Home / Blogs

The .net Top Level Domain and Cross-Coupled Failures

The .net Top Level Domain (TLD) contains the names of the main group of DNS root servers as well as the names of the servers for several other large TLDs, such as .com, .org, .arpa and .mil.

Most of the focus about the .net redelegation has concerned the quality of the registration systems. But that is a minor matter next to the quality of the name server operation. If registration problems occur then the only people affected are those who are engaged in obtaining or transferring a name. But if the name servers go awry then the entire net will be strongly affected.

Because .net contains the name servers for so many other TLDs, any weakness in the .net servers could sweep across the net like a tsunami.

Perhaps part of the .net redelegation should include an effort to reduce the dependency of other TLDs on .net. Perhaps the name servers for other TLDs should be moved out of .net

Yes, this will have an impact on the effectiveness of DNS name compression. But should we not be trying to reduce the cross-dependencies in DNS and protect against cascading net failures and reduce the interdependencies that could hinder recovery from any major failure?

Originally published on CaveBear Weblog.

By Karl Auerbach, Chief Technical Officer at InterWorking Labs

Filed Under


Phil Howard  –  Jan 22, 2005 6:40 AM

I have always suggested that anyone setting up a domain use name servers “in bailiwick”.  I think this advice should apply to all top level domains.  Thus the name servers for .net should be in .net, the name servers for .com should be in .com (not in .net as they are now), and likewise for all GTLDs and CCTLDs.  That leaves the root servers themselves.  So how would DNS compression be affected if for a given TLD, every name server listed is in that TLD, and for a domain in that TLD, every name server is at least in that TLD, or better yet, in that domain name itself?  Why would it not be very compact?

And what about the root servers?  They are in the .net TLD now.  I don’t know how that would affect their operation if .net went down for some reason.  Since they are pre-loaded as hints, I would think they would still resolve.  But would it be possible to somehow poison .root-servers.net by means of control of .net?

Bill Cole  –  Jan 26, 2005 3:34 AM

It shouldn’t be possible to poison the root through control of .net because the root servers themselves give authoritative answers adequate to resolve themselves without reference to the .net authority.

I am probably not expert enough in all behaviors of all resolvers to say with certainty, but I think the roots could and probably should answer that way for all of the TLD’s authorities.

Comment Title:

  Notify me of follow-up comments

We encourage you to post comments and engage in discussions that advance this post through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can report it using the link at the end of each comment. Views expressed in the comments do not represent those of CircleID. For more information on our comment policy, see Codes of Conduct.

CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

Co-designer of the TCP/IP Protocols & the Architecture of the Internet



New TLDs

Sponsored byRadix


Sponsored byVerisign

Domain Names

Sponsored byVerisign

Threat Intelligence

Sponsored byWhoisXML API

IPv4 Markets

Sponsored byIPv4.Global

Brand Protection

Sponsored byCSC


Sponsored byDNIB.com