the zone itself is (if I recall correctly) maintained and distributed by Verisign to root server operators as part of the root zone maintainer function, with changes following a similar process to that used for the root zone, including interactions between the three root zone partners.

In the opinions of some (but not all) people, the existence of the ROOT-SERVERS.NET zone is a historical mistake, and it would have been better to name the root servers in a way that avoided the necessity for a separate zone, e.g. bare single-label names (A, B, C, ...) or multi-label names with no delegation (A.ROOT-SERVERS, B.ROOT-SERVERS) provisioned directly in the root zone.

The presence of a label like ROOT-SERVERS might in effect constitute a reserved TLD label, with corresponding impact on ICANN policy for root zone management, the technical direction and remit of the IETF/IAB, and the intersection of the two. So, there are dragons^Wpolitical considerations, although I think RSSAC should constrain itself to technical commentary and leave any dragon baiting to others.

SAC53 has a thing or two to say about "dotless domains" like A, B, C, etc which could no doubt provide a useful citation. A client that sends a priming query with EDNS0.DO=1 (which, I gather, is how most priming queries are observed to arrive today) does not currently receive a response with signatures in the additional section of the response, because the ROOT-SERVERS.NET zone is not signed. The lack of signatures in the ROOT-SERVERS.NET zone is either a feature or a bug, depending on your perspective; if it was to be signed, the question of key management would arise. If signatures were present, there might be some operational impact caused by the increased size of the priming response.

Rather than the naming scheme for root servers remaining a collection of partially-remembered anecdotes plus occasional yet regular memes on mailing lists about what a mistake the current naming scheme was, I think it would be good if RSSAC could produce a document that:

1. Provides a citeable history on how root nameservers were originally named and how they are named today, recording the reasons for the change;

2. Considers the risks and benefits of a new naming scheme that avoids the zone cut, including impact on root zone partners' processes, on operational issues like priming response sizes and backed-in assumptions elsewhere about root server names and on security issues relating to DNSSEC validation;

3. Considers the risks associated with any transition from the current naming scheme to a different one;

4. Makes recommendations as to whether a change from the current scheme should be made and, if the recommendation is to make a change, makes further recommendations that might frame the way a transition is planned and managed operationally. A recommendation that there be no change is an equally reasonable outcome; either way the document should include high-quality justification and reasoning.

All recommendations made would be actionable by ICANN (rather than recommendations actionable by the other two partners or anybody else with skin in the game), since that is the scope of our role. _______________________________________________ rssac-caucus mailing list rssac-caucus@icann.org https://mm.icann.org/mailman/listinfo/rssac-caucus

Hi Joe, it's an interesting work item. Similarly,you may notice Paul, Kato and I initiate Yeti DNS project (http://yeti-dns.org/) which is dedicated to the scientific and study on Root system. I think it is good place to do some experiment and study on your proposed Item in Yeti testbed. Personally, I'm happy to join and discuss how to create the work party. Cheers, Davey On Wed, May 20, 2015 at 12:16 AM, Joe Abley <jabley@hopcount.ca> wrote:

Hi all,

I have a suggestion for a new work item for RSSAC. If RSSAC thinks this work would be of value, and there are people willing to work on it, I'd be happy to (co-) lead a work party.

A rough sketch of a charter follows.

Comments would be most welcome!

Thanks,

Joe

Back in the dim mists of time, individual root servers had names chosen by the organisation that operated them. Some/all of these names are recorded for posterity in the canonical root hints file, e.g. A was originally NS.INTERNIC.NET, B was originally NS1.ISI.EDU, F was originally NS.ISC.ORG, etc.

ftp://rs.internic.net/domain/named.cache

The naming scheme was subsequently changed to <letter>.ROOT-SERVERS.NET, with the intent that the response to the priming query (using label compression for the ROOT-SERVERS.NET domain) would be smaller, and would allow an additional four root servers to be specified without causing the priming response to grow beyond the specified non-EDNS(0) message size limit using UDP transport. I have seen this cleverness attributed to Bill Manning in the past.

ROOT-SERVERS.NET was delegated from the NET zone to all root servers. The domain exists in the NET registry, defended by a platoon of registry locks, and the zone itself is (if I recall correctly) maintained and distributed by Verisign to root server operators as part of the root zone maintainer function, with changes following a similar process to that used for the root zone, including interactions between the three root zone partners.

In the opinions of some (but not all) people, the existence of the ROOT-SERVERS.NET zone is a historical mistake, and it would have been better to name the root servers in a way that avoided the necessity for a separate zone, e.g. bare single-label names (A, B, C, ...) or multi-label names with no delegation (A.ROOT-SERVERS, B.ROOT-SERVERS) provisioned directly in the root zone.

The presence of a label like ROOT-SERVERS might in effect constitute a reserved TLD label, with corresponding impact on ICANN policy for root zone management, the technical direction and remit of the IETF/IAB, and the intersection of the two. So, there are dragons^Wpolitical considerations, although I think RSSAC should constrain itself to technical commentary and leave any dragon baiting to others.

SAC53 has a thing or two to say about "dotless domains" like A, B, C, etc which could no doubt provide a useful citation. A client that sends a priming query with EDNS0.DO=1 (which, I gather, is how most priming queries are observed to arrive today) does not currently receive a response with signatures in the additional section of the response, because the ROOT-SERVERS.NET zone is not signed. The lack of signatures in the ROOT-SERVERS.NET zone is either a feature or a bug, depending on your perspective; if it was to be signed, the question of key management would arise. If signatures were present, there might be some operational impact caused by the increased size of the priming response.

Rather than the naming scheme for root servers remaining a collection of partially-remembered anecdotes plus occasional yet regular memes on mailing lists about what a mistake the current naming scheme was, I think it would be good if RSSAC could produce a document that:

1. Provides a citeable history on how root nameservers were originally named and how they are named today, recording the reasons for the change;

2. Considers the risks and benefits of a new naming scheme that avoids the zone cut, including impact on root zone partners' processes, on operational issues like priming response sizes and backed-in assumptions elsewhere about root server names and on security issues relating to DNSSEC validation;

3. Considers the risks associated with any transition from the current naming scheme to a different one;

4. Makes recommendations as to whether a change from the current scheme should be made and, if the recommendation is to make a change, makes further recommendations that might frame the way a transition is planned and managed operationally. A recommendation that there be no change is an equally reasonable outcome; either way the document should include high-quality justification and reasoning.

All recommendations made would be actionable by ICANN (rather than recommendations actionable by the other two partners or anybody else with skin in the game), since that is the scope of our role. _______________________________________________ rssac-caucus mailing list rssac-caucus@icann.org https://mm.icann.org/mailman/listinfo/rssac-caucus

I am also interested in contributing to this work. BR, Daniel On Tue, May 19, 2015 at 12:16 PM, Joe Abley <jabley@hopcount.ca> wrote:

Hi all,

I have a suggestion for a new work item for RSSAC. If RSSAC thinks this work would be of value, and there are people willing to work on it, I'd be happy to (co-) lead a work party.

A rough sketch of a charter follows.

Comments would be most welcome!

Thanks,

Joe

Back in the dim mists of time, individual root servers had names chosen by the organisation that operated them. Some/all of these names are recorded for posterity in the canonical root hints file, e.g. A was originally NS.INTERNIC.NET, B was originally NS1.ISI.EDU, F was originally NS.ISC.ORG, etc.

ftp://rs.internic.net/domain/named.cache

The naming scheme was subsequently changed to <letter>.ROOT-SERVERS.NET, with the intent that the response to the priming query (using label compression for the ROOT-SERVERS.NET domain) would be smaller, and would allow an additional four root servers to be specified without causing the priming response to grow beyond the specified non-EDNS(0) message size limit using UDP transport. I have seen this cleverness attributed to Bill Manning in the past.

ROOT-SERVERS.NET was delegated from the NET zone to all root servers. The domain exists in the NET registry, defended by a platoon of registry locks, and the zone itself is (if I recall correctly) maintained and distributed by Verisign to root server operators as part of the root zone maintainer function, with changes following a similar process to that used for the root zone, including interactions between the three root zone partners.

In the opinions of some (but not all) people, the existence of the ROOT-SERVERS.NET zone is a historical mistake, and it would have been better to name the root servers in a way that avoided the necessity for a separate zone, e.g. bare single-label names (A, B, C, ...) or multi-label names with no delegation (A.ROOT-SERVERS, B.ROOT-SERVERS) provisioned directly in the root zone.

The presence of a label like ROOT-SERVERS might in effect constitute a reserved TLD label, with corresponding impact on ICANN policy for root zone management, the technical direction and remit of the IETF/IAB, and the intersection of the two. So, there are dragons^Wpolitical considerations, although I think RSSAC should constrain itself to technical commentary and leave any dragon baiting to others.

SAC53 has a thing or two to say about "dotless domains" like A, B, C, etc which could no doubt provide a useful citation. A client that sends a priming query with EDNS0.DO=1 (which, I gather, is how most priming queries are observed to arrive today) does not currently receive a response with signatures in the additional section of the response, because the ROOT-SERVERS.NET zone is not signed. The lack of signatures in the ROOT-SERVERS.NET zone is either a feature or a bug, depending on your perspective; if it was to be signed, the question of key management would arise. If signatures were present, there might be some operational impact caused by the increased size of the priming response.

Rather than the naming scheme for root servers remaining a collection of partially-remembered anecdotes plus occasional yet regular memes on mailing lists about what a mistake the current naming scheme was, I think it would be good if RSSAC could produce a document that:

1. Provides a citeable history on how root nameservers were originally named and how they are named today, recording the reasons for the change;

2. Considers the risks and benefits of a new naming scheme that avoids the zone cut, including impact on root zone partners' processes, on operational issues like priming response sizes and backed-in assumptions elsewhere about root server names and on security issues relating to DNSSEC validation;

3. Considers the risks associated with any transition from the current naming scheme to a different one;

4. Makes recommendations as to whether a change from the current scheme should be made and, if the recommendation is to make a change, makes further recommendations that might frame the way a transition is planned and managed operationally. A recommendation that there be no change is an equally reasonable outcome; either way the document should include high-quality justification and reasoning.

All recommendations made would be actionable by ICANN (rather than recommendations actionable by the other two partners or anybody else with skin in the game), since that is the scope of our role. _______________________________________________ rssac-caucus mailing list rssac-caucus@icann.org https://mm.icann.org/mailman/listinfo/rssac-caucus

-- Daniel Migault Ericsson 8400 boulevard Decarie Montreal, QC H4P 2N2 Canada Phone: +1 514-452-2160

Dear Joe, Thank you for putting forth this possible new work item. Sounds very intriguing and has generated interest. This will be a discussion item at an upcoming RSSAC meeting. We will be in touch after the RSSAC weighs in on this. Thank you again. Regards, - Tripti, RSSAC Co-Chair -----Original Message----- From: rssac-caucus-bounces@icann.org [mailto:rssac-caucus-bounces@icann.org] On Behalf Of Joe Abley Sent: Tuesday, May 19, 2015 12:16 PM To: rssac-caucus@icann.org Subject: [rssac-caucus] possible new work item Hi all, I have a suggestion for a new work item for RSSAC. If RSSAC thinks this work would be of value, and there are people willing to work on it, I'd be happy to (co-) lead a work party. A rough sketch of a charter follows. Comments would be most welcome! Thanks, Joe Back in the dim mists of time, individual root servers had names chosen by the organisation that operated them. Some/all of these names are recorded for posterity in the canonical root hints file, e.g. A was originally NS.INTERNIC.NET, B was originally NS1.ISI.EDU, F was originally NS.ISC.ORG, etc. ftp://rs.internic.net/domain/named.cache The naming scheme was subsequently changed to <letter>.ROOT-SERVERS.NET, with the intent that the response to the priming query (using label compression for the ROOT-SERVERS.NET domain) would be smaller, and would allow an additional four root servers to be specified without causing the priming response to grow beyond the specified non-EDNS(0) message size limit using UDP transport. I have seen this cleverness attributed to Bill Manning in the past. ROOT-SERVERS.NET was delegated from the NET zone to all root servers. The domain exists in the NET registry, defended by a platoon of registry locks, and the zone itself is (if I recall correctly) maintained and distributed by Verisign to root server operators as part of the root zone maintainer function, with changes following a similar process to that used for the root zone, including interactions between the three root zone partners. In the opinions of some (but not all) people, the existence of the ROOT-SERVERS.NET zone is a historical mistake, and it would have been better to name the root servers in a way that avoided the necessity for a separate zone, e.g. bare single-label names (A, B, C, ...) or multi-label names with no delegation (A.ROOT-SERVERS, B.ROOT-SERVERS) provisioned directly in the root zone. The presence of a label like ROOT-SERVERS might in effect constitute a reserved TLD label, with corresponding impact on ICANN policy for root zone management, the technical direction and remit of the IETF/IAB, and the intersection of the two. So, there are dragons^Wpolitical considerations, although I think RSSAC should constrain itself to technical commentary and leave any dragon baiting to others. SAC53 has a thing or two to say about "dotless domains" like A, B, C, etc which could no doubt provide a useful citation. A client that sends a priming query with EDNS0.DO=1 (which, I gather, is how most priming queries are observed to arrive today) does not currently receive a response with signatures in the additional section of the response, because the ROOT-SERVERS.NET zone is not signed. The lack of signatures in the ROOT-SERVERS.NET zone is either a feature or a bug, depending on your perspective; if it was to be signed, the question of key management would arise. If signatures were present, there might be some operational impact caused by the increased size of the priming response. Rather than the naming scheme for root servers remaining a collection of partially-remembered anecdotes plus occasional yet regular memes on mailing lists about what a mistake the current naming scheme was, I think it would be good if RSSAC could produce a document that: 1. Provides a citeable history on how root nameservers were originally named and how they are named today, recording the reasons for the change; 2. Considers the risks and benefits of a new naming scheme that avoids the zone cut, including impact on root zone partners' processes, on operational issues like priming response sizes and backed-in assumptions elsewhere about root server names and on security issues relating to DNSSEC validation; 3. Considers the risks associated with any transition from the current naming scheme to a different one; 4. Makes recommendations as to whether a change from the current scheme should be made and, if the recommendation is to make a change, makes further recommendations that might frame the way a transition is planned and managed operationally. A recommendation that there be no change is an equally reasonable outcome; either way the document should include high-quality justification and reasoning. All recommendations made would be actionable by ICANN (rather than recommendations actionable by the other two partners or anybody else with skin in the game), since that is the scope of our role. _______________________________________________ rssac-caucus mailing list rssac-caucus@icann.org https://mm.icann.org/mailman/listinfo/rssac-caucus

Joe, Fine idea there! Count me in as part of the work party, should it be formed (and I hope it does!) - Jim

On May 19, 2015, at 12:16 PM, Joe Abley <jabley@hopcount.ca> wrote:

Hi all,

I have a suggestion for a new work item for RSSAC. If RSSAC thinks this work would be of value, and there are people willing to work on it, I'd be happy to (co-) lead a work party.

A rough sketch of a charter follows.

Comments would be most welcome!

Thanks,

Joe

Back in the dim mists of time, individual root servers had names chosen by the organisation that operated them. Some/all of these names are recorded for posterity in the canonical root hints file, e.g. A was originally NS.INTERNIC.NET, B was originally NS1.ISI.EDU, F was originally NS.ISC.ORG, etc.

ftp://rs.internic.net/domain/named.cache

The naming scheme was subsequently changed to <letter>.ROOT-SERVERS.NET, with the intent that the response to the priming query (using label compression for the ROOT-SERVERS.NET domain) would be smaller, and would allow an additional four root servers to be specified without causing the priming response to grow beyond the specified non-EDNS(0) message size limit using UDP transport. I have seen this cleverness attributed to Bill Manning in the past.

ROOT-SERVERS.NET was delegated from the NET zone to all root servers. The domain exists in the NET registry, defended by a platoon of registry locks, and the zone itself is (if I recall correctly) maintained and distributed by Verisign to root server operators as part of the root zone maintainer function, with changes following a similar process to that used for the root zone, including interactions between the three root zone partners.

In the opinions of some (but not all) people, the existence of the ROOT-SERVERS.NET zone is a historical mistake, and it would have been better to name the root servers in a way that avoided the necessity for a separate zone, e.g. bare single-label names (A, B, C, ...) or multi-label names with no delegation (A.ROOT-SERVERS, B.ROOT-SERVERS) provisioned directly in the root zone.

The presence of a label like ROOT-SERVERS might in effect constitute a reserved TLD label, with corresponding impact on ICANN policy for root zone management, the technical direction and remit of the IETF/IAB, and the intersection of the two. So, there are dragons^Wpolitical considerations, although I think RSSAC should constrain itself to technical commentary and leave any dragon baiting to others.

SAC53 has a thing or two to say about "dotless domains" like A, B, C, etc which could no doubt provide a useful citation. A client that sends a priming query with EDNS0.DO=1 (which, I gather, is how most priming queries are observed to arrive today) does not currently receive a response with signatures in the additional section of the response, because the ROOT-SERVERS.NET zone is not signed. The lack of signatures in the ROOT-SERVERS.NET zone is either a feature or a bug, depending on your perspective; if it was to be signed, the question of key management would arise. If signatures were present, there might be some operational impact caused by the increased size of the priming response.

Rather than the naming scheme for root servers remaining a collection of partially-remembered anecdotes plus occasional yet regular memes on mailing lists about what a mistake the current naming scheme was, I think it would be good if RSSAC could produce a document that:

1. Provides a citeable history on how root nameservers were originally named and how they are named today, recording the reasons for the change;

2. Considers the risks and benefits of a new naming scheme that avoids the zone cut, including impact on root zone partners' processes, on operational issues like priming response sizes and backed-in assumptions elsewhere about root server names and on security issues relating to DNSSEC validation;

3. Considers the risks associated with any transition from the current naming scheme to a different one;

4. Makes recommendations as to whether a change from the current scheme should be made and, if the recommendation is to make a change, makes further recommendations that might frame the way a transition is planned and managed operationally. A recommendation that there be no change is an equally reasonable outcome; either way the document should include high-quality justification and reasoning.

All recommendations made would be actionable by ICANN (rather than recommendations actionable by the other two partners or anybody else with skin in the game), since that is the scope of our role. _______________________________________________ rssac-caucus mailing list rssac-caucus@icann.org https://mm.icann.org/mailman/listinfo/rssac-caucus

Hi Joe-san, The work item sounds interesting. I'd like to join the work party as well. Sorry for coming late. Shinta Sato <shinta@jprs.co.jp> Japan Registry Services Co., Ltd. On Tue, 19 May 2015 12:16:23 -0400 "Joe Abley" <jabley@hopcount.ca> wrote:

Hi all,

I have a suggestion for a new work item for RSSAC. If RSSAC thinks this work would be of value, and there are people willing to work on it, I'd be happy to (co-) lead a work party.

A rough sketch of a charter follows.

Comments would be most welcome!

Thanks,

Joe

Back in the dim mists of time, individual root servers had names chosen by the organisation that operated them. Some/all of these names are recorded for posterity in the canonical root hints file, e.g. A was originally NS.INTERNIC.NET, B was originally NS1.ISI.EDU, F was originally NS.ISC.ORG, etc.

ftp://rs.internic.net/domain/named.cache

The naming scheme was subsequently changed to <letter>.ROOT-SERVERS.NET, with the intent that the response to the priming query (using label compression for the ROOT-SERVERS.NET domain) would be smaller, and would allow an additional four root servers to be specified without causing the priming response to grow beyond the specified non-EDNS(0) message size limit using UDP transport. I have seen this cleverness attributed to Bill Manning in the past.

ROOT-SERVERS.NET was delegated from the NET zone to all root servers. The domain exists in the NET registry, defended by a platoon of registry locks, and the zone itself is (if I recall correctly) maintained and distributed by Verisign to root server operators as part of the root zone maintainer function, with changes following a similar process to that used for the root zone, including interactions between the three root zone partners.

In the opinions of some (but not all) people, the existence of the ROOT-SERVERS.NET zone is a historical mistake, and it would have been better to name the root servers in a way that avoided the necessity for a separate zone, e.g. bare single-label names (A, B, C, ...) or multi-label names with no delegation (A.ROOT-SERVERS, B.ROOT-SERVERS) provisioned directly in the root zone.

The presence of a label like ROOT-SERVERS might in effect constitute a reserved TLD label, with corresponding impact on ICANN policy for root zone management, the technical direction and remit of the IETF/IAB, and the intersection of the two. So, there are dragons^Wpolitical considerations, although I think RSSAC should constrain itself to technical commentary and leave any dragon baiting to others.

SAC53 has a thing or two to say about "dotless domains" like A, B, C, etc which could no doubt provide a useful citation. A client that sends a priming query with EDNS0.DO=1 (which, I gather, is how most priming queries are observed to arrive today) does not currently receive a response with signatures in the additional section of the response, because the ROOT-SERVERS.NET zone is not signed. The lack of signatures in the ROOT-SERVERS.NET zone is either a feature or a bug, depending on your perspective; if it was to be signed, the question of key management would arise. If signatures were present, there might be some operational impact caused by the increased size of the priming response.

Rather than the naming scheme for root servers remaining a collection of partially-remembered anecdotes plus occasional yet regular memes on mailing lists about what a mistake the current naming scheme was, I think it would be good if RSSAC could produce a document that:

1. Provides a citeable history on how root nameservers were originally named and how they are named today, recording the reasons for the change;

2. Considers the risks and benefits of a new naming scheme that avoids the zone cut, including impact on root zone partners' processes, on operational issues like priming response sizes and backed-in assumptions elsewhere about root server names and on security issues relating to DNSSEC validation;

3. Considers the risks associated with any transition from the current naming scheme to a different one;

4. Makes recommendations as to whether a change from the current scheme should be made and, if the recommendation is to make a change, makes further recommendations that might frame the way a transition is planned and managed operationally. A recommendation that there be no change is an equally reasonable outcome; either way the document should include high-quality justification and reasoning.

All recommendations made would be actionable by ICANN (rather than recommendations actionable by the other two partners or anybody else with skin in the game), since that is the scope of our role. _______________________________________________ rssac-caucus mailing list rssac-caucus@icann.org https://mm.icann.org/mailman/listinfo/rssac-caucus