I'm a little bit confused here, but I'm starting to get the ideas...On 5-dec-03, at 17:16, Dean Anderson wrote: > Indeed, this is what they do when the agree to put the "national" root > nameservers in their own nameserver root configs. It is far easier to > have per-country stealth root slaves than it is to make every > nameserver > the stealth slave of every other domain in that country. I don't think this stealth business is a very good idea. If you want a root servers somewhere, use anycast. That means importing BGP problems into the DNS, which is iffy enough as it is. But for a small network island just having a single set of resolvers and make sure those have all the needed information isn't a huge deal. Obviously such a place doesn't have a huge number of ISPs so the number of DNS servers will be quite limited in the first place.
In the Pacific Islands:
http://map.sopac.org/tiki/tiki-map.phtml?mapfile=pacific.map&zoom=1&size=400&Redraw=Redraw&minx=110&miny=-67.6&maxx=230&maxy=52.6&Topography=1&EEZ=1&12+miles+zone=1&Country+Names=1
Countries there have about in general 1000 Internet users, and one ISP usually some 2 or 3 max...
I think what we need to really solve this is a redesign of the DNS, as the way it is now it breaks a fundamental design principle of the internet: when two nodes have reachability, they should be able to communicate, regardless of what else is (un)reachable. (I'm not volunteering, though.)
Are we going to something like the Kaza protocol (or peer sharing). The DNS know their environement and other DNS around and get the ones that are available to solve ANY query?
I've been in a situation where root servers where unavailable for the better part of a day, and it's pretty frustrating to see your resolver cache disappear over tiem so you can no longer reach places to which you still have connectivity.
|
---- Franck Martin franck@xxxxxxxxx SOPAC, Fiji GPG Key fingerprint = 44A4 8AE4 392A 3B92 FDF9 D9C6 BE79 9E60 81D9 1320 "Toute connaissance est une reponse a une question" G.Bachelard |