Technical Summary
Some DNS recursive resolvers have longer-than-desired round trip
times to the closest DNS root server. Some DNS recursive resolver
operators want to prevent snooping of requests sent to DNS root
servers by third parties. Such resolvers can greatly decrease the
round trip time and prevent observation of requests by running a copy
of the full root zone on a loopback address (such as 127.0.0.1).
This document shows how to start and maintain such a copy of the root
zone that does not pose a threat to other users of the DNS, at the
cost of adding some operational fragility for the operator.
Working Group Summary
This document came out of several different proposals involving
improving the redundancy of the DNS Root Zone. The document was the
one which the Working Group was able to gather consensus. The
discussion behind this was engaging as several felt the trade off of
local copies for speed increased operational fragility. This document
was not written to become a Best Practice or an Internet Standard, but
as an Informational document to explain how operators currently manage
such tasks.
Document Quality
Note,
There is an IPR disclosure related to this document. The Authors have
already been aware of this IPR disclosure, and no of no other IPR
disclosure related to this document. The opinion of the working group
is that the IPR party implies a willingness to commit to not requiring
any licenses or royalties.
Personnel
The Document Shepherd is Tim Wicinski. The Responsible Area Director
is Joel Jaggeli.