So....
remorse code
... someone explain to me again why is it that the non-A root servers
haven't banded together to create a new worldwide registry that fully
blocks out N$I and the US Gubmint.
rone
--
Insultant: n. Contract worker who gets paid an obscene hourly wage to insult
full-time company employees. <ro...@ennui.org>
Jim Kingdon
> haven't banded together to create a new worldwide registry that fully
> blocks out N$I and the US Gubmint.
Well, in a certain sense that's what ICANN was supposed to be. If
memory serves changes to the root zone currently have to be signed off
by both ICANN and the Department of Commerce (although I could be
misremembering the details - I'm pretty sure it is on www.icann.org
under the NSI-ICANN-Commerce agreement of last fall).
And, as much as I'm philosophically interested in having the whole
mess be not a matter of government policy, I'd have to offer my
personal opinion that the Department of Commerce has been a force for
good rather than evil.
As much as I hate N$I, I can't say that I'd necessarily want to block
them out "fully" and not block out, say, ICANN or even perhaps
CoreNIC. There are few saints in this whole process (TINC and OpenSRS
are perhaps a few of the closer candidates in my book - perhaps
because they haven't yet gotten important enough to be worth fighting
over).
Russ Allbery
> ... someone explain to me again why is it that the non-A root servers
> haven't banded together to create a new worldwide registry that fully
> blocks out N$I and the US Gubmint.
I highly doubt anything revolutionary is going to happen to DNS unless
Vixie gets behind it and Vixie doesn't get behind things like that.
--
Russ Allbery (r...@stanford.edu) <http://www.eyrie.org/~eagle/>
remorse code
Russ Allbery <r...@stanford.edu> wrote:
>remorse code <^#*&$@ennui.org> writes:
>> ... someone explain to me again why is it that the non-A root servers
>> haven't banded together to create a new worldwide registry that fully
>> blocks out N$I and the US Gubmint.
>I highly doubt anything revolutionary is going to happen to DNS unless
>Vixie gets behind it and Vixie doesn't get behind things like that.
Why not? Smacks too much of something Kashpureff would do? :-)
Richard J. Sexton
Russ Allbery <r...@stanford.edu> wrote:
>remorse code <^#*&$@ennui.org> writes:
>
>> ... someone explain to me again why is it that the non-A root servers
>> haven't banded together to create a new worldwide registry that fully
>> blocks out N$I and the US Gubmint.
>
>I highly doubt anything revolutionary is going to happen to DNS unless
>Vixie gets behind it and Vixie doesn't get behind things like that.
Vixie and Postel came very close to jail the last time
they tried this. Magaziner doesn't usually yell, but he
was right pissed.
--
Richard Sexton | ric...@tangled.web | http://dns.vrx.net/tech/rootzone
http://killifish.vrx.net http://www.mbz.org http://www.dnso.com
Bannockburn, Ontario, Canada, 70 & 72 280SE, 83 300SD +1 (613) 473-1719
Richard J. Sexton
>
>... someone explain to me again why is it that the non-A root servers
>haven't banded together to create a new worldwide registry that fully
>blocks out N$I and the US Gubmint.
I'm assuming by "the a root servers" you mean the poeple that
run the legacy IANA/ICANN/NTIA/DOC root zone.
They're not by any means a homogenious group.
Two are fiercly, no rabidly loyal to Postel, dead or not.
One things ICANN is a crock of shit.
NSI runs two. NSI was bought by Verisign yesterday. Who knows
what will happen now. Even within NSI there are three factions:
the Postelites, and the "whats good for NSI is good for me"
camp which are further subdivided into "radical" and "let's
do what the government said. It's no accident NTIA stuck
a cluse in the latest agreement with tham that said they
can't run an alternative root server. They had to tear
theirs down.
The rest and academic or USG institutions.
Bottom line though, is if any of them do *anything*
the get a phone call and jail threat from the USG
and honest to good the miltary being called in
has been mentioned as a threat as well.
The legacy root zone was created, funded and is
still managed by the USG, under contract to NSI.
Mark Atwood
>
> Bottom line though, is if any of them do *anything*
> the get a phone call and jail threat from the USG
> and honest to good the miltary being called in
> has been mentioned as a threat as well.
Jail threat? Under what charge?
--
Mark Atwood | It is the hardest thing for intellectuals to understand, that
m...@pobox.com | just because they haven't thought of something, somebody else
| might. <http://www.friesian.com/rifkin.htm>
http://www.pobox.com/~mra
Richard J. Sexton
Mark Atwood <m...@pobox.com> wrote:
>ric...@ns1.vrx.net (Richard J. Sexton) writes:
>>
>> Bottom line though, is if any of them do *anything*
>> the get a phone call and jail threat from the USG
>> and honest to good the miltary being called in
>> has been mentioned as a threat as well.
>
>Jail threat? Under what charge?
Hahah, too funny. Charge. This is the guvmint, they don't need
no stinking charge. Gordon Cook was in the room with Ira
Magaziner when he found out Postel had redirected half the
roots. Ira phoned Jon and screamed at him that if he didn't
put it back right away he'd go away to a dark room for a very long
time.
He did, and tghey called it "a test".
That redirection had been planned for two years and was one of the
worst kept secrets on the net. My understanding is John Gilmore
and Paul Vixie egged Jon to do it. I know Vixie was prepared to
go to jail over it but factes are as sketchy as the details of the
"stolen" CORE servers.
Peter da Silva
Richard J. Sexton <ric...@ns1.vrx.net> wrote:
>That redirection had been planned for two years and was one of the
>worst kept secrets on the net. My understanding is John Gilmore
>and Paul Vixie egged Jon to do it. I know Vixie was prepared to
>go to jail over it but factes are as sketchy as the details of the
>"stolen" CORE servers.
That half explains why Vixie was acting so weird about the idea of providing
alternate root files as an option in BIND distributions, but it makes his
hierarchy-oid explanation sound pretty strange.
--
This is The Reverend Peter da Silva's Boring Sig File - there are no references
to Wolves, Kibo, Discordianism, or The Church of the Subgenius in this document
Executive Vice President, Corporate Communications, Entropy Gradient Reversals.
remorse code
>they tried this. Magaziner doesn't usually yell, but he
>was right pissed.
Maybe they should move to Anguila or Bermuda.
remorse code
>worst kept secrets on the net. My understanding is John Gilmore
>and Paul Vixie egged Jon to do it. I know Vixie was prepared to
>go to jail over it but factes are as sketchy as the details of the
>"stolen" CORE servers.
Hey, yeah, whatever happened to those stolen CORE servers, anyway?
Richard J. Sexton
>In article <8a2an2$h64$1...@ns1.vrx.net>,
>>they tried this. Magaziner doesn't usually yell, but he
>>was right pissed.
>
>Maybe they should move to Anguila or Bermuda.
You can run but you can't hide. Way back when, Alternics
main nameserver was mx.alternic.net. MX did not mean
"Mail Exchanger"; it had all of Kashpoureffs nukes that
he found on an NSA server - Perl scripts set up so when
executed they took Yugoslavia off the net.
Has anybody noticed the IANA brain drain ? Mockapetris
works fro .NU now and Josh Elliot quit and works for
openses.net. I think Suzanne Wolf and Joyce Reynolds are
the only IANites left...
Richard J. Sexton
>In article <8a3q40$7sn$1...@ns1.vrx.net>,
>>worst kept secrets on the net. My understanding is John Gilmore
>>and Paul Vixie egged Jon to do it. I know Vixie was prepared to
>>go to jail over it but factes are as sketchy as the details of the
>>"stolen" CORE servers.
>
>Hey, yeah, whatever happened to those stolen CORE servers, anyway?
Unknown. According to a Sun-savvy friend of mine they were
quite old, but the insurance apparantly paid out a claim
for new new ones. The lock to the cage they were in was
opeend, not cut,and it happened in broad daylight. From
what I understand CORE was dead broke at the time.
Perhaps I'm all wrong, but that's my understanding of what
happebed.
T. Postel
>In article <m3ln3uz...@flash.localdomain>,
>Mark Atwood <m...@pobox.com> wrote:
>>ric...@ns1.vrx.net (Richard J. Sexton) writes:
>>>
>>> Bottom line though, is if any of them do *anything*
>>> the get a phone call and jail threat from the USG
>>> and honest to good the miltary being called in
>>> has been mentioned as a threat as well.
>>
>>Jail threat? Under what charge?
>
>Hahah, too funny. Charge. This is the guvmint, they don't need
>no stinking charge. Gordon Cook was in the room with Ira
>Magaziner when he found out Postel had redirected half the
>roots. Ira phoned Jon and screamed at him that if he didn't
>put it back right away he'd go away to a dark room for a very long
>time.
If you believe Gordon Cook on this you are a moron.
Ira found out about the test after it was over.
Cook egged Ira to make the "go to jail" quote. Later, after Cook published Ira's
remarks, Ira phoned JP and apologized. The point Ira got was that JP was the
legal authority, and Cook is an ass.
While my e-mail address is not munged, | T.Po...@ieee.org
I probably won't read anything sent there. |
Richard J. Sexton
T. Postel
>
>Who are you ?
>
>Why did JP put thngs back then ?
>
>
I'm Jon's brother.
IANA was not going to take over root server A unless Commerce could not
renegotiate the NSI agreement. The agreement was to terminate on February 1, the
test, which was to see if removing root A's authority made any difference, was
completed before the phone calls started. Jon was surprised, since tests of
this nature had been run before, and this test had been planned for over a year.
I don't know if Ira Magaziner yelled at Jon or not, but Ira was not Jon's boss.
The best Ira could do at the time was get Becky Burr and Jon to make a statement
something like "root server A is the official master server, that all other 12
servers should point to it." NSI was running root A under Jon's IANA authority,
and he could still change it at any time. NSI cooperated in the test, by the
way. And, of course, the agreement between NSI and Commerce was extended.
Richard J. Sexton
T. Postel <T.Po...@ieee.org> wrote:
> ric...@ns1.vrx.net (Richard J. Sexton) wrote:
>
>>
>>Who are you ?
>>
>>Why did JP put thngs back then ?
>>
>>
>I'm Jon's brother.
Ok, just making sure. Hi Tom.
>IANA was not going to take over root server A unless Commerce could not
>renegotiate the NSI agreement. The agreement was to terminate on February 1, the
>test, which was to see if removing root A's authority made any difference, was
>completed before the phone calls started. Jon was surprised, since tests of
>this nature had been run before, and this test had been planned for over a year.
There is very little known about this so please don't mistake my
curiosity for adversarial behavior.
The "test" had been well known in the community for a while - abnout
two years. Also, Magaziner told a bunch of us who met him in
New York that the agreement would be extended to ensure stability7.
This was around the time of the green paper - just before, actually,
he was collecting opinions for it.
The roots, well, some of the roots, Jon didn't contact all of them
were told to point to the root server at USC as the A root the
day the white paper came out. So it's hard to believe this
wasn't a slap in the face of the white paper and that Jon didn't
know the contract was being wextended. From what I heard that
was WHY Gilmore and Vixie egged him on to do it.
>I don't know if Ira Magaziner yelled at Jon or not, but Ira was not Jon's boss.
>The best Ira could do at the time was get Becky Burr and Jon to make a statement
>something like "root server A is the official master server, that all other 12
>servers should point to it." NSI was running root A under Jon's IANA authority,
>and he could still change it at any time. NSI cooperated in the test, by the
>way. And, of course, the agreement between NSI and Commerce was extended.
Tell me who at NSI cooperated with the test could you ? I was talking
to Dave Holtzman at the time who was in charge of the root servers
and I find "cooperated" an odd choice of words. What he toldme
was Jon asked him to point the A root at USC and Dave saud "I
need this on paper" which Jon never provided, The next thing
Dave knew, one of the root server operators was calling
asking what was going on and explaind how the root was split.
Since NSI was administering the root server network under contract
for the USG and Jon was a subcontractor for .US and IP
allocaitons only (he ran the USC/IANA root server on
a voluntary non-contratual basis) Dave had to tell the
contracting agency that there are a problem and that they
were no longer fulfilling the terms of their contract.
Ira was told, either directly or indirectly, and was in London
a the time.
When you're the senior science advisor to the president you
get to yell at anybody you want.
I miss Jon. A LOT.
Jim Kingdon
That seems to be the only thing which most players in this whole mess
seem to (mostly) agree on. Sigh.
Hope you stick around, Tom. This group can get lively (when it isn't
utter and deafening silence :-)), but it is where I turn to when I'm
trying to make sense of DNS politics. It seems to be one of the few
places where some modicum of sanity can (on a good day) be found on
the subject.
Richard J. Sexton
Jim Kingdon <kin...@panix.com> wrote:
>> I miss Jon. A LOT.
>
>That seems to be the only thing which most players in this whole mess
>seem to (mostly) agree on. Sigh.
Nothing mostly about it. I don't know anybody that doesn't wish
like hell he was still here.
There's a guy down the road - an old farmer, that lokks *just
like* Jon. It's somehow very calming to see him, and pretend,
if only for a moment, that it's Jon.
T. Postel
>Tell me who at NSI cooperated with the test could you ? I was talking
>to Dave Holtzman at the time who was in charge of the root servers
>and I find "cooperated" an odd choice of words. What he toldme
>was Jon asked him to point the A root at USC and Dave saud "I
>need this on paper" which Jon never provided, The next thing
>Dave knew, one of the root server operators was calling
>asking what was going on and explaind how the root was split.
>
>Since NSI was administering the root server network under contract
>for the USG and Jon was a subcontractor for .US and IP
>allocaitons only (he ran the USC/IANA root server on
>a voluntary non-contratual basis) Dave had to tell the
>contracting agency that there are a problem and that they
>were no longer fulfilling the terms of their contract.
>
>Ira was told, either directly or indirectly, and was in London
>a the time.
>
>When you're the senior science advisor to the president you
>get to yell at anybody you want.
>
>I miss Jon. A LOT.
>
>
Perhaps cooperation is too strong. You say Dave Holtzman knew before the fact.
Yet it NSI didn't start complaining for a few days. Maybe compliant?
As advisor to the prez, Ira Magaziner could yell at anybody he wanted, I don't
think that was his style, however. By the time Ira got in touch with Jon the
test had been completed, and Jon's attorney had chapter and verse on the chain
of command for the root servers. I think Magaziner was surprised that
the authority was Jon.
I didn't mean to imply that the agreement between Commerce and NSI was not going
to be renewed, or that Jon didn't know. There was discussion at the time over
when is the right time to conduct this test. A week or two before it could be
necessary, or a week after it is moot. Jon thought he'd get less flak if he ran
the test right before the agreement was to end.
Richard J. Sexton
T. Postel <T.Po...@ieee.org> wrote:
>Perhaps cooperation is too strong. You say Dave Holtzman knew before the fact.
>Yet it NSI didn't start complaining for a few days. Maybe compliant?
It wasn't a few days. They wern't complainting, they merely advised the
poeple thet had a contract to administer the legacy roots for that
half the root servers were no longer slaved to the A root.
>As advisor to the prez, Ira Magaziner could yell at anybody he wanted, I don't
>think that was his style, however. By the time Ira got in touch with Jon the
>test had been completed, and Jon's attorney had chapter and verse on the chain
>of command for the root servers. I think Magaziner was surprised that
>the authority was Jon.
I'm sorry, Jon never had that authority. If he did he could have added
tlds to the root servers or moved the A root from NSI, but he couldn't.
There are contracts that show who has operaitonal and editorial
responsability for the legacy root zone. The US Government, first
the NSF and now the DOC has always had the final authority.
>I didn't mean to imply that the agreement between Commerce and NSI was not going
>to be renewed, or that Jon didn't know. There was discussion at the time over
>when is the right time to conduct this test. A week or two before it could be
>necessary, or a week after it is moot. Jon thought he'd get less flak if he ran
>the test right before the agreement was to end.
It was never a test. For twop years the plan had been to take the A root
from NSI.
Neither you or I were there. Dave Holtzman was, he had operational
responasbility for the root servers and I'm relaying what he told
me. Anybody can ask him: dho...@netsol.com.
With respect,
Peter da Silva
Vixie. There's no technical reason that BIND has to ship with *any* root zone
files, or a *single* root zone file. Paul could choose to ship BIND with
alternate sets of root files, and they would gradually become pervasive, but
he has chosen not to.
The scary thing is that if Active Directory becomes pervasive, then practical
control over the name system will end up in Microsoft's hands.
Richard J. Sexton
Peter da Silva <pe...@taronga.com> wrote:
>The person who really has authority over the root, for the long term, is Paul
>Vixie. There's no technical reason that BIND has to ship with *any* root zone
>files, or a *single* root zone file. Paul could choose to ship BIND with
>alternate sets of root files, and they would gradually become pervasive, but
>he has chosen not to.
True.
>The scary thing is that if Active Directory becomes pervasive, then practical
>control over the name system will end up in Microsoft's hands.
That's always been Vixies motivating fear. Personally I don't accept
it any moree that I've ever accepted his irrational fears: "talk.bizarre
will be the death of news". "Alt will kill useent".
I think if ISP's ran MS garbage he may have a point, but with IPS
running NT being a whopping 0.004% I think it's an excuse, and
IMO the compromise being to back such ill fated garbage as IAHC
and ICANN is just overly reactive, especially in the face of
Linux finally catching on.
T. Postel
>>Yet it NSI didn't start complaining for a few days. Maybe compliant?
>
>It wasn't a few days. They wern't complainting,
What was all that BS about volunteers?"
>
>> I think Magaziner was surprised that
>>the authority was Jon.
>
>I'm sorry, Jon never had that authority. If he did he could have added
>tlds to the root servers or moved the A root from NSI, but he couldn't.
You know very well the failure to launch the new TLDs had nothing to do with whether Jon
had that authority. And where did the cc TLD's come from?
>
>There are contracts that show who has operaitonal and editorial
>responsability for the legacy root zone. The US Government, first
>the NSF and now the DOC has always had the final authority.
What do you think the white paper was all about?
NSF Cooperative Agreement No. NCR-9218742 explicitly refers to RFC 1174
"[T]he Internet system has employed a central Internal Assigned
Numbers Authority (IANA) for the allocation and assignment of
various numeric identifiers needed for the operation of the
Internet. The IANA function is currently performed by the
Universit y of Southern California's Information Sciences
Institute. The IANA has the discretionary authority to delegate
portions of this responsibility and, with respect to numeric
network and autonomous system identifiers, has lodged this
responsibility with an Internet Registry (IR)."
That is operation of root A and assignment of IP addresses.
The granting authority at the time, the Federal Networking Council, accepted this, NSF and
then Commerce inherited it.
The IR in RFC 1174 is SRI, not NSI, but the NSF clearly accepted IANA's authority, Also
note RFC 2010:
1.1. Historically, the name servers responsible for the root (".")
zone have also been responsible for all international top-level
domains (iTLD's, for example: COM, EDU, INT, ARPA). These name
servers have been operated by a cadre of highly capable volunteers,
and their administration has been loosely coordinated by the NIC
(first SRI-NIC and now InterNIC). Ultimate responsibility for the
correct operation of these servers and for the content of the DNS
zones they served has always rested with the IANA.
and later:
Definition: For the purpose of this document, the term "zone master"
shall be used to designate the administrative owner of
the content of a zone. This person is expected to have
final responsibility for the selection and correct
operation of all of the zone's servers. For the root
(".") zone, this is the IANA.
Nothing in the Cooperative Agreement or the amendments contradicts this. Essentially the
Cooperative Agreement allows NSI to register domain names in the the specified TLDs, and
operate root A and assign IP addresses (until amendment 7 gave that to ARIN) under the
"discretionary authority" of Jon.
>
>>I didn't mean to imply that the agreement between Commerce and NSI was not
> going
>>to be renewed, or that Jon didn't know. There was discussion at the time over
>>when is the right time to conduct this test. A week or two before it could be
>>necessary, or a week after it is moot. Jon thought he'd get less flak if he
> ran
>>the test right before the agreement was to end.
>
>It was never a test. For twop years the plan had been to take the A root
>from NSI.
I mistyped there I wrote agreement between Commerce and NSI, I should have said NSF.
I think having separate operators for root A and name registration predates the original
InterNIC. I'm pretty sure most of the operators of the roots that switched to using root B
as their primary thought it was a short duration test.
>
>Neither you or I were there. Dave Holtzman was, he had operational
>responasbility for the root servers and I'm relaying what he told
>me. Anybody can ask him: dho...@netsol.com.
You know I'm not interested in what happend at NSI, I joined this thead after you
mentioned that bogus "go to jail" line. My intention was to correct the image that Ira
Magaziner was some kind of buffoon, not get into a discussion of semantics: cooperate vs
comply or what authority or contract mean.
Jim Kingdon
> of buffoon
Oh, I see, Richard can be like that, he can tend to put things in a,
er, colorful way. But actually as far as I know he has a fair bit of
respect for Mr. Magaziner. At least that was my reading of various
threads in the past.
> not get into a discussion of semantics: cooperate vs comply or what
> authority or contract mean.
"Controlling legal authority" anyone? ;-)
Your post does make me all nostalgic for the old IANA, though. Now,
generally speaking I think that some (not all, certainly!) of the
bureaucracy we now have is an inevitable result of scale - there are
just more people affected and trying to get involved - but one can
still admire a time in which common sense and getting things done
seemed to (on a good day) prevail without great ado.
Richard J. Sexton
T. Postel <T.Po...@ieee.org> wrote:
>>I'm sorry, Jon never had that authority. If he did he could have added
>>tlds to the root servers or moved the A root from NSI, but he couldn't.
>
>You know very well the failure to launch the new TLDs had nothing to
>do with whether Jon had that authority.
Uhm, ok. My point is if Jon had the authority he could have thrown
new tlds into the root.
I did some checking and I was wrong about Magaziner screaming at john
about splitting the root. What happened was Jon was gouing to put
the CORE tlds in by telling NSI to do so and Magaziner went
ballistic and pointed out to Jon this would be regarded as
a RICO violation. That was witnessed by Gordo Cool and Geiorge
strawn of the NSF. Gordo says he'll testify to this in court.
>And where did the cc TLD's come from?
When com/net/org etc were invented in 1986 the UK whines that
they were using .uk so that became real. Other countries
got jealus so Jon found a list of country codes that ISO
publised, said "what do you think of this" and people cheered
ans it became the standard. That's my understanding. Jon
always denied to mehe had any authority, he was just the
nexus of consensus.
>>
>>There are contracts that show who has operaitonal and editorial
>>responsability for the legacy root zone. The US Government, first
>>the NSF and now the DOC has always had the final authority.
>
>What do you think the white paper was all about?
The white paper was a crock. The Euros went nuts over
the green paper and thratened to run their own roots so
they got all sort of oenrous compromsies made.
The trademark wonks also went nuts. We may never know what
they said or did but there was a major disconect between the
grren and white papers.
Green paper: 7 new tlds RSN.
White paper: well for a committe to look at it.
See any new tlds?
>
>NSF Cooperative Agreement No. NCR-9218742 explicitly refers to RFC 1174
>
>"[T]he Internet system has employed a central Internal Assigned
>Numbers Authority (IANA) for the allocation and assignment of
>various numeric identifiers needed for the operation of the
>Internet. The IANA function is currently performed by the
>Universit y of Southern California's Information Sciences
>Institute. The IANA has the discretionary authority to delegate
>portions of this responsibility and, with respect to numeric
>network and autonomous system identifiers, has lodged this
>responsibility with an Internet Registry (IR)."
Don Mitchell of the NSF wrote that contract. dmit...@nsf.gov
Ask him if this gave Jon authority over the root. He was
performing a clerical role fr the US government; the root
was very specicifially not his to do with as he wanted.
Jon wanted to remove .tv. Did't happen. Jon wanted to add the CORE
tlds Didn''t happen. The USG has always had final authoprity
over the root.
The chain of commans went like this: Jon wrote to NSI, NSI
wrote to NSF, NSF handed down a decision. They said "no"
to the CORE tlds and .tv.
Richard J. Sexton
I have the greatest respect for both Jon and Magaziner. But they
were both badly manipulated.
>Your post does make me all nostalgic for the old IANA, though. Now,
>generally speaking I think that some (not all, certainly!) of the
>bureaucracy we now have is an inevitable result of scale - there are
>just more people affected and trying to get involved - but one can
>still admire a time in which common sense and getting things done
>seemed to (on a good day) prevail without great ado.
Ever see th eorg chart for ICANN and all it's organizational
subunite? It fills a wall. Jon used to do all of this, and on
signioficantly less that a five million dollar a year budget, too.
Richard J. Sexton
>Via: UCL-CS.AC.UK ; to USC-ISID.ARPA ; Thursday, March 24, 1983 02:11:24-PST
>Date: 23 Mar 83 16:49:38-GMT (Wed)
>From: Steve Kille <steve@ucl-cs>
>To: pos...@USC-ISIF.ARPA
>cc: namedr...@SRI-NIC.ARPA, robert@UCL-CS
>Subject: Thoughts on Nameservers and Domains
ObBadInsdeJoke: did anybody have any doubts a killi would pop
up soemetime?
>For the history of how the TLDs came to be (including some interesting
>debates over "what should they be" and "who gets to decide"), check
>the namedroppers archives from the 1980s, still available at
>ftp://ftp.internic.net/archives/namedroppers/1980s/.
There's alsome good stuff on this in the MsgGroup archives
which I *think* was the first mailing list. Stef ran it.
Good luck finding them, they're on tcm.something, someplace.
Richard J. Sexton
>which I *think* was the first mailing list. Stef ran it.
>Good luck finding them, they're on tcm.something, someplace.
Found it: http://www.tcm.org/msggroup/
(It was broke for a while, now it's better)
Jim Kingdon
situation now, 16 years later:
The main criterion for success will be whether we can invent a
technical structure that will prevent political decisions from making
a mess of Internet implementations. There just ain't no way that us
techies are going to be allowed to dictate domain structures beyond
the current bounds of the ARPA and DDN sub-nets.
Greg Skinner
>T. Postel <T.Po...@ieee.org> wrote:
>>And where did the cc TLD's come from?
>When com/net/org etc were invented in 1986 the UK whines that
>they were using .uk so that became real. Other countries
>got jealus so Jon found a list of country codes that ISO
>publised, said "what do you think of this" and people cheered
>ans it became the standard. That's my understanding. Jon
>always denied to mehe had any authority, he was just the
>nexus of consensus.
Some of you might find this excerpt from the namedroppers archives
interesting:
-----
Received: from USC-ISID by SRI-NIC at 24-Mar-83 0846-PST
Via: UCL-CS.AC.UK ; to USC-ISID.ARPA ; Thursday, March 24, 1983 02:11:24-PST
Date: 23 Mar 83 16:49:38-GMT (Wed)
From: Steve Kille <steve@ucl-cs>
To: pos...@USC-ISIF.ARPA
cc: namedr...@SRI-NIC.ARPA, robert@UCL-CS
Subject: Thoughts on Nameservers and Domains
jon,
We (Robert Cole + self) have finally got around to making some
comments on your draft. Just on the point of sending it, a
whole strew of messages have just arrived. I've only looked
briefly at them, but send this lot off anyhow.
For the most part, it seems like good stuff, although
there are some questions and reservations.
1) You raise the problem of the general structure, and number
of entries at each level. I understand the desire to steer
well clear, but the question needs to be tackled. We would
strongly encourage the use of countries at the top level to
make the addresses (semantically) valid in the widest possible
context.
2) The problem of application level routing is tackled to some
extent, although only when this is required by protocol
boundaries (other possible reasons are channel optimisation,
and authorisation). It seems reasonable to assume (as you do
for practical purposes) that all Internet (TCP/IP) sites run the same
protocol for a given service, and that application level relay
occurs at the boundary of the Internet. If there is a
nameserver enquiry about such a site, it is not clear what
should be returned. The NS knows about it, but cannot give an
Internet address. If it gives the relay address (which is
probably the most useful thing), then what should the relay
reply to an WRU request? (we thought *.UK might be
appropriate). Perhaps there should be a (simple) mechanism to
clarify this situation. Both Eric's RELAY: answer and the
'are you X server' solve this problem. It is not clear which
is the better way to go - will think about it. A solution of
some form is important.
3) You use the terms domain and subdomain without clear
distinction. (I guess that a subdomain is a domain which uses
its parent's NS). Is there any ojection if a subdomain uses
some arbitrary NS (in principle at least).
4) Should some guidline be given as to how the local
implementation should resolve ambiguous partially qualified
names (e.g. take the most local form, or pass the conflict back
to the user). I agree strongly that names should be fully
qualified whenever they are transmitted across a net.
5) I note that an iterative NS approach does not preclude one
of the NSs from being recusrsive (for its own reasons). In
general we feel that the iterative approach is safer.
6) What exactly is does the 25 character limit apply to (whole
name or each component).
7) Natural order - I have just been a a meeting which decided
on a bigendian approach for host names, as it is the NATURAL
ORDER. Seems subjective!
Steve Kille
-----
For the history of how the TLDs came to be (including some interesting
debates over "what should they be" and "who gets to decide"), check
the namedroppers archives from the 1980s, still available at
ftp://ftp.internic.net/archives/namedroppers/1980s/.
--gregbo
gds at best.com
Greg Skinner
Richard J. Sexton <ric...@ns1.vrx.net> wrote:
>In article <8aimkh$3e8...@alpha.loop.com>,
>T. Postel <T.Po...@ieee.org> wrote:
>>And where did the cc TLD's come from?
>When com/net/org etc were invented in 1986 the UK whines that
>they were using .uk so that became real. Other countries
>got jealus so Jon found a list of country codes that ISO
>publised, said "what do you think of this" and people cheered
>ans it became the standard. That's my understanding. Jon
>always denied to mehe had any authority, he was just the
>nexus of consensus.
More ancient history:
Return-Path: <ESTEF...@USC-ECL.ARPA>
Received: from USC-ECL.ARPA by SRI-NIC.ARPA with TCP; Sun 13 May 84 13:00:06-PDT
Date: 13 May 1984 12:15-PDT
Sender: ESTEFFERUD@USC-ECL
Subject: Re: Domain requirements
From: ESTEFFERUD@USC-ECL
To: namedroppers@SRI-NIC
Message-ID: <[USC-ECL]13-May-84 12:15:51.ESTEFFERUD>
It seems to me that this new draft has gotten us into the troublesome
turf of semantic definitions, wherein we attempt to carve up the world
and assign responsibility and authority to non-existent entities for
large ill-defined clusters of users and their service hosts.
We need to back away from this direction and return to dealing with
syntax, independent of who is going to get to be the real domain
authorities. The real domain authorities are going to be selected by
some political processes that are not identified well enough, in any
of the drafts we have considered, to allow us to seriously consider
deciding on any of the TOP level domains, ARPA included.
It is my expectation that when the dust has settled, ARPA will
become what is actually is: a sub-domain of DDN that just happens to
be the lead community in development of network research and
technology.
I think at this point we should all take a lesson from the IFIP6.5
work on addressing, wherein is is clearly recognized that
international politics must be served (certainly not ignored or
resisted). This is evidenced by several references to the realization
that COUNTRY pre-empts the default position TOP level domain
authorities. We must cope with the fact that xyz.ARPA.DDN.US is a
very likely future domain address.
And, within the US, we must realize that UUCP is a rational domain,
just because it is there, and it is large, and it supports a large
number of people who are fully dependent on it, in spite of its
deficiencies. There are other such domains that will not accept
subversion either.
So, we can choose to spend our time sorting through this political
morass without either the political savy nor political clout to
resolve anything, or we can go back to working on the technical
syntactic structure within which the political decisions will
eventually be made.
The main criterion for success will be whether we can invent a
technical structure that will prevent political decisions from making
a mess of Internet implementations. There just ain't no way that us
techies are going to be allowed to dictate domain structures beyond
the current bounds of the ARPA and DDN sub-nets.
Reset, Restart ... Stef
Greg Skinner
>(It was broke for a while, now it's better)
I'm sooo happy this has been restored. I've been looking for these
archives a long time.
--gregbo
gds at best.com
Richard J. Sexton
Jim Kingdon <kin...@panix.com> wrote:
>Somehow this paragraph in particular bears an eerie resemblance to the
>situation now, 16 years later:
>
> technical structure that will prevent political decisions from making
> a mess of Internet implementations. There just ain't no way that us
> techies are going to be allowed to dictate domain structures beyond
> the current bounds of the ARPA and DDN sub-nets.
One of the first things Stef ever said to me when I met him
was "I knew this was going to happen a long time ago". Stef
is seldom wrong.
Greg Skinner
>was "I knew this was going to happen a long time ago". Stef
>is seldom wrong.
Back in the early to mid 80s there were lots of debates on several
mailing lists about matters we are facing now.
I have another quote from the past from Postel himself that you all
might be interested in. (It's a little longish.)
-----
Return-Path: <POSTEL@USC-ISIF>
Received: from USC-ISIF by SRI-NIC.ARPA with TCP; Sun 20 May 84 21:53:08-PDT
Date: 20 May 1984 21:46:49 PDT
From: POSTEL@USC-ISIF
Subject: re: comments on Domain Requirements
To: namedroppers@SRI-NIC
< INC-PROJECT, Q-AND-A-DOMAINS.NLS.3, >, 20-May-84 21:43-PDT JBP ;;;;
Hi:
I will attempt to comment on some of the discussion of the last week.
Opening Remarks:
It certainly is interesting to find that there is a lot more
discussion about what a name looks like and what it means than there
is about the details of how the system is built.
It really would be nice if when people start using the language of
the actual specifications or discussing details described there, that
they took the trouble to review the specifications.
1) Name-to-Address Lookup vs Directory Assistance
One concept that seems to have been widely misunderstood is that this
is a naming system, not a general directory assistance system.
This is supposed to be a system for finding specific types of
information about exactly named things (with a few careful
generalizations in the name search). This is not intended to be a
system for finding partially described things. The NIC WHOIS service
and the CSNET Mailbox Name Service are example of more generalized
searching systems based on partial information. The current IFIP WG
6.5 work on directory assistance is different from the domain names
system in this respect, too, it aims to find things based on partial
information (this also makes it much harder to implement).
The notion that you don't want to worry about SRI being in EDU or GOV
or COR, is like saying that you don't want to worry about Los Angeles
being in California or Texas or Oregon.
SRI will choose to be in some domain and will advertise its
address.
When you call me on the phone you have to know my phone number, you
don't get to guess an area code, and some how expect all numbers to
be known in all area codes.
I tell my number to people i expect to call me, and i have my
number listed in directories. I don't expect people to be able to
guess it.
With the current mailboxes and host name the same applies. I tell
people my mailbox name (POS...@USC-ISIF.ARPA), and i list it in
directories (NIC WHOIS). I expect the same practice to continue with
domains. It is possible that some time in the future things will
change and my mailbox might be "POS...@ISI.USC.EDU". I wouldn't
expect anyone to guess that that was my mailbox, i would tell some
people and get the directory entry updated.
2) Unique Names
While it is possible for a host to have several (even many) names in
the domain name system, that is not the general intent, and i don't
think it is a good idea.
Think about the hosts names we have now, would you want your host to
have several names? If it did, what would your mailbox be? How many
more duplicate messages would you receive?
Suppose my host was known as both USC-ISIF.ARPA and LA-47.ARPA.
Then i could have mailboxes POS...@USC-ISIF.ARPA and
POS...@LA-47.ARPA. How is someone at another host supposed to
know that these two mailbox addresses are the same person? In
general, they can't, and so i will get more duplicate mail than i
do now (which is already too much).
Also think about the other side of it. If my host has more than one
name, which one should it fill in for me on the FROM line when i send
a message? If there is some default that is used, that is the
"preferred" name for the host. Given that the host has a preferred
name, why not use that name all the time?
It was suggested that since a host can be connected to more than one
network and thereby can have more than one hardware address, it
follows that it should have more than one name. This is like saying
that a city ought to be allowed different names for each type of
transportation system (roads, rail, ship, air) that it is connected
to.
It is certainly allowed for a host to have multiple names, and it if
a host did have multiple names they could be associated with the
networks the host was connected to. I don't see any advantage in
doing it.
Names have to be unique only with respect to their siblings. There
may be names like:
XYZ.PQR.ABC
WUV.PQR.ABC
XYZ.IJK.ABC
WUV.IJK.ABC
to name four different hosts.
Many people seemed to think the example in the DRAFT RFC was either
confusing in itself or would lead to a confusing result.
For example, a host "XYZ" at MIT might possible be considered as a
candidate for becoming any of XYZ.ARPA, XYZ.CSNET.EDU, or
XYZ.MIT.EDU.
The owner of host XYZ may choose which domain to join,
depending on which domain administrators are willing to have
him.
Some people seem to be upset that this could possibly result in a
range of host names like:
APIARY-1.MIT.ARPA
DASH.MIT.CSNET.EDU
MULTICS.MIT.EDU
First, i doubt that MIT would let this happen, but one can't be sure.
Second, i am not sure what to be upset about. The notion seems to be
that somehow i know that this MULTICS is an MIT computer but can't
guess if it is in ARPA or EDU. This is the kind of problem the IFIP
system is supposed to solve, but the domain name system does not. I
think the real question here is more like "I want to send a message
to Dave Clark of MIT, and i think his mailbox is on the Multics
computer there, what is the exact string i should enter to send mail
to him?". This is a question for the NIC WHOIS service, not the
domain name server.
The notion that "an organization name should be unique within the
community that is likely to want to talk to it" is a bit strange.
How is this uniqueness to be preserved? What happens when some
previously separate communities discover some common interests? The
whole point of domains is to subdivide the name assignment problem.
To try to preserve some higher level uniqueness would require the
very central coordination we are trying to eliminate! It should be
clear that there is no hope of such uniqueness in the long run, so
let's not make any plans based on such a false hope.
3) Syntax vs. Semantics
It has been suggest that semantics to too political for us to deal
with and that we ought to stick with syntax.
I agree that semantics seems to get more people with more points of
view saying more outrageous things than one would expect or wish to
cope with.
It would be nice to stick to syntax, except that we actually want to
put this system into service, and to do that we have to have some
real names to use. It seems to me that we have to deal with the
semantics now.
If we don't have the savy or clout to sort this out, we ought to
forward the problem to those who do. Any nominations?
4) The Top Level Domains
There is a great deal of discussion of these top level domain names.
The general tone seems to be that it is a good idea to have only a
few top level names but these are "too abstract".
I have not heard many suggestions for other top level names except
for currently existing things. I think that would lead to a lot of
top level domains.
It was suggested that there be a standard top level name for use by
isolated systems. I am not sure that would be the best approach. I
would favor registering the names of isolated systems in some way.
Experience shows that isolated systems tend to get connected.
5) Countries as Domains
Where does the UK domain go? Good question. We probably should
allow countries to be top level domains. I don't think this means
that we should have only countries as top level domains. There are
quite a number of international entities that would be difficult to
divide up into countries.
6) ARPA and DDN Domains
ARPA and DDN probably in an ideal world should not be top level
domains.
At best they probably ought to be: ARPA.DOD.GOV.USA and
DDN.DOD.GOV.USA.
And the computer i use would be: F.ISI.USC.ARPA.DOD.GOV.USA
However, for a while (probably a long while), they will be top level
names. This is a system that has to evolve into use. We are not
operating with a blank slate. Right now we have all the hosts in the
ARPA & DDN Internets operating with domain style host names in the
ARPA domain.
There have also been some comments about the requirements being
designed to favor the DDN and DARPA communities, or to prevent groups
not working for DARPA or other military agencies from qualifying.
This is not the case. We are perfectly happy if this naming system
is widely used. This is clearly to DARPA's and DDN's advantage.
Because of the history and the sponsorship of this effort DARPA and
DDN will get some special treatment. However the attempt here is to
set a policy for using domain style names that is fair for everyone.
7) Top Level Administrators
It was noted that it is strange that all the top level domains are
administrated by the NIC. The NIC is the agent of the the DDN and of
DARPA for the administration of those two domains, as for the other
domains the NIC does not want the job! If we can find some
reasonable alternatives for getting these domains administered we
will gladly explore the possibilities. Any volunteers?
It was suggested (in jest, i think) that the Corporate domain be run
by the U.S. Chamber of Commerce. It is not such a bad idea. I would
like to see the administration of these domains move to appropriate
responsible entities. I would not push to get some organization to
administer a domain until there was some indication that they knew
what it was, though.
Actually, while right now it may look hopeless for ever finding
appropriate administrations to take over the management of some of
these domains, i expect there will in the not too distant future be
several volunteers for each of these domains.
The NIC is not a "administration" in the sense used here. The NIC is
the agent of both DDN and DARPA. It would be inappropriate for there
to be a top level NIC domain. The NIC is acting as DDN's or DARPA's
agent when it registers and assigns host names.
One can be the administrator of a domain, or be the agent of the
administrator of a domain without being in the domain. For example,
the NIC might be NIC.DDN even though it is the administrative agent
for other domains as well.
8) Second Level Domains
100 Hosts. Perhaps the most often voiced issue is that 100 hosts may
not be the right criteria for being big enough to be a second level
domain.
We are open for suggestions for other criteria.
It was suggested that with this kind of criteria someone will count
every PC as a host. I think we should expect that in any case. So
the criteria should probably be different. Maybe it should be in
dollars of computer hardware (say $5,000,000 ?). Or, maybe it should
be user accounts or mailboxes (say 25,000 ?). Or, some formula
combining several factors? Any suggestions?
Try thinking of two cases: one you think should be a second level
domain and one you think should not. Try to make up a decision rule
that separates them. If you find some thing that works try it on
some other cases. If it still works tell me about it.
There was a suggestion to limit the operation of a name server to a
large organization but allow any one to be a second level domain.
This is just the opposite of the intent. The requirement that a
second level domain be some at least some threshold size is intended
to it limit the number of such domains in some way. If a much
smaller organization can operate a name service (reliably and
robustly) that is fine with me. I encourage it.
There was a question about hosts at the second level. If a top level
administration decides to it may allow hosts as second level names.
This is now the case in the initial ARPA domain. This is discouraged
in the future, but it is allowed.
The notion that a host is just that special case of a domain which
has no subdomains and is a single machine still applies. That is, a
host is a leaf of the domain name tree.
An organization with a small number of hosts (or even just one) will
probably be able to find some second level domain administrator will
to take it in as a third level domain.
9) Number of Levels
Some feel that the current plan will result in too many levels. I
think that it is not actually a problem of how many levels but how
long (in characters) names become. I think user pressure will keep
things reasonable.
There is some suggestion that the top level names do not add anything
significant while making the names longer. I think the top level
names are important because of their semantic neutrality. I think it
is important to getting some agreement on how we are going to use
this system, and i think it is so important to get this system into
service that i am willing to pay the cost of an "extra" level.
Another concern expressed was that some organizations will create
many levels with essentially no content. For example, A.B.C.D.E,
where B and C have no siblings. I don't think that this will happen,
but i am prepared to let it.
10) Name Length
There were three types of comments on this: 1) 12 characters too
short, 2) 12 characters too long, and 3) 12 characters just right.
One should note that this was said in the context of one segment of a
domain style name (what the implementation specification calls a
"label").
The implementation specification allows each label to be up to 63
characters long. Anyone writing a program to implement anything
dealing with domain style names should plan for the possibility of 63
character labels.
11) Aliases
While it is possible to set up aliases in the database (using the
CNAME RRs), i don't think this should be used widely on a long term
basis. It may be a useful feature to use for a short time (a few
months) when a host changes its domain style name.
I think that many hosts will want to establish private files of
aliases for commonly used other hosts. And i think that users would
like to have private files of commonly used other mailboxes. Such
files should be easily coupled to applications programs (e.g., the
users mail program).
12) Names Servers
The information a name server can supply about a name is everything
that is in the database. There is no implication from the name that
limits the information that can be returned. The details of the
query determine the information returned.
For example, if one looked up UDEL.CSNET.EDU one could get back
(depending on the details of the query) both the ARPA-Internet 32-bit
address and the MMDF phone number.
Please recall that name servers do not have to be one to one with
domain names. That is, several domains may go together to provide
the robust and reliable name service.
There was some talk about "sanctioned" name servers. It is true that
when a domain is set up some name servers must be registered so that
information about this new domain can be accessed. These name
servers must have up to date information about the domain. There can
easily be additional name servers set up for the domain. I don't see
that these additional servers need be though of as second class
citizens in any way. There was also some concern about keeping the
data consistent between these servers. By using the data base zone
and master file procedures defined in the specification there should
be no problems with inconsistent data (except possibly very briefly
when the master file is updated).
13) Database by Zones
The name servers implement the protocol to answer questions about
data they hold. The data is organized in to sections called zones.
A zone may conveniently correspond to a low level domain.
For example, ISI might become a third level domain. The information
about the hosts at ISI might be a zone of the database. This zone
could be updated at ISI and provided to several name servers operated
by other organizations.
The part of the database that describes a top level domain and its
second level domains (but not the third and lower level domains)
might also be a zone. This information might not change very often,
and might be distributed to many name servers.
14) Brick Wall
I don't respond well to being shouted at.
Try a calm and well reasoned presentation.
Summary:
I think the main point i want to make is that i want the mechanism to be
general and capable of supporting a reasonably large and appropriately
structured naming system, and i want to start using it as soon as
possible. This may result in the initial structure of names and
administrators being somewhat distorted from what we might have in an
ideal world. Let's get on with the experiment and evolve toward that
ideal world.
--jon.