<<<
Chronological Index
>>> <<<
Thread Index
>>>
[ga] naming basics
- To: Joe Baptista <baptista@xxxxxxxxxxxxxx>, Andy Gardner <andy@xxxxxxxxxxxxxxx>
- Subject: [ga] naming basics
- From: JFC Morfin <jefsey@xxxxxxxxxxxxxxxx>
- Date: Sat, 24 Nov 2007 02:52:08 +0100
Joe, Andy, Ram,
people here obviously see naming as something related to ICANN -
either a business or an area of responsiblity. This makes dificult
for them to understand if you are right or wrong, and to understand
why, for example, i-DNs is not a competitor but an ally of ICANN,
while Joe is an alernative to ICANN. You should first explain them
how naming (names, keywords, aliases, idns) technically works. What
is the TLD forest, what are the root and stub files. What are the
public (shared) and private root servers. What is the Internet from
different point of view (ICANN, IETF, users, etc.). Without any
politics. Just the technical bare facts. So, at least you can start
from clear basis.
The first thing they need to realise is that the DNS is 24 years old
and ICANN 8 years old. That ICANN has only introduced a very few of
the existing TLDs, far less than you in the alternative roots, me in
the legacy root, and thousands of people in private and virtual
systems. I think the first thing we can also advise them is to read
in detail the ICANN ICP-3 document
(http://www.icann.org/icp/icp-3.htm), and to try to understand why
ICANN can write: "In an ever-evolving Internet, ultimately there may
be better architectures for getting the job done where the need for a
single, authoritative root will not be an issue. But that is not the
case today. And the transition to such an architecture, should it
emerge, would require community-based approaches. In the interim,
responsible experimentation should be encouraged, but it should not
be done in a manner that affects those who do not consent after being
informed of the character of the experiment."
Also, they need to understand the "principle of constant change"
which is the basis of RFC 1958 which documents the architectural
principles of the internet. "In [the Internet] environment, some
architectural principles inevitably change. Principles that seemed
inviolable a few years ago are deprecated today. Principles that seem
sacred today will be deprecated tomorrow. The principle of constant
change is perhaps the only principle of the Internet that should
survive indefinitely. The purpose of this document is not, therefore,
to lay down dogma about how Internet protocols should be designed, or
even about how they should fit together. Rather, it is to convey
various guidelines that have been found useful in the past, and that
may be useful to those designing new protocols or evaluating such designs."
jfc
At 00:50 24/11/2007, Joe Baptista wrote:
Andy Gardner wrote:
This proves that CNNIC HAS added extra TLD's running parallel
alongside the "approved" ICANN root.
Why has ICANN never said anything about this?
They can't. Its an embarrassment to have to tell the world the
chinese are running an experimental root. Thats all they can say
when it comes to that BCP-3 Jefsey keeps going on about. But that
would cause the china to be insulted since the china national tld
system is no experiment and something the chinese are very proud
of. It is in full production. As is many other tld systems out
there. And of course ICANN can't call that an alternative root. So
ICANN who have known about this situation for years just ignores the chinese.
I understand that many ISP's outside China have added them as well,
to cater for the Chinese people in their community? Tiscali?
Tiscali was my client through UNIDT (now UnifiedRoot), INAIC and the
Public Root. I was the one who activated those tlds. At the time
I was involved they were pointing to the INAIC root. Tiscali now
uses the root provided by UnifiedRoot. UnifiedRoot dropped the
chinese national TLDs some time ago. So Tiscali no longer sees them.
What is very strange in all of this is that I heard from i-dns that
they carry only two of the chinese tlds. Thats all they have
agreements with the chinese government. The other one they can't
carry on the i-dns root.
The root I produce, the public root, an open root is fully inclusive
and sees all the chinese national tlds - as well as the national
tlds of numerous other countries. Not complete but growing as we
run tests to automate the system.
Verisign's "Global Digital Brand Management Services" actually
announced they were selling these TLD's in their news bulletin...
http://gnso.icann.org/mailing-lists/archives/council/msg02929.html
which was later edited to remove the evidence that they were TLD's.
Quickly swept under the carpet.
Of course. They are walking a very thin line carrying chinese
national tlds. Alot of people are carrying them.
Basically heres how it works for Verisign. They are making mega
buck with ICANN playing make believe ICANN is in charge while they
do business with the chinese. More mega buck. Thats all Verisign
cares for. But these are potentially dangerous mistresses who are
at odds with each other.
What with the Arabic split root as well, it's clear that IDN TLD's
have been tested for quite some time already, so why the need to
re- test them again?
The leaders were i-dns. with the chinese and arabs following
closely thereafter. Why the need to retest them? ICANN is in need
of a face lift and introducing IDNs is the way. They already know
they work so they launch them and take all the credit for testing
them. Its what ICANN does best - bullshit.
Add to that, ICANN's iTLD test breaking the "no variants allowed"
rule requested by the CJK community (which Verisign follows) one must
wonder just what the hell is going on here.
People want to make money on IDN TLDs and they are pushing ICANN to
get its act together. Its a lousy test too. If they really wanted
to run a test they could give away permanent test tlds. Instead one
of the largest root systems in town has set up numerous tlds and
pointed them more or less to one place.
Can any country run a spilt root now?
Lots of them already do. Turkey which I was involved in under INAIC
has a number of its own turkish tlds. They have banks, and large
corporations that run their own tlds. Bulgaria - i think thats the
country was originally tested via the cesidianroot and now is on the
i-dns system. Lots of ISPs and countries use i-dns. The arabs have
their own closed system between a few countries. Not all of the
arab countries participate.
People are not waiting for ICANN. Innovation marches past the dead
dinosour that is ICANN.
But the real question is - where do these roots send their trash -
i.e. error traffic at the root server? I'm not sure I known all the
answers - but as far as the chinese are concerned they send their
trash right back to ICANN where it belongs. And I think that is
very appropriate and totally cute of the chinese. The errors
created by ICANN or users are send back to ICANN by the china
root. Its really cool. If the china root is queried for a tld it
does not know, they just ship it to ICANN, they respond NOERROR and
then pass the error or ICANN TLD on to the ICANN root servers, which
then responds NXDOMAIN or NOERROR depending on ICANN.
Example - if we ask the china root for a non existent domain - like
the ICANN-ROOT-IS-A-TRASH-CAN or a real ICANN TLD we get this (I'll
use the trash TLD can example for this test).
$ dig @a.dns.cn. ICANN-ROOT-IS-A-TRASH-CAN. NS
; <<>> DiG 9.2.3 <<>> @a.dns.cn. ICANN-ROOT-IS-A-TRASH-CAN. NS
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 13, ADDITIONAL: 13
;; QUESTION SECTION:
;ICANN-ROOT-IS-A-TRASH-CAN. IN NS
;; AUTHORITY SECTION:
. 266088 IN NS J.ROOT-SERVERS.NET.
. 266088 IN NS K.ROOT-SERVERS.NET.
. 266088 IN NS L.ROOT-SERVERS.NET.
. 266088 IN NS M.ROOT-SERVERS.NET.
. 266088 IN NS A.ROOT-SERVERS.NET.
. 266088 IN NS B.ROOT-SERVERS.NET.
. 266088 IN NS C.ROOT-SERVERS.NET.
. 266088 IN NS D.ROOT-SERVERS.NET.
. 266088 IN NS E.ROOT-SERVERS.NET.
. 266088 IN NS F.ROOT-SERVERS.NET.
. 266088 IN NS G.ROOT-SERVERS.NET.
. 266088 IN NS H.ROOT-SERVERS.NET.
. 266088 IN NS I.ROOT-SERVERS.NET.
;; ADDITIONAL SECTION:
A.ROOT-SERVERS.NET. 352488 IN A 198.41.0.4
B.ROOT-SERVERS.NET. 352488 IN A 192.228.79.201
C.ROOT-SERVERS.NET. 352488 IN A 192.33.4.12
D.ROOT-SERVERS.NET. 352488 IN A 128.8.10.90
E.ROOT-SERVERS.NET. 352488 IN A 192.203.230.10
F.ROOT-SERVERS.NET. 352488 IN A 192.5.5.241
G.ROOT-SERVERS.NET. 352488 IN A 192.112.36.4
H.ROOT-SERVERS.NET. 352488 IN A 128.63.2.53
I.ROOT-SERVERS.NET. 352488 IN A 192.36.148.17
J.ROOT-SERVERS.NET. 352488 IN A 192.58.128.30
K.ROOT-SERVERS.NET. 352488 IN A 193.0.14.129
L.ROOT-SERVERS.NET. 352488 IN A 199.7.83.42
M.ROOT-SERVERS.NET. 352488 IN A 202.12.27.33
;; Query time: 240 msec
;; SERVER: 203.119.25.1#53(a.dns.cn.)
;; WHEN: Fri Nov 23 18:43:07 2007
;; MSG SIZE rcvd: 462
Its funny they send everything including the trash to ICANN, but of
course ICANN does not realize its a trash can - so it responds accordingly.
Is it any surprise the error rate at the ICANN root is so high. I think not.
cheers
joe baptista
On Nov 23, 2007, at 10:00 AM, Joe Baptista wrote:
The point here is that these are still fully functional tlds.
Technical example here. If we query the china root for the TLD
XN--55QX5D. - which represents one of the chinese TLDs we get this:
$ dig @a.dns.cn. XN--55QX5D. NS
; <<>> DiG 9.2.3 <<>> @a.dns.cn. XN--55QX5D. NS
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41
;; flags: qr aa rd; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 4
;; QUESTION SECTION:
;XN--55QX5D. IN NS
;; ANSWER SECTION:
XN--55QX5D. 7200 IN NS cdns3.cnnic.net.cn.
XN--55QX5D. 7200 IN NS cdns4.cnnic.net.cn.
XN--55QX5D. 7200 IN NS cdns5.cnnic.net.cn.
XN--55QX5D. 7200 IN NS hawk2.cnnic.net.cn.
;; ADDITIONAL SECTION:
cdns3.cnnic.net.cn. 600 IN A 210.52.214.86
cdns4.cnnic.net.cn. 600 IN A 61.145.114.120
cdns5.cnnic.net.cn. 600 IN A 61.139.76.55
hawk2.cnnic.net.cn. 600 IN A 159.226.6.185
;; Query time: 290 msec
;; SERVER: 203.119.25.1#53(a.dns.cn.)
;; WHEN: Fri Nov 23 10:42:49 2007
;; MSG SIZE rcvd: 184
The response is NOERROR. Thats means to any expert that the TLD does in
fact exist. No amount of ICANN buffunery is ever going to change that.
Because if we ask the ICANN servers the same question we get:
$ dig @a.root-servers.net. XN--55QX5D. NS
; <<>> DiG 9.2.3 <<>> @a.root-servers.net. XN--55QX5D. NS
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 41
;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;XN--55QX5D. IN NS
;; AUTHORITY SECTION:
. 86400 IN SOA A.ROOT-SERVERS.NET. NSTLD.VERISIGN-GRS.COM. 2007112300
1800 900 604800 86400
;; Query time: 60 msec
;; SERVER: 198.41.0.4#53(a.root-servers.net.)
;; WHEN: Fri Nov 23 10:46:53 2007
;; MSG SIZE rcvd: 103
And NXDOMAIN means in ICANN speak a bogus domain. It does not exist at
ICANN.
--
Joe Baptista www.publicroot.org
PublicRoot Consortium
----------------------------------------------------------------
The future of the Internet is Open, Transparent, Inclusive,
Representative & Accountable to the Internet community @large.
----------------------------------------------------------------
Office: +1 (202) 517-1593
Fax: +1 (509) 479-0084
<<<
Chronological Index
>>> <<<
Thread Index
>>>
|