Re: v6 gluelessness
On Jan 22, 2008 2:11 PM, Iljitsch van Beijnum <[EMAIL PROTECTED]> wrote: > > I'm quite unhappy about the trend to put everything in their own > blocks that happen to be the longest possible prefixes. This means > that one oversight in prefix length filtering can take out huge > numbers of important nameservers. > and you have a giant confluence of number resource management and operational practices here as well. > We really need as much diversity as we can get for this kind of stuff. > There is no one single best practice for any of this. For roots? TLD? ccTLD? (is there a potential difference between the TLD types?) Is diversity in numbers of networks and numbers of locations per entity good enough? (.iq served out of US, Iraq, AMS on 3 different netblocks by 3 different operators ideally serviced by a central controlling gov't entity... wait .iq changed... use .co as the example) Is, for lack of a quicker example: .iq 'good' or could they improve by shifting their NS hosts to blocks outside the /16 194.117.0.0/16? or does it matter at all because they have each announced as a /24 with no covering route?? (so if someone fudged a /24 max prefix length filter to /23 they'd be broken either way?) Some of this is covered in rfc2182 anyway, right? -Chris
Re: v6 gluelessness
In a message written on Fri, Jan 18, 2008 at 05:21:18PM -0800, David Conrad wrote: > Right. The challenge is that current policy requires explicit > approval from both the Administrative and Technical contacts for the > zone (to ensure they have really been notified). As shocking as it > might be to some, there are ACs and TCs that don't respond to > (repeated) e-mail (or faxes or telephone calls) from IANA. This can > (and has) caused requests for name server changes to block. This is a > known problem and was the subject of a public comment request quite > some time ago (see http://forum.icann.org/lists/root-glue-comments/ > for the responses). Unfortunately, things sort of got stuck. > Hopefully, Randy's request will unstick things. It would seem to me that a middle ground is in order. Contact the TLD's. Send them two e-mails, and two faxes. But all of those should contain "you have 30 days to object, or we will move forward anyway". I'm all for giving people a reasonable way to object, and/or "protect" the things they run. I think though giving them an opportunity to stop any process completely in its tracks is, well, stupid. I'd get involved in making the process less stupid, but frankly IANA politics make my head hurt. :) -- Leo Bicknell - [EMAIL PROTECTED] - CCIE 3440 PGP keys at http://www.ufp.org/~bicknell/ Read TMBG List - [EMAIL PROTECTED], www.tmbg.org pgptvSfenffl0.pgp Description: PGP signature
Re: v6 gluelessness
In a message written on Fri, Jan 18, 2008 at 12:59:08PM -0800, Andreas Ott wrote: > even if Randy is successful to get IPv6 glue records added to the the > root zone, how would I get to them? This is not obvious from my corner > of the net. IANA recently made an announcement that glue in the root will be added in early February. I believe there are either four or five root servers with currently operating IPv6 capability that will be the initial listing. This particular problem is all but solved, and should be done in under a month. -- Leo Bicknell - [EMAIL PROTECTED] - CCIE 3440 PGP keys at http://www.ufp.org/~bicknell/ Read TMBG List - [EMAIL PROTECTED], www.tmbg.org pgphEwK75X0qK.pgp Description: PGP signature
Re: v6 gluelessness
Hi, even if Randy is successful to get IPv6 glue records added to the the root zone, how would I get to them? This is not obvious from my corner of the net. $ grep -i named.root $ grep -i named.cache $ $ for l in a b c d e f g h i j k l m ; do host -t $l.root-servers.net ; done a.root-servers.net has no record b.root-servers.net has no record c.root-servers.net has no record d.root-servers.net has no record e.root-servers.net has no record f.root-servers.net has no record g.root-servers.net has no record h.root-servers.net has no record i.root-servers.net has no record j.root-servers.net has no record k.root-servers.net has no record l.root-servers.net has no record m.root-servers.net has no record $ -andreas -- Andreas Ott K6OTT [EMAIL PROTECTED]