Re: KPNQwest ns.eu.net server.
On Thu, 6 Jun 2002, John Payne wrote: I found it interesting to note that a significant number of cctld servers ignore the suggestions for root-servers in BCP40/RFC2870... Other major zone server operators (gTLDs, ccTLDs, major zones) may also find it useful. and leave recursion enabled on the ccTLD servers (2.5) - the old ns.eu.net was one of these, I believe RIPE have done the right thing with the new one. A lot of the older secondary nameservers for ccTLDs were also the recursive nameservers for the ISP/Organisation providing the secondary service. ns.eu.net is a classic example of this. With the valid quips about how long it takes to update glue/NS sets in the roots[1], a fair number of these ISPs/Organisations had found that shifting the ccTLD secondary function to a proper non-recursive server[2] was simply not practical. --==-- Bruce. [1] teckla.apnic.net, trf.nic.ad.jp, etc[3] [2] Some ISPs do still 'need' to allow recursion to cater for their roaming customers. imo, customers are easier to change than the root. [3] some quick stats on the hosts mentioned in the root ('.') zone from a viewpoint in Amsterdam: Number of records: 657 Number of fully valid hosts: 481 Number of partially valid hosts: 110 Number of invalid hosts: 175 Number with reverse matching:455 Number knowing about themselves: 551 Number not knowing about themselves: 106 fully valid = all of the nameservers for the domain the nameserver is in know about the nameserver (all NS for example.com answer for for ns1.example.com) partially valid = some of the NS for the domain the nameserver is in do not know about the nameserver in question. Note that the answer is skewed slightly due to multiple answers received. invalid hosts = This host only exists in the root glue. No nameservers for the domain the nameserver is in know about the nameserver. Answer possibly skewed due to my assumption in what the 'parent' domain for the nameserver is (cut -d '.' -f 2-) reverse match = name - A - PTR == name knowing about self = Asking the ip in the root glue for the name gives a sensible answer. (imo, this is a Good Thing, but unfortunately I don't believe that any exact requirement for this exists)
Re: Updates to the root zone Re: KPNQwest ns.eu.net server.
This is not a political question, only operational process. Has ICANN and NTIA worked out their operational issues so they can quickly change the root zone to reflect changes in ccTLD nameservers if people need to change which name servers are handling the ccTLDs. Last year, some of the ccTLD operators were complaining it sometimes took weeks after they submitted the change for it to make it into the root zone. Actually what worries me more is the following. I did a small check on how frequently DNS servers occure in the European ccTLDs NS records. If I leave out the ones that only oocure once, I get the following : 14 NS.EU.NET. 10 NS.UU.NET. 9 SUNIC.SUNET.SE. 3 NS2.NIC.FR. 2 NS.RIPE.NET. 2 NS-EXT.VIX.COM. 2 DNS.PRINCETON.EDU. 2 AUTH02.NS.UU.NET. This is after checking 18 ccTLDs. Most of them only have four secondaries. If I read this correctly, the geographic distribution of servers is not that bad, but it could be better. Preferably by going with more than four secondaries. Consider that up until not to long ago, several of these servers where behind the same upstream. Best regards, - kurtis -
Re: Re: Re: KPNQwest ns.eu.net server.
Hallo Sabine, lange nichts gehoert ... On Fri, Jun 07, 2002 at 09:51:11AM +0200, Sabine Dolderer/Denic wrote: At least each IXP member would have direct connectivity to such infrastructural services (DNS, NTP, WHOIS, NNTP??) and thereby their customers would benefit from it. I agree that IXPs would be very gould locations as they offer network diversity, but there is one question still open and that is who will be the one running the and monitoring the server. And we at DENIC have seen in the last years an increasing demand in running the servics by ourself as only then we have the complete control and information about statistics, network attacks, performance ... Keep it simple ... the IXPs (e.g. Euro-IX) could/should provide the basis. I.e. taking care for excellent colo, sufficient connectivity, one-stop-shop etc. Interested parties would install the services by themselves and would be responsible to run them. Parties could be CENTR, DE-NIC, ICANN, EUxxx and so on. I would like to know more about the CENTR sss iniative. Whom should I contact? Arnold -- Arnold Nipper Email: [EMAIL PROTECTED] DE-CIX, The German Internet Exchange Mobile: +49 172 2650958
Re: KPNQwest ns.eu.net server.
number and distribution of registrations maybe - that comes down to number and sizing of servers and geography/network diversity, the others are at best operational concerns for the backend, not for the frontend DNS servers. backend/frontend? Taking RFC 2870, why wouldn't all of section 2 and most of section 3 and section 4 be applicable to both gTLD and ccTLD servers (changing root zone and IANA as appropriate)? sure, you could take those sections as a starting point. But why stop at TLDs? Why not make this applicable to -ALL- dns servers? The problem we tried to tackle with RFC 2010, and apparently not well considered by the authors of RFC 2870 is the difficulty of segmenting system availabilty from operations. So to clarify, are you talking about the server operations or are you talking about availability of the zone? RFC 2870 muddies the waters here. You seem to be leaning toward ensuring availablity. RFC 2010 attempted to make the distinction. gTLD servers, today, have an operational requirement to run on 64bit hardware. Few if any ccTLDs have that as a requirement. The root servers may not see that requirement until 2038 or so... In any case, RFC 2870 is getting long in the tooth and
Re: KPNQwest ns.eu.net server.
On Fri, 07 Jun 2002 12:18:19 -, [EMAIL PROTECTED] said: sure, you could take those sections as a starting point. But why stop at TLDs? Why not make this applicable to -ALL- dns servers? Mighty fine pharmaceuticals you got there. ;) I'd settle for a requirement that dns servers have *basic* configuration correct - I mean, is it *that* hard to avoid lame delegations and typos in the SOA or NS records? -- Valdis Kletnieks Computer Systems Senior Engineer Virginia Tech msg02530/pgp0.pgp Description: PGP signature
Re: KPNQwest ns.eu.net server.
[EMAIL PROTECTED] wrote: I mean, is it *that* hard to avoid lame delegations and typos in the SOA or NS records? apparently -- Eric A. Hallhttp://www.ehsco.com/ Internet Core Protocols http://www.oreilly.com/catalog/coreprot/
Re: KPNQwest ns.eu.net server.
On Fri, Jun 07, 2002 at 08:36:21AM -0400, [EMAIL PROTECTED] wrote: I'd settle for a requirement that dns servers have *basic* configuration correct - I mean, is it *that* hard to avoid lame delegations and typos in the SOA or NS records? Don't even get me started on typos in the delegation records at the TLD servers (entered by the registrants at least) there are currently 112 domains in .com alone with at least one incorrect NS record pointing at my nameservers.
Re: KPNQwest ns.eu.net server.
Don't even get me started on typos in the delegation records at the TLD servers (entered by the registrants at least) there are currently 112 domains in .com alone with at least one incorrect NS record pointing at my nameservers. MX0 lame.delegation.to.hostname. * MX0 lame.delegation.to.hostname. randy
Re: KPNQwest ns.eu.net server.
Yo John! On Fri, 7 Jun 2002, John Payne wrote: Don't even get me started on typos in the delegation records at the TLD servers (entered by the registrants at least) there are currently 112 domains in .com alone with at least one incorrect NS record pointing at my nameservers. There is an easy tool I use to fix that. Just put up a zone file for them on your NS that points their www to www.playboy.com. This gets action fast! RGDS GARY --- Gary E. Miller Rellim 20340 Empire Blvd, Suite E-3, Bend, OR 97701 [EMAIL PROTECTED] Tel:+1(541)382-8588 Fax: +1(541)382-8676
Re: KPNQwest ns.eu.net server.
On Fri, Jun 07, 2002 at 11:48:24AM -0700, Gary E. Miller wrote: Yo John! On Fri, 7 Jun 2002, John Payne wrote: Don't even get me started on typos in the delegation records at the TLD servers (entered by the registrants at least) there are currently 112 domains in .com alone with at least one incorrect NS record pointing at my nameservers. There is an easy tool I use to fix that. Just put up a zone file for them on your NS that points their www to www.playboy.com. This gets action fast! Not when the domains are just registered for cybersquatting (the other problem). I have done something similar to what you suggest (but without targetting an innocent thirdparty)... see http://www.chairtime.com/ as an example. The abuse and legal threats were amusing to start with, but they're getting boring now - I'd much rather just pull the glue records and break those domains hard (nothing legitimate has ever been on those nameservers)
Re: KPNQwest ns.eu.net server.
On Fri, 7 Jun 2002, Gary E. Miller wrote: Yo John! There is an easy tool I use to fix that. Just put up a zone file for them on your NS that points their www to www.playboy.com. This gets action fast! I think pointing it to www.poopsex.com would be far more entertaining. Charles RGDS GARY --- Gary E. Miller Rellim 20340 Empire Blvd, Suite E-3, Bend, OR 97701 [EMAIL PROTECTED] Tel:+1(541)382-8588 Fax: +1(541)382-8676
Re: KPNQwest ns.eu.net server.
Hi People, Here from Intelideas (AS12359) we are ready for hosting ccTLDs in our network. We are present in Espanix, Linx, Catnix and diverse upstreams. Our contact data: DNS: [EMAIL PROTECTED] DNS Master: Enrique Iglesias Rodriguez. (+34 917882517) regards, Daniel Intelideas On Thursday 06 June 2002 01:08, Joao Luis Silva Damas wrote: At 11:04 -0700 5/6/02, Randy Bush wrote: Given the current situation of KPNQwest and the possibility of its services going offline sometime soon, the RIPE NCC in agreement with KPNQwest will be temporally hosting this server (ns.eu.net) in its premises. nice emergency hack and sorry to whine. but i used them both to get diversity. Hi Randy, there are 16 ccTLDs for which ns.ripe.net and ns.eu.net are both secondary. So we will definitely request those ccTLDs to look for a new host as soon as possible. The rest can take bit more time to think what they want to do since ns.eu.net will keep running. We are offering secondary service on ns.ripe.net for any ccTLD that we weren't sencodaring for, as are other people. The idea is not to have ns.eu.net running for ever, just to enable people to have time to take rational decisions, without the fear of having the server going away because of some unexpected turn of events. when in less of a panic, please move it to moscow or something. Panic? what panic? this is just common sense Joao randy
Re: KPNQwest ns.eu.net server.
On Wed, Jun 05, 2002 at 07:25:47PM +0200, Daniel Diaz wrote: Dear all, Given the current situation of KPNQwest and the possibility of its services going offline sometime soon, the RIPE NCC in agreement with KPNQwest will be temporally hosting this server (ns.eu.net) in its premises. This is to avoid major problems in the Internet as this server is secondary for a large number of ccTLD's zones, and thousand other zones. We (AS) will be soon announcing the 192.16.202.0/24 prefix. TDC is currently secondary for the dk TLD, if any other TLD need a secondary, please contact [EMAIL PROTECTED] and/or [EMAIL PROTECTED] best regards /Jesper -- Jesper Skriver, jesper(at)skriver(dot)dk - CCIE #5456 Work:Network manager @ AS3292 (Tele Danmark DataNetworks) Private: FreeBSD committer @ AS2109 (A much smaller network ;-) One Unix to rule them all, One Resolver to find them, One IP to bring them all and in the zone to bind them.
RE: KPNQwest ns.eu.net server.
I suggest that if the RIPE need another provider that they take time and issue a proper RFI/P/Q through the European Journal. It does ask an interesting question over disaster recovery in situations like this. Regards, Neil. -- Neil J. McRae - COLT [EMAIL PROTECTED]
Re: Re: KPNQwest ns.eu.net server.
As a lot of people are offering secondary services: may be it's a good idea to place infrastructural services at IXP. IXP seem to be more stable than any ISPs and often more neutral than ISPs. Comments? Arnold -- Arnold Nipper, DE-CIX, the German Internet Exchange email: [EMAIL PROTECTED] mobile: +49 172 2650958 handle: an6695-ripe - Original Message - From: Sabine Dolderer/Denic [EMAIL PROTECTED] To: Jan-Ahrent Czmok [EMAIL PROTECTED] Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Thursday, June 06, 2002 9:43 AM Subject: Re: Re: KPNQwest ns.eu.net server. Hello, DENIC runs currently several secondarys (not only DE but also for some other TLDs) in different places worldwide. We are willing to offer secondary service for other ccTLDs. But there will be because of security/stability reasons a limit on the number of ccTLDs we want to run on a single machine. Sabine -- Sabine Dolderer DENIC eG Wiesenhüttenplatz 26 D-60329 Frankfurt eMail: [EMAIL PROTECTED] Fon: +49 69 27235 0 Fax: +49 69 27235 235 Jan-Ahrent CzmokAn: Joao Luis Silva Damas [EMAIL PROTECTED] czmok@gatel.Kopie: [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], net [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], Gesendet von:[EMAIL PROTECTED], [EMAIL PROTECTED] owner-lir-wg@Thema: Re: KPNQwest ns.eu.net server. ripe.net 06.06.2002 01:29 PostedDate: 06.06.2002 01:29:37 $MessageID: [EMAIL PROTECTED] From: [EMAIL PROTECTED] SendTo: Joao Luis Silva Damas [EMAIL PROTECTED] CopyTo: [EMAIL PROTECTED];[EMAIL PROTECTED];[EMAIL PROTECTED];[EMAIL PROTECTED];tech-l@ams- ix.net;[EMAIL PROTECTED];[EMAIL PROTECTED];[EMAIL PROTECTED] Subject: Re: KPNQwest ns.eu.net server. Received: from smtp.denic.de ([194.246.96.22]) by notes.denic.de (Lotus Domino Release 5.0.8) with ESMTP id 2002060601283597:15602 ; Thu, 6 Jun 2002 01:28:35 +0200 Received: from postman.ripe.net (postman.ripe.net [193.0.0.199]) by smtp.denic.de with smtp id 17FkCg-0004uX-00; Thu, 6 Jun 2002 01:28:34 +0200 Received: (qmail 11455 invoked by alias); 5 Jun 2002 23:28:15 - Received: (qmail 11452 invoked by uid 66); 5 Jun 2002 23:28:15 - Delivered_To: [EMAIL PROTECTED] PRINCIPAL: Jan-Ahrent Czmok [EMAIL PROTECTED] In_Reply_To: p05111700b92449b9ddee@[193.0.1.81] References: [EMAIL PROTECTED] [EMAIL PROTECTED] p05111700b92449b9ddee@[193.0.1.81] Organization: Global Access Telecommunications Inc. $Mailer: Sylpheed version 0.7.6claws16 (GTK+ 1.2.10; i386-debian-linux-gnu) X_Ncc_RegID: de.gatel MIME_Version: 1.0 Precedence: bulk X_Loop_Detect: RIPE NCC SMTPOriginator: [EMAIL PROTECTED] RouteServers: CN=notes/O=Denic RouteTimes: 06.06.2002 01:28:36-06.06.2002 01:28:38 DeliveredDate: 06.06.2002 01:28:38 DENICDOCOPENCOUNT: 1 $MIMETrack: Itemize by SMTP Server on notes/Denic(Release 5.0.8 |June 18, 2001) at 06.06.2002 01:28:36;MIME-CD by Notes Client on Sabine Dolderer/Denic(Release 5.0.6a |January 17, 2001) at 06.06.2002 09:32:28;MIME-CD complete at 06.06.2002 09:32:28 BlindCopyTo: WebSubject: Re: KPNQwest ns.eu.net server. On Thu, 6 Jun 2002 01:08:46 +0200 Joao Luis Silva Damas [EMAIL PROTECTED] wrote: At 11:04 -0700 5/6/02, Randy Bush wrote: Given the current situation of KPNQwest and the possibility of its services going offline sometime soon, the RIPE NCC in agreement with KPNQwest will be temporally hosting this server (ns.eu.net) in its premises. nice emergency hack and sorry to whine. but i used them both to get diversity. Hi Randy, there are 16 ccTLDs for which ns.ripe.net and ns.eu.net are both secondary. So we will definitely request those ccTLDs to look for a new host as soon as possible. Hi Randy, hi Joao, dear routing-wg, probably my Company (GATEL, AS13129) is able to host a secondary server for the ccTLDs. The question is rather what are the hardware requirements for the secondary server. We have sufficient bandwidth capacity available and rack space as well. The rest can take bit more time to think what they want to do since ns.eu.net will keep running. Well done ! Congrats for the good ideas and coordination work. We are offering secondary service on ns.ripe.net for any ccTLD that we weren't sencodaring for, as are other people. The idea is not to have ns.eu.net running for ever, just to enable people to have time to take rational decisions, without the fear of having the server going away because of some unexpected turn of events. when in less of a panic, please move it to moscow or something. Panic? what panic? this is just common sense right. it's not panic. --jan -- Jan
RE: Re: KPNQwest ns.eu.net server.
how would you guarantee connectivity? should each isp present should provide bandwidth as part of collocation expenses? should the opexes be included in the colo bill? and then - this would probably make the colo becoming a connectivity provider, wouldn't it? -- Tomas Daniska systems engineer Tronet Computer Networks Plynarenska 5, 829 75 Bratislava, Slovakia tel: +421 2 58224111, fax: +421 2 58224199 A transistor protected by a fast-acting fuse will protect the fuse by blowing first. -Original Message- From: Nipper, Arnold [mailto:[EMAIL PROTECTED]] Sent: 6. júna 2002 16:07 To: Jan-Ahrent Czmok; Sabine Dolderer/Denic Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Re: Re: KPNQwest ns.eu.net server. As a lot of people are offering secondary services: may be it's a good idea to place infrastructural services at IXP. IXP seem to be more stable than any ISPs and often more neutral than ISPs. Comments? Arnold -- Arnold Nipper, DE-CIX, the German Internet Exchange email: [EMAIL PROTECTED] mobile: +49 172 2650958 handle: an6695-ripe - Original Message - From: Sabine Dolderer/Denic [EMAIL PROTECTED] To: Jan-Ahrent Czmok [EMAIL PROTECTED] Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Thursday, June 06, 2002 9:43 AM Subject: Re: Re: KPNQwest ns.eu.net server. Hello, DENIC runs currently several secondarys (not only DE but also for some other TLDs) in different places worldwide. We are willing to offer secondary service for other ccTLDs. But there will be because of security/stability reasons a limit on the number of ccTLDs we want to run on a single machine. Sabine -- Sabine Dolderer DENIC eG Wiesenhüttenplatz 26 D-60329 Frankfurt eMail: [EMAIL PROTECTED] Fon: +49 69 27235 0 Fax: +49 69 27235 235 Jan-Ahrent CzmokAn: Joao Luis Silva Damas [EMAIL PROTECTED] czmok@gatel.Kopie: [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], net [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], Gesendet von:[EMAIL PROTECTED], [EMAIL PROTECTED] owner-lir-wg@Thema: Re: KPNQwest ns.eu.net server. ripe.net 06.06.2002 01:29 PostedDate: 06.06.2002 01:29:37 $MessageID: [EMAIL PROTECTED] From: [EMAIL PROTECTED] SendTo: Joao Luis Silva Damas [EMAIL PROTECTED] CopyTo: [EMAIL PROTECTED];[EMAIL PROTECTED];[EMAIL PROTECTED];[EMAIL PROTECTED] et;tech-l@ams- ix.net;[EMAIL PROTECTED];[EMAIL PROTECTED];apnic-talk@lists. apnic.net Subject: Re: KPNQwest ns.eu.net server. Received: from smtp.denic.de ([194.246.96.22]) by notes.denic.de (Lotus Domino Release 5.0.8) with ESMTP id 2002060601283597:15602 ; Thu, 6 Jun 2002 01:28:35 +0200 Received: from postman.ripe.net (postman.ripe.net [193.0.0.199]) by smtp.denic.de with smtp id 17FkCg-0004uX-00; Thu, 6 Jun 2002 01:28:34 +0200 Received: (qmail 11455 invoked by alias); 5 Jun 2002 23:28:15 - Received: (qmail 11452 invoked by uid 66); 5 Jun 2002 23:28:15 - Delivered_To: [EMAIL PROTECTED] PRINCIPAL: Jan-Ahrent Czmok [EMAIL PROTECTED] In_Reply_To: p05111700b92449b9ddee@[193.0.1.81] References: [EMAIL PROTECTED] [EMAIL PROTECTED] p05111700b92449b9ddee@[193.0.1.81] Organization: Global Access Telecommunications Inc. $Mailer: Sylpheed version 0.7.6claws16 (GTK+ 1.2.10; i386-debian-linux-gnu) X_Ncc_RegID: de.gatel MIME_Version: 1.0 Precedence: bulk X_Loop_Detect: RIPE NCC SMTPOriginator: [EMAIL PROTECTED] RouteServers: CN=notes/O=Denic RouteTimes: 06.06.2002 01:28:36-06.06.2002 01:28:38 DeliveredDate: 06.06.2002 01:28:38 DENICDOCOPENCOUNT: 1 $MIMETrack: Itemize by SMTP Server on notes/Denic(Release 5.0.8 |June 18, 2001) at 06.06.2002 01:28:36;MIME-CD by Notes Client on Sabine Dolderer/Denic(Release 5.0.6a |January 17, 2001) at 06.06.2002 09:32:28;MIME-CD complete at 06.06.2002 09:32:28 BlindCopyTo: WebSubject: Re: KPNQwest ns.eu.net server. On Thu, 6 Jun 2002 01:08:46 +0200 Joao Luis Silva Damas [EMAIL PROTECTED] wrote: At 11:04 -0700 5/6/02, Randy Bush wrote: Given the current situation of KPNQwest and the possibility of its services going offline sometime soon, the RIPE NCC in agreement with KPNQwest will be temporally hosting this server (ns.eu.net) in its premises. nice emergency hack and sorry to whine. but i used them both to get diversity. Hi Randy, there are 16 ccTLDs for which ns.ripe.net and ns.eu.net
Re: Re: KPNQwest ns.eu.net server.
While a good idea, not everyone can announce or reach the IX fabrics that they connect to or are out there. One solution to that problem is to have the IX operate a zeebra/gated/whatnot box (or router+machine combo) that announces a /24 and as part of connecting to the IX people are required to peer (and provide transit) for that /24 for the good of the internet. This would allow everyone that connects to the IX to see the benifits of having a close (to their network that is) dns server as well as if my provider does not announce the DE-CIX, LINX, mae-e, mae-w, paix, nyiix, or whatever space to me, i can still reach a server placed at the IX via their network or via their peers/upstreams. - Jared http://puck.nether.net/dns/ (very rough ui) On Thu, Jun 06, 2002 at 04:07:09PM +0200, Nipper, Arnold wrote: As a lot of people are offering secondary services: may be it's a good idea to place infrastructural services at IXP. IXP seem to be more stable than any ISPs and often more neutral than ISPs. Comments? Arnold -- Arnold Nipper, DE-CIX, the German Internet Exchange email: [EMAIL PROTECTED] mobile: +49 172 2650958 handle: an6695-ripe - Original Message - From: Sabine Dolderer/Denic [EMAIL PROTECTED] To: Jan-Ahrent Czmok [EMAIL PROTECTED] Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Thursday, June 06, 2002 9:43 AM Subject: Re: Re: KPNQwest ns.eu.net server. Hello, DENIC runs currently several secondarys (not only DE but also for some other TLDs) in different places worldwide. We are willing to offer secondary service for other ccTLDs. But there will be because of security/stability reasons a limit on the number of ccTLDs we want to run on a single machine. Sabine -- Sabine Dolderer DENIC eG Wiesenhüttenplatz 26 D-60329 Frankfurt eMail: [EMAIL PROTECTED] Fon: +49 69 27235 0 Fax: +49 69 27235 235 Jan-Ahrent CzmokAn: Joao Luis Silva Damas [EMAIL PROTECTED] czmok@gatel.Kopie: [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], net [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], Gesendet von:[EMAIL PROTECTED], [EMAIL PROTECTED] owner-lir-wg@Thema: Re: KPNQwest ns.eu.net server. ripe.net 06.06.2002 01:29 PostedDate: 06.06.2002 01:29:37 $MessageID: [EMAIL PROTECTED] From: [EMAIL PROTECTED] SendTo: Joao Luis Silva Damas [EMAIL PROTECTED] CopyTo: [EMAIL PROTECTED];[EMAIL PROTECTED];[EMAIL PROTECTED];[EMAIL PROTECTED];tech-l@ams- ix.net;[EMAIL PROTECTED];[EMAIL PROTECTED];[EMAIL PROTECTED] Subject: Re: KPNQwest ns.eu.net server. Received: from smtp.denic.de ([194.246.96.22]) by notes.denic.de (Lotus Domino Release 5.0.8) with ESMTP id 2002060601283597:15602 ; Thu, 6 Jun 2002 01:28:35 +0200 Received: from postman.ripe.net (postman.ripe.net [193.0.0.199]) by smtp.denic.de with smtp id 17FkCg-0004uX-00; Thu, 6 Jun 2002 01:28:34 +0200 Received: (qmail 11455 invoked by alias); 5 Jun 2002 23:28:15 - Received: (qmail 11452 invoked by uid 66); 5 Jun 2002 23:28:15 - Delivered_To: [EMAIL PROTECTED] PRINCIPAL: Jan-Ahrent Czmok [EMAIL PROTECTED] In_Reply_To: p05111700b92449b9ddee@[193.0.1.81] References: [EMAIL PROTECTED] [EMAIL PROTECTED] p05111700b92449b9ddee@[193.0.1.81] Organization: Global Access Telecommunications Inc. $Mailer: Sylpheed version 0.7.6claws16 (GTK+ 1.2.10; i386-debian-linux-gnu) X_Ncc_RegID: de.gatel MIME_Version: 1.0 Precedence: bulk X_Loop_Detect: RIPE NCC SMTPOriginator: [EMAIL PROTECTED] RouteServers: CN=notes/O=Denic RouteTimes: 06.06.2002 01:28:36-06.06.2002 01:28:38 DeliveredDate: 06.06.2002 01:28:38 DENICDOCOPENCOUNT: 1 $MIMETrack: Itemize by SMTP Server on notes/Denic(Release 5.0.8 |June 18, 2001) at 06.06.2002 01:28:36;MIME-CD by Notes Client on Sabine Dolderer/Denic(Release 5.0.6a |January 17, 2001) at 06.06.2002 09:32:28;MIME-CD complete at 06.06.2002 09:32:28 BlindCopyTo: WebSubject: Re: KPNQwest ns.eu.net server. On Thu, 6 Jun 2002 01:08:46 +0200 Joao Luis Silva Damas [EMAIL PROTECTED] wrote: At 11:04 -0700 5/6/02, Randy Bush wrote: Given the current situation of KPNQwest and the possibility of its services going offline sometime soon, the RIPE NCC in agreement with KPNQwest will be temporally hosting this server (ns.eu.net) in its premises. nice emergency hack and sorry to whine. but i used them both to get diversity. Hi Randy, there are 16 ccTLDs for which ns.ripe.net and ns.eu.net are both secondary. So we will definitely request those ccTLDs
Re: Re: KPNQwest ns.eu.net server.
Yes, but there is problem about the transit for the network of the IXP In my experience, some big providers only have the commercial view of internet. Really, if all the IXP members give some transit to the IXP for essential services, internet will be more robust. Daniel Intelideas On Thursday 06 June 2002 16:07, Nipper, Arnold wrote: As a lot of people are offering secondary services: may be it's a good idea to place infrastructural services at IXP. IXP seem to be more stable than any ISPs and often more neutral than ISPs. Comments? Arnold
Re: Re: KPNQwest ns.eu.net server.
--On Thursday, June 06, 2002 10:16:34 -0400 Jared Mauch [EMAIL PROTECTED] wrote: While a good idea, not everyone can announce or reach the IX fabrics that they connect to or are out there. One solution to that problem is to have the IX operate a zeebra/gated/whatnot box (or router+machine combo) that announces a /24 and as part of connecting to the IX people are required to peer (and provide transit) for that /24 for the good of the internet. This would allow everyone that connects to the IX to see the benifits of having a close (to their network that is) dns server as well as if my provider does not announce the DE-CIX, LINX, mae-e, mae-w, paix, nyiix, or whatever space to me, i can still reach a server placed at the IX via their network or via their peers/upstreams. This is done in Sweden, by the exchange point company Netnod, http://www.netnod.se/. They have an AS of their own, which is free to peer with, in which a number of crucial services are located, for instance: * Root DNS server * COM/NET/ORG DNS server * DNS for a number of ccTLDs including Sweden. * NTP masters directly synchronised to swedish standard time * RIPE whois mirror. Some of these services are present at several Netnod IXen, notably ccTLD and NTP. It works, and gives excellent service levels. -- Måns NilssonSystems Specialist +46 70 681 7204 KTHNOC MN1334-RIPE We're sysadmins. To us, data is a protocol-overhead.
Updates to the root zone Re: KPNQwest ns.eu.net server.
This is not a political question, only operational process. Has ICANN and NTIA worked out their operational issues so they can quickly change the root zone to reflect changes in ccTLD nameservers if people need to change which name servers are handling the ccTLDs. Last year, some of the ccTLD operators were complaining it sometimes took weeks after they submitted the change for it to make it into the root zone.
RE: Re: KPNQwest ns.eu.net server.
ok, let's suppose that usually provides the most appropriate environment for placing the dns servers and their co-infrastructure. taking it only technically, providing the connectivity for the ixp is a detail (to announce or not to announce). maybe the ixp could allocate a 'stub' subnet - separate from the transit subnet - and provide a voluntary mlpa to all the hosted isps. this would not break the isp policies on announcing the transit ixp subnet. all these are details. i see a space for another topic in this thread - updating the dns infrastrucure a bit. to be more specific: - would the ixp-located tld dns servers server only a small set of tld's each? if so, would it be region-based or agreement-based? - would it be worth the effort starting a project similar to irr that would serve as a common source for dns configurations? it'd be nice to hear your oppinions -- Tomas Daniska systems engineer Tronet Computer Networks Plynarenska 5, 829 75 Bratislava, Slovakia tel: +421 2 58224111, fax: +421 2 58224199 A transistor protected by a fast-acting fuse will protect the fuse by blowing first. -Original Message- From: Arnold Nipper [mailto:[EMAIL PROTECTED]] Sent: 6. júna 2002 16:29 To: Daniska Tomas Cc: Nipper, Arnold; [EMAIL PROTECTED] Subject: Re: Re: KPNQwest ns.eu.net server. On Thu, Jun 06, 2002 at 04:13:08PM +0200, Daniska Tomas wrote: how would you guarantee connectivity? as you have a lot of ISPs around you it should be really easy to get some connectivity. Very easy: tell some friendly ISP to announce your prefix/AS to outside. should each isp present should provide bandwidth as part of collocation expenses? What do you mean by this? If some ISP want to donate bw, nice. If not also Ok. should the opexes be included in the colo bill? Which colo bill? and then - this would probably make the colo becoming a connectivity provider, wouldn't it? Not necessarily. This much depends on your IXP model. Let's take DE-CIX. There is an association running DE-CIX, but InterXion as colo partner takes cae for a lot of things. If DE-CIX would offer infrastructural services, InterXion still would remain a simple colo provider. Arnold -- Arnold Nipper Email: [EMAIL PROTECTED] DE-CIX, The German Internet Exchange Mobile: +49 172 2650958
Re: Re: KPNQwest ns.eu.net server.
On Thu, Jun 06, 2002 at 04:31:21PM +0200, Daniel Concepcion wrote: Yes, but there is problem about the transit for the network of the IXP In my experience, some big providers only have the commercial view of internet. If an IXP decides to offer infrastructural services then you have to buy upstream of course. Really, if all the IXP members give some transit to the IXP for essential services, internet will be more robust. At least each IXP member would have direct connectivity to such infrastructural services (DNS, NTP, WHOIS, NNTP??) and thereby their customers would benefit from it. And an IXP should be in a good position to get upstream :-)) And for the commercials: these services are not for free of course. So bills for IXP members will drop not raise. -- Arnold
RE: KPNQwest ns.eu.net server.
Gert, On Thu, Jun 06, 2002 at 02:59:22PM +0100, Neil J. McRae wrote: I suggest that if the RIPE need another provider that they take time and issue a proper RFI/P/Q through the European Journal. It does ask an interesting question over disaster recovery in situations like this. Hmmm? As far as I can see, RIPE has enough providers. The problem is that the ccTLD secondary server hosted at KQ broke - which isn't RIPEs fault, and doesn't even host anything RIPE is master for (like ripe.net or the *.in-addr.arpa zones). Hence why I said if the RIPE need another provider. Note the part that has if in it. Regards, Neil.
Re: Re: KPNQwest ns.eu.net server.
Indeed, for example k.root-servers.net is hosted at LINX and is reachable globally by this kind of setup.. Steve On Thu, 6 Jun 2002, Jared Mauch wrote: While a good idea, not everyone can announce or reach the IX fabrics that they connect to or are out there. One solution to that problem is to have the IX operate a zeebra/gated/whatnot box (or router+machine combo) that announces a /24 and as part of connecting to the IX people are required to peer (and provide transit) for that /24 for the good of the internet. This would allow everyone that connects to the IX to see the benifits of having a close (to their network that is) dns server as well as if my provider does not announce the DE-CIX, LINX, mae-e, mae-w, paix, nyiix, or whatever space to me, i can still reach a server placed at the IX via their network or via their peers/upstreams. - Jared http://puck.nether.net/dns/ (very rough ui) On Thu, Jun 06, 2002 at 04:07:09PM +0200, Nipper, Arnold wrote: As a lot of people are offering secondary services: may be it's a good idea to place infrastructural services at IXP. IXP seem to be more stable than any ISPs and often more neutral than ISPs. Comments? Arnold -- Arnold Nipper, DE-CIX, the German Internet Exchange email: [EMAIL PROTECTED] mobile: +49 172 2650958 handle: an6695-ripe - Original Message - From: Sabine Dolderer/Denic [EMAIL PROTECTED] To: Jan-Ahrent Czmok [EMAIL PROTECTED] Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Thursday, June 06, 2002 9:43 AM Subject: Re: Re: KPNQwest ns.eu.net server. Hello, DENIC runs currently several secondarys (not only DE but also for some other TLDs) in different places worldwide. We are willing to offer secondary service for other ccTLDs. But there will be because of security/stability reasons a limit on the number of ccTLDs we want to run on a single machine. Sabine -- Sabine Dolderer DENIC eG Wiesenhüttenplatz 26 D-60329 Frankfurt eMail: [EMAIL PROTECTED] Fon: +49 69 27235 0 Fax: +49 69 27235 235 Jan-Ahrent CzmokAn: Joao Luis Silva Damas [EMAIL PROTECTED] czmok@gatel.Kopie: [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], net [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], Gesendet von:[EMAIL PROTECTED], [EMAIL PROTECTED] owner-lir-wg@Thema: Re: KPNQwest ns.eu.net server. ripe.net 06.06.2002 01:29 PostedDate: 06.06.2002 01:29:37 $MessageID: [EMAIL PROTECTED] From: [EMAIL PROTECTED] SendTo: Joao Luis Silva Damas [EMAIL PROTECTED] CopyTo: [EMAIL PROTECTED];[EMAIL PROTECTED];[EMAIL PROTECTED];[EMAIL PROTECTED];tech-l@ams- ix.net;[EMAIL PROTECTED];[EMAIL PROTECTED];[EMAIL PROTECTED] Subject: Re: KPNQwest ns.eu.net server. Received: from smtp.denic.de ([194.246.96.22]) by notes.denic.de (Lotus Domino Release 5.0.8) with ESMTP id 2002060601283597:15602 ; Thu, 6 Jun 2002 01:28:35 +0200 Received: from postman.ripe.net (postman.ripe.net [193.0.0.199]) by smtp.denic.de with smtp id 17FkCg-0004uX-00; Thu, 6 Jun 2002 01:28:34 +0200 Received: (qmail 11455 invoked by alias); 5 Jun 2002 23:28:15 - Received: (qmail 11452 invoked by uid 66); 5 Jun 2002 23:28:15 - Delivered_To: [EMAIL PROTECTED] PRINCIPAL: Jan-Ahrent Czmok [EMAIL PROTECTED] In_Reply_To: p05111700b92449b9ddee@[193.0.1.81] References: [EMAIL PROTECTED] [EMAIL PROTECTED] p05111700b92449b9ddee@[193.0.1.81] Organization: Global Access Telecommunications Inc. $Mailer: Sylpheed version 0.7.6claws16 (GTK+ 1.2.10; i386-debian-linux-gnu) X_Ncc_RegID: de.gatel MIME_Version: 1.0 Precedence: bulk X_Loop_Detect: RIPE NCC SMTPOriginator: [EMAIL PROTECTED] RouteServers: CN=notes/O=Denic RouteTimes: 06.06.2002 01:28:36-06.06.2002 01:28:38 DeliveredDate: 06.06.2002 01:28:38 DENICDOCOPENCOUNT: 1 $MIMETrack: Itemize by SMTP Server on notes/Denic(Release 5.0.8 |June 18, 2001) at 06.06.2002 01:28:36;MIME-CD by Notes Client on Sabine Dolderer/Denic(Release 5.0.6a |January 17, 2001) at 06.06.2002 09:32:28;MIME-CD complete at 06.06.2002 09:32:28 BlindCopyTo: WebSubject: Re: KPNQwest ns.eu.net server. On Thu, 6 Jun 2002 01:08:46 +0200 Joao Luis Silva Damas [EMAIL PROTECTED] wrote: At 11:04 -0700 5/6/02, Randy Bush wrote: Given the current situation of KPNQwest and the possibility of its services going offline sometime soon, the RIPE NCC in agreement with KPNQwest
Re: Updates to the root zone Re: KPNQwest ns.eu.net server.
--On Thursday, June 06, 2002 10:47:52 -0400 Sean Donelan [EMAIL PROTECTED] wrote: This is not a political question, only operational process. Has ICANN and NTIA worked out their operational issues so they can quickly change the root zone to reflect changes in ccTLD nameservers if people need to change which name servers are handling the ccTLDs. Last year, some of the ccTLD operators were complaining it sometimes took weeks after they submitted the change for it to make it into the root zone. I tried this game fall 2000. It was a farce. We (I then worked at NIC-SE, the SE registry) tried to remove sparky.arl.mil from the SE delegation. After all the politcs in Sweden wrt this move had been sorted out, we e-mailed the correct (as announced on webpage) contact at IANA/ICANN. Weeks went by. Nothing happened. We grew tired of this and started pulling some threads. ONLY after informal prodding (by well-known people that then had no formal role in SE operations) the root zone was updated! And, we NEVER got any acknowledgement back, we simply noticed that the delegation had been adjusted. We were not impressed. I thought along the same lines as Sean, poor ccTLDs if this (root admin unresponsiveness) is a continuing state of affairs... -- Måns NilssonSystems Specialist +46 70 681 7204 KTHNOC MN1334-RIPE We're sysadmins. To us, data is a protocol-overhead.
Re: Re: KPNQwest ns.eu.net server.
Stephen J. Wilcox wrote (on Jun 06): Indeed, for example k.root-servers.net is hosted at LINX and is reachable globally by this kind of setup.. A few of LINXs' members also transit the services provided by LINX for the good of the community - ie, at zero cost. That includes k.root. I don't mind doing it. I wouldn't mind for others either. Chris. --
Re: Updates to the root zone Re: KPNQwest ns.eu.net server.
Has ICANN and NTIA worked out their operational issues so they can quickly change the root zone to reflect changes in ccTLD nameservers if people need to change which name servers are handling the ccTLDs. Last year, some of the ccTLD operators were complaining it sometimes took weeks after they submitted the change for it to make it into the root zone. that was the fast track. it can take months. luckily, the dns protocols will route around this kind of damage as long as a primary or secondary remain alive. randy
Re: KPNQwest ns.eu.net server.
Hi, Just as a (potentially self-serving, apologies if this offends) aside, there are several companies that specialize in DNS hosting out there. The one that I'm most familiar with (Nominum's), co-locates our equipment at IXPs, has an open peering policy (of course), and has multiple (paid) transit providers. We decided upon this approach for exactly the reasons you indicate: they tend to be both more stable and more neutral than ISPs. We also believe locating at IXPs can reduce latency and improve performance. We were already providing secondary for one of the TLDs affected by ns.eu.net going away and would, of course, be happy to provide services to others. Rgds, -drc On 6/6/02 7:07 AM, Nipper, Arnold [EMAIL PROTECTED] wrote: As a lot of people are offering secondary services: may be it's a good idea to place infrastructural services at IXP. IXP seem to be more stable than any ISPs and often more neutral than ISPs. Comments? Arnold -- Arnold Nipper, DE-CIX, the German Internet Exchange email: [EMAIL PROTECTED] mobile: +49 172 2650958 handle: an6695-ripe - Original Message - From: Sabine Dolderer/Denic [EMAIL PROTECTED] To: Jan-Ahrent Czmok [EMAIL PROTECTED] Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Thursday, June 06, 2002 9:43 AM Subject: Re: Re: KPNQwest ns.eu.net server. Hello, DENIC runs currently several secondarys (not only DE but also for some other TLDs) in different places worldwide. We are willing to offer secondary service for other ccTLDs. But there will be because of security/stability reasons a limit on the number of ccTLDs we want to run on a single machine. Sabine -- Sabine Dolderer DENIC eG Wiesenhüttenplatz 26 D-60329 Frankfurt eMail: [EMAIL PROTECTED] Fon: +49 69 27235 0 Fax: +49 69 27235 235 Jan-Ahrent CzmokAn: Joao Luis Silva Damas [EMAIL PROTECTED] czmok@gatel.Kopie: [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], net [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], Gesendet von:[EMAIL PROTECTED], [EMAIL PROTECTED] owner-lir-wg@Thema: Re: KPNQwest ns.eu.net server. ripe.net 06.06.2002 01:29 PostedDate: 06.06.2002 01:29:37 $MessageID: [EMAIL PROTECTED] From: [EMAIL PROTECTED] SendTo: Joao Luis Silva Damas [EMAIL PROTECTED] CopyTo: [EMAIL PROTECTED];[EMAIL PROTECTED];[EMAIL PROTECTED];[EMAIL PROTECTED];tech-l@ams- ix.net;[EMAIL PROTECTED];[EMAIL PROTECTED];[EMAIL PROTECTED] Subject: Re: KPNQwest ns.eu.net server. Received: from smtp.denic.de ([194.246.96.22]) by notes.denic.de (Lotus Domino Release 5.0.8) with ESMTP id 2002060601283597:15602 ; Thu, 6 Jun 2002 01:28:35 +0200 Received: from postman.ripe.net (postman.ripe.net [193.0.0.199]) by smtp.denic.de with smtp id 17FkCg-0004uX-00; Thu, 6 Jun 2002 01:28:34 +0200 Received: (qmail 11455 invoked by alias); 5 Jun 2002 23:28:15 - Received: (qmail 11452 invoked by uid 66); 5 Jun 2002 23:28:15 - Delivered_To: [EMAIL PROTECTED] PRINCIPAL: Jan-Ahrent Czmok [EMAIL PROTECTED] In_Reply_To: p05111700b92449b9ddee@[193.0.1.81] References: [EMAIL PROTECTED] [EMAIL PROTECTED] p05111700b92449b9ddee@[193.0.1.81] Organization: Global Access Telecommunications Inc. $Mailer: Sylpheed version 0.7.6claws16 (GTK+ 1.2.10; i386-debian-linux-gnu) X_Ncc_RegID: de.gatel MIME_Version: 1.0 Precedence: bulk X_Loop_Detect: RIPE NCC SMTPOriginator: [EMAIL PROTECTED] RouteServers: CN=notes/O=Denic RouteTimes: 06.06.2002 01:28:36-06.06.2002 01:28:38 DeliveredDate: 06.06.2002 01:28:38 DENICDOCOPENCOUNT: 1 $MIMETrack: Itemize by SMTP Server on notes/Denic(Release 5.0.8 |June 18, 2001) at 06.06.2002 01:28:36;MIME-CD by Notes Client on Sabine Dolderer/Denic(Release 5.0.6a |January 17, 2001) at 06.06.2002 09:32:28;MIME-CD complete at 06.06.2002 09:32:28 BlindCopyTo: WebSubject: Re: KPNQwest ns.eu.net server. On Thu, 6 Jun 2002 01:08:46 +0200 Joao Luis Silva Damas [EMAIL PROTECTED] wrote: At 11:04 -0700 5/6/02, Randy Bush wrote: Given the current situation of KPNQwest and the possibility of its services going offline sometime soon, the RIPE NCC in agreement with KPNQwest will be temporally hosting this server (ns.eu.net) in its premises. nice emergency hack and sorry to whine. but i used them both to get diversity. Hi Randy, there are 16 ccTLDs for which ns.ripe.net and ns.eu.net are both secondary. So we will definitely request those ccTLDs to look for a new host as soon as possible. Hi Randy, hi Joao, dear routing-wg, probably my Company (GATEL, AS13129) is able to host
Re: KPNQwest ns.eu.net server.
At 16:35 +0200 6/6/02, Gert Doering wrote: Hmmm? As far as I can see, RIPE has enough providers. The problem is that the ccTLD secondary server hosted at KQ broke - ns.eu.net has not broke. At least not yet. KPNQwest still has very competent people (and I would like to specifically thank Berislav Todorovic for embracing the idea of placing ns.eu.net outside KPNQwest to ensure stability and for all the support in actually doing it) The RIPE NCC doesn't currently need further support to operate the service, which is why we volunteered to do it, to provide a stable service until further steps are undertaken without the concern for the time period KPNQwest will be able to continue to operate. With time, since EUNet will not exist, ns.eu.net should also disappear (I am not quite sure the RIPE NCC would want to own the eu.net domain), but it should be after everyone has got time to think properly about a solution that suits them in the long term. Cheers, Joao
Re: KPNQwest ns.eu.net server.
On Thu, Jun 06, 2002 at 04:24:40PM +0200, Daniel Concepcion wrote: Yes Neil, It should be interesting to know the 'official' requirements/recommendations for ccTLD's hosting For example: diversity geographical, network needs, security needs, building environment., etc I've only been able to find a best practise guideline that specifies that the nameserver be online 24/7. (http://www.wwtld.org/ongoing/bestpractices/BestPractice_10Mar2001.html) I found it interesting to note that a significant number of cctld servers ignore the suggestions for root-servers in BCP40/RFC2870... Other major zone server operators (gTLDs, ccTLDs, major zones) may also find it useful. and leave recursion enabled on the ccTLD servers (2.5) - the old ns.eu.net was one of these, I believe RIPE have done the right thing with the new one. What is even more disturbing is that there is a non-zero number of ccTLD servers that are still cache poisonable.
Re: KPNQwest ns.eu.net server.
In message [EMAIL PROTECTED], Daniel Concepcion writes: Yes Neil, It should be interesting to know the 'official' requirements/recommendations for ccTLD's hosting For example: diversity geographical, network needs, security needs, building environment., etc I don't know of any official requirements. But RFCs 2182 and 2870 offer good guidance. (Some of 2870 is root zone-specific, but most of it would apply to a ccTLD server.) --Steve Bellovin, http://www.research.att.com/~smb (me) http://www.wilyhacker.com (Firewalls book)
Re: KPNQwest ns.eu.net server.
On Thu, Jun 06, 2002 at 02:12:36PM -0400, Steven M. Bellovin wrote: In message [EMAIL PROTECTED], Daniel Concepcion writes: Yes Neil, It should be interesting to know the 'official' requirements/recommendations for ccTLD's hosting For example: diversity geographical, network needs, security needs, building environment., etc I don't know of any official requirements. But RFCs 2182 and 2870 offer good guidance. (Some of 2870 is root zone-specific, but most of it would apply to a ccTLD server.) Unfortunately most of the ccTLD nameserver operators ignore 2870 (including one of the authors...)
Re: Updates to the root zone Re: KPNQwest ns.eu.net server.
On Thu, 6 Jun 2002, Randy Bush wrote: that was the fast track. it can take months. Months? Years more like. .nz have been trying to update their whois information for a couple of years (IIRC) now. From what I understand the update have been refused since their won't sign the ICANN contracts (like 95% of the other TLDs) NOTE: The specific change I'm thinking of is their street address (and organisation name for that matter). I *think* a name server change *did* go though after a lot of pushing. Disclaimer: I'm not involved with running .nz at all nor ICANN politics for that matter. -- Simon Lyall.| Newsmaster | Work: [EMAIL PROTECTED] Senior Network/System Admin | Postmaster | Home: [EMAIL PROTECTED] ihug, Auckland, NZ | Asst Doorman | Web: http://www.darkmere.gen.nz
Re: KPNQwest ns.eu.net server.
In message [EMAIL PROTECTED], Daniel Concepcion writes: Yes Neil, It should be interesting to know the 'official' requirements/recommendations for ccTLD's hosting For example: diversity geographical, network needs, security needs, building environment., etc I don't know of any official requirements. But RFCs 2182 and 2870 offer good guidance. (Some of 2870 is root zone-specific, but most of it would apply to a ccTLD server.) --Steve Bellovin, http://www.research.att.com/~smb (me) It is perhaps instructive to note that when RFC 2870 was written, (most of) the roots also hosted COM,NET,ORG. Considered properly, RFC 2870 is more targeted toward gTLD servers. ccTLDs have a moderately different focus, while root servers are distinct from either in their requirements. --bill
Re: KPNQwest ns.eu.net server.
On Thu, Jun 06, 2002 at 07:53:49PM +, [EMAIL PROTECTED] wrote: ... I don't know of any official requirements. But RFCs 2182 and 2870 offer good guidance. (Some of 2870 is root zone-specific, but most of it would apply to a ccTLD server.) --Steve Bellovin, http://www.research.att.com/~smb (me) It is perhaps instructive to note that when RFC 2870 was written, (most of) the roots also hosted COM,NET,ORG. Considered properly, RFC 2870 is more targeted toward gTLD servers. ccTLDs have a moderately different focus, while root servers are distinct from either in their requirements. So how does the operation of gTLD servers differ from ccTLD servers, other than perhaps more focus on geographical diversity? number and distributions of registrations, legacy considerations that may reflect on legal issues, local policy issues that off the top of my head. .com vs .um -- for example. --bill
Re: KPNQwest ns.eu.net server.
Given the current situation of KPNQwest and the possibility of its services going offline sometime soon, the RIPE NCC in agreement with KPNQwest will be temporally hosting this server (ns.eu.net) in its premises. nice emergency hack and sorry to whine. but i used them both to get diversity. when in less of a panic, please move it to moscow or something. randy