On 4 Mar 2019, at 23:52, Christopher Morrow <morrowc.li...@gmail.com> wrote:
> I don't know how long it takes to get ICANN to 'do something creative' for > the root zone, but I'm guessing this isn't always feasible in normal > timelines (hours to a day or so). The IANA created an official, supported mechanism for emergency changes to the root zone back in 2010, as part of the project to deploy DNSSEC. The goal was to accommodate the needs of TLD managers to do quick changes to DS RRSets in the event that some bad signing thing happened. Even without that emergency provision, there were examples way back when of out-of-cycle changes were pushed through by the root zone maintainer (e.g. a third serial in a single day) because of some operational concern. When it comes down to it, all the people involved are operational and are good at what they do. I think TLDs are a red herring here, though. The TTLs on referral responses from TLD servers tend to be long and there is no shortage of options for diversity and redundancy in the NS set of TLD zones. Developing TLDs that have not yet reached a level to be able to engineer in that kind of diversity tend not to be the TLDs that are relied upon at the scale of those that have (and, I would suggest, serve-stale is not going to save them out from outage anyway). Structural instability in such TLDs is probably better addressed by technical outreach, support and education than by protocol extensions. Enterprise zones with low TTLs and with reduced options for authority server diversity due to the response-time tricks used to manage their traffic are far more likely to be interested in something like serve-stale, especially if their revenue is closely correlated with being reachable, and especially if they use lots of response-time tricks and want to understand what happens to client traffic when there's a DNS blip. From the other side, resolver operators for whom DNS non-reachability means a support burden have already implement these things. Describing how they work using outside voices seems like a good thing for everybody. Joe _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
