Not the best solution, but it takes VeriSign out of the loop
Who's up for creating a network of new gTLD servers? I'm sure it wouldn't be too hard to reconstruct 90% of the com/net zones from publicly available data (http://www.deleteddomains.com/newlist.shtml?cid=11673-11084 would be a good start). Constantly farming for missed zones, and maybe even querying the "real" servers for missing data. The updates would be a day or two behind the "real" zones, but once you got a good number of eyeballs looking to your servers instead of VeriSign's, you could probably convince quite a few registrars to start sending you updates too. I'm sure this breaks many an RFC, and has an unfathomable number of other problems, but I see it this way: we can complain and whine about mismanagement as much as we want, but until there is a viable alternative available their will never be a change. *hops into his fireproof undies* Comments anyone? --- Michael Damm, MIS Department, Irwin Research & Development V: 509.457.5080 x298 F: 509.577.0301 E: miked@irwinresearch.com
MD> Date: Tue, 16 Sep 2003 11:07:41 -0700 MD> From: Mike Damm MD> Who's up for creating a network of new gTLD servers? I'm sure I dunno. We'd be trusting those operating the gTLD network. ;-) MD> it wouldn't be too hard to reconstruct 90% of the com/net MD> zones from publicly available data MD> (http://www.deleteddomains.com/newlist.shtml?cid=11673-11084 It seems to think my Lynx browsing sessions are illegitimate, and returns a nasty message. MD> would be a good start). Constantly farming for missed zones, MD> and maybe even querying the "real" servers for missing data. MD> The updates would be a day or two behind the "real" zones, MD> but once you got a good number of eyeballs looking to your MD> servers instead of VeriSign's, you could probably convince MD> quite a few registrars to start sending you updates too. You're essentially having a resolver save cached domains, then return responses. MD> I'm sure this breaks many an RFC, and has an unfathomable MD> number of other problems, but I see it this way: we can *shrug* Anycasting AS112 works well. Eddy -- Brotsman & Dreger, Inc. - EverQuick Internet Division Bandwidth, consulting, e-commerce, hosting, and network building Phone: +1 785 865 5885 Lawrence and [inter]national Phone: +1 316 794 8922 Wichita _________________________________________________________________ DO NOT send mail to the following addresses : blacklist@brics.com -or- alfra@intc.net -or- curbjmp@intc.net Sending mail to spambait addresses is a great way to get blocked.
This would require cooperation from the root-servers operators. And a serious effort from ISP/NSP community to block network access to root-servers that don't cooperate. I agree that it's a good idea at this point. I see nothing else as a serious long-term technical solution. Mike Damm wrote:
Who's up for creating a network of new gTLD servers? ...
-- William Allen Simpson Key fingerprint = 17 40 5E 67 15 6F 31 26 DD 0D B9 9B 6A 15 2C 32
Who's up for creating a network of new gTLD servers?
This would require cooperation from the root-servers operators.
speaking for f-root, we won't be cooperating with anything like that. we do not edit the zone files we serve. they come from iana, and if you want something different served, you'll have to talk to iana. i cannot speak for the other rootops but i suspect that their answers might be compatible with, if not downright similar to, f-root's.
And a serious effort from ISP/NSP community to block network access to root-servers that don't cooperate.
I agree that it's a good idea at this point. I see nothing else as a serious long-term technical solution.
sounds like mob rule to me -- count me out. so, block me first, i guess? -- Paul Vixie
On Wed, 17 Sep 2003 04:27:05 -0000, Paul Vixie <vixie@vix.com> said:
speaking for f-root, we won't be cooperating with anything like that. we do not edit the zone files we serve. they come from iana, and if you want something different served, you'll have to talk to iana. i cannot speak for the other rootops but i suspect that their answers might be compatible with, if not downright similar to, f-root's.
Amen to that - the guys who run the *root* nameservers are not the problem. They get DDoSed, and even when not DDoSed, 98% of the stuff thrown at them is trash - and the servers keep going anyhow. The closest thing to a controversial hijacking in like 20 years has been one test by Postel. Yes, there's been issues with some TLDs regarding who the rightful registrar is, but that's IANA's call not the root nameservers. And there's been issues with the management of a TLD going bonzo in various ways - but again, that's not the fault of the root itself. Quite frankly, if the rest of the net ran as well and sanely as the guys who run the root nameservers, we'd all have lots lower blood pressures... ;)
On Tue, Sep 16, 2003 at 11:07:41AM -0700, Mike Damm wrote:
Who's up for creating a network of new gTLD servers? I'm sure it wouldn't be too hard to reconstruct 90% of the com/net zones from publicly available data (http://www.deleteddomains.com/newlist.shtml?cid=11673-11084 would be a good start). Constantly farming for missed zones, and maybe even querying the "real" servers for missing data. The updates would be a day or two behind the "real" zones, but once you got a good number of eyeballs looking to your servers instead of VeriSign's, you could probably convince quite a few registrars to start sending you updates too.
You can download the real zones if you want easily enough. Some years ago all this took was sending a few faxes. -- http://www.PowerDNS.com Open source, database driven DNS Software http://lartc.org Linux Advanced Routing & Traffic Control HOWTO
participants (7)
-
bert hubert
-
Daniel Karrenberg
-
E.B. Dreger
-
Mike Damm
-
Paul Vixie
-
Valdis.Kletnieks@vt.edu
-
William Allen Simpson