[governance] alternate distribution master (was Sense of the Senate Resolution)

McTim dogwallah at gmail.com
Thu Oct 20 13:10:21 EDT 2005


hiya,

On 10/20/05, Danny Younger <dannyyounger at yahoo.com> wrote:

> http://www.icann.org/general/crada-report-summary-14mar03.htm
>
> I would propose having the USG turn over management of
> the alternate distribution master to the ITU.

Are you just trying to throw them a bone?

I don't think they are up to the task. Here's why:

1. The IAB/IESG/ITU/IETF/ISOC have agreed that the authoritative
nameservers for ENUM won't be ITU run servers.

http://www.iab.org/documents/docs/enum-pr.html


; <<>> DiG 9.3.1 <<>> @ns-pri.ripe.net e164.arpa SOA
; (2 servers found)
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 31868
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 6, ADDITIONAL: 2

;; QUESTION SECTION:
;e164.arpa.                     IN      SOA

;; ANSWER SECTION:
e164.arpa.              14400   IN      SOA     ns-pri.ripe.net.
e164-contacts.ripe.net. 2005101453 14400 3600 2419200 14400

;; AUTHORITY SECTION:
e164.arpa.              14400   IN      NS      ns0.verio.net.
e164.arpa.              14400   IN      NS      sec3.apnic.net.
e164.arpa.              14400   IN      NS      sunic.sunet.se.
e164.arpa.              14400   IN      NS      ns-pri.ripe.net.
e164.arpa.              14400   IN      NS      tinnie.arin.net.
e164.arpa.              14400   IN      NS      e164-arpa.cnnic.net.cn.

;; ADDITIONAL SECTION:
ns-pri.ripe.net.        172800  IN      A       193.0.0.195
ns-pri.ripe.net.        172800  IN      AAAA    2001:610:240:0:53::3


2.  They let *anyone* do a zone transfer from their internal unsecured
WiFi @ Prepcom3.  *Anyone* being me for one.  I promised their (ITU)
network admins I wouldn't publicise details of other DNS security
gaps, but they aren't the most secure DNS setup around.

3. They are running older BIND version, so can't deploy latest DNSSEC spec.

; <<>> DiG 9.3.1 <<>> version.bind txt chaos @ns.itu.ch
; (1 server found)
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28826
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;version.bind.                  CH      TXT

;; ANSWER SECTION:
VERSION.BIND.           0       CH      TXT     "8.2.4-REL"

;; Query time: 29 msec
;; SERVER: 156.106.192.121#53(156.106.192.121)
;; WHEN: Thu Oct 20 16:08:28 2005
;; MSG SIZE  rcvd: 64

Should be 9.3.x

>
> Are there any proposals that you have in mind to make
> the US stewardship less preeminent?

How about we suggest that the GAC be more proactive (witness 3x,
sitting on hands until last minute).


--
Cheers,

McTim
nic-hdl:      TMCG

_______________________________________________
governance mailing list
governance at lists.cpsr.org
https://ssl.cpsr.org/mailman/listinfo/governance



More information about the Governance mailing list