Internet Engineering Task Force                 Yasuhiro Morishita, JPRS
INTERNET-DRAFT                                              Feb 23, 2003
Expires: Aug 23, 2003


          An Approach for Increasing Root And TLD DNS Servers
           draft-yasuhiro-dnsop-increasing-dns-server-00.txt

Status of this Memo


This document is an Internet-Draft and is in full conformance with all
provisions of Section 10 of RFC2026.

Internet-Drafts are working documents of the Internet Engineering Task
Force (IETF), its areas, and its working groups.  Note that other groups
may also distribute working documents as Internet-Drafts.

Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time.  It is inappropriate to use Internet-Drafts as reference material
or to cite them other than as ``work in progress.''

To view the list Internet-Draft Shadow Directories, see
http://www.ietf.org/shadow.html.

Distribution of this memo is unlimited.

The internet-draft will expire in 6 months.  The date of expiration will
be Aug 23, 2003.


Abstract

Currently, it is thought that the maximum number of DNS server hosts for
a zone is 13. In fact, DNS server hosts of root zone and .com/.net zone
are operated by 13 servers.

This draft proposes an approach for increasing of DNS server hosts
without changing DNS protocol by using 'multiple-addresses per host'
basis.

Especially, this approach is useful for adding IPv6 DNS servers for root
and TLD zones. And it also may be useful for signing root zone for
DNSSEC.


1.  Introduction

Currently, it is thought that the maximum number of DNS server hosts for
a zone is 13. For example, the .net zone, it has 13 DNS servers, known
as a.gtld-servers.net, b.gtld-servers.net, ..., m.gtld-servers.net.


Morishita                 Expires: Aug 23, 2003                 [Page 1]


DRAFT      An Approach for Increasing Root And TLD DNS Servers  Feb 2003

This limitation is for the maximum packet size of DNS protocol.
Currently, the DNS response for a query of IPv4 address (A) of {maximum-
name}.com as follows:

% dig -t ns
123456789.123456789.123456789.123456789.123456789.123456789.123456789.123456789.123456789.123456789.123456789.123456789.123456789.123456789.123456789.123456789.123456789.123456789.123456789.123456789.123456789.123456789.123456789.123456789.123456789.com
@a.root-servers.net

; <<>> DiG 9.3.0s20021115 <<>> -t a
123456789.123456789.123456789.123456789.123456789.123456789.123456789.123456789.123456789.123456789.123456789.123456789.123456789.123456789.123456789.123456789.123456789.123456789.123456789.123456789.123456789.123456789.123456789.123456789.123456789.net
@a.root-servers.net
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54441
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 13, ADDITIONAL: 1

;; QUESTION SECTION:
;123456789.123456789.123456789.123456789.123456789.123456789.123456789.123456789.123456789.123456789.123456789.123456789.123456789.123456789.123456789.123456789.123456789.123456789.123456789.123456789.123456789.123456789.123456789.123456789.123456789.net.
IN A

;; AUTHORITY SECTION:
net.                    172800  IN      NS      A.GTLD-SERVERS.net.
net.                    172800  IN      NS      G.GTLD-SERVERS.net.
net.                    172800  IN      NS      H.GTLD-SERVERS.net.
net.                    172800  IN      NS      C.GTLD-SERVERS.net.
net.                    172800  IN      NS      I.GTLD-SERVERS.net.
net.                    172800  IN      NS      B.GTLD-SERVERS.net.
net.                    172800  IN      NS      D.GTLD-SERVERS.net.
net.                    172800  IN      NS      L.GTLD-SERVERS.net.
net.                    172800  IN      NS      F.GTLD-SERVERS.net.
net.                    172800  IN      NS      J.GTLD-SERVERS.net.
net.                    172800  IN      NS      K.GTLD-SERVERS.net.
net.                    172800  IN      NS      E.GTLD-SERVERS.net.
net.                    172800  IN      NS      M.GTLD-SERVERS.net.

;; ADDITIONAL SECTION:
A.GTLD-SERVERS.net.     172800  IN      A       192.5.6.30

;; Query time: 78 msec
;; SERVER: 198.41.0.4#53(a.root-servers.net)
;; WHEN: Mon Feb 24 20:12:31 2003
;; MSG SIZE  rcvd: 508

In this case, 13 NS records of .net servers and 1 glue A record are
returned, and the DNS packet size is 508. The result means the payload
of DNS packet is full and we can't increase any additional DNS servers.

2.  Proposal

In this situation, one server has one IP address ('one-to-one basis').
But DNS protocol allows more than 2 addresses per one name.



Morishita                 Expires: Aug 23, 2003                 [Page 2]


DRAFT      An Approach for Increasing Root And TLD DNS Servers  Feb 2003

For example:

example.jp.     IN      A       xxx.xxx.xxx.xxx
                IN      A       yyy.yyy.yyy.yyy
                IN      A       zzz.zzz.zzz.zzz

By applying this to root and TLD zones, the size of DNS response packet
can be made small.

Below is example for .jp zone. The name 'v4.dns.jp' has multiple
addresses.

jp.             IN      NS      v4.dns.jp.
v4.dns.jp.      IN      A       aaa.aaa.aaa.aaa
                IN      A       bbb.bbb.bbb.bbb
                IN      A       ccc.ccc.ccc.ccc

This approach can be used for adding IPv6 address on root and TLD zones
as below.

jp.             IN      NS      v4.dns.jp.
                IN      NS      v6.dns.jp.
v4.dns.jp.      IN      A       aaa.aaa.aaa.aaa
                IN      A       bbb.bbb.bbb.bbb
                IN      A       ccc.ccc.ccc.ccc
v6.dns.jp.      IN      AAAA    aaaa:bbbb:cccc:dddd:eeee:ffff:gggg:hhhh
                IN      AAAA    iiii:jjjj:kkkk:llll:mmmm:nnnn:oooo:pppp
                IN      AAAA    qqqq:rrrr:ssss:tttt:uuuu:vvvv:wwww:xxxx

It also may be useful DNSSEC signing.

3.  Considerations

We think that the behavior of DNS resolver for this situation.

On some registries, multiple IP addresses are not allowed on DNS server
hosts. In this case, needs modification of the system of registries.

4.  Acknowledgements

This work is funded by the Telecommunications Advancement Organization
of Japan (TAO).

The author would like to thank the members of the JPRS research and
development department and system administration department for their
important contribution to this work.








Morishita                 Expires: Aug 23, 2003                 [Page 3]


DRAFT      An Approach for Increasing Root And TLD DNS Servers  Feb 2003

Author's addresses

     Yasuhiro Morishita
     Research and Development Department
     Japan Registry Service Co.,Ltd.
     Fuundo Bldg 3F, 1-2 Kanda-Ogawamachi Chiyoda-ku,
     Tokyo, 101-0052, Japan
     Tel: +81-3-5297-2571
     email: yasuhiro@jprs.co.jp













































Morishita                 Expires: Aug 23, 2003                 [Page 4]