dnsroot

dnsroot is discussed on the dns mailing list.

What is it?

dnsroot is some software, currently vaporware, to maintain local DNS root data in tinydns-data format. You can then

run tinydns as a local root server on the private IP address 127.53.0.1 and
replace the IP addresses in /service/dnscache*/root/@ with 127.53.0.1 so that dnscache consults the local root server.

This noticeably reduces the frequency of big DNS lookup delays. The ICANN root servers are overloaded and often drop packets.

Experiments and notes

I downloaded the ORSC root zone by typing

     tcpclient dns.vrx.net 53 axfr-get . root.orsc root.orsc.tmp

and then fed root.orsc through cleanup to obtain data.

Unfortunately, the root zone changes over time, so I have to keep doing this. Once a week should be adequate. How about once a month? One million sites, each asking for data once a month, means one download every few seconds.

The AXFR protocol is slow and complicated (and vulnerable to forgery). I'd much rather use HTTP to download a (PGP-signed and dated) file in a simple com:203.181.106.5 format. The file can also specify a new source for future downloads (and occasionally a new PGP key); this will completely eliminate the problem of keeping root server addresses up to date. A different possibility is to retrieve data from USENET.

The ORSC root zone includes all the ICANN TLDs such as .com and .arpa, and a whole bunch of non-ICANN TLDs. I'd like to have .com information taken from an ICANN .com source instead. It should be possible to merge any number of sources in a user-specified order.

Note that the output of cleanup uses IP addresses as server names. This works with dnscache, and it eliminates any potential problems from one source specifying addresses of servers in another source's bailiwick.