ICANN plan: the corporation has proposed a new model for managing root DNS servers
ICANN's Root Server Management Advisory Council (RSSAC) has proposed a new DNS root zone management model . It provides for a decrease in the number of active CAs and the introduction of five new responsible structures. We tell about the model in more detail under the cut.
/ photo Oliver Dean CC
For a long time, the system consists of 13 root servers, which are managed by 12 companies on the basis of agreements with ICANN. Among these organizations are both independent and state. All decisions regarding the work of the COP, these companies make their own. A good example of how the coordination of the root server system works can be found in the CTO article of the Internet recorder RIPE NCC Andrei Robachevsky .
Under this scheme, everything is stable for many years. However, in RSSAC they want to make the work of root DNS servers more “transparent” and organized.
RSSAC representatives say they have been analyzing the work of root server operators for a long time. And they came to the conclusion that the actions of the operators are, in fact, uncontrolled and based on trust. Therefore, they proposed to introduce a new model, which, in their opinion, provides greater transparency and security.
The main idea is to create a single structure of five functional units to manage everything related to the COP:
This is what the new scheme of the system work on the RSSAC idea looks like:
During the presentation of the model, representatives of RSSAC Tripti Sinha (Tripti Sinha) and Brad Verd (Brad Verd) noted that its implementation will reduce the number of root DNS servers - some of them will be combined (but which and how much is still unknown). However, as the COP will be less, the speakers did not specify. In their opinion, reducing the number of root DNS servers will help improve the quality of services provided and control over them.
One of the residents of The Register in his comments on the site expressed doubts about the correctness of the idea of combining root DNS servers. In his opinion, it will be easier for hackers to carry out attacks, as consolidation will simplify the procedure for selecting a target for hacking.
Some recalled the recent situation with the WHOIS , when ICANN tried several times to bring the service to work in accordance with the GDPR and met with resistance from the community and registrars because they could not think through the implementation plan for the idea. Because of this story, users have stated that transferring control of root DNS servers into the hands of ICANN is not the best solution.
However, there were those who thought that the idea was generally not bad, since a clearer management structure should speed up the resolution of security problems.
We note that it is still unclear whether this proposal will receive any approval from the official structures and governments, because the future fate of the project remains unknown.
PS Additional materials from the First Corporate IaaS Blog:
The main direction of our activity is the provision of cloud services:
Virtual Infrastructure (IaaS) | PCI DSS Hosting | Cloud FZ-152 | Rent 1C in the cloud
/ photo Oliver Dean CC
How the root DNS server system is managed
For a long time, the system consists of 13 root servers, which are managed by 12 companies on the basis of agreements with ICANN. Among these organizations are both independent and state. All decisions regarding the work of the COP, these companies make their own. A good example of how the coordination of the root server system works can be found in the CTO article of the Internet recorder RIPE NCC Andrei Robachevsky .
Under this scheme, everything is stable for many years. However, in RSSAC they want to make the work of root DNS servers more “transparent” and organized.
What is the essence of the RSSAC sentence
RSSAC representatives say they have been analyzing the work of root server operators for a long time. And they came to the conclusion that the actions of the operators are, in fact, uncontrolled and based on trust. Therefore, they proposed to introduce a new model, which, in their opinion, provides greater transparency and security.
The main idea is to create a single structure of five functional units to manage everything related to the COP:
- Secretariat (Secretariat Function - SF). This unit is a kind of interface that connects root server operators and the Internet community. It will serve as a platform for discussing technical issues and solving administrative tasks.
- Strategy, Architecture, and Policies Division (Strategy, Architecture, and Policy Function - SAPF). Here they will monitor the work of root DNS servers, propose plans for the introduction of new elements of the architecture to enhance the security, performance and scalability of the global system.
- Division of Delegation of Authority (Designation and Removal Function - DRF). Will conduct audits and make recommendations on the appointment of the CC operators and the termination of their powers.
- The unit for monitoring and evaluating operator performance (Performance Monitoring and Measurement Function - PMMF). This structure will collect metrics and technical data on how productively each operator and the system as a whole work.
- Financial Division (Financial Function - FF). The financial component of the entire system will be regulated here. The authors of the plan propose to create a fund through which interested parties will be able to allocate funds to conduct research and resolve emergency situations associated with the operation of root DNS servers.
This is what the new scheme of the system work on the RSSAC idea looks like:
During the presentation of the model, representatives of RSSAC Tripti Sinha (Tripti Sinha) and Brad Verd (Brad Verd) noted that its implementation will reduce the number of root DNS servers - some of them will be combined (but which and how much is still unknown). However, as the COP will be less, the speakers did not specify. In their opinion, reducing the number of root DNS servers will help improve the quality of services provided and control over them.
Community opinions
One of the residents of The Register in his comments on the site expressed doubts about the correctness of the idea of combining root DNS servers. In his opinion, it will be easier for hackers to carry out attacks, as consolidation will simplify the procedure for selecting a target for hacking.
Some recalled the recent situation with the WHOIS , when ICANN tried several times to bring the service to work in accordance with the GDPR and met with resistance from the community and registrars because they could not think through the implementation plan for the idea. Because of this story, users have stated that transferring control of root DNS servers into the hands of ICANN is not the best solution.
However, there were those who thought that the idea was generally not bad, since a clearer management structure should speed up the resolution of security problems.
We note that it is still unclear whether this proposal will receive any approval from the official structures and governments, because the future fate of the project remains unknown.
PS Additional materials from the First Corporate IaaS Blog:
- Servers for SAP: Basic Platforms
- Distributed firewall in vCloud Director 8.20: solution features
- 9 useful tips for a smooth transition to the cloud
The main direction of our activity is the provision of cloud services:
Virtual Infrastructure (IaaS) | PCI DSS Hosting | Cloud FZ-152 | Rent 1C in the cloud