Indeed, this is what they do when the agree to put the "national" root nameservers in their own nameserver root configs. It is far easier to have per-country stealth root slaves than it is to make every nameserver the stealth slave of every other domain in that country. When that country is isolated from the rest of the net, (due to single connection failure, multiple connection failure, war, etc), then they still have nameservice for their CCtld and its delegations, and those of whatever other countries they remain connected to. Stealth root slaves are such a far better solution, in terms of configuration, maintenance, and scaling than configuring every nameserver to be a stealth slave of every other domain. Imagine the difficulty of doing that... Even a small country with a few tens of thousands of domains makes that unrealistic. Yet a stealth root is comparably easy: You just tell your nameserver operators to configure in the IP addresses for your national root servers, instead of the "official" root servers. Now all you have to do is keep that set operating, which isn't that hard, and can be done even if the country becomes isolated from the world net, and the official nameservers. Indeed, it is probably sensible for ISPs to do the same. This would keep things working internally in the event of an effective isolation due to a DOS attack, for example. --Dean On Fri, 5 Dec 2003, Iljitsch van Beijnum wrote: > On 5-dec-03, at 1:37, Franck Martin wrote: > > > Finally before a root-server is installed somewhere, someone will do > > an assessment of the local conditions and taylor it adequately. I want > > countries to request installation of root servers, and I know about 20 > > Pacific Islands countries that need root-servers in case their > > Internet link goes dead. > > Might I suggest that there is a much easier way to do this: if the > constituency for such a root server is so small and so homogenous (= > they all share a single link to the rest of the net) then it would be > much simpler for all of these users to simply share a single set of > nameservers, which can then all be primary or secondary for all the > domains used locally. This allows communication to continue even if the > root servers are unreachable AND it allows users to register domain > names under any TLD they like. > > >