Re: [ga] Re: Resolving .gov w/dnssec

[Hugh Dierker <hdierker2204@xxxxxxxxx>]

Joe,
 
My exchange student nephew from developing country Vietnam asked me just the 
other day - "should we be mad at people who are ignorant?"  I had to check my 
natural tendency to say YES!  So we discussed the setting and the Res Gestae of 
his question. And this was a prestigious private University here in San Diego, 
for graduates. So the answer was not yes but HELL YES.
 
Same shoe fits with these dnssec and SAIC folks. If we allow wealth, prestige, 
laurels and appointed position to justify mental poverty then we are headed for 
the fall of Rome.  Somehow the technocrats have become a new royalty. And they 
are quickly outspending their capacity to innovate and produce. What is left is 
a sort of Taxation without representation and as you referenced a combination 
slavery of mind and technology.
 
That brings us to the inevitable:  Bad things happen when good women do nothing.

--- On Fri, 4/23/10, Joe Baptista <baptista@xxxxxxxxxxxxxx> wrote:


From: Joe Baptista <baptista@xxxxxxxxxxxxxx>
Subject: Re: [ga] Re: Resolving .gov w/dnssec
To: "Hugh Dierker" <hdierker2204@xxxxxxxxx>
Cc: cet1@xxxxxxxxx, "ga@xxxxxxxxxxxxxx >> GA" <ga@xxxxxxxxxxxxxx>, "Paul 
Wouters" <paul@xxxxxxxxxxxxx>, "Bind Users Mailing List" 
<bind-users@xxxxxxxxxxxxx>, "Timothe Litt" <litt@xxxxxxx>
Date: Friday, April 23, 2010, 8:22 AM





On Fri, Apr 23, 2010 at 12:15 AM, Hugh Dierker <hdierker2204@xxxxxxxxx> wrote:






Fair trade is necessary trade. Unnecessary tradeoffs are lame. 

I agree. It is a tradeoff and not fair trade.
 





These problems are not necessary -- except that they are within the given 
framework of lack of motivation to do better.  It comes down to this, if we set 
our standards outside of competitive models there is no incentive to do 
better.  ICANN, the Dnssec and this SAIC are working within government 
sanctioned slobbery, both intellectual and economic slobbery.  I used to think 
it was snobbery, now I know it is a laziness born of shovel leaning 
bureaucrats. You may be kind and call it "make work" but would you call 
intentional fraud "make work"? Buggy whips and Railroad fireman is what this is.

Again I agree. DNSSEC is a snow job by committee.  SAIC is a joke.  "I" root 
server in Beijing is still down. Where is SAIC on that.
 





 
The plan I am putting together for the inculsives will generate some new fire 
under the pants of these obstructionists and they will find that a better 
mousetrap can be built.

Thank you - I and my TLD holders thank you.

regards
joe baptista

 






 


--- On Thu, 4/22/10, Joe Baptista <baptista@xxxxxxxxxxxxxx> wrote:


From: Joe Baptista <baptista@xxxxxxxxxxxxxx>
Subject: [ga] Re: Resolving .gov w/dnssec
To: cet1@xxxxxxxxx, "ga@xxxxxxxxxxxxxx >> GA" <ga@xxxxxxxxxxxxxx>
Cc: "Paul Wouters" <paul@xxxxxxxxxxxxx>, "Bind Users Mailing List" 
<bind-users@xxxxxxxxxxxxx>, "Timothe Litt" <litt@xxxxxxx>
Date: Thursday, April 22, 2010, 8:07 AM


Looks like the future of the DNSSEC make work project includes resolution 
failures here and there. More security - less stability - guaranteed slavery. I 
wounder if it's a fair trade.

we'll see ..
regards
joe baptista


On Thu, Apr 22, 2010 at 10:52 AM, Chris Thompson <cet1@xxxxxxxxx> wrote:


On Apr 22 2010, Paul Wouters wrote:


On Thu, 22 Apr 2010, Timothe Litt wrote:


I'm having trouble resolving uspto.gov with bind 9.6.1-P3 and 9.6-ESV
configured as valdidating resolvers.

Using dig, I get a connection timeout error after a long (~10 sec) delay.
+cdflag provides an immediate response.


Is anyone else seeing this?  Ideas on how to troubleshoot?

I have the same problems with our validating unbound instance. 

I suspect that this has to do with

 dig +dnssec +norec dnskey uspto.gov @dns1.uspto.gov.
 dig +dnssec +norec dnskey uspto.gov @sns2.uspto.gov.

failing with timeouts, while   dig +dnssec +norec +vc dnskey uspto.gov 
@dns1.uspto.gov.
 dig +dnssec +norec +vc dnskey uspto.gov @dns2.uspto.gov.

work fine ... with a 1736-byte answer. Probably the fragmented
UDP response is getting lost somewhere near the authoritative
servers themselves.

-- 
Chris Thompson
Email: cet1@xxxxxxxxx 




_______________________________________________
bind-users mailing list
bind-users@xxxxxxxxxxxxx
https://lists.isc.org/mailman/listinfo/bind-users






-- 
Joe Baptista

www.publicroot.org
PublicRoot Consortium
----------------------------------------------------------------
The future of the Internet is Open, Transparent, Inclusive, Representative & 
Accountable to the Internet community @large.
----------------------------------------------------------------
 Office: +1 (360) 526-6077 (extension 052)
    Fax: +1 (509) 479-0084

Personal: http://baptista.cynikal.net/