Re: Interesting new dns failures
On Mon, 21 May 2007 10:38:56 -0000, bmanning@karoshi.com said:
if you can get concensus to remove .com, i'm sure the roots would be willing to help out.
Whose bright idea *was* it to design a tree-hierarchical structure, and then dump essentially all 140 million entries under the same node, anyhow? :) I'll bet a large pizza that 90% or more could be relocated to a more appropriate location in the DNS tree, and nobody except the domain holder and less than a dozen other people will notice/care in the slightest. Now if anybody has a good idea on what to do with those companies that register www.thissummersblockbustermoviecomingsoonnow.com ;)
On Mon, 21 May 2007 Valdis.Kletnieks@vt.edu wrote:
On Mon, 21 May 2007 10:38:56 -0000, bmanning@karoshi.com said:
if you can get concensus to remove .com, i'm sure the roots would be willing to help out.
Whose bright idea *was* it to design a tree-hierarchical structure, and then dump essentially all 140 million entries under the same node, anyhow? :)
I'll bet a large pizza that 90% or more could be relocated to a more appropriate location in the DNS tree, and nobody except the domain holder and less than a dozen other people will notice/care in the slightest. Now
There's an interesting read from NRIC about this problem: "Signposts on the information superhighway" I think it's called. Essentially no one aside from propeller-head folks understand that there is something aside from 'com' :( take, for example, discussions inside the company formerly known as uunet about email addresses: "Yes, you can email me at chris@uu.net", "uunet.com?", "no, uu.net", "uu.net.com?", "nope, just uu.net". Admittedly it was with sales/marketting folks, but still :( I wonder how the .de or .uk folks see things? Is the same true elsewhere? -Chris
There's an interesting read from NRIC about this problem: "Signposts on the information superhighway" I think it's called. Essentially no one aside from propeller-head folks understand that there is something aside from 'com'
Seems to me they are missing something here. Essentially no-on except from propeller-head folks uses the DNS for anything at all. Websites come from Google or bookmarks. Email addresses come from a directory or an incoming email or a business card. As for .xx domains, there is enough marketing material in each country so that people tend to know their country's two-letter prefix is .de or .ru or .fr. The special case is .uk because we share the same language as the USA, and here people tend to see a .com domain like an international trademark or some kind of terrirtorial marking. Nevertheless, I think that the vast majority of people who actually type in a domain into the location field are copying it from some marketing material, like a business card. P.S., the .xx domains make the world look like a collection of countries all connected to the same Internet. But the reality is that the world is divided into a bunch of language zones, most of which cross several borders, and which don't tend to communicate much with the Internet that Americans see. For instance, what use does a Hungarian speaking native of Ukraine have for cnn.com? Or a SerboCroatian speaking native of Hungary? --Michael Dillon
On Mon, 21 May 2007 michael.dillon@bt.com wrote:
There's an interesting read from NRIC about this problem: "Signposts on the information superhighway" I think it's called. Essentially no one aside from propeller-head folks understand that there is something aside from 'com'
Seems to me they are missing something here. Essentially no-on except from propeller-head folks uses the DNS for anything at all. Websites come from Google or bookmarks. Email addresses come from a directory or an incoming email or a business card.
This is sort of the point of the NRIC document/book... 'we need to find/make/use a directory system for the internet' then much talk of how "dns was supposed to be that but for a number of reasons it's not, google/<insert favorite search engine> is instead"
P.S., the .xx domains make the world look like a collection of countries all connected to the same Internet. But the reality is that the world is divided into a bunch of language zones, most of which cross several borders, and which don't tend to communicate much with the Internet that Americans see. For instance, what use does a Hungarian speaking native of Ukraine have for cnn.com? Or a SerboCroatian speaking native of Hungary?
oh, cnn doesn't publish their content in these tongues? :) they are missing a marketting opportunity! :) -Chris
On Mon, May 21, 2007 at 03:08:06PM +0000, Chris L. Morrow wrote: [snip]
This is sort of the point of the NRIC document/book... 'we need to find/make/use a directory system for the internet' then much talk of how "dns was supposed to be that but for a number of reasons it's not, google/<insert favorite search engine> is instead"
Um, no. DNS became the defacto 'directory' prior to the rise of decent search engines. The directory that was contracted and 'supposed to' exist as part of the NNSC-to-InterNIC dance was to be built by old-ATT Labs. As far as I can recall, it was ever only an ftp repository and not much of a 'directory and database service' (corrections welcome). The problem was a classic case of top-down thinking (we will dictate this glacially slow entity will cook The Directory and The Database and decide what gets published and when) crashing into a very dynamic market with a clever and impatient population (we won't wait - DS and IS aren't fast enough ... this RS thing is Good Enough). An obvious catalyst was commercialization of domains. Which interestingly enough leads us back to the lack of categories and naming morass in which we live. I find it quite humourous that new 'restrictive membership' branches of the tree are now being proposed as a solution to the problem of identity (eg, .bank to "solve" phishing). Unless there will be some level of enforcement teeth, we will see the same situtaion that played out in 94/95: tech: "no sir, you can't have .net as you're not a network provider" customer: "the guy down the street will do it!" tech's boss: (weighs non-extistent penalties versus $s, doesn't care what 'good of the Internet' or 'sullied reputaion' means) "competative disadvantage! must!" Pushing an issue around to different points on the tree doesn't eliminate it. Cheers, Joe -- RSUC / GweepNet / Spunk / FnB / Usenix / SAGE
The directory that was contracted and 'supposed to' exist as part of the NNSC-to-InterNIC dance was to be built by old-ATT Labs. As far as I can recall, it was ever only an ftp repository and not much of a 'directory and database service' (corrections welcome).
Anyone remember the Internet Scout? Even back then labors of love like John December's list were more useful than the Internic services. And of course, there was USENET with its categorized discussion groups, many of which had regular FAQ postings. That too was more of a real Internet directory (yellow pages) than the DNS (white pages) has ever been. Does everybody on this list even know what I'm talking about when I say "yellow pages"? I'll bet there are a few that are scratching their heads. I know that I haven't used them for about 10 years. --Michael Dillon
On Wed, 23 May 2007 01:32:41 BST, michael.dillon@bt.com said:
Anyone remember the Internet Scout? Even back then labors of love like John December's list were more useful than the Internic services.
That worked well for 14,000 .coms. It doesn't work for 140,000,000 .coms.
Does everybody on this list even know what I'm talking about when I say "yellow pages"? I'll bet there are a few that are scratching their heads. I know that I haven't used them for about 10 years.
"google is your friend. Google pagerank is your webmaster's friend". The problem with yellow pages is that although an electronic version can theoretically scale well to zillions of categories, it doesn't scale well to the case of zillions of providers listed in a single category....
Joe Provo wrote:
An obvious catalyst was commercialization of domains. Which interestingly enough leads us back to the lack of categories and naming morass in which we live. I find it quite humourous that new 'restrictive membership' branches of the tree are now being proposed as a solution to the problem of identity (eg, .bank to "solve" phishing). Unless there will be some level of enforcement teeth, we will see the same situtaion that played out in 94/95:
On a national level it's probably fairly easy to work this sort of thing out. Lists of banks exist, as do lists of schools (.sch.uk is prepopulated). The .ltd.uk and .plc.uk are only available to people with the appropriate company form but aren't really that popular. There's a larger issue of not just practicalities but is this in fact an appropriate use for DNS? DNS isn't a security mechanism. Will
On Sat, 26 May 2007, Will Hargrave wrote:
Joe Provo wrote:
An obvious catalyst was commercialization of domains. Which interestingly enough leads us back to the lack of categories and naming morass in which we live. I find it quite humourous that new 'restrictive membership' branches of the tree are now being proposed as a solution to the problem of identity (eg, .bank to "solve" phishing). Unless there will be some level of enforcement teeth, we will see the same situtaion that played out in 94/95:
On a national level it's probably fairly easy to work this sort of thing out. Lists of banks exist, as do lists of schools (.sch.uk is prepopulated). The .ltd.uk and .plc.uk are only available to people with the appropriate company form but aren't really that popular.
There's a larger issue of not just practicalities but is this in fact an appropriate use for DNS? DNS isn't a security mechanism.
and studies have already shown that 98% of the populace doesn't know: www.bankovamerica.com from <a href="http://www.bankovamerica.com">www.bankofamerica.com</a> where the thing is pointed (.bank .secure .hereliesgoodness) isn't relevant so much as making the bad thing go away as quickly as possible... unless there's a way to discourage it from being made in the first place, which brings us back to the monetary incentives and policy to provide such.
On Mon, May 21, 2007 3:26 pm, Chris L. Morrow wrote:
There's an interesting read from NRIC about this problem: "Signposts on the information superhighway" I think it's called. Essentially no one aside from propeller-head folks understand that there is something aside from 'com' :( take, for example, discussions inside the company formerly known as uunet about email addresses: "Yes, you can email me at chris@uu.net", "uunet.com?", "no, uu.net", "uu.net.com?", "nope, just uu.net". Admittedly it was with sales/marketting folks, but still :(
To a great degree, there effectively stopped being anything outside .com when there stopped being any distinction between who was eligable for .com, .net or .org, and it just became a "credit card, please" free-for-all. I can't imagine anyone now registering a new .com and *not* registering the corresponding .org and .net, making them pretty much pointless for new registrations. It's only legacy domains, and occasional gap-finding in legacy registrations, where the registrant isn't the same for all three.
I wonder how the .de or .uk folks see things? Is the same true elsewhere?
.co.uk generally seems to be understood by UK folks. .org.uk tends to cause a double-take. (The 'special' UK SLDs, like nhs.uk, are a maze of twisty turny third-levels, all on different logic). My email confuses people by being both a .org and too short - the general public seems to expect either firstname.lastname@company.com or some-long-random-attempt-to-sound-cool-with-numbers-because-100-other-people-had-the-same-idea@{yahoo,gmail}.com.
On Monday 21 May 2007 16:19, Tim Franklin wrote:
I wonder how the .de or .uk folks see things? Is the same true elsewhere?
.co.uk generally seems to be understood by UK folks. .org.uk tends to cause a double-take. (The 'special' UK SLDs, like nhs.uk, are a maze of twisty turny third-levels, all on different logic).
The odd thing is customers mostly fall into either; I don't understand anything beyond ".com" and ".co.uk" I'm a "gov.uk", "nhs.uk" other speciality, who often know more about the procedures or technicalities of registering their desired domain name than we do. And those who just want every possible TLD, and variant, for a name, in some misguided belief this will protect it in some magical way, and won't just make a load of money for the registries. We obviously prefer the last group, as they spend more money, are less hassle, and are usually content with registering all the TLD domains we can do for the standard price. I'm sure there is a business in doing services to the second group, especially if you chuck in certificates and a few related things.
On 21-May-2007, at 10:26, Chris L. Morrow wrote:
I wonder how the .de or .uk folks see things? Is the same true elsewhere?
I think the phenomenon of "that doesn't look right because it doesn't end in .com" is peculiar to the US. Elsewhere, you don't need a particularly large TLD zone to get mindshare -- NZ, CA and NP are three random examples of ccTLDs which are well-recognised locally and which are far smaller than UK or DE; there are many more. Joe
On Monday 21 May 2007 14:43, you wrote:
I'll bet a large pizza that 90% or more could be relocated to a more appropriate location in the DNS tree, and nobody except the domain holder and less than a dozen other people will notice/care in the slightest.
More like 99% I suspect, but we've no idea which 99%. The decision to make the name servers part of the hierarchy, without insisting they be within the zones they master ("in bailiwick" as some call it) and thus glued in, means we have no definite idea which bits of the DNS break on any specific deletion. In general it is impossible when deleting a zone to know the full consequences of that action unless you are that zones DNS administrator, and even then you need to ask any administrators of delegated domains. So those who think deleting zones is a way to fix things, or penalise people, should tread VERY carefully, less they end up liable for something bigger than they expected (or could possibly imagine). Doing it all again, this is clearly something that folks would work to minimize in the design of the DNS. Such that deleting ".uk" could be guaranteed to only affect domains ending in ".uk". But at the moment, you can't know exactly which bits of the DNS would break if you deleted the ".uk" zone from the root servers. For example deleting our corporate ".com" zones from the GTLD servers could potentially* disable key bits of another second level UK domain, and no third party can tell for sure the full impact of that change in advance. Who knows they may be hosting other DNS servers for other zones in their turn (I doubt it but I don't know for certain). Of course even if the DNS were designed so you can recognise which bits might break with a given change, you'd then be left not knowing which services are linked into a particular domain. But that is beyond the scope of a name service design I think. Sure most of the time if you delete a recently registered domain name, with a lot of changes and abuse in its history, you normally just hurt a spammer. I dare say collateral damage probably follows some simple mathematical law like 1/f ? Hopefully before you delete something really important you most likely delete something merely expensive, and learn to be more careful. Simon PS: Those who make sarcastic comments about people not knowing the difference between root servers, and authoritative servers, may need to be a tad more explicit for the help of the Internet challenged. * I'm hoping the name servers in co.uk will help if anything ever does go pear shaped with that domain name, but I wouldn't bet money on it.
In general it is impossible when deleting a zone to know the full consequences of that action unless you are that zones DNS administrator, and even then you need to ask any administrators of delegated domains.
Not just deleting.
So those who think deleting zones is a way to fix things, or penalise people, should tread VERY carefully, less they end up liable for something bigger than they expected (or could possibly imagine).
There was a case not long ago where someone decided that it was a good idea to change the NS records in lame domains. This caused a major service outage for a company who needed this specific domain to be lame in order for a certain service to function. Fortunately, we were able to find the domain technical contact who was able to log into the registrar and put the lame delegation back. Now, the problem has been solved by moving the domain to another registrar whose goal is to keep things the way they are, not clean up lame domains or other perceived errors. --Michael Dillon
On Mon, May 21, 2007 at 06:57:06PM +0100, Simon Waters <simonw@zynet.net> wrote a message of 53 lines which said:
PS: Those who make sarcastic comments about people not knowing the difference between root servers, and authoritative servers, may need to be a tad more explicit for the help of the Internet challenged.
Warning, the rest of this message is only for Internet-challenged. They are probably uncommon in NANOG. For instance, I cannot believe that people in NANOG may confuse the ".com" name servers with the root name servers. An authoritative name server is an official source of DNS data for a given domain. For instance, ns2.nic.ve. is authoritative for ".ve". There are typically two to ten or sometimes more authoritative name servers for a domain. You can display them with "dig NS the-domain-you-want.". A root name server is a server which is authoritative for the root of the DNS. For instance, f.root-servers.net is authoritative for "." (the root). You can display them with "dig NS ." (for the benefit of the Internet-challenged, I did not discuss the "alternative" roots).
On Mon, 21 May 2007, Stephane Bortzmeyer wrote:
I cannot believe that people in NANOG may confuse the ".com" name servers with the root name servers.
Not to confuse the issue but among some managerial circles the "root" nameservers comprise both root and tld. Point taken though, root and tld should not be confounded in a forum like nanog. -- Roger Marquis Roble Systems Consulting http://www.roble.com/
participants (10)
-
Chris L. Morrow -
Joe Abley -
Joe Provo -
michael.dillon@bt.com -
Roger Marquis -
Simon Waters -
Stephane Bortzmeyer -
Tim Franklin -
Valdis.Kletnieks@vt.edu -
Will Hargrave