I reforward this email in hopes that it was by simple omission that nobody from Verisign is yet to respond to it. All questions in sections 1 - 3 are valid and something that directly concerns proposed changes, none of that had been asked before here in brief nanog discussion after Verisign's post on Friday. And of course, I'm still relying that its more then simple PR tactic that made verisign post to nanog originally and that they are going to consult internet engineering community before making any significant change to most widely used TLD infrastructure and that if there are any problems found that would arrise from the change that the plan to address them would be made available. ---------- Forwarded message ---------- Date: Mon, 12 Jul 2004 04:35:36 -0700 (PDT) From: "william(at)elan.net" <william@elan.net> To: Matt Larson <mlarson@verisign.com> Cc: Subject: Re: VeriSign's rapid DNS updates in .com/.net On Fri, 9 Jul 2004, Matt Larson wrote:

VeriSign Naming and Directory Services (VNDS) currently generates new versions of the .com/.net zones files twice per day. VNDS is scheduled to deploy on September 8, 2004 a new feature that will enable VNDS to update the .com/.net zones more frequently to reflect the registration activity of the .com/.net registrars in near real time. After the rapid DNS update is implemented, the elapsed time from registrars' add or change operations to the visibility of those adds or changes in all 13 .com/.net authoritative name servers is expected to average less than five minutes.

Questions/Comments: 1. Currently SLD deligation info for .com/.net TLDs seems to be updated about twice a day and new entire TLD dns zone is published as one bulk operation. These changes seems to be synced pretty well to changes in whois database as seen at whois.crsnic.net, so listing of nameservers in whois seems almost always correct. Is it my understanding that after this change SLD dns delegation will not be synced to nameserver listing in whois? 2. Is it only changes in SLD delegation (listing of nameservers or ips of nameservers) that will be effected? Does that mean that changes to domain such as moving domain from one registrar to another, delition of domain will still be done once per day? Related - what about status codes as submitted by registrar? In particular, would change of status that causes domain to temporarily or permanently not be delegated (but keeps listing of nameservers in whois) also be processed immediatly?

VNDS will continue to publish .com/.net zone files twice per day as part of the TLD Zone File Access Program. [2] These zone files will continue to reflect the state of the .com/.net registry database at the moment zone generation begins.

3. Is it my understanding that with this change those who participate in bulk whois program will not be able to see entire history of dns delegation changes for the domain? In that case, you remove value of participation in bulk TLD zone downloads for certain kinds of research activity and in addition may actually be breaking service agreement for providing this kind of data. To cover that "hole" you need provide a way to not only download entire TLD zone but also changes done to domain since last time entire TLD zone file has been published (to give an example what I'm asking is ability to download "UPDATES" as in routevews directory rather then entire bgp dump from "RIBS" directory). Please note that being able to find entire history of domain delegation changes is important in quite a number of cases, for example when you need to show that either your dns registrar or isp screwed up (and then corrected itself but does not want to admit it because that may cause them to pay compensation per SLA) or to show improper unathorized use of the domain, when its suspect that domain may have been hijacked (but dns has been changed for half an hour and then returned back) or when you're tracking domains used by spammers that change info from one zombie computer to another every 10-30 minutes (you want to be able to create entire list of zombies associated with such a domain and report these to ISPs, not just one or two taken once or twice per day, because otherwise spammers would just register different domain when that reported one is deactivated but they will still keep use of the same zombies)

VNDS does not anticipate any negative consequences of deployment of rapid updates to the .com/.net zones. However, as a courtesy we are providing the Internet community with 60 days advance notice of the change to the update process.

4. Last comment is I believe that such public announcement of changes should to go other mail lists and not just nanog which covers primarily those concerned with network routing in US and Canada, but not necessarily with dns operations at your ISP. I'm subscribed to at least three dns specific mail lists and have not seen anything there. The onece I remember by name are isp-dns.com, the other is bind-users, third one is I think dns list at RIPE. I'm not suggesting you make announcement on exactly those lists (or only on those lists + nanog), but if Verisign is trying to have better involvement with community and making viable prior notices worldwide of changes it is making to dns system, some investigation on where is it best to make such notices that it would reach largest number of persons concerned with dns technical support worldwide should be done.

Some questions and answers about rapid updates for .com/.net are available at http://www.verisign.com/nds/naming/rapid_update/faq.html.

[1] http://www.merit.edu/mail.archives/nanog/2004-01/msg00115.html

[2] http://www.verisign.com/nds/naming/tld/

Additionally I notice that on the page you included as reference to TLD zone file information on Verisign website (link [2] above) does not seem to contain any reference to this upcoming change (or link to your own FAQ - another link above) or ability for public to comment on such things. -- William Leibzon Elan Networks william@elan.net