I've had this thought too - of the 13 root servers, 10 are US or US-based companies. The only exceptions are Netnod (Sweden), RIPE NCC (Netherlands), WIDE Project (Japan). Even ICANN and Internet Systems Consortium are US-based non-profits... How do you even mitigate risk in this case?
Run local root. Rootservers are not essential. It's in ietf draft discussion now as 4 documents but already works and just has to be turned on.
If you want to change pace, ask your dns sw provider to turn on local root by default.
(One of the things being defined is how to get a root zone trustably out of band using the new ZONEMD checksum)
A bigger question might be why there are no ICANN HSM outside the USA to generate root zone signings. ICANN has offices in Geneva and Singapore, it would not be hard to find secure DC locations for the signing ceremonies.
I've had this thought too - of the 13 root servers, 10 are US or US-based companies. The only exceptions are Netnod (Sweden), RIPE NCC (Netherlands), WIDE Project (Japan). Even ICANN and Internet Systems Consortium are US-based non-profits... How do you even mitigate risk in this case?
China do root server mirrors: https://www.globaltimes.cn/content/1156025.shtml
How does one start a Root DNS business?
Looks like a business opportunity.
Run local root. Rootservers are not essential. It's in ietf draft discussion now as 4 documents but already works and just has to be turned on.
If you want to change pace, ask your dns sw provider to turn on local root by default.
(One of the things being defined is how to get a root zone trustably out of band using the new ZONEMD checksum)
A bigger question might be why there are no ICANN HSM outside the USA to generate root zone signings. ICANN has offices in Geneva and Singapore, it would not be hard to find secure DC locations for the signing ceremonies.