[governance] India's communications minister - root server misunderstanding (still...)

Hakikur Rahman hakik at hakik.org
Tue Aug 7 12:02:31 EDT 2012 

I agree with David. Whatever the reason, majority of the concerned 
personalities in these technically lagging countries (my apologies, 
for this term, but this is to mention about clarification of minute 
technicalities around the root zone, and IANA function, or 
optimization of DNS traffic) are in lack of sufficient information. I 
remember while conducting a workshop on root server during its 
installation in 2004, many of the attendees were not aware of the 
functionality though came from technical background. Hope things have 
improved by now, but yet to catch up with these minute details. This 
discussion is getting interesting.

Thanks for sharing and discussing.

Best regards,
Hakikur

At 16:01 07-08-2012, David Conrad wrote:
>Carlos,
>
>On Aug 7, 2012, at 6:20 AM, "Carlos A. Afonso" <ca at cafonso.ca> wrote:
> > there is only one server, the "distribution
> > master" (the a.root-servers.net) called by David where the root zone
> > file is stored and modified.
>
>A clarification:
>
>a.root-servers.net, the machine(s) that resides at IP address 
>198.41.0.4, is NOT the distribution master.  Long ago, it used to 
>be, however now it is merely one of 13 and is different only in the 
>number of queries it receives (a bit higher than the others, 
>probably due to people not-so-arbitrarily picking it to run "is the 
>Internet working"-type tests).
>
>As mentioned, the real "distribution master" is a special machine 
>that is not exposed to the public and which responds only to a 
>limited set of queries related to zone transfer that have a shared 
>secret password (a transaction signature (TSIG) key) in them.  The 
>technical term describing this architecture is "stealth master" but 
>I hesitate to use that term given your aside related to the CIA and 
>the risk of inflaming interest/paranoia (:-)).
>
> > NTIA also must become aware of *any* modification intended in existing
> > ccTLD or gTLD records in the root zone file, whatever the Affirmation of
> > Commitments says.
>
>Yes. In a previous note, I described the root zone management 
>process.  All root zone changes go from ICANN to NTIA for 
>authorization before they are processed by Verisign who edits the 
>root zone and notifies the root servers of those changes. I do not 
>believe the Affirmation of Commitments references this process -- it 
>is part of the IANA Functions contract.
>
> > If there is a worldwide revolt agains the USA regarding the DNS, can the
> > Anycast net operate and be modified without resorting to one of the 13
> > servers (an Anycast server is by agreement used tied to one of the 12
> > "master replicators", the F, I, J and L being the most popular for this)?
> >
> > Technically, yes, of course, but...hmmm... I think it is better to keep
> > a dialogue with the USA instead. :)
>
>Exactly. The scenario that has been posited in the past was the US 
>government "going rogue" and making inappropriate root zone changes. 
>My argument is that theoretically, this is possible, but would be 
>ridiculously unlikely as it would be political suicide. Just as 
>theoretically, the non-US root server operators could choose not to 
>honor those changes. Given the latter, it is even less likely the 
>former would occur.
>
> > Is this talk necessary at all? I think this is abundantly common
> > knowledge since the root system's 13 servers started to operate...
>
>I would like to believe not, however given the comments made by the 
>Indian minister and on this list, I'm unsure whether this knowledge 
>is 'abundantly common'.
>
>Regards,
>-drc
>
>
>
>____________________________________________________________
>You received this message as a subscriber on the list:
>      governance at lists.igcaucus.org
>To be removed from the list, visit:
>      http://www.igcaucus.org/unsubscribing
>
>For all other list information and functions, see:
>      http://lists.igcaucus.org/info/governance
>To edit your profile and to find the IGC's charter, see:
>      http://www.igcaucus.org/
>
>Translate this email: http://translate.google.com/translate_t


-------------- next part --------------
____________________________________________________________
You received this message as a subscriber on the list:
     governance at lists.igcaucus.org
To be removed from the list, visit:
     http://www.igcaucus.org/unsubscribing

For all other list information and functions, see:
     http://lists.igcaucus.org/info/governance
To edit your profile and to find the IGC's charter, see:
     http://www.igcaucus.org/

Translate this email: http://translate.google.com/translate_t

More information about the Governance mailing list