[governance] Comments related to the WGIG report
Peter Dambier
peter at echnaton.serveftp.com
Wed Aug 10 08:32:55 EDT 2005
McTim wrote:
> Hi again,
>
> On 8/9/05, Robert Guerra <rguerra at lists.privaterra.org> wrote:
>
>>Carlos:
>>
>>A more decentralized & distributed DNS system that doesn't get us
>>into multiple name-spaces and is more secure than the current regime
>>would be ideal - but is it possible? if so, how would the transition
>>occur?
DNS is like a telephone book.
With yellow pages and white pages you have two roots. What is the
problem with this. The world has not come to and end because of
white pages and yellow pages.
Both yellow and white pages have a reason to exist. Both are used
heavyly.
> I think you want too much.
>
> The DNS is distributed by it's very nature. It is also hierarchical
> in architecture, this can't be decentralised.
>
> Security is another matter, and is deployable now.
>
> You'll have to design the new *thing* yourself, I can't imagine much
> enthusiasm amongst IETF DNS folk. You'd obviously have to design it
> with transition in mind.
>
> good luck with this one.
>
>
>>if details are available, by all means point me to them.
Uproot DNS!
dig @server '.' axfr gives you the root zone of that server. Run
this file on Bind and you are your own root. Now you will never
again be in need of the root but you will be able to use some 262
new roots, one for every country and one for com ,...
Who wants to attack 262 different roots? I guess you are save now.
Checking your and updating your root zone might be a good idea
from time to time - like this one:
; <<>> DiG 9.1.3 <<>> -t any @a.root-servers.net ae.
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36666
;; flags: qr rd; QUERY: 1, ANSWER: 5, AUTHORITY: 5, ADDITIONAL: 8
;; QUESTION SECTION:
;ae. IN ANY
;; ANSWER SECTION:
ae. 172800 IN NS SEC3.APNIC.NET.
ae. 172800 IN NS NS2.UAENIC.ae.
ae. 172800 IN NS NS1.UAENIC.ae.
ae. 172800 IN NS NS-EXT.ISC.ORG. <<< - - - <<<
ae. 172800 IN NS NS-AE.RIPE.NET.
;; Query time: 173 msec
;; SERVER: 198.41.0.4#53(a.root-servers.net)
;; WHEN: Wed Aug 10 14:00:38 2005
;; MSG SIZE rcvd: 378
; <<>> DiG 9.1.3 <<>> -t any @NS1.UAENIC.ae ae.
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9144
;; flags: qr aa rd; QUERY: 1, ANSWER: 6, AUTHORITY: 0, ADDITIONAL: 2
;; QUESTION SECTION:
;ae. IN ANY
;; ANSWER SECTION:
ae. 10800 IN SOA ns1.uaenic.ae. hostmaster.mail.emirates.net.ae. 37421 10800 300 604800 10800
ae. 10800 IN NS ns-ext.vix.com. <<< - - - <<<
ae. 10800 IN NS ns1.uaenic.ae.
ae. 10800 IN NS ns2.uaenic.ae.
ae. 10800 IN NS sec3.apnic.net.
ae. 10800 IN NS ns-ae.ripe.net.
;; Query time: 396 msec
;; SERVER: 213.42.0.226#53(NS1.UAENIC.ae)
;; WHEN: Wed Aug 10 14:03:21 2005
;; MSG SIZE rcvd: 241
Whose information is correct? ICANNs or the Emirates?
Dont worry. It is only one of 262 toplevel domains.
I did not even look at ip addresses.
DNS works. Those minor differences dont matter.
You could change to a different root - or your own. DNS would continue working.
Transition?
Has happened already:
; <<>> DiG 9.1.3 <<>> -t any xn--8pru44h.xn--55qx5d
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12862
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 1, ADDITIONAL: 2
;; QUESTION SECTION:
;xn--8pru44h.xn--55qx5d. IN ANY
;; ANSWER SECTION:
xn--8pru44h.xn--55qx5d. 1800 IN MX 10 mail.xn--8pru44h.xn--55qx5d.
xn--8pru44h.xn--55qx5d. 1800 IN SOA ns5.ce.net.cn. tech.ce.net.cn. 2004072009 3600 900 1209600 1800
xn--8pru44h.xn--55qx5d. 1764 IN A 210.51.169.151
xn--8pru44h.xn--55qx5d. 1800 IN NS ns5.ce.net.cn.
;; AUTHORITY SECTION:
xn--8pru44h.xn--55qx5d. 1800 IN NS ns5.ce.net.cn.
;; ADDITIONAL SECTION:
mail.xn--8pru44h.xn--55qx5d. 1800 IN A 210.51.171.29
ns5.ce.net.cn. 1762 IN A 210.51.171.200
;; Query time: 786 msec
;; SERVER: 192.168.208.228#53(192.168.208.228)
;; WHEN: Wed Aug 10 14:20:45 2005
;; MSG SIZE rcvd: 191
Yes, they are doing bussines.
Yes, you can send them emails.
Yes, China has their own root-servers.
You might try their root-servers or you might try the Public-Root.
Living in The Netherlands or living in Turkey, your ISP will very likely have
done that for you already.
Living in China - of course, it is their root-servers.
One quarter of the total internet population does use a different root already.
Regards,
Peter and Karin Dambier
--
Peter and Karin Dambier
Public-Root
Graeffstrasse 14
D-64646 Heppenheim
+49-6252-671788 (Telekom)
+49-179-108-3978 (O2 Genion)
+49-6252-750308 (VoIP: sipgate.de)
+1-360-448-1275 (VoIP: freeworldialup.com)
mail: peter at echnaton.serveftp.com
http://iason.site.voila.fr
http://www.kokoom.com/iason
_______________________________________________
governance mailing list
governance at lists.cpsr.org
https://ssl.cpsr.org/mailman/listinfo/governance
More information about the Governance
mailing list