Internet Engineering Task Force               Yasuhiro Orange Morishita, JPRS
INTERNET-DRAFT                                             Masato Minda, JPRS
Expires: Jan 16, 2005                                            Jul 16, 2004


          An Approach for Increasing Root And TLD DNS Servers
           draft-yasuhiro-dnsop-increasing-dns-server-01.txt

Status of this Memo


This document is an Internet-Draft and is in full conformance with all
provisions of Section 10 of RFC2026.

Internet-Drafts are working documents of the Internet Engineering Task
Force (IETF), its areas, and its working groups.  Note that other groups
may also distribute working documents as Internet-Drafts.

Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time.  It is inappropriate to use Internet-Drafts as reference material
or to cite them other than as ``work in progress.''

To view the list Internet-Draft Shadow Directories, see
http://www.ietf.org/shadow.html.

Distribution of this memo is unlimited.

The internet-draft will expire in 6 months.  The date of expiration will
be Jan 16, 2005.


Abstract

Currently, it is thought that the maximum number of DNS servers for a
zone is 13. In fact, current root and some TLD zones have 13 DNS
servers. But this is not enough for DNS stability and robustness
especially root and/or TLD server, therefore, IP anycast [Hardie, 2002]
is introduced on some root servers.

This draft proposes an another approach for increasing of DNS server
hosts without changing DNS protocol by using 'multiple-addresses per
host' method.

And this draft also considers what is the most suitable number of the IP
addresses for one DNS server name.


1.  Introduction

Currently, it is thought that the maximum number of DNS server hosts for
a zone is 13. In fact, current root and some TLD zones have 13 DNS


Morishita & Minda         Expires: Jan 16, 2005                 [Page 1]


DRAFT      An Approach for Increasing Root And TLD DNS Servers  Jul 2004

servers. For example, .net zone, it has 13 DNS servers, known as A.GTLD-
SERVERS.NET, B.GTLD-SERVERS.NET, ..., M.GTLD-SERVERS.NET.  This
limitation is derived from the maximum UDP message size of traditional
DNS protocol. It defines 512 octets or less [Mockapetris, 1987] .

Following is an example of 'dig' command output.

This is the same as the packet exchanged between a DNS cache server and
a root server, when the name of the maximum length is asked from a
client.

% dig +norec -t a 123456789.123456789.123456789.123456789.123456789.123456789.123456789.123456789.123456789.123456789.123456789.123456789.123456789.123456789.123456789.123456789.123456789.123456789.123456789.123456789.123456789.123456789.123456789.123456789.123456789.net @a.root-servers.net

; <<>> DiG 9.3.0rc2 <<>> +norec -t a 123456789.123456789.123456789.123456789.123456789.123456789.123456789.123456789.123456789.123456789.123456789.123456789.123456789.123456789.123456789.123456789.123456789.123456789.123456789.123456789.123456789.123456789.123456789.123456789.123456789.net @a.root-servers.net
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59794
;; flags: qr; QUERY: 1, ANSWER: 0, AUTHORITY: 13, ADDITIONAL: 1

;; QUESTION SECTION:
;123456789.123456789.123456789.123456789.123456789.123456789.123456789.123456789.123456789.123456789.123456789.123456789.123456789.123456789.123456789.123456789.123456789.123456789.123456789.123456789.123456789.123456789.123456789.123456789.123456789.net. IN A

; AUTHORITY SECTION:
net.                    172800  IN      NS      A.GTLD-SERVERS.net.
net.                    172800  IN      NS      G.GTLD-SERVERS.net.
net.                    172800  IN      NS      H.GTLD-SERVERS.net.
net.                    172800  IN      NS      C.GTLD-SERVERS.net.
net.                    172800  IN      NS      I.GTLD-SERVERS.net.
net.                    172800  IN      NS      B.GTLD-SERVERS.net.
net.                    172800  IN      NS      D.GTLD-SERVERS.net.
net.                    172800  IN      NS      L.GTLD-SERVERS.net.
net.                    172800  IN      NS      F.GTLD-SERVERS.net.
net.                    172800  IN      NS      J.GTLD-SERVERS.net.
net.                    172800  IN      NS      K.GTLD-SERVERS.net.
net.                    172800  IN      NS      E.GTLD-SERVERS.net.
net.                    172800  IN      NS      M.GTLD-SERVERS.net.

;; ADDITIONAL SECTION:
A.GTLD-SERVERS.net.     172800  IN      A       192.5.6.30

;; Query time: 172 msec
;; SERVER: 198.41.0.4#53(a.root-servers.net)
;; WHEN: Fri Jul 16 09:55:53 2004
;; MSG SIZE  rcvd: 508

In this case, 13 NS records of .net servers are in authority section,
and 1 glue A record is in additional section, and the DNS message size


Morishita & Minda         Expires: Jan 16, 2005                 [Page 2]


DRAFT      An Approach for Increasing Root And TLD DNS Servers  Jul 2004

is 508. It means even at 'worst case' (querying the longest name), DNS
cache server can get the information of at least 1 glue A within 512
octets.

But, DNS protocol allows to have multiple A records at one host name. It
is the basic specification of DNS. Of course it can be used for glue A
records. So, we can introduce it without any DNS protocol extensions.

For example, root zone contains the data for .net delegation as follows:

NET. NS N.GTLD-SERVERS.NET.
NET. NS O.GTLD-SERVERS.NET.
NET. NS P.GTLD-SERVERS.NET.
N.GTLD-SERVERS.NET. A 192.5.6.30
                    A 192.33.14.30
                    A 192.26.92.30
                    A 192.31.80.30
                    A 192.12.94.30
                    A 192.35.51.30
O.GTLD-SERVERS.NET. A 192.42.93.30
                    A 192.54.112.30
                    A 192.43.172.30
                    A 192.48.79.30
                    A 192.52.178.30
P.GTLD-SERVERS.NET. A 192.41.162.30
                    A 192.55.83.30

So, name server hosts of .net zone are 3 and each host has multiple IP
address, in this case, N.GTLD-SERVERS.NET has 6 IP address, O.GTLD-
SERVERS.NET has 5 IP address, and P.GTLD-SERVERS.NET has 2 IP address.

This is an example of 'dig' command output of this case.

% dig +norec -t a 123456789.123456789.123456789.123456789.123456789.123456789.123456789.123456789.123456789.123456789.123456789.123456789.123456789.123456789.123456789.123456789.123456789.123456789.123456789.123456789.123456789.123456789.123456789.123456789.123456789.net @10.0.0.15

; <<>> DiG 9.3.0rc2 <<>> +norec -t a 123456789.123456789.123456789.123456789.123456789.123456789.123456789.123456789.123456789.123456789.123456789.123456789.123456789.123456789.123456789.123456789.123456789.123456789.123456789.123456789.123456789.123456789.123456789.123456789.123456789.net @10.0.0.15
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20303
;; flags: qr; QUERY: 1, ANSWER: 0, AUTHORITY: 3, ADDITIONAL: 11

;; QUESTION SECTION:
;123456789.123456789.123456789.123456789.123456789.123456789.123456789.123456789.123456789.123456789.123456789.123456789.123456789.123456789.123456789.123456789.123456789.123456789.123456789.123456789.123456789.123456789.123456789.123456789.123456789.net. IN A

;; AUTHORITY SECTION:
net.                    172800  IN      NS      O.GTLD-SERVERS.net.
net.                    172800  IN      NS      P.GTLD-SERVERS.net.
net.                    172800  IN      NS      N.GTLD-SERVERS.net.



Morishita & Minda         Expires: Jan 16, 2005                 [Page 3]


DRAFT      An Approach for Increasing Root And TLD DNS Servers  Jul 2004

;; ADDITIONAL SECTION:
N.GTLD-SERVERS.net.     172800  IN      A       192.33.14.30
N.GTLD-SERVERS.net.     172800  IN      A       192.35.51.30
N.GTLD-SERVERS.net.     172800  IN      A       192.5.6.30
N.GTLD-SERVERS.net.     172800  IN      A       192.12.94.30
N.GTLD-SERVERS.net.     172800  IN      A       192.26.92.30
N.GTLD-SERVERS.net.     172800  IN      A       192.31.80.30
O.GTLD-SERVERS.net.     172800  IN      A       192.52.178.30
O.GTLD-SERVERS.net.     172800  IN      A       192.54.112.30
O.GTLD-SERVERS.net.     172800  IN      A       192.42.93.30
O.GTLD-SERVERS.net.     172800  IN      A       192.43.172.30
O.GTLD-SERVERS.net.     172800  IN      A       192.48.79.30

;; Query time: 0 msec
;; SERVER: 10.0.0.15#53(10.0.0.15)
;; WHEN: Fri Jul 16 10:02:33 2004
;; MSG SIZE  rcvd: 508

In this case, 3 NS records of .net servers are in authority section, and
11 glue A records are in additional section, and the DNS message size is
508 (it is the same of previous case). It means that in this case, DNS
cache server can get more glue A records than previous case.

This technique is trivial, but the big possibility in DNS server
operation is hidden. Especially, this makes it possible to add IPv6
(AAAA) glue, making minimum influence on existing IPv4 (A) glue.  And it
is also useful for signing zone for DNSSEC.

We tested some various cases of combinations 'the number of DNS servers'
and 'IPv4 and IPv6 addresses per name'. The result is attached to
APPENDIX A.

2.  Consideration Points

There are some consideration points in this case.

2.1.  'Number of Addresses per Server' Issue

If DNS operators try to apply this to their own zone, they should
consider how many is the number of IP addresses given to per name the
most suitable.

DNS treats the resource records (RRs) on 'RRSet' basis, so if NS has
only one name (and it has many IP addresses), when the name resolution
to the RR is partially canceled by some reasons, cancellation of the
whole RRSet will be carried out.

Especially this makes direct influence on additional section in a DNS
packet. Because, it is occured at NS query, all needed glue A records
may be cancelled. This is harmful for name resolution and this must be
avoided.



Morishita & Minda         Expires: Jan 16, 2005                 [Page 4]


DRAFT      An Approach for Increasing Root And TLD DNS Servers  Jul 2004

2.2.  Server Selection Issue

Some DNS implementations may search DNS server list at 'name basis', not
an 'IP address basis'. So, if some troubles are occured at one of the
host of 'DNS server set', it may be harmful for whole of server set.
So, if so many IP addresses have been gathered to one name, it may be
harmful for DNS server operation, for example, one bad server may block
access to other good servers.

2.3.  Registration Issue

Some registries and/or registrars, this 'multiple IP addresses
registration' for DNS server host may not be allowed. In this case,
users can not register this. This is not good limitation and should be
fixed.

3.  IANA considerations

IANA announces the beginning of registering IPv6 address information for
root zone glue, so we consider IANA should support it its own registry
system. It is useful for IPv6 deployment.

4.  Acknowledgements

This work was funded by the Telecommunications Advancement Organization
of Japan (TAO) from September 2001 to March 2004. In April 2004, TAO and
the Communications Research Laboratory (CRL) were merged and relaunched
as the National Institute of Information and Communications Technology
(NICT), an incorporated administrative agency.

The authors would like to thank the members of the JPRS research and
development department and system administration department for their
important contribution to this work.

APPENDIX A: Test Results

This is the result of surveying the case of various number of NS, IPv4
addresses, and IPv6 addresses.

"NS" is the number of NS records, "v4adr" and "v6adr" are the number of
IPv4 and IPv6 address per NS, "psize" is the size of DNS response
packet, "glue4" and "glue6" are the number of "returned" IP address of
glue.











Morishita & Minda         Expires: Jan 16, 2005                 [Page 5]


DRAFT      An Approach for Increasing Root And TLD DNS Servers  Jul 2004

+-------------------+------------------------------+---------------------------+
|   Test Pattern    |      Maximum Name Query      |    Minimum Name Query     |
|NS   v4adr   v6adr | psize    glue4      glue6    | psize    glue4     glue6  |
+-------------------+------------------------------+---------------------------+
|1      1       7   |   504         1        7     |   254         1         7 |
|1      3       6   |   508         3        6     |   258         3         6 |
|1      5       5   |   512         5        5     |   262         5         5 |
|1      6       4   |   500         6        4     |   250         6         4 |
|1      8       3   |   504         8        3     |   254         8         3 |
+-------------------+------------------------------+---------------------------+
|1     10       2   |   508        10        2     |   258        10         2 |
|1     12       1   |   512        12        1     |   262        12         1 |
|2      2       6   |   508         2        6     |   458         4        12 |
|2      4       5   |   512         4        5     |   466         8        10 |
|2      5       4   |   500         5        4     |   442        10         8 |
+-------------------+------------------------------+---------------------------+
|2      7       3   |   504         7        3     |   450        14         6 |
|2      9       2   |   508         9        2     |   458        18         4 |
|2     11       1   |   512        11        1     |   466        22         2 |
|3      2       4   |   500         4        4     |   506         6        12 |
|3      3       3   |   504         6        3     |   470         9         9 |
+-------------------+------------------------------+---------------------------+
|3      5       2   |   460         5        2     |   482        15         6 |
|3      7       1   |   492         7        2     |   494        21         3 |
|4      1       3   |   488         4        3     |   490         4        12 |
|4      3       2   |   500         3        4     |   506        12         8 |
|4      4       1   |   488         4        3     |   458        16         4 |
+-------------------+------------------------------+---------------------------+
|5      1       2   |   500         2        4     |   466         5        10 |
|5      3       1   |   508         6        2     |   486        15         5 |
|6      2       1   |   492         4        2     |   482        12         6 |
|7      1       1   |   504         2        3     |   446         7         7 |
|8      1       1   |   508         3        2     |   506         8         8 |
+-------------------+------------------------------+---------------------------+

Author's addresses


















Morishita & Minda         Expires: Jan 16, 2005                 [Page 6]


DRAFT      An Approach for Increasing Root And TLD DNS Servers  Jul 2004

     Yasuhiro Orange Morishita
     Research and Development Department
     Japan Registry Service Co.,Ltd.
     Chiyoda First Bldg. East 13F, 3-8-1 Nishi-Kanda Chiyoda-ku,
     Tokyo 101-0065, Japan
     Tel: +81-3-5215-8451
     Email: yasuhiro@jprs.co.jp

     Masato Minda
     Research and Development Department
     Japan Registry Service Co.,Ltd.
     Chiyoda First Bldg. East 13F, 3-8-1 Nishi-Kanda Chiyoda-ku,
     Tokyo 101-0065, Japan
     Tel: +81-3-5215-8451
     Email: minmin@jprs.co.jp


References

Hardie, 2002.
T. Hardie, "Distributing Authoritative Name Servers via Shared Unicast
Addresses" in RFC3258 (April 2002).
ftp://ftp.isi.edu/in-notes/rfc3258.txt.

Mockapetris, 1987.
P. Mockapetris, "DOMAIN NAMES - IMPLEMENTATION AND SPECIFICATION" in
RFC1035 (November 1987).
http://www.ietf.org/rfc/rfc1035.txt.



























Morishita & Minda         Expires: Jan 16, 2005                 [Page 7]