Re: KPNQwest ns.eu.net server.
In message <200206061624.40230.dani@intelideas.com>, Daniel Concepcion writes:
Yes Neil,
It should be interesting to know the 'official' requirements/recommendations for ccTLD's hosting For example: diversity geographical, network needs, security needs, building environment., etc
I don't know of any official requirements. But RFCs 2182 and 2870 offer good guidance. (Some of 2870 is root zone-specific, but most of it would apply to a ccTLD server.) --Steve Bellovin, http://www.research.att.com/~smb (me) http://www.wilyhacker.com ("Firewalls" book)
On Thu, Jun 06, 2002 at 02:12:36PM -0400, Steven M. Bellovin wrote:
In message <200206061624.40230.dani@intelideas.com>, Daniel Concepcion writes:
Yes Neil,
It should be interesting to know the 'official' requirements/recommendations for ccTLD's hosting For example: diversity geographical, network needs, security needs, building environment., etc
I don't know of any official requirements. But RFCs 2182 and 2870 offer good guidance. (Some of 2870 is root zone-specific, but most of it would apply to a ccTLD server.)
Unfortunately most of the ccTLD nameserver operators ignore 2870 (including one of the authors...)
In message <200206061624.40230.dani@intelideas.com>, Daniel Concepcion writes:
Yes Neil,
It should be interesting to know the 'official' requirements/recommendations for ccTLD's hosting For example: diversity geographical, network needs, security needs, building environment., etc
I don't know of any official requirements. But RFCs 2182 and 2870 offer good guidance. (Some of 2870 is root zone-specific, but most of it would apply to a ccTLD server.)
--Steve Bellovin, http://www.research.att.com/~smb (me)
It is perhaps instructive to note that when RFC 2870 was written, (most of) the roots also hosted COM,NET,ORG. Considered properly, RFC 2870 is more targeted toward gTLD servers. ccTLDs have a moderately different focus, while root servers are distinct from either in their requirements. --bill
On Thu, Jun 06, 2002 at 07:53:49PM +0000, bmanning@karoshi.com wrote: ...
I don't know of any official requirements. But RFCs 2182 and 2870 offer good guidance. (Some of 2870 is root zone-specific, but most of it would apply to a ccTLD server.)
--Steve Bellovin, http://www.research.att.com/~smb (me)
It is perhaps instructive to note that when RFC 2870 was written, (most of) the roots also hosted COM,NET,ORG. Considered properly, RFC 2870 is more targeted toward gTLD servers. ccTLDs have a moderately different focus, while root servers are distinct from either in their requirements.
So how does the operation of gTLD servers differ from ccTLD servers, other than perhaps more focus on geographical diversity?
On Thu, Jun 06, 2002 at 07:53:49PM +0000, bmanning@karoshi.com wrote: ...
I don't know of any official requirements. But RFCs 2182 and 2870 offer good guidance. (Some of 2870 is root zone-specific, but most of it would apply to a ccTLD server.)
--Steve Bellovin, http://www.research.att.com/~smb (me)
It is perhaps instructive to note that when RFC 2870 was written, (most of) the roots also hosted COM,NET,ORG. Considered properly, RFC 2870 is more targeted toward gTLD servers. ccTLDs have a moderately different focus, while root servers are distinct from either in their requirements.
So how does the operation of gTLD servers differ from ccTLD servers, other than perhaps more focus on geographical diversity?
number and distributions of registrations, legacy considerations that may reflect on legal issues, local policy issues that off the top of my head. .com vs .um -- for example. --bill
On Fri, Jun 07, 2002 at 03:17:51AM +0000, bmanning@karoshi.com wrote: ...
So how does the operation of gTLD servers differ from ccTLD servers, other than perhaps more focus on geographical diversity?
number and distributions of registrations, legacy considerations that may reflect on legal issues, local policy issues that off the top of my head.
.com vs .um -- for example.
number and distribution of registrations maybe - that comes down to number and sizing of servers and geography/network diversity, the others are at best operational concerns for the backend, not for the "frontend" DNS servers. Taking RFC 2870, why wouldn't all of section 2 and most of section 3 and section 4 be applicable to both gTLD and ccTLD servers (changing root zone and IANA as appropriate)?
number and distribution of registrations maybe - that comes down to number and sizing of servers and geography/network diversity, the others are at best operational concerns for the backend, not for the "frontend" DNS servers.
backend/frontend?
Taking RFC 2870, why wouldn't all of section 2 and most of section 3 and section 4 be applicable to both gTLD and ccTLD servers (changing root zone and IANA as appropriate)?
sure, you could take those sections as a starting point. But why stop at TLDs? Why not make this applicable to -ALL- dns servers? The problem we tried to tackle with RFC 2010, and apparently not well considered by the authors of RFC 2870 is the difficulty of segmenting system availabilty from operations. So to clarify, are you talking about the server operations or are you talking about availability of the zone? RFC 2870 muddies the waters here. You seem to be leaning toward ensuring availablity. RFC 2010 attempted to make the distinction. gTLD servers, today, have an operational requirement to run on 64bit hardware. Few if any ccTLDs have that as a requirement. The root servers may not see that requirement until 2038 or so... In any case, RFC 2870 is getting long in the tooth and
On Fri, 07 Jun 2002 12:18:19 -0000, bmanning@karoshi.com said:
sure, you could take those sections as a starting point. But why stop at TLDs? Why not make this applicable to -ALL- dns servers?
Mighty fine pharmaceuticals you got there. ;) I'd settle for a requirement that dns servers have *basic* configuration correct - I mean, is it *that* hard to avoid lame delegations and typos in the SOA or NS records? -- Valdis Kletnieks Computer Systems Senior Engineer Virginia Tech
Valdis.Kletnieks@vt.edu wrote:
I mean, is it *that* hard to avoid lame delegations and typos in the SOA or NS records?
apparently -- Eric A. Hall http://www.ehsco.com/ Internet Core Protocols http://www.oreilly.com/catalog/coreprot/
On Fri, Jun 07, 2002 at 08:36:21AM -0400, Valdis.Kletnieks@vt.edu wrote:
I'd settle for a requirement that dns servers have *basic* configuration correct - I mean, is it *that* hard to avoid lame delegations and typos in the SOA or NS records?
Don't even get me started on typos in the delegation records at the TLD servers (entered by the registrants at least) there are currently 112 domains in .com alone with at least one incorrect NS record pointing at my nameservers.
Don't even get me started on typos in the delegation records at the TLD servers (entered by the registrants at least) there are currently 112 domains in .com alone with at least one incorrect NS record pointing at my nameservers.
@ MX 0 lame.delegation.to.<hostname>. * MX 0 lame.delegation.to.<hostname>. randy
Yo John! On Fri, 7 Jun 2002, John Payne wrote:
Don't even get me started on typos in the delegation records at the TLD servers (entered by the registrants at least) there are currently 112 domains in .com alone with at least one incorrect NS record pointing at my nameservers.
There is an easy tool I use to fix that. Just put up a zone file for them on your NS that points their www to www.playboy.com. This gets action fast! RGDS GARY --------------------------------------------------------------------------- Gary E. Miller Rellim 20340 Empire Blvd, Suite E-3, Bend, OR 97701 gem@rellim.com Tel:+1(541)382-8588 Fax: +1(541)382-8676
On Fri, Jun 07, 2002 at 11:48:24AM -0700, Gary E. Miller wrote:
Yo John!
On Fri, 7 Jun 2002, John Payne wrote:
Don't even get me started on typos in the delegation records at the TLD servers (entered by the registrants at least) there are currently 112 domains in .com alone with at least one incorrect NS record pointing at my nameservers.
There is an easy tool I use to fix that. Just put up a zone file for them on your NS that points their www to www.playboy.com. This gets action fast!
Not when the domains are just registered for cybersquatting (the other problem). I have done something similar to what you suggest (but without targetting an innocent thirdparty)... see http://www.chairtime.com/ as an example. The abuse and legal threats were amusing to start with, but they're getting boring now - I'd much rather just pull the glue records and break those domains hard (nothing legitimate has ever been on those nameservers)
On Fri, 7 Jun 2002, Gary E. Miller wrote:
Yo John!
There is an easy tool I use to fix that. Just put up a zone file for them on your NS that points their www to www.playboy.com. This gets action fast!
I think pointing it to www.poopsex.com would be far more entertaining. Charles
RGDS GARY --------------------------------------------------------------------------- Gary E. Miller Rellim 20340 Empire Blvd, Suite E-3, Bend, OR 97701 gem@rellim.com Tel:+1(541)382-8588 Fax: +1(541)382-8676
participants (8)
-
bmanning@karoshi.com -
Charles Sprickman -
Eric A. Hall -
Gary E. Miller -
John Payne -
Randy Bush -
Steven M. Bellovin -
Valdis.Kletnieks@vt.edu