Re: The whole alternate-root ${STATE}horse (was Re: Enable BIND cache server to resolve chinese domain name?)
On Wed, 6 Jul 2005, Brad Knowles wrote: There's not much we can do to stop the alternate roots. They already exist, and at least two are currently in operation. However, I think we can look at what it is that they're offering in terms of i18n and see what we can do to address those issues from inside the system. They aren't offering i18n, they're offering l10n, because their systems only work for a small localized community, not the whole international Internet. Tony. -- f.a.n.finch [EMAIL PROTECTED] http://dotat.at/ BISCAY: WEST 5 OR 6 BECOMING VARIABLE 3 OR 4. SHOWERS AT FIRST. MODERATE OR GOOD.
Re: Enable BIND cache server to resolve chinese domain name?
On Mon, Jul 04, 2005 at 05:21:47PM +, Paul Vixie wrote: Every public root experiment that I have seen has always operated as a superset of the ICANN root zone. not www.orsn.net. Well, their website looks a lot better than the equivalent one. :-) But note that their site does *not* say that they are not a strict superset; merely that their current operating policy doesn't *guarantee* it. Their language certainly implies that they're not out to be intentionally perverse, at least to me. Cheers, -- jra -- Jay R. Ashworth[EMAIL PROTECTED] Designer Baylink RFC 2100 Ashworth AssociatesThe Things I Think'87 e24 St Petersburg FL USA http://baylink.pitas.com +1 727 647 1274 If you can read this... thank a system administrator. Or two. --me
Re: The whole alternate-root ${STATE}horse (was Re: Enable BIND cache server to resolve chinese domain name?)
At 10:32 PM -0400 2005-07-04, Jay R. Ashworth wrote: But the whole there's a non-ICANN root: the sky is falling thing is an argument cooked up to scare the unwashed; us old wallas don't buy it. That's because you understand the underlying technology, and you understand how to deal with the problem (including understanding that you may just have to live with it). Most people don't understand the underlying technology or the true nature of the problem, nor are they capable of doing so. All they know is that their e-mail doesn't work, or they can't get to the web pages they want. And for them, this is a very real problem. Since there's a lot more of them than there are of us, and we're the ones who are likely to be operating the systems and networks where these people are our customers, when they have a problem, that creates a problem for us. Moreover, most of them are unlikely to be willing to just live with the problem, if no other suitable technical solution can be found. Instead, they'll believe the sales pitch of someone else who says that they can fix the problem, even if that's not technically possible. Okay, the sky may not be falling. Maybe it's just the Cyclorama, or the fly grid. But when the actors are on stage and one of these things falls, there's not much practical difference. And us techies are the ones that have to pick up the pieces and try to put them back together again. -- Brad Knowles, [EMAIL PROTECTED] Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety. -- Benjamin Franklin (1706-1790), reply of the Pennsylvania Assembly to the Governor, November 11, 1755 SAGE member since 1995. See http://www.sage.org/ for more info.
Re: Enable BIND cache server to resolve chinese domain name?
Remember the paraphrase from Voltaire: I disapprove of what you say, but I will defend to the death your right to say it I have said that before on many occasions. However, in this case, I do not defend your right to say it. In my opinion, your doing so undermines the most fundamental basis of the Internet. Sorry comrades, I can no longer participate in this discussion. It seems that I have been declared to be an enemy of the people. --Michael Dillon
Re: Enable BIND cache server to resolve chinese domain name?
[EMAIL PROTECTED] wrote: Remember the paraphrase from Voltaire: I disapprove of what you say, but I will defend to the death your right to say it I have said that before on many occasions. However, in this case, I do not defend your right to say it. In my opinion, your doing so undermines the most fundamental basis of the Internet. Sorry comrades, I can no longer participate in this discussion. It seems that I have been declared to be an enemy of the people. Michael stay with us. If anybody is trying to make a fool out of himself it is me or Brad. Look in the bible - an old one if you have. There in three places at least it says: Thou maye not have another Root in front of me so BESIDE is definitley allowed. Roman Catholics tend to translate that in the wrong way - if at all. Sorry if my english is a bit teutonic or canucked :) Yes I know - seeing there is more than one root is a bit of a shock - much as the existence of America (I mean back in 1512) Kind regards, Peter and Karin Dambier --Michael Dillon -- Peter and Karin Dambier Public-Root Graeffstrasse 14 D-64646 Heppenheim +49-6252-671788 (Telekom) +49-179-108-3978 (O2 Genion) +49-6252-750308 (VoIP: sipgate.de) +1-360-448-1275 (VoIP: freeworldialup.com) +1-360-226-6583-9563 (INAIC) mail: [EMAIL PROTECTED] http://iason.site.voila.fr http://www.kokoom.com/iason
Re: The whole alternate-root ${STATE}horse (was Re: Enable BIND cache server to resolve chinese domain name?)
On Tue, Jul 05, 2005 at 01:14:08AM -0400, [EMAIL PROTECTED] wrote: On Mon, 04 Jul 2005 22:32:52 EDT, Jay R. Ashworth said: Well, Steve; that reply is a *little* disingenuous: all of the alternative root zones and root server clusters that *I'm* aware of track the ICANN root, except in the rare instances where there are TLD collisions. And *that* is just a tad disingenuous itself. If you have 1 alternate root that tracks ICANN's dozen-ish TLDs and the country-code TLDs, and then adds 2-3 dozen of its own, there's little room for amusement. If however, you have a Turkish root that tracks ICANN's dozen, and then adds 50 or 60 of its own, and a Chinese root that tracks ICANN's dozen, and then adds 75 or 100 of its own, it becomes interesting to watch a Turkish user try to reach one of those 75 Chinese TLDs, or the Chinese user try to reach one of the 50 Turkish additions, or either of those users trying to reach the *.special-sauce domain the first alternate root created. A collision isn't the only failure mode to worry about And I didn't say it was, Valdis. I am fairly familiar with the potential problems of conflicting root zones, and, to date, I observe that -- in general -- they have fairly consistently failed to occur. Indeed, though, if governments get into the act, things are more likely to get broken. But Steve appeared to be suggesting that there was no reasonable way to *avoid* problems -- and that's clearly not the case. If I misinterpreted Steve, no doubt he'll correct me. But there are two fairly prominent, widely operated alternate root zones out there, ORSC, and P-R, which don't collide as far as I know, and between them probably account for a large percentage of the .01% of networks resolving off of non-ICANN roots. Seems to me any country wanting to build an alternate ccTLD and choosing one which is available in both those roots and not known to be planned as an active TLD at ICANN would be in pretty good shape. And don't most of us consider ourselves engineering types here? You deal with what *is*, not what you'd *like* to be. Sure, multiple, only informally synchronized roots aren't the best state of affairs. But they don't exist simply because one guy thought it would be cool; this isn't Joe's Bar and Root Zone we're talking about here... Cheers, -- jra -- Jay R. Ashworth[EMAIL PROTECTED] Designer+-Internetworking--+--+ RFC 2100 Ashworth Associates | Best Practices Wiki | |'87 e24 St Petersburg FL USAhttp://bestpractices.wikicities.com+1 727 647 1274 If you can read this... thank a system administrator. Or two. --me
Re: Enable BIND cache server to resolve chinese domain name?
On Mon, 4 Jul 2005, Paul Vixie wrote: for those excellent readers who didn't follow this, here's an excerpt from http://european.de.orsn.net/faq.php#opmode: [skip] what this means is, it can't conflict with ICANN data other than that if ICANN deletes something it might not show up in ORSN. mathematically speaking that's a superset, but politically speaking it's not at all like an alternative root. While I doubt ICANN would delete a TLD zone (and if that happened it would presumably be for dead tld which no requests are expected to come to), I'm concerned that their system might work in regards to to host glue records which there are quite a number of in root zone. If some nameserver is no longer used by TLD and and now it wants to change its ip address, it would presumably request deletion of its glue record from root zone and then be able to change ip with no effect on anyone on the net. But if ORSN does not pick it up this would mean they will continue to use old ip address and that would cause inconsistency (which I suspect will not be easy to track either). What I don't understand why for their project they don't just go ahead and copy ICANN root zone as-is. -- William Leibzon Elan Networks [EMAIL PROTECTED]
Re: Enable BIND cache server to resolve chinese domain name?
william(at)elan.net wrote: On Mon, 4 Jul 2005, Paul Vixie wrote: for those excellent readers who didn't follow this, here's an excerpt from http://european.de.orsn.net/faq.php#opmode: [skip] what this means is, it can't conflict with ICANN data other than that if ICANN deletes something it might not show up in ORSN. mathematically speaking that's a superset, but politically speaking it's not at all like an alternative root. While I doubt ICANN would delete a TLD zone (and if that happened it would presumably be for dead tld which no requests are expected to come to), I'm concerned that their system might work in regards to to host glue records which there are quite a number of in root zone. If some nameserver is no longer used by TLD and and now it wants to change its ip address, it would presumably request deletion of its glue record from root zone and then be able to change ip with no effect on anyone on the net. But if ORSN does not pick it up this would mean they will continue to use old ip address and that would cause inconsistency (which I suspect will not be easy to track either). check_soa from the O'Reilly book 'DNS and Bind' will do or dig XXX +nsserach What I don't understand why for their project they don't just go ahead and copy ICANN root zone as-is. Copyright reasons. But nevertheless those 261 zones are watched to be synchronous to the ICANN root. And there is another check that sees when suddenly a new zone appears like it did for '.eu' some month ago. Both Public-Root and ORSN had it the very same day. I have seen when ORNS and ICANN were out of sync ORSN hat the information from the zone file for 'at', '.de' and '.gr' while ICANN had stale information for a very long time. Same went for '.ke' and the Public-Root for a month or two. Regards, Peter and Karin Dambier -- Peter and Karin Dambier Public-Root Graeffstrasse 14 D-64646 Heppenheim +49-6252-671788 (Telekom) +49-179-108-3978 (O2 Genion) +49-6252-750308 (VoIP: sipgate.de) +1-360-448-1275 (VoIP: freeworldialup.com) +1-360-226-6583-9563 (INAIC) mail: [EMAIL PROTECTED] http://iason.site.voila.fr http://www.kokoom.com/iason
Re: The whole alternate-root ${STATE}horse (was Re: Enable BIND cache server to resolve chinese domain name?)
On Tue, 5 Jul 2005, Jay R. Ashworth wrote: But Steve appeared to be suggesting that there was no reasonable way to *avoid* problems -- and that's clearly not the case. If I misinterpreted Steve, no doubt he'll correct me. But there are two fairly prominent, I don't think that was what I said. What I was attempting to say is that the issue of alternate roots probably isn't something that's worth worrying about. I see no reason why they'll catch on, other than perhaps in limited cases where they'll work ok. In the general case, with alternate roots, there's a chicken and egg problem. Right now, if you're an end user doing your DNS lookups via the ICANN root, you can get to just about everything. If you're something that end users want to connect to, using an ICANN-recognized domain will mean almost everybody can get to you, while an alternative TLD would mean only a tiny fraction of the Internet would be able to get to you. So, if you're a content provider, why would you use anything other than a real ICANN-recognized domain? And, if the content providers aren't using real domain names, why would an end user care about whether they can get to the TLDs that nobody is using? This is the same phonomenon we saw ten years ago, as the various online services, GENIE, Prodigy, MCIMail, Compuserve, AOL, etc. either interconnected their e-mail systems with the Internet or faded away and died. As the Internet got more and more critical mass, there was less and less incentive to be using something else. It's been a long time since I've seen a business card with several different, incompatible, e-mail addresses printed on it, and that's because something simpler worked, not because people screamed loudly about the falling sky. The exceptions to this that I see would be either when somebody comes out with something that is so much better that it's useful in spite of a lack of an installed userbase (Skype may be doing this to phone calls), or when something is rolled out to a large enough self-contained user community that the lack of ability to communicate outside that region won't be a significant barrier. If a few large countries were to roll out alternate root zones nation-wide, in such a way that they worked well for domestic communication, but couldn't be used for international stuff, *maybe* that would be good enough to catch on. But still, anybody wanting to communicate outside that region or userbase would probably find they were much happier using addresses that met global standards. So anyhow, that's a long way of saying that, just as this hasn't gone anywhere any of the many other times it's been raised over the last several years, it's unlikely to go anywhere, or cause problems, this time. -Steve
Re: Enable BIND cache server to resolve chinese domain name?
I don't think the root zone is sufficiently original to be legally copyrightable. And we don't have database copyright in the US. Even if it were copyrightable, it is made avaiable for download hence there is good reason to assume an implied license. On Tue, 5 Jul 2005, Peter Dambier wrote: william(at)elan.net wrote: [in response to] What I don't understand why for their project they don't just go ahead and copy ICANN root zone as-is. Copyright reasons. -- http://www.icannwatch.org Personal Blog: http://www.discourse.net A. Michael Froomkin |Professor of Law| [EMAIL PROTECTED] U. Miami School of Law, P.O. Box 248087, Coral Gables, FL 33124 USA +1 (305) 284-4285 | +1 (305) 284-6506 (fax) | http://www.law.tm --It's hot here.--
Re: The whole alternate-root ${STATE}horse (was Re: Enable BIND cache server to resolve chinese domain name?)
steve, all. On Tue, Jul 05, 2005 at 10:01:22AM -0700, Steve Gibbard wrote: problem. Right now, if you're an end user doing your DNS lookups via the ICANN root, you can get to just about everything. If you're something that end users want to connect to, using an ICANN-recognized domain will mean almost everybody can get to you, while an alternative TLD would mean only a tiny fraction of the Internet would be able to get to you. So, if you're a content provider, why would you use anything other than a real ICANN-recognized domain? And, if the content providers aren't using real domain names, why would an end user care about whether they can get to the TLDs that nobody is using? s/ICANN root/real Internet/ s/alternative TLD/IPv6/ The exceptions to this that I see would be either when somebody comes out with something that is so much better that it's useful in spite of a lack of an installed userbase (Skype may be doing this to phone calls), or when something is rolled out to a large enough self-contained user community that the lack of ability to communicate outside that region won't be a significant barrier. [...] But still, anybody wanting to communicate outside that region or userbase would probably find they were much happier using addresses that met global standards. all of this applies directly to lack of IPv6 adoption, again. So anyhow, that's a long way of saying that, just as this hasn't gone anywhere any of the many other times it's been raised over the last several years, it's unlikely to go anywhere, or cause problems, this time. so does this. IPv6: unlikely to go anywhere or cause problems. good to know. funny. all threads eventually merge. (and then someone mentions the nazis and they end. i think meta-mentions like this explicitly don't count so we may have to suffer through this thread for a while longer). t. -- _ todd underwood director of operations security renesys - interdomain intelligence [EMAIL PROTECTED] www.renesys.com
Re: The whole alternate-root ${STATE}horse (was Re: Enable BIND cache server to resolve chinese domain name?)
On Tue, 5 Jul 2005, Todd Underwood wrote: problem. Right now, if you're an end user doing your DNS lookups via the ICANN root, you can get to just about everything. If you're something that end users want to connect to, using an ICANN-recognized domain will mean almost everybody can get to you, while an alternative TLD would mean only a tiny fraction of the Internet would be able to get to you. So, if you're a content provider, why would you use anything other than a real ICANN-recognized domain? And, if the content providers aren't using real domain names, why would an end user care about whether they can get to the TLDs that nobody is using? s/ICANN root/real Internet/ s/alternative TLD/IPv6/ That isn't as perfect a simile as you're attempting to make it, because the pairs do not have the same relationships to each other: With ICANN vs. non-ICANN roots, you have one in isolated parallel to the other, with one happening to imitate the contents of the other. (In addition, you have multiple non-ICANN roots which do not imitate each other.) With IPv4 vs. IPv6, you have one as an integrable parallel to the other, where both can operate simultaneously from any host, and interoperability of single-type connectivity can be accomplished at the low protocol level (NAT-PT and similar). Non-ICANN vs. ICANN is much more like OSI vs. IP, rather than IPv6 vs. IPv4. Good try, though. -- -- Todd Vierling [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED]
Re: The whole alternate-root ${STATE}horse (was Re: Enable BIND cache server to resolve chinese domain name?)
On Tue, Jul 05, 2005 at 10:01:22AM -0700, Steve Gibbard wrote: On Tue, 5 Jul 2005, Jay R. Ashworth wrote: But Steve appeared to be suggesting that there was no reasonable way to *avoid* problems -- and that's clearly not the case. If I misinterpreted Steve, no doubt he'll correct me. But there are two fairly prominent, I don't think that was what I said. What I was attempting to say is that the issue of alternate roots probably isn't something that's worth worrying about. I see no reason why they'll catch on, other than perhaps in limited cases where they'll work ok. Catch on in the consumer sense? No, probably not -- though the question is will IAP's switch their resolver servers to an alt-root which leads directly to: In the general case, with alternate roots, there's a chicken and egg problem. Right now, if you're an end user doing your DNS lookups via the ICANN root, you can get to just about everything. If you're something that end users want to connect to, using an ICANN-recognized domain will mean almost everybody can get to you, while an alternative TLD would mean only a tiny fraction of the Internet would be able to get to you. So, if you're a content provider, why would you use anything other than a real ICANN-recognized domain? And, if the content providers aren't using real domain names, why would an end user care about whether they can get to the TLDs that nobody is using? Two points: 1) this speaks to the same issue as my comments the other day on the IPv6 killer app, though it's admittedly even harder to posit a site which would do this. 2) Based on the events earlier in the week, I believe that's a US Department of Commerce approved TLD... which changes the game a little bit. This is the same phonomenon we saw ten years ago, as the various online services, GENIE, Prodigy, MCIMail, Compuserve, AOL, etc. either interconnected their e-mail systems with the Internet or faded away and died. As the Internet got more and more critical mass, there was less and less incentive to be using something else. It's been a long time since I've seen a business card with several different, incompatible, e-mail addresses printed on it, and that's because something simpler worked, not because people screamed loudly about the falling sky. Certainly. But there weren't geopolitical implications there, merely commercial ones. I think the stakes may be a bit higher here, particularly in the case we were using as an example: China. The exceptions to this that I see would be either when somebody comes out with something that is so much better that it's useful in spite of a lack of an installed userbase (Skype may be doing this to phone calls), Yup. Killer apps are great. Hard to predict; *really* hard to invent. or when something is rolled out to a large enough self-contained user community that the lack of ability to communicate outside that region won't be a significant barrier. If a few large countries were to roll out alternate root zones nation-wide, in such a way that they worked well for domestic communication, but couldn't be used for international stuff, *maybe* that would be good enough to catch on. But still, anybody wanting to communicate outside that region or userbase would probably find they were much happier using addresses that met global standards. But again, you're positing that someone would create a root zone that *purposefully* conflicted with the current one, which doesn't seem supported by history, much less common sense. Am I wrong that you mean that? So anyhow, that's a long way of saying that, just as this hasn't gone anywhere any of the many other times it's been raised over the last several years, it's unlikely to go anywhere, or cause problems, this time. Maybe. China's *really* big. America's *really* unpopular, in some places. Cheers, -- jra -- Jay R. Ashworth[EMAIL PROTECTED] Designer Baylink RFC 2100 Ashworth AssociatesThe Things I Think'87 e24 St Petersburg FL USA http://baylink.pitas.com +1 727 647 1274 If you can read this... thank a system administrator. Or two. --me
Re: The whole alternate-root ${STATE}horse (was Re: Enable BIND cache server to resolve chinese domain name?)
What? You mean that marketing spin doesn't convince you of how much a killer app something is? ;-) - ferg -- Jay R. Ashworth [EMAIL PROTECTED] wrote: Yup. Killer apps are great. Hard to predict; *really* hard to invent. -- Fergie, a.k.a. Paul Ferguson Engineering Architecture for the Internet [EMAIL PROTECTED] or [EMAIL PROTECTED] ferg's tech blog: http://fergdawg.blogspot.com/
RE: Enable BIND cache server to resolve chinese domain name?
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Steve Gibbard Sent: Monday, July 04, 2005 1:20 AM To: [EMAIL PROTECTED] Subject: Re: Enable BIND cache server to resolve chinese domain name? On Mon, 4 Jul 2005, Mark Andrews wrote: [ SNIP ] That doesn't mean a competing system wouldn't work, for those who are using it. They'd just be limited in who they could talk to, and that generally wouldn't be very appealing. Are you just making noise here, Steve? That doesn't really say anything outside of status quo. That said, a big country implementing a new DNS root on a national scale may not have that problem. The telecom world is already full of systems that don't cross national borders. In the US case, think of all the cell phones that have international dialing turned off by default, That's a poor example. That's between the subscriber and their carrier, not a technical limitation. and all the 800 numbers whose owners probably aren't at all bothered by their inability to receive calls from other countries. That's also a poor example since there are work arounds for this technical issue. A system that would limit my ability to talk to people in other countries doesn't sound very appealing to me. I know. I know. Don't feed the trolls. -M
Re: The whole alternate-root ${STATE}horse (was Re: Enable BIND cache server to resolve chinese domain name?)
At 9:43 AM -0400 2005-07-05, Jay R. Ashworth wrote: Moreover, most of them are unlikely to be willing to just live with the problem, if no other suitable technical solution can be found. Instead, they'll believe the sales pitch of someone else who says that they can fix the problem, even if that's not technically possible. Well they might. Well, actually, poorly they might. But that argument seems to play right *to* the alt-root operators, since the fix is to switch your customer resolvers to point to one of them. I disagree. The problem is that there are too many alternatives. (Assuming, of course, they stay supersets of ICANN, and don't get at cross-purposes with one another.) The problem is that they are pretty much guaranteed to get at cross-purposes. In fact, merging them at your resolvers might be the best solution. I don't think that's really practical. I'm sorry, I just don't trust them to write a resolver that's going to get included in libc (or wherever), and for which the world is going to be dependant. The alternative roots will always be marginal, at best. The problem is that while they are marginal, they can still create serious problems for the rest of us. But Steve's approach doesn't seem to *me* to play in that direction. Am I wrong? I'm not sure I understand which Steve you're talking about. Do you mean Steve Gibbard, in his post dated Sun, 3 Jul 2005 22:20:13 -0700 (PDT)? If so, then each country running their own alternative root won't solve the problem of data leaking through the edges. People will always be able to access data by pure IP address, or choosing to use the real root servers. Push come to shove, and the real root servers could be proxied through other systems via other methods. The reverse problem is more difficult to deal with -- that of people wanting to access Chinese (or whatever) sites that can only be found in the Chinese-owned alternative root. -- Brad Knowles, [EMAIL PROTECTED] Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety. -- Benjamin Franklin (1706-1790), reply of the Pennsylvania Assembly to the Governor, November 11, 1755 SAGE member since 1995. See http://www.sage.org/ for more info.
Re: The whole alternate-root ${STATE}horse (was Re: Enable BIND cache server to resolve chinese domain name?)
On Tue, Jul 05, 2005 at 08:38:41PM +0200, Brad Knowles wrote: At 9:43 AM -0400 2005-07-05, Jay R. Ashworth wrote: Moreover, most of them are unlikely to be willing to just live with the problem, if no other suitable technical solution can be found. Instead, they'll believe the sales pitch of someone else who says that they can fix the problem, even if that's not technically possible. Well they might. Well, actually, poorly they might. But that argument seems to play right *to* the alt-root operators, since the fix is to switch your customer resolvers to point to one of them. I disagree. The problem is that there are too many alternatives. To many alt-roots? Or too many alt-TLD's? (Assuming, of course, they stay supersets of ICANN, and don't get at cross-purposes with one another.) The problem is that they are pretty much guaranteed to get at cross-purposes. Well, there have been alt-root zones available for, what 6 or 7 years now? And how many collisions have there actually been in practice? 2? 3? In fact, merging them at your resolvers might be the best solution. I don't think that's really practical. I'm sorry, I just don't trust them to write a resolver that's going to get included in libc (or wherever), and for which the world is going to be dependant. Well, I meant at your customer recursive resolver servers, since the topic at hand was what do IAP's do to support their retail customers, but... The alternative roots will always be marginal, at best. The problem is that while they are marginal, they can still create serious problems for the rest of us. In the context which people have been discussing, I don't honestly see how they cause the rest of us problems. People with domains *in* those aTLD's, yes. But as I noted somewhere else in this thread, the only people who would have un-mirrored aTLD domains would be precisely those who were evangelising for the concept, and it would be in their best interest to be explaining what was going on... But Steve's approach doesn't seem to *me* to play in that direction. Am I wrong? I'm not sure I understand which Steve you're talking about. Do you mean Steve Gibbard, in his post dated Sun, 3 Jul 2005 22:20:13 -0700 (PDT)? I did mean Mr. Gibbard, yes. If so, then each country running their own alternative root won't solve the problem of data leaking through the edges. Data leaking through the edges... People will always be able to access data by pure IP address, or choosing to use the real root servers. Push come to shove, and the real root servers could be proxied through other systems via other methods. Real is *such* a metaphysical term here, isn't it? :-) The reverse problem is more difficult to deal with -- that of people wanting to access Chinese (or whatever) sites that can only be found in the Chinese-owned alternative root. Stipulated. But whose problem *is* that? Cheers, -- jra -- Jay R. Ashworth[EMAIL PROTECTED] Designer Baylink RFC 2100 Ashworth AssociatesThe Things I Think'87 e24 St Petersburg FL USA http://baylink.pitas.com +1 727 647 1274 If you can read this... thank a system administrator. Or two. --me
Re: The whole alternate-root ${STATE}horse (was Re: Enable BIND cache server to resolve chinese domain name?)
On Wed, Jul 06, 2005 at 01:06:15AM +0200, Brad Knowles wrote: To many alt-roots? Or too many alt-TLD's? Too many of the former is likely to lead to having too many of the latter. Both are bad. I don't know that I agree with either of those assertions, absent collision problems, personally, but this subthread officially makes this a religious argument; comments here off-list. The problem is that they are pretty much guaranteed to get at cross-purposes. Well, there have been alt-root zones available for, what 6 or 7 years now? And how many collisions have there actually been in practice? 2? 3? We have not yet hit the knee of the curve. Perhaps. I think those people are *much* more concerned about this than I think you think they are. I don't think that's really practical. I'm sorry, I just don't trust them to write a resolver that's going to get included in libc (or wherever), and for which the world is going to be dependant. Well, I meant at your customer recursive resolver servers, since the topic at hand was what do IAP's do to support their retail customers, but... I don't trust them to write code that will be used in mission-critical situations or places, regardless of where that is. Wasn't sure which them you meant here... It's not that they don't have the best intentions -- I'm sure that at least some of them do. It's that they don't have the necessary experience. The people I would trust to have enough of the right experience to make something like this work (if that's possible at all) are the same people who wrote Nominum's ANS and CNS. However, I suspect that they would probably be about the last people in the world who would be interested in trying to make something like this work. And then I figured it out. Hmmm... again, absent TLD collisions, I don't see that writing a recursive-only server that can coalesce the TLD namespace from multiple roots ought to be *that* hard... but then I'm not Cricket, neither. People will always be able to access data by pure IP address, or choosing to use the real root servers. Push come to shove, and the real root servers could be proxied through other systems via other methods. Real is *such* a metaphysical term here, isn't it? :-) Heh. Shall we use the term IRS? As in Incumbent Root Servers? I don't have a problem with that one, the amusing connotations notwithstanding. Incumbent isn't a value judgement, it's merely descriptive. The reverse problem is more difficult to deal with -- that of people wanting to access Chinese (or whatever) sites that can only be found in the Chinese-owned alternative root. Stipulated. But whose problem *is* that? The users will make it our problem, if we don't get this sorted out soon. Yup, it is. And my perception is that the cat is *out* of the bag, and fretting about how bad it would be were the cat to get out of the bag (which is my perception of most people's view of this issue) isn't especially productive; the solution is to figure out how to manage the problem. Cheers, -- jra -- Jay R. Ashworth[EMAIL PROTECTED] Designer Baylink RFC 2100 Ashworth AssociatesThe Things I Think'87 e24 St Petersburg FL USA http://baylink.pitas.com +1 727 647 1274 If you can read this... thank a system administrator. Or two. --me
Re: The whole alternate-root ${STATE}horse (was Re: Enable BIND cache server to resolve chinese domain name?)
On Wed, Jul 06, 2005 at 08:52:09AM +0930, Mark Newton wrote: Stipulated. But whose problem *is* that? The users will make it our problem, if we don't get this sorted out soon. It seems to me that this is *already* sorted out, and that all of this discussion has been about whether to invent new problems, rather than about whether to solve existing problems. Sorry to hear you feel that way, Mark. I'm not entitled to have on-topicness opinions here, but Brad is, and he hasn't told me to shut up yet. ;-) Alternate root servers exist for one plain simple reason: To give their operators their own little playpen of TLDs they can mess around with without ICANN getting in their faces. People who don't want to own and operate TLDs don't actually give a crap about that reason. These operators have been pushing this idea for 6 or 7 years now. Frankly I'm of the view that if the benefits of alternate roots were in any way desirable *to anyone other than those who operate them* we'd probably all be using them by now. But we aren't. And probably never will. I dunno, The China Proposition seemed fairly believable to *me*... If we probably never will then the alternate root operators can either stop flogging their dead horse and shuffle off into the sunset, or they can continue to pollute mailing lists with useless discussions about whether they have a right to exist every time the concept is mentioned from now until eternity, just like they do now. Note that I am *not* an alt-root operator, nor do I have any direct or indirect interest in any of them, except that some of my routers are configured to resolve off of them. Right now, on July 5th 2005, The whole alternate-root ${STATE}horse has absolutely zero operational impact on any network operators. So could y'all please perhaps take it to USEnet where it belongs and let this list get back to normal? My appraisal is that it has about as much direct percentage impact on North American networks as IPv6 and Multicast. And, as Brad notes, there's a believable case to be made that it *might become* an issue to this audience. All those who disagree or don't object to being caught with their pants down are welcome to kill the thread, which I courteously retitled and unthreaded at the outset. Cheers, -- jra -- Jay R. Ashworth[EMAIL PROTECTED] Designer+-Internetworking--+--+ RFC 2100 Ashworth Associates | Best Practices Wiki | |'87 e24 St Petersburg FL USAhttp://bestpractices.wikicities.com+1 727 647 1274 If you can read this... thank a system administrator. Or two. --me
Re: The whole alternate-root ${STATE}horse (was Re: Enable BIND cache server to resolve chinese domain name?)
At 7:37 PM -0400 2005-07-05, Jay R. Ashworth wrote: Hmmm... again, absent TLD collisions, I don't see that writing a recursive-only server that can coalesce the TLD namespace from multiple roots ought to be *that* hard... but then I'm not Cricket, neither. In theory, it should be trivial. In practice, I believe that it is quite non-trivial. I believe that we can look around and pretty easily find at least a few examples that demonstrate how difficult it is to get this right. The history of BIND alone is quite instructive, I believe. The fact that everyone and their brother seems to create authoritative-only servers as their 6th grade science project, but there are still relatively few caching-only servers, is another data point. And my perception is that the cat is *out* of the bag, and fretting about how bad it would be were the cat to get out of the bag (which is my perception of most people's view of this issue) isn't especially productive; the solution is to figure out how to manage the problem. I'm not sure, but I think we're at the stage where we might just be able to put the genie back in the bottle, if we act fast and we can get suitable alternative mechanisms in place through the existing official IETF/ICANN process. But if we don't get this fixed soon, I fear that we'll never be able to do that. At that point, we've got our private parts hanging out in the wind, and we're depending on the good nature of people not to come along and whack them with baseball bats, and we're depending on good fortune keeping harsh weather away that might result in lightning strikes. There's not much we can do to stop the alternate roots. They already exist, and at least two are currently in operation. However, I think we can look at what it is that they're offering in terms of i18n and see what we can do to address those issues from inside the system. IMO, i18n is the only potentially legitimate thing that alternate roots are capable of providing, and the only thing we need to worry about resolving within the system. Outside of i18n, I don't give a flying flip what the alternate roots do or what services they claim to offer. And that, I believe, is operationally relevant because the outcome will affect us all. If nothing else, code will have to be adapted to match whatever is specified as a result of the IETF/ICANN political process. And we'll all have to update our servers. -- Brad Knowles, [EMAIL PROTECTED] Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety. -- Benjamin Franklin (1706-1790), reply of the Pennsylvania Assembly to the Governor, November 11, 1755 SAGE member since 1995. See http://www.sage.org/ for more info.
Re: Enable BIND cache server to resolve chinese domain name?
At 8:46 PM -0700 2005-07-03, william(at)elan.net wrote: On Sun, 3 Jul 2005, John Palmer (NANOG Acct) wrote: ICANN has no right to claim that they are the authority for the namespace. They are NOT. Also note the word PUBLIC in PUBLIC-ROOT. Yeh, that's just great - PUBLIC being used in propoganda compaign to create what appears to be private internet in China... Sounds kind of like the People's Democratic Republic of China, to me. In that it is neither democratic nor a republic, that is. Lots of words tend to get highly abused in this world, many times to mean anything but the original usage. Public is one of them. CAN-SPAM now means I *can* spam. Nothing new here, move along -- Brad Knowles, [EMAIL PROTECTED] Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety. -- Benjamin Franklin (1706-1790), reply of the Pennsylvania Assembly to the Governor, November 11, 1755 SAGE member since 1995. See http://www.sage.org/ for more info.
Re: Enable BIND cache server to resolve chinese domain name?
That said, a big country implementing a new DNS root on a national scale may not have that problem. The telecom world is already full of systems that don't cross national borders. In the US case, think of all the cell phones that have international dialing turned off by default, and all the 800 numbers whose owners probably aren't at all bothered by their inability to receive calls from other countries. The fact is that most Chinese people want to access the same Internet resources as most Americans. Namely, those resources that exist in their own country in their own language. So if someone offers a root zone that contains everything in the ICANN zone plus additional zones that give access to resources for a specific language group, i.e. Chinese-speakers, then it doesn't seem farfetched for all Chinese-speaking countries to use that extended root zone. And it also does not seem farfetched for American ISPs who market access services to the Chinese speaking community in the USA to also use that extended root zone. A system that would limit my ability to talk to people in other countries doesn't sound very appealing to me. Every public root experiment that I have seen has always operated as a superset of the ICANN root zone. In the past they often have not had good ways to deal with TLD collision but this may well have changed. Certainly, the xn-- TLDs seem rather unlikely to collide with ICANN TLDs. I think that the marketing people are going to win this one. There is no marketable benefit to the ICANN root zone but there are clear advantages for countries using non-Latin alphabets to switch to a root zone that allows for their own language to be used in domain names. Turkey was recently mentioned and that is also a country that uses a non-Latin alphabet. --Michael Dillon
Re: Enable BIND cache server to resolve chinese domain name?
On 04/07/05, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: I think that the marketing people are going to win this one. There is no marketable benefit to the ICANN root zone but there are clear advantages for countries using non-Latin alphabets to switch to a root zone that allows for their own language to be used in domain names. Turkey was recently mentioned and that is also a country that uses a non-Latin alphabet. There is a lot of IDN fun to be had with several competing - and incompatible - technologies, each pushed by rival providers so that there is practically no incentive to interoperate. Some amusingly planted puff pieces, and other clumsy attempts at PR as well .. http://www.circleid.com/article/1074_0_1_0_C/ for example Ignore them and they'll either go the hell away or spend some time fighting against each other and kill each other off. And the public root people can continue using their intranet domains I guess. -- Suresh Ramasubramanian ([EMAIL PROTECTED])
Re: Enable BIND cache server to resolve chinese domain name?
On Mon, 4 Jul 2005, Suresh Ramasubramanian wrote: There is a lot of IDN fun to be had with several competing - and incompatible - technologies, each pushed by rival providers so that there is practically no incentive to interoperate. Is draft-klensin-idn-tld-05.txt likely to get any traction? Tony. -- f.a.n.finch [EMAIL PROTECTED] http://dotat.at/ BISCAY: WEST 5 OR 6 BECOMING VARIABLE 3 OR 4. SHOWERS AT FIRST. MODERATE OR GOOD.
Re: Enable BIND cache server to resolve chinese domain name?
At 11:26 AM +0100 2005-07-04, [EMAIL PROTECTED] wrote: I think that the marketing people are going to win this one. There is no marketable benefit to the ICANN root zone but there are clear advantages for countries using non-Latin alphabets to switch to a root zone that allows for their own language to be used in domain names. That works, up until the point where India decides to use a different alternative root solution than China does. That works, up until the point where the inexperienced alternative root operators screw something up and their entire expanded Internet goes down, while the real root servers continue normal operations. The balkanization of the 'net is something to be avoided at all possible costs. Turkey was recently mentioned and that is also a country that uses a non-Latin alphabet. It doesn't matter how many non-Latin alphabets you introduce. What matters is that there can be only one root. -- Brad Knowles, [EMAIL PROTECTED] Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety. -- Benjamin Franklin (1706-1790), reply of the Pennsylvania Assembly to the Governor, November 11, 1755 SAGE member since 1995. See http://www.sage.org/ for more info.
Re: Enable BIND cache server to resolve chinese domain name?
On 04/07/05, Brad Knowles [EMAIL PROTECTED] wrote: That works, up until the point where India decides to use a different alternative root solution than China does. That works, up Oh - most indians couldnt care a sh*t about it I expect, except those who have business or other contacts with china. On the other hand, .tw and .cn are quite likely to find sharing the same namespace very tough .. and there are all the oh so wonderful encoding and other differences that you can get that make IDN using nonstandard and non interoperable schemes so very interesting. --srs -- Suresh Ramasubramanian ([EMAIL PROTECTED])
Re: Enable BIND cache server to resolve chinese domain name?
Ignore them and they'll either go the hell away or spend some time fighting against each other and kill each other off. I'm sure that they will NOT go away and I doubt that they will kill each other off. This is more of an evolutionary type struggle and not a physical combat. They are battling it out in the marketplace and one of the IDN solutions will evolve to the point where the market considers it clearly superior. This may be the IETF-blessed solution and it may not. One only has to browse through the RFC archives to see that RFC status is no guarantee that something will be widely adopted. Personally, I think that the Internet is too young and we have too little experience with multilingual naming to engineer an Internationalised Domain Naming solution that solves the problem once and for all. This means that we should be ready for more than one iteration to get to the solution. --Michael Dillon
Re: Enable BIND cache server to resolve chinese domain name?
At 5:45 PM +0530 2005-07-04, Suresh Ramasubramanian wrote: On the other hand, .tw and .cn are quite likely to find sharing the same namespace very tough .. Okay, so the bigger problem is Taiwan versus China, or maybe Japan versus China, or maybe any other ethnic group/country that has issues with any other ethnic group/country. How about the Flemish versus the Walloons? Shall we split up .be into two separate roots? Oh, wait, there's the German-speaking portion in the far eastern part of the country Shall we have a separate root for each and every ethnic group in the world? Hey, here's an idea -- everyone in the world get their own separate root. Heck, let's be really silly -- let's go ahead an issue a separate root zone for each and every atomic particle in existence throughout the Universe. That should only take up a few hundred bits of space in every address The first step down this road is the most dangerous. It's the one that seems the most plausible. The most likely to help, and not to hurt. And the next step seems pretty plausible, too. And the third. And the fourth. But this way lies madness. -- Brad Knowles, [EMAIL PROTECTED] Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety. -- Benjamin Franklin (1706-1790), reply of the Pennsylvania Assembly to the Governor, November 11, 1755 SAGE member since 1995. See http://www.sage.org/ for more info.
Re: Enable BIND cache server to resolve chinese domain name?
At 1:25 PM +0100 2005-07-04, [EMAIL PROTECTED] wrote: They are battling it out in the marketplace and one of the IDN solutions will evolve to the point where the market considers it clearly superior. I think that would be the worst possible outcome. Personally, I think that the Internet is too young and we have too little experience with multilingual naming to engineer an Internationalised Domain Naming solution that solves the problem once and for all. This means that we should be ready for more than one iteration to get to the solution. I have no problem with multiple iterations to get this right. I have real problems with those multiple iterations being done via the marketplace. These sorts of things need to be engineered using the correct methods (at least, as known at the time), and they need to go through the correct process. That means the IETF. We don't let Joe Moron invent his own better-cheaper-faster replacement for SS7 and then casually bet-the-businesses/livelihoods of thousands or millions of innocent people that they got their engineering right. We shouldn't be allowing anyone to do the same for DNS. -- Brad Knowles, [EMAIL PROTECTED] Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety. -- Benjamin Franklin (1706-1790), reply of the Pennsylvania Assembly to the Governor, November 11, 1755 SAGE member since 1995. See http://www.sage.org/ for more info.
Re: Enable BIND cache server to resolve chinese domain name?
On Mon, 4 Jul 2005 [EMAIL PROTECTED] wrote: They are battling it out in the marketplace and one of the IDN solutions will evolve to the point where the market considers it clearly superior. This may be the IETF-blessed solution and it may not. One only has to browse through the RFC archives to see that RFC status is no guarantee that something will be widely adopted. Personally, I think that the Internet is too young and we have too little experience with multilingual naming to engineer an Internationalised Domain Naming solution that solves the problem once and for all. This means that we should be ready for more than one iteration to get to the solution. We should be careful to distinguish between i18n and localization. These private alternative DNS roots are specific to a particular set of users, so they implement DNS l10n which is not appropriate for a system that is supposed to be international. Slogan: localization is balkanization. Tony. -- f.a.n.finch [EMAIL PROTECTED] http://dotat.at/ BISCAY: WEST 5 OR 6 BECOMING VARIABLE 3 OR 4. SHOWERS AT FIRST. MODERATE OR GOOD.
Re: Enable BIND cache server to resolve chinese domain name?
That works, up until the point where India decides to use a different alternative root solution than China does. The only people affected by this are the people who run the alternative root used by China because, presumably, it means that they lose some business to a competitor who has won the Indian market. That works, up until the point where the inexperienced alternative root operators screw something up and their entire expanded Internet goes down, while the real root servers continue normal operations. Yes, and Google works until they screw something up and their wonderful search engine goes down while Excite and Yahoo et al. continue normal operations. These things happen and one would hope that the customers of this alternative root system make sure that their supplier has resiliency superior or equal to the ICANN root system. Some people may be shocked that I said superior in that sentence but consider that these alternative roots are likely to be more regional than the ICANN root and thus they could put more servers throughout a specific region than the ICANN roots can afford to set up. The balkanization of the 'net is something to be avoided at all possible costs. My company makes good money off balkanization of the 'net and we are definitely *NOT* the only one. AOL has always operated a network apart from the rest. The Internet is so big now that some balkanization is inevitable and it can even be a good thing. Do your customers care how fast they can get to http://www.satka.ru or http://www.vernon.ca What matters is that there can be only one root. One ring rule them all, One ring to find them, One ring to bring them all And in the darkness BIND them Isn't that what the Berkeley Internet Naming Daemon does? Some people think that this is too much like a single point of failure and that the right thing to do is to route around this by creating alternative root systems. They may be right and they may be wrong, but the only way to find out is to let them have a go. It has been almost 10 years now since the first alternative root (Alternic) started operation. The fact that this has not simply faded away shows that there may be something to it. Remember, the public root systems are not attacking the ICANN root infrastructure at the network layer in any way. They are not impeding the ability of the ICANN roots to function and they are not stopping people from following your only one root model. Their entrepreneurial spirit is consistent with the free and open way in which the Internet has developed. Remember the paraphrase from Voltaire: I disapprove of what you say, but I will defend to the death your right to say it --Michael Dillon
Re: Enable BIND cache server to resolve chinese domain name?
Shall we have a separate root for each and every ethnic group in the world? We could always create a gTLD in which the second level uses the ISO 639 codes for languages. That would have the same effect as giving each ethnic group a root especially if we require that each linguistic group establish a non-profit association to manage their 2LD. Unfortunately the Flemish would still have to settle for being grouped in with the Dutch. Unless they can convince the ISO that Flemish really is a separate language. Compare this to the situation with Serbian and Croatian. One language became two because the catholics decided to use a latin alphabet, the orthodox decided to use a cyrillic alphabet and they did lots of shooting. --Michael Dillon
Re: Enable BIND cache server to resolve chinese domain name?
On 04/07/05, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: My company makes good money off balkanization of the 'net and we are definitely *NOT* the only one. AOL has always operated a network apart from the rest. The Internet is so big now that some balkanization is inevitable and it can even be a good thing. Do your customers care how fast they can get to http://www.satka.ru or http://www.vernon.ca Erm... sorry to pee on your parade here but I have customers all over the world. Russia, Canada, China .. I have this feeling that if I tried that experiment I'd be neck deep in users screaming at me in russian, canuck-ified french and a few hundred other languages way to find out is to let them have a go. It has been almost 10 years now since the first alternative root (Alternic) started operation. The fact that this has not simply faded away shows that there may be something to it. Has it, like, you know, spread? Any OSs / distros etc that include it in their default root.hints, or maybe their /service/dnscache/root/servers/@? Their entrepreneurial spirit is consistent with the free and open way in which the Internet has developed. Remember the paraphrase from Voltaire: I love these analogies about the free and open internet. It is, to borrow that much maligned cliche from Al Gore or whoever, a superhighway. As in you are welcome to exercise your enterpreneurial spirit and your pioneering sense of going where no man has ever gone before, and do stuff like, for example, jaywalking across it - that way you end up roadkill. Or you could strike out into parts unknown, leave the mainstream alone and enjoy the lifestyle Dan'l Boone and the other mountain men must have had, not seeing any other human being for weeks. Sure, a whole lot of people like that built America but well, it took them a few centuries. By which time they're their own island, far away from the mainstream I'm done with this thread, I see it proceeding in a rather predictable direction, but as you quoted Voltaire, I'll leave you with this - No man is an island, entire of itself every man is a piece of the continent, a part of the main if a clod be washed away by the sea, Europe is the less, as well as if a promontory were, as well as if a manor of thy friends or of thine own were any man's death diminishes me, because I am involved in mankind and therefore never send to know for whom the bell tolls it tolls for thee. -- John Donne It is quite interesting to see how a sermon preached in the 1600s remains as relevant today, and in this context, as it was when it was first preached -- Suresh Ramasubramanian ([EMAIL PROTECTED])
Re: Enable BIND cache server to resolve chinese domain name?
Every public root experiment that I have seen has always operated as a superset of the ICANN root zone. not www.orsn.net. -- Paul Vixie
Re: Enable BIND cache server to resolve chinese domain name?
At 9:39 +0800 7/4/05, Joe Shen wrote: Hi, Some of our customer complaint they could not visit back to their web site, which use chinese domain name. I google the net and found some one recommend to use public-root.com servers in hint file. I found domain name like xn--8pru44h.xn--55qx5d could not be resolved either. Our cache server runs BIND9.3.1 with root server list from rs.internic.net. Do I need to modify our cache server configuration to enable it? Yes. In order to get BIND to resolve a domain name under the xn--55qx5d. TLD, you have to configure BIND's root hints to point to root servers making that delegation. If you do this you won't be able to simultaneously use the rs.internic.net listed servers. -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Edward Lewis+1-571-434-5468 NeuStar If you knew what I was thinking, you'd understand what I was saying.
Re: Enable BIND cache server to resolve chinese domain name?
On Mon, Jul 04, 2005 at 05:21:47PM +, Paul Vixie [EMAIL PROTECTED] wrote a message of 6 lines which said: Every public root experiment that I have seen has always operated as a superset of the ICANN root zone. not www.orsn.net. You are playing with words. ORSN serves the same data as ICANN. So, it is a superset, albeit a strict one.
Re: Enable BIND cache server to resolve chinese domain name?
# You are playing with words. ORSN serves the same data as ICANN. So, # it is a superset, albeit a strict one. # # (The excellent readers of NANOG already saw the bug by themselves, I # presume.) I wanted to say that ORSN is *not* a strict superset but is # nevertheless a superset. for those excellent readers who didn't follow this, here's an excerpt from http://european.de.orsn.net/faq.php#opmode: | What's the meaning of the status indication ICANN BASED and INDEPENDENT? | | ICANN BASED is the normal mode of ORSN which means that our database will | be synchronized with the root zone information provided by ICANN once a | day. A parser checks for differences between our database and the data that | we download by FTP from ICANN. However, removed TLDs won't be considered but | future TLDs (e.g. .EU) will automatically be added to our data base, linked | with nameserver data-records and finally, a new ORSN root zone will be | generated. Changed TLDs are processed this way too. This process (parsing, | database update and generation of the root zone) is automatic. | | The operating mode INDEPENDENT deactivates the (automatic) mechanism | described above and sets ORSN to independent operation. This mode is | activated whenever the political situation of the world - in our opinion - | makes this step necessary because the possibility of a modification and/or a | downtime of the ICANN root zone exists or we does not want that our root | zone will rebuild automatically. what this means is, it can't conflict with ICANN data other than that if ICANN deletes something it might not show up in ORSN. mathematically speaking that's a superset, but politically speaking it's not at all like an alternative root.
The whole alternate-root ${STATE}horse (was Re: Enable BIND cache server to resolve chinese domain name?)
On Sun, Jul 03, 2005 at 10:20:13PM -0700, Steve Gibbard wrote: On Mon, 4 Jul 2005, Mark Andrews wrote: Do I need to modify our cache server configuration to enable it? Only if you wish to do all your other customers a disfavour by configuring your caching servers to support a private namespace then yes. There's no particular technical magic to the ICANN-run roots, except that it's what just about everybody else is using. This means that if you enter the same hostname on two computers far away from each other, you're probably going to end up at the same place, or at least at places run by the same organization. This standardization is valuable, so anybody trying to make a different standard that isn't widely used compete with it is going to have a hard time convincing people to switch. That doesn't mean a competing system wouldn't work, for those who are using it. They'd just be limited in who they could talk to, and that generally wouldn't be very appealing. Well, Steve; that reply is a *little* disingenuous: all of the alternative root zones and root server clusters that *I'm* aware of track the ICANN root, except in the rare instances where there are TLD collisions. I'm not aware of any such specific collisions; I stopped tracking that area when NetSol shutdown that mailing list without warning several years ago. I merely observe that they're possible. A system that would limit my ability to talk to people in other countries doesn't sound very appealing to me. On the other hand, the Chinese government has been trying hard to limit or control communications between people in China and the rest of the world for years. In that sense, maintaining their own DNS root, incompatible with the rest of the world, might be seen as a considerable advantage. If they don't care about breaking compatibility with the DNS root the rest of the world uses, the disadvantages of such a scheme become fairly moot. Eric Raymond, that polarizing ambassador for open source, likes to disseminate the word (and concept) conflating -- that being the habit, or attempt, by an arguer of a point to hook together two related but distinct concepts that may both be involved in a topic, but may not have the cause and effect relationship being implied by said arguer. This is a good example, IMHO: Even if China *did* maintain their own root, unless they also maintained their own copies of the 2LD's, like .com, they couldn't snip out *specific* sites they didn't want people to see. But the whole there's a non-ICANN root: the sky is falling thing is an argument cooked up to scare the unwashed; us old wallas don't buy it. I just hope none of the unwashed *press* decide to blow the lid off of it; the public's lack of understanding of the underpinnings of the net is painful enough now... Cheers, -- jra -- Jay R. Ashworth[EMAIL PROTECTED] Designer+-Internetworking--+--+ RFC 2100 Ashworth Associates | Best Practices Wiki | |'87 e24 St Petersburg FL USAhttp://bestpractices.wikicities.com+1 727 647 1274 If you can read this... thank a system administrator. Or two. --me
Re: Enable BIND cache server to resolve chinese domain name?
Hi, Some of our customer complaint they could not visit back to their web site, which use chinese domain name. I google the net and found some one recommend to use public-root.com servers in hint file. I found domain name like xn--8pru44h.xn--55qx5d could not be resolved either. Our cache server runs BIND9.3.1 with root server list from rs.internic.net. Do I need to modify our cache server configuration to enable it? regards Joe Only if you wish to do all your other customers a disfavour by configuring your caching servers to support a private namespace then yes. I would have thought the Site Finder experience would have stopped people from thinking that they can arbitarially add names to to the public DNS. Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: [EMAIL PROTECTED]
Re: Enable BIND cache server to resolve chinese domain name?
ICANN has no right to claim that they are the authority for the namespace. They are NOT. Also note the word PUBLIC in PUBLIC-ROOT. - Original Message - From: Mark Andrews [EMAIL PROTECTED] To: Joe Shen [EMAIL PROTECTED] Cc: [EMAIL PROTECTED]; NANGO nanog@merit.edu Sent: Sunday, July 03, 2005 9:12 PM Subject: Re: Enable BIND cache server to resolve chinese domain name? Hi, Some of our customer complaint they could not visit back to their web site, which use chinese domain name. I google the net and found some one recommend to use public-root.com servers in hint file. I found domain name like xn--8pru44h.xn--55qx5d could not be resolved either. Our cache server runs BIND9.3.1 with root server list from rs.internic.net. Do I need to modify our cache server configuration to enable it? regards Joe Only if you wish to do all your other customers a disfavour by configuring your caching servers to support a private namespace then yes. I would have thought the Site Finder experience would have stopped people from thinking that they can arbitarially add names to to the public DNS. Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: [EMAIL PROTECTED]
Re: Enable BIND cache server to resolve chinese domain name?
Hi, Only if you wish to do all your other customers a disfavour by configuring your caching servers to support a private namespace then yes. The problem is chinese domain name is hosted and could be registered by people around. So, we just have to enable service as more as possible. Joe Send instant messages to your online friends http://asia.messenger.yahoo.com
Re: Enable BIND cache server to resolve chinese domain name?
On Jul 3, 2005, at 7:36 PM, John Palmer (NANOG Acct) wrote: ICANN has no right to claim that they are the authority for the namespace. They are NOT. Horse == dead. Also note the word PUBLIC in PUBLIC-ROOT. My i18n must be broken. All I see is SNAKE-OIL. -david ulevitch - Original Message - From: Mark Andrews [EMAIL PROTECTED] To: Joe Shen [EMAIL PROTECTED] Cc: [EMAIL PROTECTED]; NANGO nanog@merit.edu Sent: Sunday, July 03, 2005 9:12 PM Subject: Re: Enable BIND cache server to resolve chinese domain name? Hi, Some of our customer complaint they could not visit back to their web site, which use chinese domain name. I google the net and found some one recommend to use public-root.com servers in hint file. I found domain name like xn--8pru44h.xn--55qx5d could not be resolved either. Our cache server runs BIND9.3.1 with root server list from rs.internic.net. Do I need to modify our cache server configuration to enable it? regards Joe Only if you wish to do all your other customers a disfavour by configuring your caching servers to support a private namespace then yes. I would have thought the Site Finder experience would have stopped people from thinking that they can arbitarially add names to to the public DNS. Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: [EMAIL PROTECTED] !DSPAM:42c8a103122651094118373!
Re: Enable BIND cache server to resolve chinese domain name?
On Sun, 3 Jul 2005, John Palmer (NANOG Acct) wrote: ICANN has no right to claim that they are the authority for the namespace. They are NOT. Also note the word PUBLIC in PUBLIC-ROOT. Yeh, that's just great - PUBLIC being used in propoganda compaign to create what appears to be private internet in China... -- William Leibzon Elan Networks [EMAIL PROTECTED]
Re: Enable BIND cache server to resolve chinese domain name?
On Mon, 4 Jul 2005, Mark Andrews wrote: Some of our customer complaint they could not visit back to their web site, which use chinese domain name. I google the net and found some one recommend to use public-root.com servers in hint file. I found domain name like xn--8pru44h.xn--55qx5d could not be resolved either. Our cache server runs BIND9.3.1 with root server list from rs.internic.net. Do I need to modify our cache server configuration to enable it? Only if you wish to do all your other customers a disfavour by configuring your caching servers to support a private namespace then yes. There's no particular technical magic to the ICANN-run roots, except that it's what just about everybody else is using. This means that if you enter the same hostname on two computers far away from each other, you're probably going to end up at the same place, or at least at places run by the same organization. This standardization is valuable, so anybody trying to make a different standard that isn't widely used compete with it is going to have a hard time convincing people to switch. That doesn't mean a competing system wouldn't work, for those who are using it. They'd just be limited in who they could talk to, and that generally wouldn't be very appealing. That said, a big country implementing a new DNS root on a national scale may not have that problem. The telecom world is already full of systems that don't cross national borders. In the US case, think of all the cell phones that have international dialing turned off by default, and all the 800 numbers whose owners probably aren't at all bothered by their inability to receive calls from other countries. A system that would limit my ability to talk to people in other countries doesn't sound very appealing to me. On the other hand, the Chinese government has been trying hard to limit or control communications between people in China and the rest of the world for years. In that sense, maintaining their own DNS root, incompatible with the rest of the world, might be seen as a considerable advantage. If they don't care about breaking compatibility with the DNS root the rest of the world uses, the disadvantages of such a scheme become fairly moot. -Steve
Re: Enable BIND cache server to resolve chinese domain name?
Steve, I think that what it boils down to is how many times do you want to split Metcalfe before it becomes self-defeating. Similar arguments have surfaced recently due to the emergence of proprietary vertical voip applications such s Skype. If one is appeased simplmy by communing with a fixed set of users of a given community mind set, then it works and everyone is happy. Beyond that? One could be left sucking wind. Frank ps - I've been advised on several occasions by Randy Bush alone that whenever I post to NANOG I leave microsoft artifacts such as ( ^ } in my wake. I don't see it myself. If this happens to be the case in this writing, then would someone please email me indicating so? Appreash ..