< careful there may be a troll in here... :) > https://en.wikipedia.org/wiki/.nyc "As of July 2, 2013, .nyc has been approved by ICANN as a city-level top-level domain (TLD) for New York City" As places like that see $186,000 as small change, I wonder what other countries (much less the cities within them) like .nu, .sb or .vu will do? For them this is an astronomical number. Someone's about to hit a financial home run reminiscient of the tech-stock bubble... I haven't read enough, but what's to stop speculators paying the $186,000 then charging the tiny countries mors when they are able to make the purchase? Please don't suggest arbitration because that only increases the cost to those countries. Who's going to buy .nanog? Who's going to buy .ietf? etc. Did icann have any financial requirements to get .icann? scott
On Tue, Jul 2, 2013 at 10:12 PM, Scott Weeks <surfer@mauigateway.com> wrote:
< careful there may be a troll in here... :) >
https://en.wikipedia.org/wiki/.nyc
"As of July 2, 2013, .nyc has been approved by ICANN as a city-level top-level domain (TLD) for New York City"
.nyc has been approved by ICANN May 24. The city made its announcement only today. Link to evaluation report: http://newgtlds.icann.org/sites/default/files/ier/f3T5ufeSpeThAJezaxezuDtE/i... Link to all status information: https://gtldresult.icann.org/application-result/applicationstatus/viewstatus
As places like that see $186,000 as small change, I wonder what other countries (much less the cities within them) like .nu, .sb or .vu will do? For them this is an astronomical number. Someone's about to hit a financial home run reminiscient of the tech-stock bubble...
No countries were obliged to apply. Both country codes and country names were excluded from the new gTLD process. Actually, they couldn't even apply, as they are considered ccTLDs.
I haven't read enough, but what's to stop speculators paying the $186,000 then charging the tiny countries mors when they are able to make the purchase? Please don't suggest arbitration because that only increases the cost to those countries.
Who's going to buy .nanog?
No one in this round. May be in the next one.
Who's going to buy .ietf?
No one, excluded from the process by ICANN.
etc. Did icann have any financial requirements to get .icann?
.icann also wasn't available for application. Rubens
I haven't read enough, but what's to stop speculators paying the $186,000 then ...
Rather than asking random strangers, you can read the applicant guidebook and find out what the actual rules are: http://newgtlds.icann.org/en/applicants/agb
On 7/2/13 7:06 PM, John Levine wrote:
Rather than asking random strangers, you can read the applicant guidebook and find out what the actual rules are:
There really should be a kinder introduction to those who lack basic clue than to attempt to read the last version of the DAG, even for the American Legally Literate. Someone who has more than just ICANNatitude (in either of the usual senses) should do a standup at the next {$NETTECH} meet and 'splain policy and business, can the bits and vod them out on the *OG lists. Then we could discuss the merits, such as they are. Eric
On Thu, Jul 4, 2013 at 12:00 PM, Ted Cooper <ml-nanog090304q@elcsplace.com>wrote:
On 03/07/13 11:12, Scott Weeks wrote:
"As of July 2, 2013, .nyc has been approved by ICANN as a city-level top-level domain (TLD) for New York City"
Do they have DNSSEC from inception? It would seem a sensible thing to do for a virgin TLD.
All new gTLDs are required to be DNSSEC-signed. The requirement only applies to the parent zone, unless registry policy dictates otherwise, so we can expect many more DS records in the root but a similar DS rate for 2LDs to other gTLDs, likely to be less than 1%: http://scoreboard.verisignlabs.com/percent-trace.png Rubens
On 7/4/13 8:00 AM, Ted Cooper wrote:
Do they have DNSSEC from inception? It would seem a sensible thing to do for a virgin TLD.
In the evolution of the DAG I pointed out that both the DNSSEC and the IPv6 requirements, as well as other SLA requirements, were significantly in excess of those placed upon the legacy registries, and assumed general value and availability with non-trivial cost to entry operators, some of whom might not be capitalized by investors with profit expectations similar to those that existed prior to the catastrophic telecoms build-out and the millennial dotbomb collapse. The v6-is-everywhere and the DNSSEC-greenfields advocates prevailed, and of course, the SLA boggies remain "elevated" w.r.t. the legacy registry operator obligations. "Sensible" may be subject to cost-benefit analysis. I did .cat's DNSSEC funnel request at the contracted party's insistence and I thought it pure marketing. The .museum's DNSSEC funnel request must have, under the "it is necessary" theory, produced demonstrable value beyond the technical pleasure of its implementer. Anyone care to advance evidence that either zone has been, not "will someday be", significantly improved by the adoption of DS records? Evidence, not rhetoric, please. #insert usual junk from *nog v6 evangelicals that .africa and .eos (Basque Autonomous Region) must drive v6 adoption from their ever-so-deep-pockets, or the net will die. Eric
On Thu, 04 Jul 2013 10:34:41 -0700, Eric Brunner-Williams said:
#insert usual junk from *nog v6 evangelicals that .africa and .eos (Basque Autonomous Region) must drive v6 adoption from their ever-so-deep-pockets, or the net will die.
I'll bite. What's the *actual* additional cost for dnssec and ipv6 support for a greenfield rollout? It's greenfield, so there's no "our older gear/software/admins need upgrading" issues.
On 7/4/13 11:11 AM, Valdis.Kletnieks@vt.edu wrote:
I'll bite. What's the *actual* additional cost for dnssec and ipv6 support for a greenfield rollout? It's greenfield, so there's no "our older gear/software/admins need upgrading" issues.
You'll let me know there is no place where v6 is not available, and while you're at it, why .frogans (I've met the guy, has to be the least obvious value proposition I've come across) needs to accessible to v6ers before, well, er, that .com thingie. "DNSSEC No clue necessary" ... so all those guys and gals out there selling training are ... adding no necessary value at some measurable cost? Eric
In message <51D5C750.4090502@nic-naa.net>, Eric Brunner-Williams writes:
On 7/4/13 11:11 AM, Valdis.Kletnieks@vt.edu wrote:
I'll bite. What's the *actual* additional cost for dnssec and ipv6 support for a greenfield rollout? It's greenfield, so there's no "our older gear/software/admins need upgrading" issues.
You'll let me know there is no place where v6 is not available, and while you're at it, why .frogans (I've met the guy, has to be the least obvious value proposition I've come across) needs to accessible to v6ers before, well, er, that .com thingie.
Well give that .com thingie is IPv6 accessable and has DNSSEC there is nothing we need to let you know. And yes you can get IPv6 everywhere if you want it. Native IPv6 is a little bit harder but definitely not impossible nor more expensive. ; <<>> DiG 9.10.0pre-alpha <<>> ns com @a.gtld-servers.net -6 +dnssec ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18176 ;; flags: qr aa rd; QUERY: 1, ANSWER: 14, AUTHORITY: 0, ADDITIONAL: 16 ;; WARNING: recursion requested but not available ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags: do; udp: 512 ;; QUESTION SECTION: ;com. IN NS ;; ANSWER SECTION: com. 172800 IN NS a.gtld-servers.net. com. 172800 IN NS f.gtld-servers.net. com. 172800 IN NS h.gtld-servers.net. com. 172800 IN NS k.gtld-servers.net. com. 172800 IN NS b.gtld-servers.net. com. 172800 IN NS m.gtld-servers.net. com. 172800 IN NS c.gtld-servers.net. com. 172800 IN NS d.gtld-servers.net. com. 172800 IN NS g.gtld-servers.net. com. 172800 IN NS i.gtld-servers.net. com. 172800 IN NS l.gtld-servers.net. com. 172800 IN NS j.gtld-servers.net. com. 172800 IN NS e.gtld-servers.net. com. 172800 IN RRSIG NS 8 1 172800 20130709042103 20130702031103 35519 com. G9bZIBIFL0MacyGQ9rgx+eFSnp/j11x/OoXJ30ADzYqffm/if68R1DYs v0fA4vqf3NQsUoonSO7t6tCh4Fl5OV/oju0BYXukXOn7bvpiA7Ij+B7H UoSyybVZRsRk4Q4d6t7EJ/gohL/p9B4BFOIiQ1gDIa8dAUzCUOXXo59j Oks= ;; ADDITIONAL SECTION: a.gtld-servers.net. 172800 IN A 192.5.6.30 a.gtld-servers.net. 172800 IN AAAA 2001:503:a83e::2:30 f.gtld-servers.net. 172800 IN A 192.35.51.30 h.gtld-servers.net. 172800 IN A 192.54.112.30 k.gtld-servers.net. 172800 IN A 192.52.178.30 b.gtld-servers.net. 172800 IN A 192.33.14.30 b.gtld-servers.net. 172800 IN AAAA 2001:503:231d::2:30 m.gtld-servers.net. 172800 IN A 192.55.83.30 c.gtld-servers.net. 172800 IN A 192.26.92.30 d.gtld-servers.net. 172800 IN A 192.31.80.30 g.gtld-servers.net. 172800 IN A 192.42.93.30 i.gtld-servers.net. 172800 IN A 192.43.172.30 l.gtld-servers.net. 172800 IN A 192.41.162.30 j.gtld-servers.net. 172800 IN A 192.48.79.30 e.gtld-servers.net. 172800 IN A 192.12.94.30 ;; Query time: 173 msec ;; SERVER: 2001:503:a83e::2:30#53(2001:503:a83e::2:30) ;; WHEN: Fri Jul 05 09:38:20 EST 2013 ;; MSG SIZE rcvd: 683
"DNSSEC No clue necessary" ... so all those guys and gals out there selling training are ... adding no necessary value at some measurable cost?
Eric
-- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: marka@isc.org
Someone who should know better wrote:
Well give that .com thingie is IPv6 accessable and has DNSSEC there is nothing we need to let you know. And yes you can get IPv6 everywhere if you want it. Native IPv6 is a little bit harder but definitely not impossible nor more expensive.
And this was true when the v6 and DEC requirements entered the DAG? Try again, and while you're inventing a better past, explain how everyone knew that it would take 6 revisions of the DAG and take until 3Q2012 before an applicant could predict when capabilities could be scheduled. The one thing you've got going for you is that in 2009 no one knew that almost all of the nearly 2,000 applicants would be forced by higher technical and financial requirements to pick one of a universe of fewer than 50 service providers, or that nearly all of the "developing economies" would be excluded, or self-exclude, from attempting to apply. So the basic diversity assumption was wrong. Why are the people who don't follow the shitty process so full of confidence they have all the clue necessary? Eric
On Thu, 04 Jul 2013 18:02:35 -0700, Eric Brunner-Williams said:
higher technical and financial requirements to pick one of a universe of fewer than 50 service providers,
I'm reasonably sure that there are more than 50 service providers who are able to privide you with a connection that will do IPv6.
or that nearly all of the "developing economies" would be excluded, or self-exclude, from attempting to apply.
% dig so. any ... ;; ADDITIONAL SECTION: a.nic.so. 43165 IN A 72.52.71.4 a.nic.so. 43165 IN AAAA 2001:470:1a::4 b.nic.so. 43165 IN A 38.103.2.4 c.nic.so. 43165 IN A 63.243.194.4 c.nic.so. 43165 IN AAAA 2001:5a0:10::4 d.nic.so. 43165 IN A 196.216.168.54 d.nic.so. 43165 IN AAAA 2001:43f8:120::54 If Somalia, the failed nation state and near-undisputed champion hell-hole of the world, can manage to get quad-A's for its ccTLD, the bar can't be *too* high. (Yes, i see exactly how they did it. And there's nothing prohibiting any of the applicants in "developing countries" from doing exactly the same thing)
I'm reasonably sure that there are more than 50 service providers who are able to privide you with a connection that will do IPv6.
In this context the universe of 50 providers are registry service providers, existing and entrant. Verisign, NeuStar, Afilias, CORE, AusReg, ISC, ... Your side won if you predicted in 2009, or even as late as 2011, that there would be many many applicants, using very very few providers, and none in awkward places. If you predicted that, you won on all counts, v6 availability, density of available technical clue for DNSSEC as the cheap box checks -- the real win was access to investment capital and financial instruments, access to American or equivalent legal and ancillary services, shared fate (still being dickered) on insurance bundling and business continuity set-aside, the business advantages offered by Verisign, NeuStar, Afilias, CORE, AusReg, ISC, ... Absent that it really doesn't matter if a light in the sky told you that v6 was everywhere and free, or that DNSSEC was vital to everything, and free too, or not. I didn't predict it, so I lobbied under the assumption that very low capitalizations would attempt to provide some locally needed name to existing address mapping, and that signing the zone had little but cosmetic effect unless there were resources within the zone offering a greater return on attacker investment than any large, and unsigned zone (and there still are some of those). I also tried to get ICANN's attempt to provide "Applicant Support" to defer these non-essentials for registry start-up, but that whole thing went south and the one qualified application was disallowed because ... .ummah upset someone who didn't care to admit it (the Support Program reviewers are anonymous). .museum started on a desktop. There has to be a good reason why this can never happen again. Eric
Why are the people who don't follow the shitty process so full of confidence they have all the clue necessary?
Probably because they don't think that new TLDs are particularly useful or valuable.
Oops, just a minute, gotta grab the popcorn and cooler for this one...ok, proceed. -- -Barry Shein The World | bzs@TheWorld.com | http://www.TheWorld.com Purveyors to the Trade | Voice: 800-THE-WRLD | Dial-Up: US, PR, Canada Software Tool & Die | Public Access Internet | SINCE 1989 *oo*
In message <51D61B2B.8020504@abenaki.wabanaki.net>, Eric Brunner-Williams write s:
Someone who should know better wrote:
Well give that .com thingie is IPv6 accessable and has DNSSEC there is nothing we need to let you know. And yes you can get IPv6 everywhere if you want it. Native IPv6 is a little bit harder but definitely not impossible nor more expensive.
And this was true when the v6 and DEC requirements entered the DAG?
DS for COM was added added to the root zone in Feb 2011. The process of getting COM signed started a lot earlier well before the root zone was signed and included ensuring the protocol worked for COM sized zones. But hey if you just look a when records are added to zones you wouldn't see that. Requiring new zones start at the standard you expect existing zones to obtain is neither unexpected nor unreasonable.
Try again, and while you're inventing a better past, explain how everyone knew that it would take 6 revisions of the DAG and take until 3Q2012 before an applicant could predict when capabilities could be scheduled.
The one thing you've got going for you is that in 2009 no one knew that almost all of the nearly 2,000 applicants would be forced by higher technical and financial requirements to pick one of a universe of fewer than 50 service providers, or that nearly all of the "developing economies" would be excluded, or self-exclude, from attempting to apply. So the basic diversity assumption was wrong.
Why are the people who don't follow the shitty process so full of confidence they have all the clue necessary?
Eric
-- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: marka@isc.org
On 5 July 2013 02:02, Eric Brunner-Williams <ebw@abenaki.wabanaki.net>wrote:
Someone who should know better wrote:
Well give that .com thingie is IPv6 accessable and has DNSSEC there is nothing we need to let you know. And yes you can get IPv6 everywhere if you want it. Native IPv6 is a little bit harder but definitely not impossible nor more expensive.
And this was true when the v6 and DEC requirements entered the DAG?
Try again, and while you're inventing a better past, explain how everyone knew that it would take 6 revisions of the DAG and take until 3Q2012 before an applicant could predict when capabilities could be scheduled.
The one thing you've got going for you is that in 2009 no one knew that almost all of the nearly 2,000 applicants would be forced by higher technical and financial requirements to pick one of a universe of fewer than 50 service providers, or that nearly all of the "developing economies" would be excluded, or self-exclude, from attempting to apply. So the basic diversity assumption was wrong.
Why are the people who don't follow the shitty process so full of confidence they have all the clue necessary?
Why do people who make statements about .com not being IPv6 reachable think they have all the clue necessary? And what about those people who think that DNSSEC is about validating the answers from the root/TLD name servers? At least you avoided the common mistake of citing the 1% end user IPv6 availability figure when claiming that IPv6 wasn't available in data centres... ;) - Mike
Well, for starters there's whole truckloads of surplus gear that you can't get for pennies and use successfully. Matthew Kaufman (Sent from my iPhone) On Jul 4, 2013, at 11:11 AM, Valdis.Kletnieks@vt.edu wrote:
On Thu, 04 Jul 2013 10:34:41 -0700, Eric Brunner-Williams said:
#insert usual junk from *nog v6 evangelicals that .africa and .eos (Basque Autonomous Region) must drive v6 adoption from their ever-so-deep-pockets, or the net will die.
I'll bite. What's the *actual* additional cost for dnssec and ipv6 support for a greenfield rollout? It's greenfield, so there's no "our older gear/software/admins need upgrading" issues.
In message <9FF40D24-169E-4568-9F25-EE00BEEED13A@matthew.at>, Matthew Kaufman writes:
Well, for starters there's whole truckloads of surplus gear that you can't get for pennies and use successfully.
Surplus IPv6 capable gear has been around for a long while now. Remember most gear has had IPv6 for over a decade now. A lot of gear that ISC got given for IPv6 development was on it 2nd or 3rd repurposing before we got it nearly a decade ago.
Matthew Kaufman
(Sent from my iPhone)
On Jul 4, 2013, at 11:11 AM, Valdis.Kletnieks@vt.edu wrote:
On Thu, 04 Jul 2013 10:34:41 -0700, Eric Brunner-Williams said:
#insert usual junk from *nog v6 evangelicals that .africa and .eos (Basque Autonomous Region) must drive v6 adoption from their ever-so-deep-pockets, or the net will die.
I'll bite. What's the *actual* additional cost for dnssec and ipv6 support for a greenfield rollout? It's greenfield, so there's no "our older gear/software/admins need upgrading" issues.
-- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: marka@isc.org
I'll bite. What's the *actual* additional cost for dnssec and ipv6 support for a greenfield rollout? It's greenfield, so there's no "our older gear/software/admins need upgrading" issues.
I've read the IPv6 and DNSSEC parts of a lot of the applications, including the ones that aren't backed by the familiar large registries, and nobody had any great trouble doing DNSSEC or IPv6. There are a couple of adequate DNSSEC toolkits for anyone who doesn't want to buy a prefab system, and even though there are plenty of places where IPv6 isn't available, the sensible thing to do (even for large applicants) is to put the servers where the networks are. R's, John
participants (11)
-
Barry Shein -
Eric Brunner-Williams -
Eric Brunner-Williams -
John Levine -
Mark Andrews -
Matthew Kaufman -
Mike Jones -
Rubens Kuhl -
Scott Weeks -
Ted Cooper -
Valdis.Kletnieks@vt.edu