Re: [ga] Re: Root server traffic

[Andy Gardner <andy@xxxxxxxxxxxxxxx>]

This proves that CNNIC HAS added extra TLD's running parallel  
alongside the "approved" ICANN root.
Why has ICANN never said anything about this?

I understand that many ISP's outside China have added them as well,  
to cater for the Chinese people in their community? Tiscali?
Verisign's "Global Digital Brand Management Services" actually  
announced they were selling these TLD's in their news bulletin...
http://gnso.icann.org/mailing-lists/archives/council/msg02929.html

which was later edited to remove the evidence that they were TLD's.  
Quickly swept under the carpet.
What with the Arabic split root as well, it's clear that IDN TLD's  
have been tested for quite some time already, so why the need to re- 
test them again?
Add to that, ICANN's iTLD test breaking the "no variants allowed"  
rule requested by the CJK community (which Verisign follows) one must  
wonder just what the hell is going on here.
Can any country run a spilt root now?



On Nov 23, 2007, at 10:00 AM, Joe Baptista wrote:

> The point here is that these are still fully functional tlds.
>
> Technical example here. If we query the china root for the TLD
> XN--55QX5D. - which represents one of the chinese TLDs we get this:
>
> $ dig @a.dns.cn. XN--55QX5D. NS
>
> ; <<>> DiG 9.2.3 <<>> @a.dns.cn. XN--55QX5D. NS
> ;; global options: printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41
> ;; flags: qr aa rd; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 4
>
> ;; QUESTION SECTION:
> ;XN--55QX5D. IN NS
>
> ;; ANSWER SECTION:
> XN--55QX5D. 7200 IN NS cdns3.cnnic.net.cn.
> XN--55QX5D. 7200 IN NS cdns4.cnnic.net.cn.
> XN--55QX5D. 7200 IN NS cdns5.cnnic.net.cn.
> XN--55QX5D. 7200 IN NS hawk2.cnnic.net.cn.
>
> ;; ADDITIONAL SECTION:
> cdns3.cnnic.net.cn. 600 IN A 210.52.214.86
> cdns4.cnnic.net.cn. 600 IN A 61.145.114.120
> cdns5.cnnic.net.cn. 600 IN A 61.139.76.55
> hawk2.cnnic.net.cn. 600 IN A 159.226.6.185
>
> ;; Query time: 290 msec
> ;; SERVER: 203.119.25.1#53(a.dns.cn.)
> ;; WHEN: Fri Nov 23 10:42:49 2007
> ;; MSG SIZE rcvd: 184
>
> The response is NOERROR. Thats means to any expert that the TLD  
> does in
> fact exist. No amount of ICANN buffunery is ever going to change that.
> Because if we ask the ICANN servers the same question we get:
>
> $ dig @a.root-servers.net. XN--55QX5D. NS
>
> ; <<>> DiG 9.2.3 <<>> @a.root-servers.net. XN--55QX5D. NS
> ;; global options: printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 41
> ;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
>
> ;; QUESTION SECTION:
> ;XN--55QX5D. IN NS
>
> ;; AUTHORITY SECTION:
> . 86400 IN SOA A.ROOT-SERVERS.NET. NSTLD.VERISIGN-GRS.COM. 2007112300
> 1800 900 604800 86400
>
> ;; Query time: 60 msec
> ;; SERVER: 198.41.0.4#53(a.root-servers.net.)
> ;; WHEN: Fri Nov 23 10:46:53 2007
> ;; MSG SIZE rcvd: 103
>
> And NXDOMAIN means in ICANN speak a bogus domain. It does not exist at
> ICANN.