Root Name Server Operational Requirements
RFC 2870

Document Type RFC - Best Current Practice (June 2000; No errata)
Obsoleted by RFC 7720
Obsoletes RFC 2010
Also known as BCP 40
Authors Daniel Karrenberg  , Mark Kosters  , Raymond Plzak  , Randy Bush 
Last updated 2013-03-02
Replaces draft-bush-dnsop-root-opreq
Stream IETF
Formats plain text html pdf htmlized bibtex
Stream WG state (None)
Document shepherd No shepherd assigned
IESG IESG state RFC 2870 (Best Current Practice)
Consensus Boilerplate Unknown
Telechat date
Responsible AD (None)
Send notices to (None)
Network Working Group                                            R. Bush
Request for Comments: 2870                                         Verio
Obsoletes: 2010                                            D. Karrenberg
BCP: 40                                                         RIPE NCC
Category: Best Current Practice                               M. Kosters
                                                       Network Solutions
                                                                R. Plzak
                                                               June 2000

               Root Name Server Operational Requirements

Status of this Memo

   This document specifies an Internet Best Current Practices for the
   Internet Community, and requests discussion and suggestions for
   improvements.  Distribution of this memo is unlimited.

Copyright Notice

   Copyright (C) The Internet Society (2000).  All Rights Reserved.


   As the internet becomes increasingly critical to the world's social
   and economic infrastructure, attention has rightly focused on the
   correct, safe, reliable, and secure operation of the internet
   infrastructure itself.  The root domain name servers are seen as a
   crucial part of that technical infrastructure.  The primary focus of
   this document is to provide guidelines for operation of the root name
   servers.  Other major zone server operators (gTLDs, ccTLDs, major
   zones) may also find it useful.  These guidelines are intended to
   meet the perceived societal needs without overly prescribing
   technical details.

1. Background

   The resolution of domain names on the internet is critically
   dependent on the proper, safe, and secure operation of the root
   domain name servers.  Currently, these dozen or so servers are
   provided and operated by a very competent and trusted group of
   volunteers.  This document does not propose to change that, but
   merely to provide formal guidelines so that the community understands
   how and why this is done.

Bush, et al.             Best Current Practice                  [Page 1]
RFC 2870       Root Name Server Operational Requirements       June 2000

   1.1 The Internet Corporation for Assigned Names and Numbers (ICANN)
       has become responsible for the operation of the root servers.
       The ICANN has appointed a Root Server System Advisory Committee
       (RSSAC) to give technical and operational advice to the ICANN
       board.  The ICANN and the RSSAC look to the IETF to provide
       engineering standards.

   1.2 The root servers serve the root, aka ".", zone.  Although today
       some of the root servers also serve some TLDs (top level domains)
       such as gTLDs (COM, NET, ORG, etc.), infrastructural TLDs such as
       INT and IN-ADDR.ARPA, and some ccTLDs (country code TLDs, e.g. SE
       for Sweden), this is likely to change (see 2.5).

   1.3 The root servers are neither involved with nor dependent upon the
       'whois' data.

   1.4 The domain name system has proven to be sufficiently robust that
       we are confident that the, presumably temporary, loss of most of
       the root servers should not significantly affect operation of the

   1.5 Experience has shown that the internet is quite vulnerable to
       incorrect  data in the root zone or TLDs.  Hence authentication,
       validation, and security of these data are of great concern.

2. The Servers Themselves

   The following are requirements for the technical details of the root
   servers themselves:

   2.1 It would be short-sighted of this document to specify particular
       hardware, operating systems, or name serving software.
       Variations in these areas would actually add overall robustness.

   2.2 Each server MUST run software which correctly implements the IETF
       standards for the DNS, currently [RFC1035] [RFC2181].  While
       there are no formal test suites for standards compliance, the
       maintainers of software used on root servers are expected to take
       all reasonable actions to conform to the IETF's then current
       documented expectations.

   2.3 At any time, each server MUST be able to handle a load of
       requests for root data which is three times the measured peak of
       such requests on the most loaded server in then current normal
       conditions.  This is usually expressed in requests per second.
       This is intended to ensure continued operation of root services
       should two thirds of the servers be taken out of operation,
       whether by intent, accident, or malice.

Bush, et al.             Best Current Practice                  [Page 2]
RFC 2870       Root Name Server Operational Requirements       June 2000

   2.4 Each root server should have sufficient connectivity to the
       internet to support the bandwidth needs of the above requirement.
Show full document text