cTLD and DNS upgrade

Danny Mayer mayer at gis.net
Mon Jul 4 14:35:26 UTC 2005 

Peter Dambier wrote:
> Brad Knowles wrote:
> 
>>At 9:49 AM +0800 2005-07-04, Joe Shen wrote:
>>
>>
>>>>=20
>>>> http://xn--8pru44h.xn--55qx5d/
>>>>=20
>>>
>>>
>>> How could we enable resolving such domain names while keeping use of
>>> legacy root-server?
>>
> 
> That is a problem we are thinking of.
> 
> You could in /etc/resolve.conf list up to three nameservers. You might
> put ask Public-Root first and then ICANN. If Public-Root gives you a
> wrong answer then your resolver wont aks ICANN. But if you ask ICANN
> first and tells you 'that domain does not exist' that is just as bad.
> 
> If you can mirror a domain you are interested in then your nameserver
> becomes authoritative for that zone and you may use whatever root you
> prefer. To bad most nameservers dont accept AXFR queries any longer.
> 
> That is the reason why at least one bank has chosen the Public-Root.
> They do clone our root-servers.
> 
What's the name of the bank? I want to make sure I never do business 
with them.

> 
>>    It all depends on who you trust.  Do you trust the PUBLIC-ROOT 
>>people to properly administer their servers, and to have a sufficiently 
>>geographically distributed group of servers, or do you trust the 
>>ICANN-blessed servers?
>>
>>    I don't know all of the operators of the ICANN-blessed servers, but 
>>I know enough of them that I know I trust them to do their job today, in 
>>much the same way they did their job years ago when Jon Postel was at 
>>the helm, and as they have done pretty much since the DNS was invented.  
>>I know that ISC alone has something like fifty clones of 
>>f.root-servers.net spread around the world, and RIPE has worked to do 
>>something similar.
>>
>>
>>> If china establish their own root servers for chineses domain name,
>>> should we add those root-server  list into hint file?
>>
>>
>>    How many different sets of root nameservers do you think you could 
>>make use of?  Do you not get the concepts RFC 2826?  Try taking a look 
>>at <http://www.isi.edu/in-notes/rfc2826.txt>.
>>
> 
> 
> That is why we are develloping a new resolver. That resolver will ask a
> list of different roots. It will combine the answers. Hosts not domains
> for which Public-Root is authoritative will be answered by Public-Root.
> If we dont have that host in our database then we will ask the ICANNed
> servers and return their answer. We are able to deal with colliding
> domains. There will be no other '.BIZ' again.
> 
> As a proof of concept we will try to create a domain within '.COM'
> without collateral damage. You will be able to query that server outside
> the Public-Root to prevent damage.
> 

So now you will have people unable to resolve a domain because they 
don't have your "special" resolver, keeping them away from using that 
domain. At least they will be so little used they won't be contacted 
driving them out of business. Smart idea.

Danny

> With linux you are encouraged to download that special nameserver. With
> windows you have to use the public nameserver to try. There are already
> people working on MAC OSX. I believe that server will be available for
> MAC OSX too.
> 
> Regards,
> Peter and Karin Dambier
>

More information about the bind-users mailing list