DNS ROOT understanding

SilentRage bind-users at dollardns.net
Fri Nov 19 00:53:42 UTC 2004

Despite jon's "there's no room for anybody's opinion but mine" demeanor, there's merit to what he's saying on this issue.  Running your own root server is not a bad way to go.  The root zone file is available to download maintained by InterNIC.  You can get it here:


Once you have a root server setup, you no longer have to rely on querying and caching responses from the root servers.  As an ISP's resolver, this could improve the performance of your dns server, albeit, maybe only slightly.  There has been one occurance of a DDoS attack against the root servers that was so massive, it actually slowed many of them down.  If you ran your own root server, you and your clients would be unaffected by any problems they experience.

As for alternative roots, there's some merit to that as well.  There are already alternative roots out there, and some of them has combined into one major alternative root.  Once you run a root server, you can link your server in to these alternative roots that host domains like bob.geek.  Alternative TLD's exist out there and you can make them work for your users by implementing a root server.  I personally don't approve of the alternative root idea cause I'm a proponent for centralization and standardification.  In my opinion, the world is a friendlier place with only one set of root servers and a single ruling body (ICANN) determining what is placed there.

But this does not mean I don't have respect for the idea of alternative roots and running your own root server.


--- Reply to: Jim Reid <jim at rfc1035.com> ---
> >>>>> "Jonathan" == Jonathan de Boyne Pollard
> <J.deBoynePollard at Tesco.NET> writes:
>     Jonathan> Anyone who is concerned enough about "." content DNS
>     Jonathan> service that they consider the step of regularly
>     Jonathan> checking that it is there, should really be instead
>     Jonathan> considering running *their own* (private) "." content
>     Jonathan> DNS server, whose connectivity and fault tolerance they
>     Jonathan> can manage themselves, replicating the DNS database of
>     Jonathan> the "." organisation of their choice.
> This is perhaps the most foolish piece of advice I've ever seen posted
> here.
> First of all it verges on the impossible that anybody -- and I mean
> anybody -- could possibly run an instance of the root zone that
> provides better connectivity and fault tolerance than the existing
> internet root servers. There are now root servers in over 80 locations
> around the world. [See http://www.root-servers.org.] Most of those
> servers are in secure co-lo facilities and internet exchanges that
> have lots of connectivity: bandwidth, peering, carriers, etc. They use
> different hardware platforms, operating systems and DNS software. They
> are operated and funded by diverse organisations, so that's not a
> single point of failure either.
> Secondly, the concept of an alternate root is an oxymoron.

More information about the bind-users mailing list