When we wrote about the issues surrounding the management of the L root, four questions came to mind immediately, which we will review here as way of a concluding blog on this topic. We also presented this work and our questions at NANOG 43 and OARC 2008 DNS-Operators Workshop. Unfortunately, we don’t have many answers and welcome clarification from anyone in the know. The questions are
- Why wasn’t ICANN using their own IP space?
- Why the change after 10 years?
- Why wasn’t the old space simply given to ICANN?
- Why all the bogus L root servers?
We will summarize what we know about these issues.
Why wasn’t ICANN using their own IP space?
In response to our blog, Bill Manning wrote that he used EP.NET space when he created the L root in 1996, using space historically allocated for exchanges. This seems to dovetail with some historical data we’ve been able to find. For example, this list claims the L and M root servers were added on 28 February 1997. And this archived email from an ARIN mailing list on 1 March 1997 provides a root hints file with an L root server IP and a comment of “temporarily housed at ISI”. ICANN itself wasn’t founded until 18 September 1998, so they couldn’t have been running the L root at its inception and probably weren’t in a position to take over for some time thereafter. What we couldn’t find out is when exactly ICANN took over the operation of the L root. Anyone have a reference? Although it’s easy to see how this unfortunate event happened and to chalk it up to hindsight being “20/20”, Paul Vixie wrote that the mistake in going down this path was “clear to me at the time.”
Why the change after 10 years?
In our view, this is the central question. ICANN is pretty busy and we have to assume that they didn’t take the decision to renumber a root name server lightly. After all, Infoblox claims there are 11.7 million DNS servers worldwide, all of which ultimately would have to be updated. A story in The Register claimed that the change was made because ICANN did not control the old space (true enough), but also because ICANN wanted to shift to anycasting. Huh? It was also clear from this article that ICANN did not expect the old L root to answer queries indefinitely and did expect those 11 million plus DNS servers to self-correct (by asking an existing root server for an up-to-date list of the current ones). So ICANN thought this wouldn’t be a big deal, but still why change now?
Why wasn’t the old space simply given to ICANN?
Danny McPherson asked many more related questions in his CircleID blog, which have gone unanswered. In the responses to our blog, Bill Manning wrote that “ICANN should have renumbered when they took over ‘L’. They did -not- and have been squatters on the space.” This argument might have some merit if renumbering a root name server were a trivial exercise or if Manning was running short of IP space himself, neither of which is remotely true. According to ARIN, Bill Manning (WM100) is allocated five /16s and one /22 of IPv4 space, or the equivalent of 1284 /24s. ICANN needed a single /24 for the old L root. This is less than 0.08% of the entire space allocated to Manning, who is currently routing less than half of his space. Why not give a single otherwise inconsequential /24 to ICANN for the sake of the rest of the planet? In fairness, we have every indication that Manning has done much good work for the Internet over time. This is his space after all and he is under no obligation to give it away to anyone.
Why all the bogus L root servers?
CommunityDNS, Diyixian and EP.NET were all announcing the old L root IP space. Why? Again in response to our blog, Bill Manning claimed that there was agreement to collect such data for DITL-2008, which, as noted by
David Conrad of ICANN, is a truly bizarre reading of this exercise. As stated in the above link, DITL 2008 was to collect data on 48-hour interval from 18-19 March 2008. How does that translate into running old root servers for up to six months, and then only turning them off under pressure from ICANN? It’s pretty clear to me that this issue generated a lot of flak and so various parties are now running for cover. Here is another example from CommunityDNS where we learn that “it is common and good practice to keep ‘old’ Root addresses active for significant periods of time after a change, as users frequently continue to use the established address rather than update to a new address.” Just trying to help. Sure, but isn’t that ICANN’s job and isn’t that why they kept their own old L root running for a while? What benefit did these commercial outfits take from running a root server (even for a short period of time)?
We don’t have answers to these questions or insight into the motivations of the players, and we might never know definitively what went on here. But it certainly seems like things should have never gotten to this point and we should have never had what looks like an Internet pissing match over a handful IP addresses. And what about all the other root name servers out there and their associated IP space? Shouldn’t the associated blocks be moved to a “critical infrastructure” allocation to avoid a repeat of this incident, as has been done with IPv6 from the start?