[82005] in North American Network Operators' Group
Re: The whole alternate-root ${STATE}horse (was Re:
daemon@ATHENA.MIT.EDU (Brad Knowles)
Fri Jul 8 15:31:32 2005
In-Reply-To: <20050705193724.A16454@cgi.jachomes.com>
Date: Wed, 6 Jul 2005 02:09:23 +0200
To: NANOG <nanog@merit.edu>
From: Brad Knowles <brad@stop.mail-abuse.org>
Errors-To: owner-nanog@merit.edu
At 7:37 PM -0400 2005-07-05, Jay R. Ashworth wrote:
> Hmmm... again, absent TLD collisions, I don't see that writing a
> recursive-only server that can coalesce the TLD namespace from multiple
> roots ought to be *that* hard... but then I'm not Cricket, neither.
In theory, it should be trivial. In practice, I believe that it
is quite non-trivial. I believe that we can look around and pretty
easily find at least a few examples that demonstrate how difficult it
is to get this right.
The history of BIND alone is quite instructive, I believe. The
fact that everyone and their brother seems to create
authoritative-only servers as their 6th grade science project, but
there are still relatively few caching-only servers, is another data
point.
> And my perception is that the cat is *out* of the bag, and fretting
> about how bad it would be were the cat to get out of the bag (which is
> my perception of most people's view of this issue) isn't especially
> productive; the solution is to figure out how to manage the problem.
I'm not sure, but I think we're at the stage where we might just
be able to put the genie back in the bottle, if we act fast and we
can get suitable alternative mechanisms in place through the existing
official IETF/ICANN process.
But if we don't get this fixed soon, I fear that we'll never be
able to do that. At that point, we've got our private parts hanging
out in the wind, and we're depending on the good nature of people not
to come along and whack them with baseball bats, and we're depending
on good fortune keeping harsh weather away that might result in
lightning strikes.
There's not much we can do to stop the alternate roots. They
already exist, and at least two are currently in operation. However,
I think we can look at what it is that they're offering in terms of
i18n and see what we can do to address those issues from inside the
system.
IMO, i18n is the only potentially legitimate thing that alternate
roots are capable of providing, and the only thing we need to worry
about resolving within the system. Outside of i18n, I don't give a
flying flip what the alternate roots do or what services they claim
to offer.
And that, I believe, is operationally relevant because the
outcome will affect us all. If nothing else, code will have to be
adapted to match whatever is specified as a result of the IETF/ICANN
political process. And we'll all have to update our servers.
--
Brad Knowles, <brad@stop.mail-abuse.org>
"Those who would give up essential Liberty, to purchase a little
temporary Safety, deserve neither Liberty nor Safety."
-- Benjamin Franklin (1706-1790), reply of the Pennsylvania
Assembly to the Governor, November 11, 1755
SAGE member since 1995. See <http://www.sage.org/> for more info.
