From: Miles Fidelman [mailto:mfidelman@civicnet.org] Sent: Friday, March 16, 2001 5:38 AM
On Thu, 15 Mar 2001, Patrick Greenwell wrote:
On Thu, 15 Mar 2001, Miles Fidelman wrote:
At some point cooperation has to yield to due process - at least that's the history of society to date. Unless there's a major change to the Internet infrastructure, we need DNS to function reliably, and that requires that the root nameservers behave the way they're supposed to.
I don't see any problem with anything you have said. I think the difficulty comes when I tell you that the root servers I choose to use are operating fine, and you attempt to tell me that I have to use yours.
For the Internet to work, at least with currently accepted DNS standards, everyone has to use the same root servers. Otherwise things can rapidly degenerate into chaos. The whole point of law and due process is that a duly authorized somebody has to have the authority to insist that everyone use the same root servers.
Two problems; Who does the authorization? ... and US Constitution. There is also the not-so-small problem of global enforcement, of such a draconian measure. I'm not unsympathetic to folks paying for heldesks. But, you're gonna get those calls anyway. You may even be getting them now. Is this any different than lusers asking why their machine doesn't work ... during a blackout? You've been living in the regulated side of the telco business far too long.
On Fri, 16 Mar 2001, Roeland Meyer wrote:
Two problems; Who does the authorization? ... and US Constitution. There is also the not-so-small problem of global enforcement, of such a draconian measure.
well... there are international bodies that handle other telecommunications matters ************************************************************************** The Center for Civic Networking PO Box 600618 Miles R. Fidelman, President & Newtonville, MA 02460-0006 Director, Municipal Telecommunications Strategies Program 617-558-3698 fax: 617-630-8946 mfidelman@civicnet.org http://civic.net/ccn.html Information Infrastructure: Public Spaces for the 21st Century Let's Start With: Internet Wall-Plugs Everywhere Say It Often, Say It Loud: "I Want My Internet!" **************************************************************************
well... there are international bodies that handle other telecommunications matters
And one of the primary reasons the Internet exists in the open and transparent form it does today is because those bodies (CCITT->ITU-T etc.) have not been involved in most of the research and engineering. On the other hand, the 'net is now so ubiquitous that maybe maturity brings that level of self-interest based regulation. Peter
Two problems; Who does the authorization? ... and US Constitution. There is also the not-so-small problem of global enforcement, of such a draconian measure. well... there are international bodies that handle other telecommunications matters
known for agility, rapid advancement of customer perceived service, low overhead, and other great social goods.
OK here's an idea, everybody: Since new.net (and others) seem to want to blatantly ignore the standards set forth by the IETF, ICANN, and others, why don't we "bend" the standards and stack the deck in our own favor? Let's all make our own DNS servers authoritative for "new.net." And, to prevent people from finding out the IP addresses and getting to new.net that way, either blackhole the routes, or add host routes on your LAN that points to some www server/page that points out why what new.net is doing is a Bad Thing. We need new TLDs in order to support the growth of the internet. However, we don't need to do it the way new.net is, and they need to be nipped in the bud. Jeff -- "...and the burnt fool's bandaged finger goes wobbling back to the fire." -Joe Zeff in the SDM.
Since new.net is a perfectly legitimate domain under the rules that you support, I think black holing that domain or their routes would be a Bad Idea. You could however make your nameservers authoritative for every 1,2,3 and 4 character TLD not in the standard root.zone to prevent private TLD leakage into your network (from any source). As an experiment I created a named.conf stub that can be appended to a regular named.conf file and a sample generic zone file that can be used once for all of the private TLD's: http://kl.net/tld/ (the sample zone file is called 'a' to minimize the size of the named.conf file). Unfortunately, it's 58 Megs so it wouldn't be practical to use on all but the beefiest nameservers. Perhaps there should be an RFC for "private TLD" namespace like RFC1918. KL Jeff Workman wrote:
OK here's an idea, everybody:
Since new.net (and others) seem to want to blatantly ignore the standards set forth by the IETF, ICANN, and others, why don't we "bend" the standards and stack the deck in our own favor? Let's all make our own DNS servers authoritative for "new.net." And, to prevent people from finding out the IP addresses and getting to new.net that way, either blackhole the routes, or add host routes on your LAN that points to some www server/page that points out why what new.net is doing is a Bad Thing.
We need new TLDs in order to support the growth of the internet. However, we don't need to do it the way new.net is, and they need to be nipped in the bud.
Jeff
-- "...and the burnt fool's bandaged finger goes wobbling back to the fire." -Joe Zeff in the SDM.
At 12:06 PM 3/16/01 -0500, Jeff Workman wrote:
Since new.net (and others) seem to want to blatantly ignore the standards set forth by the IETF, ICANN, and others, why don't we "bend" the standards and stack the deck in our own favor? Let's all make our own DNS servers authoritative for "new.net." And, to prevent people from finding out the IP addresses and getting to new.net that way, either blackhole the routes, or add host routes on your LAN that points to some www server/page that points out why what new.net is doing is a Bad Thing.
Send us all a postcard from prison, OK: 4. Stability of the root zone and criminal consequences It should be recognized that in the United States, altering DNS records to the detriment of a pre-existing organization is covered under federal computer fraud statute, 18 United States Code, Section 1030[6]. As a result, criminal convictions have resulted from the alteration of DNS information[7]. Most countries now have similar laws. http://www.ietf.org/internet-drafts/draft-higgs-root-defs-00.txt [7] U.S. vs. Kashpureff (NY) http://www.usdoj.gov/criminal/cybercrime/kashpurepr.htm
We need new TLDs in order to support the growth of the internet. However, we don't need to do it the way new.net is, and they need to be nipped in the bud.
So instead of wasting energy making the case against you for the prosecution, why don't you use that energy productively in this situation? New.net already know this. They don't yet know how to go about it. Best Regards, Simon Higgs -- It's a feature not a bug...
Stoned koala bears drooled eucalyptus spit in awe as Simon Higgs exclaimed:
At 12:06 PM 3/16/01 -0500, Jeff Workman wrote:
4. Stability of the root zone and criminal consequences
It should be recognized that in the United States, altering DNS records to the detriment of a pre-existing organization is covered under federal computer fraud statute, 18 United States Code, Section 1030[6]. As a result, criminal convictions have resulted from the alteration of DNS information[7]. Most countries now have similar laws.
I don't recall saying squat about modifying the root zone. I was referring to local nameservers that are under your (or my) administrative control. Tell me how this is any different than "content filtering" packages that are in use today (X-Stop comes to mind.) Sure, the underlying mechanism is different, but the result is the same. User tries to access a site that is administratively prohibited, and is redirected to a local web page explaining to them why. Are we going to prosecute all of these organizations now? If it's *my* DNS server running on *my* equipment using *my* bandwidth, then I can do whatever I want to with it, right? Just as long as I don't try any cache poisoning foo or otherwise propagate my authoritative 'new.net' zone to other DNS servers that aren't under my administrative control.
So instead of wasting energy making the case against you for the prosecution, why don't you use that energy productively in this situation? New.net already know this. They don't yet know how to go about it.
Why doesn't new.net start sending me monthly paychecks? Since they're *all* about money, then if I am going to help them get their business off the ground, then where's mine? Jeff -- "...and the burnt fool's bandaged finger goes wobbling back to the fire." -Joe Zeff in the SDM.
[OFF THE RECORD, UNOFFICIAL] I see an administrative nightmare in allowing anyone to create their own t gTLD and it would cause a security problem beyond comprehension. I believe everyone must come together on this and move to the next level and decide an what gTLD'S will be allowable and acceptable by everyone without as much as a whimper. I can see from the last 600 emails that this has really touched a sore spot, once the agreement on the gTLD's has been reached then it will have to be presented to ICANN. If you must rant at me please do it privately not on the NANOG list, this would serve no useful purpose and I would wind up losing a potentially valuable human source of information. I am simply wanting to diffuse the current rant and get to a level where this can be worked out for everyone's benefit and that no one is king of the hill, and to eliminate any jealousy. Jeff Workman wrote:
Stoned koala bears drooled eucalyptus spit in awe as Simon Higgs exclaimed:
At 12:06 PM 3/16/01 -0500, Jeff Workman wrote:
4. Stability of the root zone and criminal consequences
It should be recognized that in the United States, altering DNS records to the detriment of a pre-existing organization is covered under federal computer fraud statute, 18 United States Code, Section 1030[6]. As a result, criminal convictions have resulted from the alteration of DNS information[7]. Most countries now have similar laws.
I don't recall saying squat about modifying the root zone. I was referring to local nameservers that are under your (or my) administrative control. Tell me how this is any different than "content filtering" packages that are in use today (X-Stop comes to mind.) Sure, the underlying mechanism is different, but the result is the same. User tries to access a site that is administratively prohibited, and is redirected to a local web page explaining to them why. Are we going to prosecute all of these organizations now?
If it's *my* DNS server running on *my* equipment using *my* bandwidth, then I can do whatever I want to with it, right? Just as long as I don't try any cache poisoning foo or otherwise propagate my authoritative 'new.net' zone to other DNS servers that aren't under my administrative control.
So instead of wasting energy making the case against you for the prosecution, why don't you use that energy productively in this situation? New.net already know this. They don't yet know how to go about it.
Why doesn't new.net start sending me monthly paychecks? Since they're *all* about money, then if I am going to help them get their business off the ground, then where's mine?
Jeff
-- "...and the burnt fool's bandaged finger goes wobbling back to the fire." -Joe Zeff in the SDM.
-- Thank you; |---------------------------------| | Thinking is a learned process. | | ICANN member @large | | Gigabit over IP, ieee 802.17 | | working group | | Resilient Packet Transport | | http://www.luminousnetworks.com | |---------------------------------| Henry R. Linneweh
TLD Finder Tools (collision avoidance tools) are available for people to see which TLDs are already "in play": ORSC have a Top Level Domain Finder which queries the ORSC root zone: http://tldfind.open-rsc.org/ Planet Communications & Computing Facility (PCCF - who run the .GOD registry) have a TLD Finder which queries multiple roots: http://www.pccf.net/cgi-bin/root-servers/whereis-tld?+ Best Regards, Simon Higgs -- It's a feature not a bug...
And this, I think, is the most salient operational point made so far in this discussion. Many thanks. Simon Higgs wrote:
TLD Finder Tools (collision avoidance tools) are available for people to see which TLDs are already "in play":
ORSC have a Top Level Domain Finder which queries the ORSC root zone: http://tldfind.open-rsc.org/
Planet Communications & Computing Facility (PCCF - who run the .GOD registry) have a TLD Finder which queries multiple roots: http://www.pccf.net/cgi-bin/root-servers/whereis-tld?+
Best Regards,
Simon Higgs
-- It's a feature not a bug...
-- ------------------------------------------------------------ Roland Dobbins <rdobbins@netmore.net> // 408.859.4137 voice
Simon Higgs <simon@higgs.com> wrote: On Sunday, March 18, 2001 8:12 AM (AEST)
TLD Finder Tools (collision avoidance tools) are available for people to see which TLDs are already "in play":
ORSC have a Top Level Domain Finder which queries the ORSC root zone: http://tldfind.open-rsc.org/
Planet Communications & Computing Facility (PCCF - who run the .GOD registry) have a TLD Finder which queries multiple roots: http://www.pccf.net/cgi-bin/root-servers/whereis-tld?+
AlterNIC's newest tool http://www.alternic.org/tldfinder.html
Best Regards,
Simon Higgs
You too Patrick Corliss
the collisions dont seem to be being avoided Checking (AlterNIC) nameserver ny.alternic.org for .SHOP SHOP. in ns BERK.SERV.NIC.INFO Checking (NEWNET) nameserver ns0.newdotnet.net for .SHOP SHOP. in ns UDNS1.NEWDOTNET.NET Checking (NS) nameserver ns.autono.net for .SHOP SHOP. in ns ALLADIN.DDS.NL See - you open it up and it all falls apart These "finder tools" are bobbins, they just query against a botched together list of servers. .. also ORSC sounds techie friendly - it has the word open in so it must be good - but c'mon theres no difference between it and new.net or whoever? having said that maybe it would be better than icann.. only problem is who has to give them the authority and make everyone abide by it? Steve On Sun, 18 Mar 2001, Patrick Corliss wrote:
Simon Higgs <simon@higgs.com> wrote: On Sunday, March 18, 2001 8:12 AM (AEST)
TLD Finder Tools (collision avoidance tools) are available for people to see which TLDs are already "in play":
ORSC have a Top Level Domain Finder which queries the ORSC root zone: http://tldfind.open-rsc.org/
Planet Communications & Computing Facility (PCCF - who run the .GOD registry) have a TLD Finder which queries multiple roots: http://www.pccf.net/cgi-bin/root-servers/whereis-tld?+
AlterNIC's newest tool http://www.alternic.org/tldfinder.html
On Fri, Mar 16, 2001 at 08:45:48AM -0800, Roeland Meyer wrote:
I'm not unsympathetic to folks paying for heldesks. But, you're gonna get those calls anyway. You may even be getting them now. Is this any different than lusers asking why their machine doesn't work ... during a blackout?
Well, we're on the right track here. At least new.net's attempt is starting to be classified as an outage. :) -c
participants (13)
-
Clayton Fiske
-
Henry R. Linneweh
-
Jeff Workman
-
Kevin Loch
-
Miles Fidelman
-
Neil J. McRae
-
Patrick Corliss
-
Peter Galbavy
-
Randy Bush
-
Roeland Meyer
-
Roland Dobbins
-
Simon Higgs
-
Stephen J. Wilcox