RE: do it yourself roots, was Something better than DNS?
The Chinese government administers a state with the worlds largest population, fourth largest land area, fourth to second largest GDP depending on measure. The fact that it is not completely nuts for one of the top five world powers to do a thing does not mean that it is not completely nuts for a group of private individuals to do the same thing. > -Original Message- > From: Joe Baptista [mailto:[EMAIL PROTECTED] > Sent: Monday, November 27, 2006 11:44 AM > To: [EMAIL PROTECTED] > Cc: ietf@ietf.org > Subject: Re: do it yourself roots, was Something better than DNS? > > Oops - I forgot about that one. Yes the Chinese Ministry of > Information and Industry have many chinese top level domains > registered. The are now the largest alternative root system > on the planet next to icann and resolve for some 150 million > users. And i anticipate they will soon surpass that. > > Peter Dambier wrote: > > > > > John, there is demand for it. > > > > To find out why, look at these domains: > > > > Status China Root > > > > > soa("XN--55QX5D.","2006112704","CDNS3.CNNIC.NET.CN","210.52.214.86"). > > > soa("XN--55QX5D.","2006112704","CDNS4.CNNIC.NET.CN","61.145.114.120"). > > soa("XN--55QX5D.","2006112704","CDNS5.CNNIC.NET.CN","61.139.76.55"). > > > soa("XN--55QX5D.","2006112704","HAWK2.CNNIC.NET.CN","159.226.6.185"). > > > > > soa("XN--FIQS8S.","2006112704","CDNS3.CNNIC.NET.CN","210.52.214.86"). > > > soa("XN--FIQS8S.","2006112704","CDNS4.CNNIC.NET.CN","61.145.114.120"). > > soa("XN--FIQS8S.","2006112704","CDNS5.CNNIC.NET.CN","61.139.76.55"). > > > soa("XN--FIQS8S.","2006112704","HAWK2.CNNIC.NET.CN","159.226.6.185"). > > > > > soa("XN--IO0A7I.","2006112704","CDNS3.CNNIC.NET.CN","210.52.214.86"). > > > soa("XN--IO0A7I.","2006112704","CDNS4.CNNIC.NET.CN","61.145.114.120"). > > soa("XN--IO0A7I.","2006112704","CDNS5.CNNIC.NET.CN","61.139.76.55"). > > > soa("XN--IO0A7I.","2006112704","HAWK2.CNNIC.NET.CN","159.226.6.185"). > > > > Status Arab Root > > > > soa("XN--IGBHZH7GPA.","12","AR-ROOT.NIC.NET.SA","212.26.18.12"). > > soa("XN--LGBBAT1AD8J.","9","AR-ROOT.NIC.NET.SA","212.26.18.12"). > > soa("XN--MGB2DDES.","9","AR-ROOT.NIC.NET.SA","212.26.18.12"). > > soa("XN--MGBA3A5AZCI.","9","AR-ROOT.NIC.NET.SA","212.26.18.12"). > > soa("XN--MGBA5B5CCEU.","9","AR-ROOT.NIC.NET.SA","212.26.18.12"). > > soa("XN--MGBAH1A3HJKRD.","9","AR-ROOT.NIC.NET.SA","212.26.18.12"). > > soa("XN--MGBAXP8FPL.","9","AR-ROOT.NIC.NET.SA","212.26.18.12"). > > soa("XN--MGBB7FJB.","9","AR-ROOT.NIC.NET.SA","212.26.18.12"). > > soa("XN--MGBB7FYAB.","9","AR-ROOT.NIC.NET.SA","212.26.18.12"). > > soa("XN--MGBC0A9AZCG.","9","AR-ROOT.NIC.NET.SA","212.26.18.12"). > > soa("XN--MGBCPQ6GPA1A.","9","AR-ROOT.NIC.NET.SA","212.26.18.12"). > > > soa("XN--MGBERP4A5D4AR.","2006111409","AR-ROOT.NIC.NET.SA","21 2.26.18.12"). > > > > soa("XN--MGBG8EDVM.","9","AR-ROOT.NIC.NET.SA","212.26.18.12"). > > soa("XN--MGBU4CHG.","9","AR-ROOT.NIC.NET.SA","212.26.18.12"). > > soa("XN--NGBEE7IID.","9","AR-ROOT.NIC.NET.SA","212.26.18.12"). > > soa("XN--WGBL6A.","5","AR-ROOT.NIC.NET.SA","212.26.18.12"). > > soa("XN--YGBI2AMMX.","9","AR-ROOT.NIC.NET.SA","212.26.18.12"). > > > > soa("XN--MGBAAM7A8H.","12652","NS1.UAENIC.AE","213.42.0.226"). > > soa("XN--MGBAAM7A8H.","12652","NS2.UAENIC.AE","195.229.0.186"). > > > > soa("XN--PGBS0DH.","2005062700","NS.ATI.TN","193.95.66.10"). > > soa("XN--PGBS0DH.","2005062700","NS2.ATI.TN","193.95.67.22"). > > > > Status I-DNS.NET > > > > soa("XN--3RC8E2BB9H.","2006112608","NSA.I-DNS.NET","64.62.142.131"). > > soa("XN--81B8B9A9C.","2006112608","NSA.I-DNS.NET","64.62.142.131"). > > soa("XN--C1AVG.","2006112608","NSA.I-DNS.NET","64.62.142.131"). > > soa("XN--E1APQ.","2006112608","NSA.I-DNS.NET","64.62.142.131"). > > soa("XN--G2B9A1A.","2006112608","NSA.I-DNS.NET","64.62.142.131"). > > soa("XN--I1B6B7E.","2006112608","NSA.I-DNS.NET","64.62.142.131"). > > soa("XN--J1AEF.","2006112608","NSA.I-DNS.NET","64.62.142.131"). > > soa("XN--P1AG.","2006112608","NSA.I-DNS.NET","64.62.142.131"). > > soa("XN--P1AI.","2006112608","NSA.I-DNS.NET","64.62.142.131"). > > soa("XN--QLC9A5A.","2006112608","NSA.I-DNS.NET","64.62.142.131"). > > soa("XN--USC8B9A.","2006112608","NSA.I-DNS.NET","64.62.142.131"). > > > soa("XN--USCN1BV9BH3H.","2006112608","NSA.I-DNS.NET","64.62.142.131"). > > soa("XN--VF4B131B.","2006112608","NSA.I-DNS.NET","64.62.142.131"). > > soa("XN--ZB0BNW.","2006112608","NSA.I-DNS.NET","64.62.142.131"). > > soa("XN--ZV4B74Y.","2006112608","NSA.I-DNS.NET","64.62.142.131"). > > > > Those people dont talk english and they dont use latin keyboerds. > > That is why you never heard of them. > > > > > > Kind regards > > Peter and Karin > > > > > ___ > Ietf mailing list > Ietf@ietf.org > https://www1.ietf.org/mailman/listinfo/ietf > > ___ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf
Re: do it yourself roots, was Something better than DNS?
John Levine wrote: If they can suck down all the top level zone files then it is easy for them to publish an ALTERNATIVE DNS VIEW that contains their own additions. Anyone who uses their view will then see the so-called official DNS info as well as the overlay. When I see claims like this, I really have to wonder how well people understand the way that the DNS works. If you want to publish your own root that merges the real root (the one that the A through M root servers publish with advice from ICANN) with stuff of your own, you can do it now, and it wouldn't make any practical difference if you could AXFR every zone in the world. I haven't seen any reason to change my opinion about that particular brand of flimflam since RFC 2826 (May 2000). Harald ___ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf
Re: do it yourself roots, was Something better than DNS?
Oops - I forgot about that one. Yes the Chinese Ministry of Information and Industry have many chinese top level domains registered. The are now the largest alternative root system on the planet next to icann and resolve for some 150 million users. And i anticipate they will soon surpass that. Peter Dambier wrote: John, there is demand for it. To find out why, look at these domains: Status China Root soa("XN--55QX5D.","2006112704","CDNS3.CNNIC.NET.CN","210.52.214.86"). soa("XN--55QX5D.","2006112704","CDNS4.CNNIC.NET.CN","61.145.114.120"). soa("XN--55QX5D.","2006112704","CDNS5.CNNIC.NET.CN","61.139.76.55"). soa("XN--55QX5D.","2006112704","HAWK2.CNNIC.NET.CN","159.226.6.185"). soa("XN--FIQS8S.","2006112704","CDNS3.CNNIC.NET.CN","210.52.214.86"). soa("XN--FIQS8S.","2006112704","CDNS4.CNNIC.NET.CN","61.145.114.120"). soa("XN--FIQS8S.","2006112704","CDNS5.CNNIC.NET.CN","61.139.76.55"). soa("XN--FIQS8S.","2006112704","HAWK2.CNNIC.NET.CN","159.226.6.185"). soa("XN--IO0A7I.","2006112704","CDNS3.CNNIC.NET.CN","210.52.214.86"). soa("XN--IO0A7I.","2006112704","CDNS4.CNNIC.NET.CN","61.145.114.120"). soa("XN--IO0A7I.","2006112704","CDNS5.CNNIC.NET.CN","61.139.76.55"). soa("XN--IO0A7I.","2006112704","HAWK2.CNNIC.NET.CN","159.226.6.185"). Status Arab Root soa("XN--IGBHZH7GPA.","12","AR-ROOT.NIC.NET.SA","212.26.18.12"). soa("XN--LGBBAT1AD8J.","9","AR-ROOT.NIC.NET.SA","212.26.18.12"). soa("XN--MGB2DDES.","9","AR-ROOT.NIC.NET.SA","212.26.18.12"). soa("XN--MGBA3A5AZCI.","9","AR-ROOT.NIC.NET.SA","212.26.18.12"). soa("XN--MGBA5B5CCEU.","9","AR-ROOT.NIC.NET.SA","212.26.18.12"). soa("XN--MGBAH1A3HJKRD.","9","AR-ROOT.NIC.NET.SA","212.26.18.12"). soa("XN--MGBAXP8FPL.","9","AR-ROOT.NIC.NET.SA","212.26.18.12"). soa("XN--MGBB7FJB.","9","AR-ROOT.NIC.NET.SA","212.26.18.12"). soa("XN--MGBB7FYAB.","9","AR-ROOT.NIC.NET.SA","212.26.18.12"). soa("XN--MGBC0A9AZCG.","9","AR-ROOT.NIC.NET.SA","212.26.18.12"). soa("XN--MGBCPQ6GPA1A.","9","AR-ROOT.NIC.NET.SA","212.26.18.12"). soa("XN--MGBERP4A5D4AR.","2006111409","AR-ROOT.NIC.NET.SA","212.26.18.12"). soa("XN--MGBG8EDVM.","9","AR-ROOT.NIC.NET.SA","212.26.18.12"). soa("XN--MGBU4CHG.","9","AR-ROOT.NIC.NET.SA","212.26.18.12"). soa("XN--NGBEE7IID.","9","AR-ROOT.NIC.NET.SA","212.26.18.12"). soa("XN--WGBL6A.","5","AR-ROOT.NIC.NET.SA","212.26.18.12"). soa("XN--YGBI2AMMX.","9","AR-ROOT.NIC.NET.SA","212.26.18.12"). soa("XN--MGBAAM7A8H.","12652","NS1.UAENIC.AE","213.42.0.226"). soa("XN--MGBAAM7A8H.","12652","NS2.UAENIC.AE","195.229.0.186"). soa("XN--PGBS0DH.","2005062700","NS.ATI.TN","193.95.66.10"). soa("XN--PGBS0DH.","2005062700","NS2.ATI.TN","193.95.67.22"). Status I-DNS.NET soa("XN--3RC8E2BB9H.","2006112608","NSA.I-DNS.NET","64.62.142.131"). soa("XN--81B8B9A9C.","2006112608","NSA.I-DNS.NET","64.62.142.131"). soa("XN--C1AVG.","2006112608","NSA.I-DNS.NET","64.62.142.131"). soa("XN--E1APQ.","2006112608","NSA.I-DNS.NET","64.62.142.131"). soa("XN--G2B9A1A.","2006112608","NSA.I-DNS.NET","64.62.142.131"). soa("XN--I1B6B7E.","2006112608","NSA.I-DNS.NET","64.62.142.131"). soa("XN--J1AEF.","2006112608","NSA.I-DNS.NET","64.62.142.131"). soa("XN--P1AG.","2006112608","NSA.I-DNS.NET","64.62.142.131"). soa("XN--P1AI.","2006112608","NSA.I-DNS.NET","64.62.142.131"). soa("XN--QLC9A5A.","2006112608","NSA.I-DNS.NET","64.62.142.131"). soa("XN--USC8B9A.","2006112608","NSA.I-DNS.NET","64.62.142.131"). soa("XN--USCN1BV9BH3H.","2006112608","NSA.I-DNS.NET","64.62.142.131"). soa("XN--VF4B131B.","2006112608","NSA.I-DNS.NET","64.62.142.131"). soa("XN--ZB0BNW.","2006112608","NSA.I-DNS.NET","64.62.142.131"). soa("XN--ZV4B74Y.","2006112608","NSA.I-DNS.NET","64.62.142.131"). Those people dont talk english and they dont use latin keyboerds. That is why you never heard of them. Kind regards Peter and Karin ___ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf
Re: do it yourself roots, was Something better than DNS?
John Levine wrote: If they can suck down all the top level zone files then it is easy for them to publish an ALTERNATIVE DNS VIEW that contains their own additions. Anyone who uses their view will then see the so-called official DNS info as well as the overlay. When I see claims like this, I really have to wonder how well people understand the way that the DNS works. If you want to publish your own root that merges the real root (the one that the A through M root servers publish with advice from ICANN) with stuff of your own, you can do it now, and it wouldn't make any practical difference if you could AXFR every zone in the world. If you want to add your own TLDs, the easiest way to do it is to FTP the root zone, which is easy and quite legal to get, add in your own TLDs, and try and persuade people to use your servers. The root zone changes slowly, so downloading and remixing your root once a day would be plenty. ... > The real reason that alternate roots haven't caught on is that there is no demand for them from the people who use the DNS. (There's plenty of demand from people who imagine they would get rich if they could own .WEB or .SEX or whatever, but that's irrelevant.) For all of the failings of the current roots and of ICANN, with which as a member of the ICANN ALAC I am extremely familiar, it works well enough for the things that people use it for, and that shows no sign of changing despite occasional efforts to screw it up like wildcards in TLD zones. John, there is demand for it. To find out why, look at these domains: Status China Root soa("XN--55QX5D.","2006112704","CDNS3.CNNIC.NET.CN","210.52.214.86"). soa("XN--55QX5D.","2006112704","CDNS4.CNNIC.NET.CN","61.145.114.120"). soa("XN--55QX5D.","2006112704","CDNS5.CNNIC.NET.CN","61.139.76.55"). soa("XN--55QX5D.","2006112704","HAWK2.CNNIC.NET.CN","159.226.6.185"). soa("XN--FIQS8S.","2006112704","CDNS3.CNNIC.NET.CN","210.52.214.86"). soa("XN--FIQS8S.","2006112704","CDNS4.CNNIC.NET.CN","61.145.114.120"). soa("XN--FIQS8S.","2006112704","CDNS5.CNNIC.NET.CN","61.139.76.55"). soa("XN--FIQS8S.","2006112704","HAWK2.CNNIC.NET.CN","159.226.6.185"). soa("XN--IO0A7I.","2006112704","CDNS3.CNNIC.NET.CN","210.52.214.86"). soa("XN--IO0A7I.","2006112704","CDNS4.CNNIC.NET.CN","61.145.114.120"). soa("XN--IO0A7I.","2006112704","CDNS5.CNNIC.NET.CN","61.139.76.55"). soa("XN--IO0A7I.","2006112704","HAWK2.CNNIC.NET.CN","159.226.6.185"). Status Arab Root soa("XN--IGBHZH7GPA.","12","AR-ROOT.NIC.NET.SA","212.26.18.12"). soa("XN--LGBBAT1AD8J.","9","AR-ROOT.NIC.NET.SA","212.26.18.12"). soa("XN--MGB2DDES.","9","AR-ROOT.NIC.NET.SA","212.26.18.12"). soa("XN--MGBA3A5AZCI.","9","AR-ROOT.NIC.NET.SA","212.26.18.12"). soa("XN--MGBA5B5CCEU.","9","AR-ROOT.NIC.NET.SA","212.26.18.12"). soa("XN--MGBAH1A3HJKRD.","9","AR-ROOT.NIC.NET.SA","212.26.18.12"). soa("XN--MGBAXP8FPL.","9","AR-ROOT.NIC.NET.SA","212.26.18.12"). soa("XN--MGBB7FJB.","9","AR-ROOT.NIC.NET.SA","212.26.18.12"). soa("XN--MGBB7FYAB.","9","AR-ROOT.NIC.NET.SA","212.26.18.12"). soa("XN--MGBC0A9AZCG.","9","AR-ROOT.NIC.NET.SA","212.26.18.12"). soa("XN--MGBCPQ6GPA1A.","9","AR-ROOT.NIC.NET.SA","212.26.18.12"). soa("XN--MGBERP4A5D4AR.","2006111409","AR-ROOT.NIC.NET.SA","212.26.18.12"). soa("XN--MGBG8EDVM.","9","AR-ROOT.NIC.NET.SA","212.26.18.12"). soa("XN--MGBU4CHG.","9","AR-ROOT.NIC.NET.SA","212.26.18.12"). soa("XN--NGBEE7IID.","9","AR-ROOT.NIC.NET.SA","212.26.18.12"). soa("XN--WGBL6A.","5","AR-ROOT.NIC.NET.SA","212.26.18.12"). soa("XN--YGBI2AMMX.","9","AR-ROOT.NIC.NET.SA","212.26.18.12"). soa("XN--MGBAAM7A8H.","12652","NS1.UAENIC.AE","213.42.0.226"). soa("XN--MGBAAM7A8H.","12652","NS2.UAENIC.AE","195.229.0.186"). soa("XN--PGBS0DH.","2005062700","NS.ATI.TN","193.95.66.10"). soa("XN--PGBS0DH.","2005062700","NS2.ATI.TN","193.95.67.22"). Status I-DNS.NET soa("XN--3RC8E2BB9H.","2006112608","NSA.I-DNS.NET","64.62.142.131"). soa("XN--81B8B9A9C.","2006112608","NSA.I-DNS.NET","64.62.142.131"). soa("XN--C1AVG.","2006112608","NSA.I-DNS.NET","64.62.142.131"). soa("XN--E1APQ.","2006112608","NSA.I-DNS.NET","64.62.142.131"). soa("XN--G2B9A1A.","2006112608","NSA.I-DNS.NET","64.62.142.131"). soa("XN--I1B6B7E.","2006112608","NSA.I-DNS.NET","64.62.142.131"). soa("XN--J1AEF.","2006112608","NSA.I-DNS.NET","64.62.142.131"). soa("XN--P1AG.","2006112608","NSA.I-DNS.NET","64.62.142.131"). soa("XN--P1AI.","2006112608","NSA.I-DNS.NET","64.62.142.131"). soa("XN--QLC9A5A.","2006112608","NSA.I-DNS.NET","64.62.142.131"). soa("XN--USC8B9A.","2006112608","NSA.I-DNS.NET","64.62.142.131"). soa("XN--USCN1BV9BH3H.","2006112608","NSA.I-DNS.NET","64.62.142.131"). soa("XN--VF4B131B.","2006112608","NSA.I-DNS.NET","64.62.142.131"). soa("XN--ZB0BNW.","2006112608","NSA.I-DNS.NET","64.62.142.131"). soa("XN--ZV4B74Y.","2006112608","NSA.I-DNS.NET","64.62.142.131"). Those people dont talk english and they dont use latin keyboerds. That is why you never heard of them. Kind regards Peter and Karin -- Peter and Karin Dambier Cesidian Root - Radice C
Re: do it yourself roots, was Something better than DNS?
>If they can suck down all the top level zone files then it is easy >for them to publish an ALTERNATIVE DNS VIEW that contains their own >additions. Anyone who uses their view will then see the so-called >official DNS info as well as the overlay. When I see claims like this, I really have to wonder how well people understand the way that the DNS works. If you want to publish your own root that merges the real root (the one that the A through M root servers publish with advice from ICANN) with stuff of your own, you can do it now, and it wouldn't make any practical difference if you could AXFR every zone in the world. If you want to add your own TLDs, the easiest way to do it is to FTP the root zone, which is easy and quite legal to get, add in your own TLDs, and try and persuade people to use your servers. The root zone changes slowly, so downloading and remixing your root once a day would be plenty. If you want to offer mutant versions of popular TLDs, the most practical way to do that is with a semi-transparent proxy that serves up your versions of the stuff you want to change, and fetches the rest of the data from the real versions as needed. AXFR access to the popular TLDs would be useless, because the zones are so big. The gzipped version of the COM zone is about a gigabyte and takes several hours to download via my not very busy T1, and an AXFR would be two or three times that. Even if you had an OC3, you could never keep a mirror of COM up to date with AXFR, and while the other popular zones are smaller, they all update in less time than it'd take to AXFR a copy. No significant zone is propagated by AXFR now, and no useful mirror or alternate root would use it, either. The real reason that alternate roots haven't caught on is that there is no demand for them from the people who use the DNS. (There's plenty of demand from people who imagine they would get rich if they could own .WEB or .SEX or whatever, but that's irrelevant.) For all of the failings of the current roots and of ICANN, with which as a member of the ICANN ALAC I am extremely familiar, it works well enough for the things that people use it for, and that shows no sign of changing despite occasional efforts to screw it up like wildcards in TLD zones. With this in mind, I don't see much point in arguing about setting up something just like DNS but different. When we stick DKIM keys in TXT records with prefixed names scattered around the leaves of the DNS, it may injure some people's sense of propriety, but it doesn't break anything that works, and nobody other than DNS theologists care that it didn't use a new RR type. I have been publishing the contact info for abuse.net through the DNS for several years, using a specialized server (written in perl) that synthesizes TXT, A, and HINFO records on the fly from the underlying database. Works great, performs much better than the WHOIS and HTTP versions that preceded it, and doesn't break anything. Maybe some of my hacks won't work with DNSSEC, but we'll burn that bridge when we get to it. Regards, John Levine, [EMAIL PROTECTED], Primary Perpetrator of "The Internet for Dummies", Information Superhighwayman wanna-be, http://www.johnlevine.com, Mayor "More Wiener schnitzel, please", said Tom, revealingly. ___ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf