[governance] Comments related to the WGIG report

Peter Dambier peter at echnaton.serveftp.com
Wed Aug 10 08:32:55 EDT 2005 

McTim wrote:
> Hi again,
> 
> On 8/9/05, Robert Guerra <rguerra at lists.privaterra.org> wrote:
> 
>>Carlos:
>>
>>A more decentralized & distributed DNS system that doesn't get us
>>into multiple name-spaces and is more secure than the current regime
>>would be ideal - but is it possible? if so, how would the transition
>>occur?

DNS is like a telephone book.

With yellow pages and white pages you have two roots. What is the
problem with this. The world has not come to and end because of
white pages and yellow pages.

Both yellow and white pages have a reason to exist. Both are used
heavyly.

> I think you want too much.  
> 
> The DNS is distributed by it's very nature.  It is also hierarchical
> in architecture, this can't be decentralised.
> 
> Security is another matter, and is deployable now. 
> 
> You'll have to design the new *thing* yourself, I can't imagine much
> enthusiasm amongst IETF DNS folk.  You'd obviously have to design it
> with transition in mind.
> 
> good luck with this one.
> 
> 
>>if details are available, by all means point me to them.

Uproot DNS!

dig @server '.' axfr gives you the root zone of that server. Run
this file on Bind and you are your own root. Now you will never
again be in need of the root but you will be able to use some 262
new roots, one for every country and one for com ,...

Who wants to attack 262 different roots? I guess you are save now.

Checking your and updating your root zone might be a good idea
from time to time - like this one:

; <<>> DiG 9.1.3 <<>> -t any @a.root-servers.net ae.
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36666
;; flags: qr rd; QUERY: 1, ANSWER: 5, AUTHORITY: 5, ADDITIONAL: 8

;; QUESTION SECTION:
;ae.                            IN      ANY

;; ANSWER SECTION:
ae.                     172800  IN      NS      SEC3.APNIC.NET.
ae.                     172800  IN      NS      NS2.UAENIC.ae.
ae.                     172800  IN      NS      NS1.UAENIC.ae.
ae.                     172800  IN      NS      NS-EXT.ISC.ORG.  <<< - - - <<<
ae.                     172800  IN      NS      NS-AE.RIPE.NET.

;; Query time: 173 msec
;; SERVER: 198.41.0.4#53(a.root-servers.net)
;; WHEN: Wed Aug 10 14:00:38 2005
;; MSG SIZE  rcvd: 378


; <<>> DiG 9.1.3 <<>> -t any @NS1.UAENIC.ae ae.
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9144
;; flags: qr aa rd; QUERY: 1, ANSWER: 6, AUTHORITY: 0, ADDITIONAL: 2

;; QUESTION SECTION:
;ae.                            IN      ANY

;; ANSWER SECTION:
ae.                     10800   IN      SOA     ns1.uaenic.ae. hostmaster.mail.emirates.net.ae. 37421 10800 300 604800 10800

ae.                     10800   IN      NS      ns-ext.vix.com.   <<< - - - <<<
ae.                     10800   IN      NS      ns1.uaenic.ae.
ae.                     10800   IN      NS      ns2.uaenic.ae.
ae.                     10800   IN      NS      sec3.apnic.net.
ae.                     10800   IN      NS      ns-ae.ripe.net.

;; Query time: 396 msec
;; SERVER: 213.42.0.226#53(NS1.UAENIC.ae)
;; WHEN: Wed Aug 10 14:03:21 2005
;; MSG SIZE  rcvd: 241


Whose information is correct? ICANNs or the Emirates?

Dont worry. It is only one of 262 toplevel domains.
I did not even look at ip addresses.

DNS works. Those minor differences dont matter.

You could change to a different root - or your own. DNS would continue working.


Transition?

Has happened already:


; <<>> DiG 9.1.3 <<>> -t any xn--8pru44h.xn--55qx5d
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12862
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 1, ADDITIONAL: 2

;; QUESTION SECTION:
;xn--8pru44h.xn--55qx5d.                IN      ANY

;; ANSWER SECTION:
xn--8pru44h.xn--55qx5d. 1800    IN      MX      10 mail.xn--8pru44h.xn--55qx5d.
xn--8pru44h.xn--55qx5d. 1800    IN      SOA     ns5.ce.net.cn. tech.ce.net.cn. 2004072009 3600 900 1209600 1800
xn--8pru44h.xn--55qx5d. 1764    IN      A       210.51.169.151
xn--8pru44h.xn--55qx5d. 1800    IN      NS      ns5.ce.net.cn.

;; AUTHORITY SECTION:
xn--8pru44h.xn--55qx5d. 1800    IN      NS      ns5.ce.net.cn.

;; ADDITIONAL SECTION:
mail.xn--8pru44h.xn--55qx5d. 1800 IN    A       210.51.171.29
ns5.ce.net.cn.          1762    IN      A       210.51.171.200

;; Query time: 786 msec
;; SERVER: 192.168.208.228#53(192.168.208.228)
;; WHEN: Wed Aug 10 14:20:45 2005
;; MSG SIZE  rcvd: 191


Yes, they are doing bussines.
Yes, you can send them emails.

Yes, China has their own root-servers.

You might try their root-servers or you might try the Public-Root.

Living in The Netherlands or living in Turkey, your ISP will very likely have
done that for you already.

Living in China - of course, it is their root-servers.

One quarter of the total internet population does use a different root already.


Regards,
Peter and Karin Dambier

-- 
Peter and Karin Dambier
Public-Root
Graeffstrasse 14
D-64646 Heppenheim
+49-6252-671788 (Telekom)
+49-179-108-3978 (O2 Genion)
+49-6252-750308 (VoIP: sipgate.de)
+1-360-448-1275 (VoIP: freeworldialup.com)
mail: peter at echnaton.serveftp.com
http://iason.site.voila.fr
http://www.kokoom.com/iason

_______________________________________________
governance mailing list
governance at lists.cpsr.org
https://ssl.cpsr.org/mailman/listinfo/governance

More information about the Governance mailing list