U.S. Army DEVCOM Army Research Laboratory Statement of Compliance with RSSAC001
The U.S. Army DEVCOM Army Research Laboratory (ARL) is committed to serve the DNS root zone securely and reliably as one of the Internet's root server operators (RSOs). This document serves to demonstrate our compliance with the expectations of an RSO as described in RSSAC001.
[E.3.1-A] Individual Root Server Operators are to publish or continue to publish
operationally relevant details of their infrastructure, including service-delivery
locations, addressing information and routing (e.g., origin autonomous system)
This information is published and updated accordingly at https://www.root-servers.org.
[E.3.1-B] Individual Root Servers will deliver the service in conformance to IETF
standards and requirements as described in RFC 7720 and any other IETF
standards-defined Internet Protocol as deemed appropriate
The operation of the ARL root name servers complies with RFC 7720 and other relevant IETF standard protocols.
[E.3.2-A] Individual Root Servers will adopt or continue to implement the current
DNS protocol and associated best practices through appropriate software and
The operation of the ARL root name servers complies with current DNS protocol and associated best practices by using appropriate software and hardware.
[E.3.2-B] Individual Root Servers will serve accurate and current revisions of the
The ARL root name servers publish the root zone as provided by the Root Zone Maintainer (RZM). New versions of the zone are loaded and served as soon as notification and zone transfer complete.
[E.3.2-C] Individual Root Servers will continue to provide 'loosely coherent' service
across their infrastructure.
The ARL root name server instances all receive notifications directly from the RZM and attempt to transfer/load the zone immediately upon receipt of said notification. Notification, zone transfer, and load times vary slightly among instances, thus providing a 'loosely coherent' service across our infrastructure.
[E.3.2-D] All Root Servers will continue to serve precise, accurate zones as
distributed from the Root Zone Maintainer.
The ARL root name server instances ensure the integrity of zone data received from the RZM using the TSIG protocol (RFC 6895) with best practices for key management. ARL will only serve unmodified contents of zone data received from the RZM.
[E.3.3-A] Individual Root Servers are to be deployed such that planned maintenance
on individual infrastructure elements is possible without any measurable loss of
Planned maintenance is scheduled such that the maximum number of instances are always available. BGP announcements are withdrawn for instances that are temporarily unavailable for maintenance.
[E.3.3-B] Infrastructure used to deploy individual Root Servers is to be significantly
redundant, such that unplanned failures in individual components do not cause the
corresponding service to become generally unavailable to the Internet.
ARL operates several anycast instances of its service around the world. Unplanned failures will not cause the service to become generally unavailable to the Internet.
[E.3.3-C] Each root server operator shall publish documentation that describes the
operator's commitment to service availability through maintenance scheduling and
notification of relevant operational events.
ARL makes announcements prior to planned maintenance to any of its service infrastructure.
[E.3.4-A] Individual Root Server Operators will make all reasonable efforts to
ensure that sufficient capacity exists in their deployed infrastructure to allow for
substantial flash crowds or denial of service (DoS) attacks.
Significant over-provisioning of network and compute capabilities have been deployed in the ARL root server infrastructure. Rate limiting and denial-of-service mitigations are in place.
[E.3.4-B] Each Root Server Operator shall publish documentation on the capacity of
their infrastructure, including details of current steady-state load and the maximum
estimated capacity available.
ARL does not publish data on the capacity of its infrastructure. Current steady-state load data is published via RSSAC002 statistics.
[E.3.5-A] Individual Root Server Operators will adopt or continue to follow best
practices with regard to operational security in the operation of their infrastructure.
ARL follows current best practices for operational security of critical systems on its root server infrastructure.
[E.3.5-B] Root Server Operators shall publish high-level business continuity plans
with respect to their Root Server infrastructure.
The root server infrastructure at ARL is deemed 'critical infrastructure' and its operation will not be affected by organizational stoppages. Operational personnel are considered critical as well and are available to perform their required duties at all times.
[E.3.6-A] Each Root Server Operator shall publish documentation that describes
key implementation choices (such as the type of DNS software used) to allow
interested members of the Internet community to assess the diversity of
implementation choices across the system as a whole.
ARL uses NSD software on Linux systems across its root server infrastructure. As new versions of software and OS components are released, software is tested and deployed following best practices for secure systems. Diversity of resolver software among the infrastructure will be considered for future expansion.
[E.3.7-A] Each Root Server Operator will adopt or continue to follow best current
practices with respect to operational monitoring of elements within their
The ARL root server infrastructure uses redundant monitoring systems to enable low-latency alerting of potential service issues. Logs are analyzed for trends that might affect the stability of the service.
[E.3.7-B] Each Root Server Operator will adopt or continue to perform
measurements of query traffic received and shall publish statistics based on those
ARL publishes statistics on query traffic in compliance with RSSAC002 at
[E.3.8.1-A] Individual Root Server Operators will continue to maintain functional
communication channels between each other in order to facilitate coordination and
maintain functional working relationships between technical staff.
ARL participates in the root server community and is connected to common emergency communication channels.
[E.3.8.1-B] All communications channels are to be tested regularly.
Emergency channels are tested and verified at recurring RSO technical meetings.
[E.3.8.2-A] Individual Root Server Operators shall publish administrative and
operational contact information to allow users and other interested parties to
escalate technical service concerns.