> Andrew Sullivan <mailto:a...@anvilwalrusden.com> > Tuesday, November 11, 2014 3:14 PM > On Mon, Nov 10, 2014 at 01:34:05PM -0800, Paul Vixie wrote: > >> ... any RDNS operator who receives advice on how to change their root >> hints to use the unowned-anycast root server addresses will also be told >> not to turn this on unless they have also turned on DNSSEC validation >> and root key rollover. so, no. > > But my point is that it's a different zone.
in the formal sense of zone identity, yes. in practical terms, no. especially not these terms: > Once you allow for the > possibility that an apex record could change in this zone, why not > change other records too? that would be outside the scope of this proposal. this proposal is to have iana create a second root zone stream, identical in all details (change frequency, TLD presence, TLD NS content, serial number, signing key) to the one root zone stream we have today, with the one exception that it would have a different apex NS RRset. if you'd like to discuss changing other records too, then please make a proposal to change other records, but in any case please do not presuppose for the purpose of discussing this proposal, changes, actual or potential, which are not being proposed. > And who gets to control this other zone? as in the proposal, and as clarified here, and as explained in the ICANN ITI report, and as detailed in the recent circleid article on the topic of this proposal, IANA must control this root zone just as they control the current one. i literally do not know how i can make that point more clearly than i have done. suggestions are welcome. > It's no longer "the root zone", by definition. It's an alternative > zone, it seems to me. that was never the sense of this proposal. have you read all of the supplementary materials to this thread? https://www.icann.org/en/system/files/files/iti-report-15may14-en.pdf (from page 26) http://ss.vix.su/~vixie/alternate-rootism.pdf (note, published in 2005) http://tools.ietf.org/html/draft-lee-dnsop-scalingroot-00 http://www.circleid.com/posts/20141107_secure_unowned_hierarchical_anycast_root_name_service_and_apologia/ so, to me, the interpretation you claim "seems to [you]" is completely unintelligible. i am, and always have been, a single-namespace zealot. "one world, one internet, one namespace." -- Paul Vixie
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
