Home / Blogs

Paul Vixie on Fort N.O.C.‘s

I wish to correct several misstatements made by Brock Meeks in his article, “Fort N.O.C.‘s”, published January 20. I am speaking as an operator of the “F” root name server which was mentioned several times in this story.

1. “A” root is not special in any way. Our “F” root server receives updates from an unrelated server called SRS which is operated under contract from the US Department of Commerce and the Internet Corporation for Assigned Names and Numbers (ICANN). These updates are received by all 13 root name servers, with “A” root a peer of the other 12, having no special capability or importance. If any one of these 13 servers (including “A” root) were temporarily unavailable due to a failure or disaster, there would be no noticeable impact on the Internet as a whole.

2. The root name servers are not “operated on a volunteer basis” as stated in the article. Each of the twelve organizations named on http://www.root-servers.org/ has funding and oversight from a local constituency. Operators include ISC (a US-based public benefit corporation) RIPE NCC (who serves the European internet community) the US Department of Defense and NASA, the WIDE consortium in Japan, and others. For all twelve of us, operating a root name server is a concrete obligation, and not merely a “sense of duty”.

3. VeriSign’s spending toward “A” root is irrelevant, as is the number of “backups” they might have. Even if the portion of VeriSign’s spending which is directly attributable to “A” root exceeded the aggregate spending by ISC’s sponsors for the distributed footprint of “F” root—which is unlikely—the fact remains that a global attack affecting (9) of the 13 root name servers had no measureable affect on overall Internet performance or availability. For details, see Events of 21-Oct-2002. Diversity is very powerful!

4. Actually, there ARE requirements placed on the security and operations of root name servers. The Internet Engineering Task Force (IETF) has published two documents on this topic, RFC 2010 and RFC 2870, and any root server operator who fell out of compliance with these standards would be shamed and otherwise pressured into “shaping up or shipping out.” Paradoxically, the only root server operator who could probably ignore IETF’s standards without also worrying about losing their position is VeriSign.

In closing, I’d like to point out that there is considerable divergence of viewpoint among the many people who are interested in root name service. Yet, one fact is never subject to debate: the DNS root server system is one of the most robust and reliable services in the history of data communications.

See also: New Instance of DNS Root Server Makes Internet History

By Paul Vixie, VP and Distinguished Engineer, AWS Security

Dr. Paul Vixie is the CEO of Farsight Security. He previously served as President, Chairman and Founder of Internet Systems Consortium (ISC), as President of MAPS, PAIX and MIBH, as CTO of Abovenet/MFN, and on the board of several for-profit and non-profit companies. He served on the ARIN Board of Trustees from 2005 to 2013, and as Chairman in 2008 and 2009. Vixie is a founding member of ICANN Root Server System Advisory Committee (RSSAC) and ICANN Security and Stability Advisory Committee (SSAC).

Visit Page

Filed Under


Karl Auerbach  –  Jan 30, 2004 5:25 AM

In paragraph #2 you say: “The root name servers are not ‘operated on a volunteer basis’” .. “For all twelve of us, operating a root name server is a concrete obligation, and not merely a ‘sense of duty’”

My question is this: To whom, exactly, is this “concrete obligation” owed?  By this, I mean to whom are the root server operators legally accountable?  And what are the “concrete” performance standards that measure this obligation?  For example, who could stop you from establishing a paid-for priority grade of service and relegating the rest of us to slower response rates?  Who could block you, or any root server operator, from selling their operation to Microsoft.  Who can require that the root servers have adequate finances and resources to deal with normal costs, much less with future upgrades or disaster recovery situations?

There is absolutely no doubt that as a group the root server operators have to date met the highest professional, moral, and technical standards.

However, I am asking about clear, hard, formal, objective accountability that will ensure that the DNS root services of tomorrow will be as good as they are today.

Cypher21  –  Feb 4, 2004 5:55 PM

This is for Karl Auerbach:

Out of curiosity, who would you prefer they be accountable to?  I see a lot of people waving hands and saying they should be accountable, but I have yet to see any sensible suggestion as to whom they should be accountable to.

Please do not say the US DoC or ICANN.  We’ve all seen how “accountable” Verisign is to them re: SiteFinder.

Karl Auerbach  –  Feb 4, 2004 8:24 PM

In response to Cypher21’s question:

You’ve asked a good and important question.  And I agree with you that neither ICANN nor the US DoC have demonstrated either an ability or willingness to provide that oversight.

My own sense is that this is going to come about from one of two places - either we the community of net users establish such an oversight role through a new IFWP process.  (If you don’t know about the first IFWP process you should check it out.)

Alternatively it may land on us via the assembled governments of the world.  The series of meetings that began with WSIS late last year are continuing.  The US DoC is pushing against an avalanche coming from that quarter, but because the US position admits that nobody is in control, it isn’t really going to reduce the concern of the governments of the world that they can not guarantee to their citizens and businesses that their ability to use the net will not be compromised.

Paul Vixie  –  Feb 5, 2004 6:00 AM

Karl, I think I made it pretty clear who held the obligations in this case. Every root server operator has a local constituency who is quite influential in its own community. Since you’ve already heard that answer, I’ll go into some detail this time around.

Servers A and J are legally accountable to the U S Department of Commerce. Server B is legally accountable to the Board of Trustees of the University of Southern California. Server C is legally accountable to the shareholders of Cogent Communications. Server D is legally accountable to the Regents of the University of Deleware. Server E is legally accountable to the U S Congress (and through the Space Act). Server F is legally accountable to the State of California, and to those who sponsor our F-root mirror sites. Servers G and H are legally accountable to the U S Department of Defense. Server I is legally accountable to the Board of Directors of Netnod Internet Exchange. Server K is legally accountable to the Board and membership of the RIPE Network Coordination Centre. Server L is legally accountable to ICANN. Server M is legally accountable to the Board and membership of the WIDE Project.

Your concern seems to be that you are not a member or sponsor of any of those entities and are therefore feeling “under-represented.” I applaud your continuing interest in Internet Governance and I think that you can do no harm and perhaps much good by pursuing greater representation for yourself and for the general internet population. But that is irrelevant to the discussion at hand.

Please consider the entities I named as holding the obligations owed by the root name server operators. They are a diverse lot, and subject to multiple forms of oversight by at least five national governments and at least two regional governments. Some are academic, some are military, some are public benefit, some are commercial. This is as noncohesive and as incoherent and as incompatible a “group” as possible, and there have only been one point of unanamous agreement amongst us in the entire history of root name service: “the root server system must be as reliable, robust, and available as possible”.

I encourage you to go on trying to solve what you perceive as the larger problem of “under-representation”. However, I think you’ll need to select a different poster child than the root name server system to demonstrate what you think is wrong with Internet governance. The world’s existing representative powers are very much in control of the root name server system, through a set of intermediaries who have a long history of making this particular train run on time. If you want an example of how ICANN has somehow failed to meet some goal, you will need to find something that is NOT working well.

You asked about accountability, standards, uniform performance, non-resale, adequacy of funding, upgrades, and disaster recovery. To each of these my answer is the same: we have boards, members, sponsors, partners, and even military and government oversight in some cases, to ensure that we know what our job is and to ensure that we do it.

Paul Vixie
“F” root

Karl Auerbach  –  Feb 5, 2004 6:29 PM

Your answer demonstrates the fact that there is no control, just a group of independent entites that are answerable only to themselves.

Let’s take, for instance the F root - you say “Server F is legally accountable to the State of California”.  That is disingenous.  F-root is run by the Internet Software Consortium, a California corporation.  California imposes no “accountability” on how you operate your root servers - California does not stop you from shutting down, or selling out to Microsoft, or from offering discriminatory grades of service.  Yet that is what you claim constitutes accountability of the F-root.

The same goes for each and every other root server you mention - your argument substitutes the concept of ownership in lieu of the concept of accountability.

Let’s take the G and H roots - run by the US military - The US military is obligated to use those in a way consistent with US defense policies, which is hardly the same as those servers being operated in a way that is accountable to the community of internet users.

We could go through this exercise for every root server and come up with the same answer - that the “accountability” you posit is owed to some body, like a research group, university, or private corporation, that itself has no obligation regarding the root service, beyond the general obligation that is on all of us not to violate the law.

Every one of the root server operators, except perhaps Verisign, is under no obligations to continue service, or continue accurate service, or not to modify that service to honor some higher goal (e.g. the DoD servers could return faked responses to queries from countries not friendly to the US.)

The concept of accountability to the internet community requires that there be some body (or bodies) that have the legal power to hold the root server operators to defined levels of service, defined levels of resiliance against errors and disasters, and defined levels of financial assets (for the purpose of meeting the other obligations.)

You and I both live in California and we have both experienced the darkness that can happen when an important service, such as the provision of electrical power, is left subject to the decisions of the independent providers whose obligations are to their shareholders or owners and not the public.

No one is denying that the root server operators have so far been worthy of superlatives in almost every regard.  The question here is not past good acts or present good will.  The question here is how to guarantee to the community of internet users that reliable, responsive, and universally accurate DNS service will continue into the future.

The fact that the root server operators spurned even a mild contract with ICANN, a contract that could have imposed an obligation that the root servers meet defined service levels, gave a strong signal that the root server operators are more interested in preserving their independence to do whatever they feel like doing than in making hard guarantees to the community of internet users.

Paul Vixie  –  Feb 5, 2004 7:39 PM

Karl wrote:

> California does not stop you from shutting down, or selling out to
> Microsoft, or from offering discriminatory grades of service.

Actually, they would.  Internet Systems Consortium, Inc. is a nonprofit public benefit corporation and if the State of California heard complaints about our operations they could absolutely shut us down.  But given our strong board of directors I think the better likelihood is that there would be immediate staff changes if we failed to act in the best interests of the Internet community.

I won’t go into similar detail explaining why I think sufficient accountability exists in every other case—but I’m sure you can extrapolate.

Karl, I encourage you to go on trying to build the kind of accountability you think the Internet community requires.  Until you succeed, you can rest assured that this particular train will go on running on time, and that the world has ample and representative oversight over the root name server system even before your revolution succeeds.

Karl Auerbach  –  Feb 6, 2004 12:12 AM

Again you are confusing the limited oversight that the State of California applies to non-profits with the degree of oversight that the internet community deserves to ensure that DNS roots are operated in the future as well as they have been operated in the past.

California isn’t going to do anything (nor has it the power to do anything)if you or your board decide to not answer DNS queries from Canada or Brazil.  Nor is California going to do anything (nor would it have the power to do anything)if you or your board were decide to run your servers only on the second Tuesday of every month on old Commodore 64s.

You are saying nothing more than “trust us”.  For something as important as root services that’s just not adequate.  It is not enough to blindly hope that your board of directors, or the trustees of the University of Maryland, or the management of any other root server have good intentions and adequate resources today and that they will still have the same priorities, same intentions, and same resources tomorrow.

The community of internet users deserves clear standards of performance coupled to clear means of requiring that those standards are followed.

Of course it is hard to demand real accountability without also dealing with the issue of how the costs of the service are to be covered in the long term.  (Which does raise questions regarding how each root server covers its expenses and how much longer that situation can obtain.)

You and the other root server operators deserve enormous credit and thanks for what you have constructed and have done.  The net would not be what it is today without you.

However, just as it became necessary to impose oversight on the work of Alexander Bell, the Wright Brothers, and Edison and Tesla, the root servers, because they are becoming a critical utility, need to be subject to an oversight body in which the public can place their trust that such critical functions are, in fact, being delivered properly and with adequate care and resources set aside to deal with foreseeable risks.

Paul Vixie  –  Feb 6, 2004 3:36 AM

Karl wrote:

> Again you are confusing the limited oversight that the State of
> California applies to non-profits with the degree of oversight that
> the internet community deserves to ensure that DNS roots are operated
> in the future as well as they have been operated in the past.

And again I applaud you for trying to create a new type of regulation and accountability for what you see as a new type of shared activity. While I have no interest in trying to create another worldwide government body, it’s certainly going to be interesting to watch you try to do so.

However, I am not confused. The root name server operators are members of existing societies and are subject to the laws and customs of same. Since most of us are government controlled or regulated or overseen, and there are at least five national and three regional governments involved, I do not think we make a good example for “the bad thing that will happen to the Internet if something isn’t done.”  If you consider those governments nonrepresentative of your interests, that’s something I can’t help you with.

> You are saying nothing more than “trust us”. [...]

Not at all!  I’m saying two things, which I’ll repeat one last time: (1) the root server operators already receive close oversight by world powers, and (2) if you need a public relations fulcrum with which to move the Internet governance world, we’re probably not the best one you could choose.

I believe that we have each explained our case clearly, and that we should end this discussion without further repetition.

Karl Auerbach  –  Feb 6, 2004 5:56 AM

I’m happy to end this thread.  However, your assertion that I’m trying to impose some new kind of regime is rather at odds with the history of infrastructures, whether those be with regard to flight, electricity, food, or medicine.  If the history of the last 150 years shows us anything it is that critical infrastructures often become subject to compulsory regulation or nationalization.

Simply by asserting that you have ties to various bodies does not, in fact, make you accountable.  Indeed the limited purvue and goals of the bodies that oversee you tend to reinforce the conclusion that your accountability to the public interest is merely illusory.

As you said, I am not part of any body to which you owe your obligations. But in that regard I am not alone - there are roughly 6,000,000,000 other people in this world who are affected by the internet but, under your definitions, to whom you owe no duty of accountability.

I’ve been trying to point out that the position you espouse is likely to lead to greater regulation, not less.  Neither of us ought to be surprised if very soon we find that there arises, perhaps via the action of an international body of governments, something that amounts to a public utilities commission that requires those listed as servers in the “official” root zone to enter into legally enforceable obligations.

The day of the lone cowbody on the internet is over, at least with regard to the provision of critical infrastructure services.  With the net becoming a public utility the public interest can not be guaranteed if it has to depend on the good well of people and entities that are under no compulsion and who are free to turn out the lights and go home should the whim strike them.

Comment Title:

  Notify me of follow-up comments

We encourage you to post comments and engage in discussions that advance this post through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can report it using the link at the end of each comment. Views expressed in the comments do not represent those of CircleID. For more information on our comment policy, see Codes of Conduct.

CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

Co-designer of the TCP/IP Protocols & the Architecture of the Internet




Sponsored byVerisign

Brand Protection

Sponsored byCSC

New TLDs

Sponsored byRadix

IPv4 Markets

Sponsored byIPv4.Global

Domain Names

Sponsored byVerisign


Sponsored byDNIB.com

Threat Intelligence

Sponsored byWhoisXML API