Purpose: To seek input from the community on recommendations for DNS root name service strategy and implementation.
Current Status: The recommendations have been published.
Next Steps: Either implementation of the recommendations as-is, or a new version of the strategy and recommendations will be published.
Section I: Description and Explanation
ICANN's Office of the CTO (OCTO) has recently published the document titled "ICANN's Root Name Service Strategy and Implementation," which describes, at a high level, the ICANN organization's strategy and implementation plans for the ICANN Managed Root Server (IMRS). The strategy has two goals, which are associated with its implementation plans:
- Supporting the Internet community by placing Root Server instances in diverse locations
- Protecting the confidentiality, integrity, and availability of the Root Server System during attack
Section II: Background
The Root Server System (RSS) of the global Domain Name System (DNS) faces growing volumes of traffic generated by legitimate users, mostly through the millions of recursive resolvers that are operated by Internet Service Providers (ISPs), network operators, and other organizations. This increase is driven by many factors, such as the growing number of new Generic top-level domains (gTLDs), the steady increase in the complexity of web pages with embedded domain names, and the growing number of connected devices that perform DNS queries.
While the RSS has operated successfully since its inception, it is increasingly at risk of being unable to keep pace with the increase of attack traffic launched by malicious entities, misconfiguration of the RSS, misuse, or bugs. Some measurements suggest that attackers' ability to launch larger and more disruptive attacks increases every year, and the cost of implementing those attacks decreases. At the same time, the costs incurred by the operators of the RSS continue to climb to mitigate these attacks using the traditional approach, such as provisioning sufficient instances or ensuring that instances are able to handle much more than typical traffic.
This document gives an overview of ICANN org's strategy aimed at providing improved ICANN Managed Root Server (IMRS) availability, consistency, and resiliency. It describes a multi-pronged strategy that expands and enhances existing approaches It also facilitates the standardization and implementation of technologies, such as "hyperlocal" (described later in this document), which improves the decentralization of the root name service to mitigate risks that the RSS may face over time.
Because this strategy is comprehensive in nature, some of its aspects may impact ICANN org, the ICANN community, and the Internet as a whole. Careful planning, significant resources both from the ICANN org as well as the community and care during implementation will be required to meet the stated goals. However, since ICANN's Bylaws require ICANN org (specifically section 1.1(a)(ii) to ensure the security, stability, and resilience of the DNS, such a strategy is necessary due to the continued evolution and growth of the Root System.
Each Root Server operator independently creates its own instance, placement, and operational strategies within the cooperative Root Server System. IMRS's overarching strategy is to be a useful and reliable participant in the Root Server System based on ICANN's strengths and mission as an organization. The other Root Server operators will have their own independent strategies based on their own strengths.