Not the best solution, but it takes VeriSign out of the loop
Who's up for creating a network of new gTLD servers? I'm sure it wouldn't be too hard to reconstruct 90% of the com/net zones from publicly available data (http://www.deleteddomains.com/newlist.shtml?cid=11673-11084 would be a good start). Constantly farming for missed zones, and maybe even querying the "real" servers for missing data. The updates would be a day or two behind the "real" zones, but once you got a good number of eyeballs looking to your servers instead of VeriSign's, you could probably convince quite a few registrars to start sending you updates too. I'm sure this breaks many an RFC, and has an unfathomable number of other problems, but I see it this way: we can complain and whine about mismanagement as much as we want, but until there is a viable alternative available their will never be a change. *hops into his fireproof undies* Comments anyone? --- Michael Damm, MIS Department, Irwin Research & Development V: 509.457.5080 x298 F: 509.577.0301 E: [EMAIL PROTECTED]
Re: Not the best solution, but it takes VeriSign out of the loop
MD> Date: Tue, 16 Sep 2003 11:07:41 -0700 MD> From: Mike Damm MD> Who's up for creating a network of new gTLD servers? I'm sure I dunno. We'd be trusting those operating the gTLD network. ;-) MD> it wouldn't be too hard to reconstruct 90% of the com/net MD> zones from publicly available data MD> (http://www.deleteddomains.com/newlist.shtml?cid=11673-11084 It seems to think my Lynx browsing sessions are illegitimate, and returns a nasty message. MD> would be a good start). Constantly farming for missed zones, MD> and maybe even querying the "real" servers for missing data. MD> The updates would be a day or two behind the "real" zones, MD> but once you got a good number of eyeballs looking to your MD> servers instead of VeriSign's, you could probably convince MD> quite a few registrars to start sending you updates too. You're essentially having a resolver save cached domains, then return responses. MD> I'm sure this breaks many an RFC, and has an unfathomable MD> number of other problems, but I see it this way: we can *shrug* Anycasting AS112 works well. Eddy -- Brotsman & Dreger, Inc. - EverQuick Internet Division Bandwidth, consulting, e-commerce, hosting, and network building Phone: +1 785 865 5885 Lawrence and [inter]national Phone: +1 316 794 8922 Wichita _ DO NOT send mail to the following addresses : [EMAIL PROTECTED] -or- [EMAIL PROTECTED] -or- [EMAIL PROTECTED] Sending mail to spambait addresses is a great way to get blocked.
Re: Not the best solution, but it takes VeriSign out of the loop
On Tue, Sep 16, 2003 at 11:07:41AM -0700, Mike Damm wrote: > > > Who's up for creating a network of new gTLD servers? I'm sure it wouldn't be > too hard to reconstruct 90% of the com/net zones from publicly available > data (http://www.deleteddomains.com/newlist.shtml?cid=11673-11084 would be a > good start). Constantly farming for missed zones, and maybe even querying > the "real" servers for missing data. The updates would be a day or two > behind the "real" zones, but once you got a good number of eyeballs looking > to your servers instead of VeriSign's, you could probably convince quite a > few registrars to start sending you updates too. You can download the real zones if you want easily enough. Some years ago all this took was sending a few faxes. -- http://www.PowerDNS.com Open source, database driven DNS Software http://lartc.org Linux Advanced Routing & Traffic Control HOWTO
Re: Not the best solution, but it takes VeriSign out of the loop
This would require cooperation from the root-servers operators. And a serious effort from ISP/NSP community to block network access to root-servers that don't cooperate. I agree that it's a good idea at this point. I see nothing else as a serious long-term technical solution. Mike Damm wrote: > > Who's up for creating a network of new gTLD servers? >... -- William Allen Simpson Key fingerprint = 17 40 5E 67 15 6F 31 26 DD 0D B9 9B 6A 15 2C 32
RE: Not the best solution, but it takes VeriSign out of the loop
I have received a few replies off list suggesting the same. I already have access to the zones (well, not currently, moved to a new IP block and need to update my source address with them), and if I remember correctly, the agreement I had to sign restricts you from redistributing the data in any way shape and/or form. -Mike --- Michael Damm, MIS Department, Irwin Research & Development V: 509.457.5080 x298 F: 509.577.0301 E: [EMAIL PROTECTED] -Original Message- From: bert hubert [mailto:[EMAIL PROTECTED] Sent: Tuesday, September 16, 2003 11:31 AM To: Mike Damm Cc: [EMAIL PROTECTED] Subject: Re: Not the best solution, but it takes VeriSign out of the loop > You can download the real zones if you want easily enough. Some years ago > all this took was sending a few faxes.
RE: Not the best solution, but it takes VeriSign out of the loop
And I faxed my stuff a month ago and they haven't replied yea or nea ... > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of > Mike Damm > Sent: Tuesday, September 16, 2003 3:52 PM > To: 'bert hubert'; Mike Damm > Cc: [EMAIL PROTECTED] > Subject: RE: Not the best solution, but it takes VeriSign out of the > loop > > > > I have received a few replies off list suggesting the same. I already have > access to the zones (well, not currently, moved to a new IP block and need > to update my source address with them), and if I remember correctly, the > agreement I had to sign restricts you from redistributing the data in any > way shape and/or form. > > -Mike > > --- > Michael Damm, MIS Department, Irwin Research & Development > V: 509.457.5080 x298 F: 509.577.0301 E: [EMAIL PROTECTED] > > > -Original Message- > From: bert hubert [mailto:[EMAIL PROTECTED] > Sent: Tuesday, September 16, 2003 11:31 AM > To: Mike Damm > Cc: [EMAIL PROTECTED] > Subject: Re: Not the best solution, but it takes VeriSign out of the loop > > > You can download the real zones if you want easily enough. Some > years ago > > all this took was sending a few faxes. > >
Re: Not the best solution, but it takes VeriSign out of the loop
> > Who's up for creating a network of new gTLD servers? > This would require cooperation from the root-servers operators. speaking for f-root, we won't be cooperating with anything like that. we do not edit the zone files we serve. they come from iana, and if you want something different served, you'll have to talk to iana. i cannot speak for the other rootops but i suspect that their answers might be compatible with, if not downright similar to, f-root's. > And a serious effort from ISP/NSP community to block network access to > root-servers that don't cooperate. > > I agree that it's a good idea at this point. I see nothing else as a > serious long-term technical solution. sounds like mob rule to me -- count me out. so, block me first, i guess? -- Paul Vixie
Re: Not the best solution, but it takes VeriSign out of the loop
On Wed, 17 Sep 2003 04:27:05 -, Paul Vixie <[EMAIL PROTECTED]> said: > speaking for f-root, we won't be cooperating with anything like that. > we do not edit the zone files we serve. they come from iana, and if > you want something different served, you'll have to talk to iana. i > cannot speak for the other rootops but i suspect that their answers > might be compatible with, if not downright similar to, f-root's. Amen to that - the guys who run the *root* nameservers are not the problem. They get DDoSed, and even when not DDoSed, 98% of the stuff thrown at them is trash - and the servers keep going anyhow. The closest thing to a controversial hijacking in like 20 years has been one test by Postel. Yes, there's been issues with some TLDs regarding who the rightful registrar is, but that's IANA's call not the root nameservers. And there's been issues with the management of a TLD going bonzo in various ways - but again, that's not the fault of the root itself. Quite frankly, if the rest of the net ran as well and sanely as the guys who run the root nameservers, we'd all have lots lower blood pressures... ;) pgp0.pgp Description: PGP signature
Re: Not the best solution, but it takes VeriSign out of the loop
On 17.09 04:27, Paul Vixie wrote: > speaking for f-root, we won't be cooperating with anything like that. speaking for k-root we will not either. > ... sounds like mob rule to me -- count me out. so, block me first, i guess? block us second. Daniel
RE: Not the best solution, but it takes VeriSign out of the loop
I never said anything in my original posting regarding assistance from the root operators; god knows you guys have a hard enough job already. And frankly blocking non-cooperative servers would hurt the net just as much as what VeriSign's doing. My suggestion was to simply create a viable alternative source of com/net zones that operators could use if they choose to do so. If you don't like what VeriSign is doing with them, don't use VS zones anymore. Hopefully, eventually, IANA will be telling you to switch the roots. Not me. Not likely, but ORG managed to pull off a transition to other ownership. For anyone who's interested, you can "opt-in" to the new zones I'm building here: http://www.symetrix.net/gtld/ -Mike --- Michael Damm, MIS Department, Irwin Research & Development V: 509.457.5080 x298 F: 509.577.0301 E: [EMAIL PROTECTED] -Original Message- From: Paul Vixie [mailto:[EMAIL PROTECTED] Sent: Tuesday, September 16, 2003 9:27 PM To: [EMAIL PROTECTED] Subject: Re: Not the best solution, but it takes VeriSign out of the loop > > Who's up for creating a network of new gTLD servers? > This would require cooperation from the root-servers operators. speaking for f-root, we won't be cooperating with anything like that. we do not edit the zone files we serve. they come from iana, and if you want something different served, you'll have to talk to iana. i cannot speak for the other rootops but i suspect that their answers might be compatible with, if not downright similar to, f-root's. > And a serious effort from ISP/NSP community to block network access to > root-servers that don't cooperate. > > I agree that it's a good idea at this point. I see nothing else as a > serious long-term technical solution. sounds like mob rule to me -- count me out. so, block me first, i guess? -- Paul Vixie