ICANN Resolutions » Root Server Strategy
Important note: The Board Resolutions are as reported in the Board Meeting Transcripts, Minutes & Resolutions portion of ICANN's website. Only the words contained in the Resolutions themselves represent the official acts of the Board. The explanatory text provided through this database (including the summary, implementation actions, identification of related resolutions, and additional information) is an interpretation or an explanation that has no official authority and does not represent the purpose behind the Board actions, nor does any explanations or interpretations modify or override the Resolutions themselves. Resolutions can only be modified through further act of the ICANN Board.
Whereas, ICANN's present approach of deploying a large number of individual servers ("L-Singles") and a small number of larger, multi-server installations ("L-Clusters") has, to date, been an adequate defense against attacks on the Root Server System.
Whereas, the Root Server System as currently deployed is seen by many within the technical community as at risk of being unable to keep pace with the growth in attack capacity and thus, is increasingly vulnerable to attack traffic whether launched by malicious entities or as a result of misconfiguration, misuse, or bugs.
Whereas, a successful attack against the Root Server System would pose a serious risk to the security and stability of the DNS and pose a potentially existential risk to ICANN org, as the facilitator of the coordination of operation and evolution of the DNS root server system.
Whereas, a comprehensive strategy intended to reduce the effects of the attacks against the Root Server System should take into consideration multiple approaches that leverage and enhance existing root server operator practices, integrate new technological advances and methodologies, as well as increase observation and monitoring of the system as a whole.
Resolved (2018.09.16.10), that the Board instructs the ICANN org as the operator of the ICANN Managed Root Server/L-Root (IMRS) to work with the Community to finalize a strategy to reduce effects of attacks on the IMRS and, once finalized, directs the CEO to begin implementation of that strategy by developing a project plan with associated timelines and potential expenditures for subsequent Board review and approval.
Architecturally, the root of the DNS namespace serves as a single point through which the lookup of any name within that namespace must pass at least once. This poses a risk of a "single point of failure" for the entire DNS. To date, this risk has been mitigated by "hardening" the infrastructure that provides name service for that root. This hardening has traditionally been implemented by expanding capacity, either by increasing bandwidth to name servers or via the use of "anycast" routing, deploying more name servers that answer questions for the root around the world.
However, as a result of continued evolution of Internet technologies and facilities, in particular, the deployment of "Internet of Things" devices and increased capacity of networks all over the world, coupled with the unfortunate lack of sufficient security in those devices and networks, attackers have increasing power to cripple Internet infrastructure. Specifically, the growth in attack capacity risks outstripping the ability of the root server operator community to expand defensive capacity. While it remains necessary to continue to expand defensive capacity in the near-term, the long-term outlook for the traditional approach appears bleak.
In addition, due to the lack of significant deployment of DNSSEC validation, responses from the Root Server System remains at risk from integrity attacks. Similarly, as a result of DNS messages assumed to be sent unencrypted, the users of the Root Server System (i.e., resolvers) are subject to confidentiality attacks. While these attacks are not necessarily new, the ever-increasing reliance on the DNS and hence, the Root Server System, suggests a new strategy to reduce the effect of these attacks against the Root Server System is required.
To meet this requirement ICANN org has devised a comprehensive strategy for the ICANN managed root server that in addition to expanding existing traditional protective mechanisms looks to potentially leverage commercial cloud infrastructure and further decentralize root service, encourage deployment of DNSSEC validation, facilitate the development of privacy enhancements for the DNS, promote increased engagement with both the root server operator community as well as resolver operators, and enhance root system monitoring.
This strategy should be finalized with the cooperation of the community, and in particular the RSSAC. Once finalized the implementation of the strategy should begin by developing a detailed project plan that includes timelines, milestones, and anticipated expenditures. Upon completion of the project plan, it should be provided to the Board for review and approval.
The resolution to finalize the root strategy and develop the necessary detail project plan is anticipated to require personnel resources that are within the current FY19 budget, so no additional budgetary impact is anticipated.
This decision is in the public interest and within ICANN's mission, as it supports ICANN org's work to ensure the stable and secure operation of the Internet's unique identifier systems.