draft-ietf-dnsop-ohta-shared-root-server-01.txt   draft-ietf-dnsop-ohta-shared-root-server-02.txt 
INTERNET DRAFT M. Ohta INTERNET DRAFT M. Ohta
draft-ietf-dnsop-ohta-shared-root-server-01.txt draft-ietf-dnsop-ohta-shared-root-server-02.txt
Tokyo Institute of Technology Tokyo Institute of Technology
July 2001 November 2002
Root Name Servers with Inter Domain Anycast Addresses Root Name Servers with Inter Domain Anycast Addresses
Status of this Memo Status of this Memo
This document is an Internet-Draft and is subject to all provisions This document is an Internet-Draft and is subject to all provisions
of Section 10 of RFC2026. of Section 10 of RFC2026.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that Task Force (IETF), its areas, and its working groups. Note that
skipping to change at page 1, line 33 skipping to change at page 1, line 33
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at The list of current Internet-Drafts can be accessed at
http://www.ietf.org/1id-abstracts.html http://www.ietf.org/1id-abstracts.html
The list of Internet-Draft Shadow Directories can be accessed at The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html http://www.ietf.org/shadow.html
Abstract Abstract
This memo describes an operational guideline for root name servers to This memo describes an operational guideline for millions of name
share unicast (interdomain anycast) addresses. servers to share an interdomain anycast address.
It enables people operate as many root name servers as they want and
still make them traceable.
1. Motivation 1. Motivation
DNS root servers are the essential component of the Internet that all DNS root servers are the essential component of the Internet that all
the ISPs in the world want to run several root servers. the ISPs in the world want to run several root servers.
To satisfy them, we need to have thousands or millions of root To satisfy them, we need to have thousands or millions of root
servers. servers.
However, because of the restriction on DNS message size over UDP, the However, because of the restriction on DNS message size over UDP, the
skipping to change at page 4, line 47 skipping to change at page 4, line 49
This memo describes just an operational guideline with no protocol This memo describes just an operational guideline with no protocol
change. As such, the guideline does not introduce any security issues change. As such, the guideline does not introduce any security issues
of the protocol level. of the protocol level.
As the route forgery to the root servers can be implemented today As the route forgery to the root servers can be implemented today
without this memo by anyone including local intruders, the guideline without this memo by anyone including local intruders, the guideline
does not introduce any security issues of the operational level, does not introduce any security issues of the operational level,
either. either.
A guideline to track down and verify valid or forged route or AS path A guideline to track down and verify a route or an AS path to a valid
to the root servers is described in section 2. or a forged root server is described in section 2.
Furthermore, if an ISP or a site operate its own anycast root server,
hosts of the ISP or the site using the root server is protected from
external forged route.
In addition, if a lot of local root servers share an anycast address,
it reduce the effect of distributed denial of service attack on the
anycast address.
6. Author's Address 6. Author's Address
Masataka Ohta Masataka Ohta
Graduate School of Information Science and Engineering Graduate School of Information Science and Engineering
Tokyo Institute of Technology Tokyo Institute of Technology
2-12-1, O-okayama, Meguro-ku 2-12-1, O-okayama, Meguro-ku
Tokyo 152-8552, JAPAN Tokyo 152-8552, JAPAN
Phone: +81-3-5734-3299 Phone: +81-3-5734-3299
 End of changes. 

This html diff was produced by rfcdiff 1.23, available from http://www.levkowetz.com/ietf/tools/rfcdiff/