Root scaling report

[Elaine Pruis <elaine@xxxxxxxxxxxxxxxxxxxx>]

Dear ICANN,
Minds and Machines recognizes the very potentially significant issue  
of root scaling. As we increase the number of IDN’s and gTLD’s beyond  
the current 248 ccTLDs and 20 gTLDs it is imperative that the Internet  
function flawlessly.
We also recognize the hard work and good intentions of the Root  
Scaling Study Team and TNO. Despite these intentions, however, we see  
serious problems with the study.
The conclusion of the report that "with aggressive re-planning the  
system is capable of managing the risks associated with adding either  
(a) DNNSEC or (b) new TLDs, IDNs, and IPv6 addresses over a 12-24  
months - but not both." Is unsubstantiated.
The study argues for an early implementation of DNSSEC. While this may  
be a good idea for other reasons, it is by no means required from a  
root stability perspective. In fact implementing DNSSEC puts root  
stability at risk.
Basic methodology problems
The first thing to recognize is that according to this very study,  
there is a wide diversity in hardware and procedures implemented by  
the root operators, making it very hard to predict (or model) the  
capacity in any way. These hardware limitations are assumed given and  
immutable. Clearly, if there is justified demand to increase the size  
of the root, the hardware footprint must be expanded.
Furthermore, the study acknowledges that main bottlenecks are human  
and not hardware related. To quote the study: "On the provisioning  
side the ability to scale the root is completely dominated by the  
steps that involve human intervention."  Despite this fact, the study  
does not assume any increase in staffing of the root scaling operators  
to handle the increased load.
Finally the study is done with only the very crudest idea of how many  
new gTLDs to expect, or what traffic volumes these are likely to have.  
Oddly ICANN has already authorized the creation of over 50 new IDN  
ccTLDs, without determining if these additions would impact root  
scaling. Minds and Machines would advise the root scaling team to  
study the “Expressions of Interest Proposal” voted on in the ICANN  
Seoul Meeting. This proposal would give us a clear upper bound (and a  
qualitative feel) for the number and type of new gTLDs that might be  
added to the root.
To recap: the study assumes that with no increase in hardware or  
staffing, adding an unknown number of new TLDs will require  
“aggressive re-planning”. In light of the very questionable hypotheses  
of this study, the conclusion is by definition flawed.
DNSSEC
The report argues "If a choice must be made, DNSSEC should come  
first," and "deploying DNSSEC before the other changes have increased  
the size of the root would significantly lower the risk it presents to  
DNS stability.”
The argument made here is that it is best to get the big,  
destabilizing changes done first. It ignores several potential  
disadvantages of mandating DNSSEC at all.
First, because DNSSEC significantly increases the zone file, remote  
anycast servers could fall off the list of possible sites that can be  
served today. If the entire root is DNSSEC signed, these regions will  
be broadly affected.
Second, DNSSEC clearly has drawbacks even when deployed by the book.  
For example, the delayed outage of the Swedish TLD (.se) was in effect  
exacerbated by DNSSEC.
Third, most registrars see no end user demand for DNSSEC, viewing it  
as an added cost – something their clients are not asking for and  
won’t pay for.
Historical experience
Since we can’t really analyze the diverse group of root server  
operators on a consistent basis, and we certainly cannot assume a  
status-quo in either human or hardware systems, we can turn to history  
as guide.
Historically the root has been able to meet demand. 250+ new ccTLDs  
were added in a very short period – over 10 years ago. In addition,  
IPv6 addresses have been added selectively to the root, without  
problems.
Conclusions

Minds and Machines takes the root scaling problem very seriously.  
However, we also find this study – while well intentioned – severely  
flawed, and we direct ICANN to undertake further investigations –  
investigations that allow, in particular, for an increase in staffing  
and hardware as needed. We also highly encourage ICANN to proceed with  
the EOI initiative which will give us a better idea of the scope of  
the scaling issue.
Fred Krueger & Elane Pruis
Minds + Machines