[81994] in North American Network Operators' Group
Re: The whole alternate-root ${STATE}horse (was Re: Enable BIND cache server to resolve chinese domain name?)
daemon@ATHENA.MIT.EDU (Jay R. Ashworth)
Fri Jul 8 15:30:26 2005
Date: Tue, 5 Jul 2005 18:11:08 -0400
From: "Jay R. Ashworth" <jra@baylink.com>
To: NANOG <nanog@merit.edu>
In-Reply-To: <p06200734bef07e05ee62@[10.0.1.3]>; from Brad Knowles <brad@stop.mail-abuse.org> on Tue, Jul 05, 2005 at 08:38:41PM +0200
Errors-To: owner-nanog@merit.edu
On Tue, Jul 05, 2005 at 08:38:41PM +0200, Brad Knowles wrote:
> At 9:43 AM -0400 2005-07-05, Jay R. Ashworth wrote:
> >> Moreover, most of them are unlikely to be
> >> willing to just live with the problem, if no other suitable technical
> >> solution can be found. Instead, they'll believe the sales pitch of
> >> someone else who says that they can fix the problem, even if that's
> >> not technically possible.
> >
> > Well they might. Well, actually, poorly they might.
> >
> > But that argument seems to play right *to* the alt-root operators,
> > since the "fix" is to switch your customer resolvers to point to one of
> > them.
>
> I disagree. The problem is that there are too many alternatives.
To many alt-roots? Or too many alt-TLD's?
> > (Assuming, of course, they stay supersets of ICANN, and don't
> > get at cross-purposes with one another.)
>
> The problem is that they are pretty much guaranteed to get at
> cross-purposes.
Well, there have been alt-root zones available for, what 6 or 7 years
now? And how many collisions have there actually been in practice? 2?
3?
> > In fact, merging them at your
> > resolvers might be the best solution.
>
> I don't think that's really practical. I'm sorry, I just don't
> trust them to write a resolver that's going to get included in libc
> (or wherever), and for which the world is going to be dependant.
Well, I meant "at your customer recursive resolver servers", since the
topic at hand was "what do IAP's do to support their retail customers",
but...
> The alternative roots will always be marginal, at best. The
> problem is that while they are marginal, they can still create
> serious problems for the rest of us.
In the context which people have been discussing, I don't honestly see
how they cause "the rest of us" problems. People with domains *in*
those aTLD's, yes. But as I noted somewhere else in this thread, the
only people who would have un-mirrored aTLD domains would be precisely
those who were evangelising for the concept, and it would be in their
best interest to be explaining what was going on...
> > But Steve's approach doesn't seem to *me* to play in that direction.
> > Am I wrong?
>
> I'm not sure I understand which Steve you're talking about. Do
> you mean Steve Gibbard, in his post dated Sun, 3 Jul 2005 22:20:13
> -0700 (PDT)?
I did mean Mr. Gibbard, yes.
> If so, then each country running their own alternative
> root won't solve the problem of data leaking through the edges.
"Data leaking through the edges"...
> People will always be able to access data by pure IP address, or
> choosing to use the real root servers. Push come to shove, and the
> real root servers could be proxied through other systems via other
> methods.
"Real" is *such* a metaphysical term here, isn't it? :-)
> The reverse problem is more difficult to deal with -- that of
> people wanting to access Chinese (or whatever) sites that can only be
> found in the Chinese-owned alternative root.
Stipulated. But whose problem *is* that?
Cheers,
-- jra
--
Jay R. Ashworth jra@baylink.com
Designer Baylink RFC 2100
Ashworth & Associates The Things I Think '87 e24
St Petersburg FL USA http://baylink.pitas.com +1 727 647 1274
If you can read this... thank a system administrator. Or two. --me
