FAQ hosting ICANN Managed Root Server (L-Single)
- Who might be interested in Hosting an L-Single?
An L-Single would be of benefit to those who run large networks such as Internet Service Providers (ISPs), Data Service providers (DSPs), Domain Name Registries and Registrars, or even independent organizations who are working on securing a stable and resilient DNS infrastructure for their countries and/or regions. Currently, all sorts of stakeholder groups maintain L-Singles such as Governments, Business Entities, Academia, the Technical Community, National Research and Educational Networks (NRENs), NGOs, Network Operator Groups (NOGs), and others. The only exception are IXPs outside of the ones listed here.
- Does ICANN maintain other root-servers?
ICANN only maintains 1 of the 13 root servers. More information can be found in http://root-servers.org
- Before initiating a formal process with ICANN, I have a couple of questions in this regard. Who should I contact?
Your starting point of contact must be the ICANN Global Stakeholder Engagement representative covering your region (also known as GSE representative).
If the regional team cannot answer your questions, they will facilitate communications with someone who can answer them.
- What is an L-Single?
L-Single is the name for the Root Server managed by ICANN instance that is hosted by third parties, but operated by ICANN.
- Can I receive a copy of the L-Single Contract as a first or prior step?
The L-Single Contract is provided upon successful completion of ICANN due-diligence and the signature of the NDA.
- Can I receive a copy of the detailed Technical Requirements Sheet along with the NDA and L-Single Contract?
A dedicated detailed Technical Requirements Sheet shall be provided once the NDA is signed by the interested hosting entity. The L-Single contract does provide technical specifications of the required hardware installation.
- Is the NDA and/or L-Single Contract Negotiable?
The NDA and L-Single Contract are non-negotiable. Also note that the contract is only fully executable in its original English version.
- What Hardware Appliance should I buy?
The current hardware appliances that you should use to install L-Single is provided by a third-party-vendor. Those appliances are known with 2 code names: Calypso and Pandora.
Calypso is a small 1U appliance. It’s recommended for most networks and is capable to handle 1Gbps of DNS traffic.
Pandora is a bigger 1U appliance intended for Internet Provider Networks (such as Tier-1 providers) that can handle 10Gbps of DNS traffic.
- Where do I buy the Hardware Appliance?
The ICANN GSE team will provide that information once the NDA is signed.
ICANN has engaged a third party vendor that supplies the appliance hardware and also provides international purchasing and shipping to the L-Singe host.
- Are there any fees incurred by ICANN to host an L-Single?
In the spirit of developing the Internet infrastructure around the world, ICANN does not charge any fees for such installation. The hosting party, nevertheless, will have to cover the running costs of hosting the L-Single such as Internet Bandwidth, Electricity, Hardware Maintenance, etc.
- Once the L-Single is up-and-running, can I access it?
The L-Single is critical infrastructure, and must be managed solely by ICANN. If access is to be granted to any hosting party, it is a security risk to the entire DNS system regardless of how good the intentions are. Hosting parties are requested to treat the system as they would if they were hosting a customer’s server.
- Can the ICANN Managed Root Server appliance be installed behind a host firewall?
No, it is a requirement for the L-Single systems to be installed outside of host networks firewalls and addresses assigned to the system are routable (not private address space)
- I have an Internet Exchange Point (IXP), and I’d like to deploy an L-Single to it. Can this be done?
IXPs are not a part of the ICANN Managed Root Server deployment plan. There is a couple exceptions listed here.
Nevertheless, there are other root-servers that do support IXP installations such as the ISC managed Root-Server and the NetNod managed Root-Server.
- As I am restricted to access the L-Single, I am concerned that my network will be attacked. Are my concerns valid?
The instance is a root name-server, and it just answers DNS. If at any point the instance is attacked, and if the hosting party feels the least bit concerned, then they can choose to disconnect the server from their network and contact ICANN DNS Engineering, accordingly.
- I am concerned that the L-Single is a spying device. Are my concerns valid?
ICANN is about supporting the stability of the Internet, and L-Single is just one of the many Root Name Servers currently operating.
ICANN collects data from the server about how many queries it gets. No other data is available to or collected by ICANN. The type of data ICANN collects makes graphs like the ones shown at http://stats.dns.icann.org.
- What is the benefit of hosting an L-Single?
In order to maintain a secure, stable, and resilient DNS infrastructure, all stakeholder groups are encouraged to join hands and work on initiatives to ensure such. One of those initiatives is the installation and deployment of Root-Servers.
Another benefit of hosting an L-Single is that it can reduce DNS query response times.
- I would like to terminate my L-Single Contract with ICANN. What steps should I undertake?
Please inform ICANN of your intention to terminate your L-Single contract with reasonable notice in which case the L-Single will be decommissioned and the server hardware returned to you and remains your property to use as you see fit.