High-speed network design separates components into a "fast-path" and a "slow-path". And example might be "software defined networks", where software controls how a switch forwards network traffic. One set of terminology calls this the "data-plane" and "control-plane".
This is a great metaphor for cybersecurity. The "data-plane" is exposed to hackers, and must withstand constant hacker attack while keeping up with link speed traffic. The "control-plane" is hidden from hacker attack, using firewalls or non-routable IP addresses.
My DNS server is a "data-plane" DNS. It's based upon an in-memory table that's lost due to power outage. It doesn't store information a SQL server with transaction logging. Because of this, it can be 10x or even 100x as fast. This is a great attribute for the "data-plane", but a horrible attribute for the "control-plane".
It's role is to be a "slave" to a "hidden master" server running software like BIND10. The design proposed by this talk is that all DNS should consist of slave DNS servers exposed to the Internet, and that all primary master servers should be hidden from the Internet.
From a DNS point of view, I'll show how UPDATE, NOTIFY, and AXFR/IXFR mechanisms work to maintain this structure.
This idea isn't necessarily new, it's just that it hasn't been formalized. People already use caching front-ends for hidden webservers, or separate 10.x.x.x private networks for controlling their public infrastructure routers. The purpose of this talk is to provide a more formal, rigorous discussion of this idea. For example, I'll demonstrate how the custom TCP/IP stack in my DNS server that bypasses the operating-system stack serves this "data plane" purpose.