ICANN/GNSO GNSO Email List Archives

[ga]


<<< Chronological Index >>>    <<< Thread Index >>>

Re: [ga] Re: Root server traffic

  • To: Joe Baptista <baptista@xxxxxxxxxxxxxx>
  • Subject: Re: [ga] Re: Root server traffic
  • From: Andy Gardner <andy@xxxxxxxxxxxxxxx>
  • Date: Fri, 23 Nov 2007 13:24:29 -0600



This proves that CNNIC HAS added extra TLD's running parallel alongside the "approved" ICANN root.

Why has ICANN never said anything about this?

I understand that many ISP's outside China have added them as well, to cater for the Chinese people in their community? Tiscali?

Verisign's "Global Digital Brand Management Services" actually announced they were selling these TLD's in their news bulletin...

http://gnso.icann.org/mailing-lists/archives/council/msg02929.html

which was later edited to remove the evidence that they were TLD's. Quickly swept under the carpet.

What with the Arabic split root as well, it's clear that IDN TLD's have been tested for quite some time already, so why the need to re- test them again?

Add to that, ICANN's iTLD test breaking the "no variants allowed" rule requested by the CJK community (which Verisign follows) one must wonder just what the hell is going on here.

Can any country run a spilt root now?



On Nov 23, 2007, at 10:00 AM, Joe Baptista wrote:

The point here is that these are still fully functional tlds.

Technical example here. If we query the china root for the TLD
XN--55QX5D. - which represents one of the chinese TLDs we get this:

$ dig @a.dns.cn. XN--55QX5D. NS

; <<>> DiG 9.2.3 <<>> @a.dns.cn. XN--55QX5D. NS
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41
;; flags: qr aa rd; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 4

;; QUESTION SECTION:
;XN--55QX5D. IN NS

;; ANSWER SECTION:
XN--55QX5D. 7200 IN NS cdns3.cnnic.net.cn.
XN--55QX5D. 7200 IN NS cdns4.cnnic.net.cn.
XN--55QX5D. 7200 IN NS cdns5.cnnic.net.cn.
XN--55QX5D. 7200 IN NS hawk2.cnnic.net.cn.

;; ADDITIONAL SECTION:
cdns3.cnnic.net.cn. 600 IN A 210.52.214.86
cdns4.cnnic.net.cn. 600 IN A 61.145.114.120
cdns5.cnnic.net.cn. 600 IN A 61.139.76.55
hawk2.cnnic.net.cn. 600 IN A 159.226.6.185

;; Query time: 290 msec
;; SERVER: 203.119.25.1#53(a.dns.cn.)
;; WHEN: Fri Nov 23 10:42:49 2007
;; MSG SIZE rcvd: 184

The response is NOERROR. Thats means to any expert that the TLD does in
fact exist. No amount of ICANN buffunery is ever going to change that.
Because if we ask the ICANN servers the same question we get:

$ dig @a.root-servers.net. XN--55QX5D. NS

; <<>> DiG 9.2.3 <<>> @a.root-servers.net. XN--55QX5D. NS
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 41
;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;XN--55QX5D. IN NS

;; AUTHORITY SECTION:
. 86400 IN SOA A.ROOT-SERVERS.NET. NSTLD.VERISIGN-GRS.COM. 2007112300
1800 900 604800 86400

;; Query time: 60 msec
;; SERVER: 198.41.0.4#53(a.root-servers.net.)
;; WHEN: Fri Nov 23 10:46:53 2007
;; MSG SIZE rcvd: 103

And NXDOMAIN means in ICANN speak a bogus domain. It does not exist at
ICANN.





<<< Chronological Index >>>    <<< Thread Index >>>