ICANN Resolutions » RSSAC028: Technical Analysis of the Naming Scheme Used For Individual Root Servers
Important note: The Board Resolutions are as reported in the Board Meeting Transcripts, Minutes & Resolutions portion of ICANN's website. Only the words contained in the Resolutions themselves represent the official acts of the Board. The explanatory text provided through this database (including the summary, implementation actions, identification of related resolutions, and additional information) is an interpretation or an explanation that has no official authority and does not represent the purpose behind the Board actions, nor does any explanations or interpretations modify or override the Resolutions themselves. Resolutions can only be modified through further act of the ICANN Board.
Whereas, on 3 August 2017, the Root Server Advisory Committee (RSSAC) published RSSAC028: Advisory on Technical Analysis of the Naming Scheme Used For Individual Root Servers.
Whereas, the work called for in RSSAC028 falls under ICANN's remit in ensuring the stable and secure operation of the Internet's system of unique identifiers as part of ICANN's mission.
Whereas, ICANN org has evaluated the feasibility of the RSSAC's advice in RSSAC028 and developed implementation recommendations for each advice item.
Whereas, the Board has considered ICANN org implementation recommendations relating to RSSAC028's Recommendations.
Resolved (2021.03.25.01), the Board accepts Recommendation 1, calling for the current naming scheme used in the root server system to remain unchanged until more studies have been conducted.
Resolved (2021.03.25.02), the Board accepts Recommendation 2, relating to conducting a study to understand the current behavior of DNS resolvers and how each naming scheme discussed in this document would affect these behaviors, and directs the ICANN President and CEO, or designee(s), to commence such a study.
Resolved (2021.03.25.03), the Board accepts Recommendation 3, relating to conducting a study to understand the feasibility and impact of node re-delegation attacks, and directs the ICANN President and CEO, or designee(s), to commence such a study.
Why is the Board addressing the issue?
The Board is taking this action at the recommendation of the RSSAC.
The RSSAC's remit is to advise the ICANN community and Board on matters relating to the operation, administration, security, and integrity of the Internet's root server system. This includes communicating on matters relating to the operation of the root servers and their multiple instances with the technical and ICANN community; gathering and articulating requirements to offer those engaged in technical revisions of the protocols and best common practices related to the operation of DNS servers; engaging in ongoing threat assessment and risk analysis of the root server system; and recommending any necessary audit activity to assess the current status of root servers and the root zone.
What is the proposal being considered?
The RSSAC Caucus Root Server Naming Work Party investigated possible changes to the current root server naming scheme. This naming scheme has worked well for root servers and the Internet community at large for over two decades. However, given today's Internet environment, the RSSAC has studied the naming scheme used for individual root servers and considered the consequences of making changes.
The Work Party concluded that there may be a benefit to adopting one of the other schemes described in RSSAC028 after more in-depth research, but it was also recommended that no immediate changes to root server names be made at the time of the Advisory's publication (Recommendation 1).
The document recommends that DNS researchers should investigate four topics: the acceptable response size for priming queries; how resolvers respond when given answers with a shortened set of glue records; how resolvers that validate priming responses behave when faced with broken responses; and whether search lists affect priming behavior (Recommendation 2).
In addition, the RSSAC recommended that a study should be conducted to understand the feasibility and impact of node re-delegation attacks as it was recognised that more in-depth research is required to understand node re-delegation attacks, the costs and benefits of signing the A and AAAA records for the root servers, and the effects of increasing the priming query response size (Recommendation 3).
Recommendation 4 calls for the RSSAC to study priming responses sent under specific circumstances. There is no action for the ICANN Board associated with this recommendation.
Recommendation 5 is labeled as "speculative" and contains suggested actions that only apply if node redelegation attacks pose a serious risk that needs to be mitigated. On 28 September 2020, the RSSAC confirmed that there is no action for the ICANN Board related to this recommendation at this time.
Which stakeholders or others were consulted?
Under the RSSAC's remit mentioned above, the RSSAC formed a Caucus Work Party that was responsible for publishing material leading up to and including RSSAC028.
What concerns or issues were raised by the community?
None at this time.
What significant materials did the Board review?
The Caucus Work Party published their Statement of Work and Scope for History and Technical Analysis of the Naming Scheme used for Individual Root Servers on 9 July 2015. This document provided direction in the form of five key points. The first point was, "document the technical history of the names assigned to individual root servers since the creation of the root server system", which lead to RSSAC's issuing RSSAC023: History of the Root Server System. The remaining four scope points provided the foundation for this Advisory, RSSAC028.
What factors did the Board find to be significant?
This research facilitates continued evolution of the root server system.
Are there positive or negative community impacts?
ICANN org could perform the investigation required by RSSAC028 to aid the community in deciding whether or not to recommend changing the root server naming scheme.
Are there fiscal impacts or ramifications on ICANN (strategic plan, operating plan, budget); the community; and/or the public?
The resources required for the studies in both Recommendation 2 and 3 (it is more efficient to run the studies together) will require staff and budget not currently allocated.
ICANN org estimates completing the Recommendation 2 study will require approximately six months of a researcher's time at a cost of approximately USD 150,000 along with some minimal project management and administrative support. This study has not been budgeted for FY21.
ICANN org estimates completing this study contemplated in Recommendation 3 would require approximately two months of a researcher's time at a cost of approximately USD 50,000 along with some minimal project management and administrative support. This study has not been budgeted for FY21.
Are there any security, stability or resiliency issues relating to the DNS?
The research recommended by RSSAC028 is directly related to ensure the future stability of the root server system.
Is this decision in the public interest and within ICANN's mission?
This falls directly under ICANN's Mission Statement, from Bylaws Section 1.1. MISSION:
"(a) The mission of the ICANN is to ensure the stable and secure operation of the Internet's unique identifiers
(ii) Facilitates the coordination of the operation and evolution of the DNS root name server system."
In addition, the implementation of this advice aligns with item "1.2 Strengthen DNS root server operations governance in coordination with the DNS root server operators" from the ICANN Strategic Plan for Fiscal Years 2021-2025.
Is this either a defined policy process within ICANN's Supporting Organizations or ICANN's Organizational Administrative Function decision requiring public comment or not requiring public comment?
The action recommended by RSSAC028 does not require a public comment as it is only research. However, once the research is published there will be future decisions requiring community input.