ICANNWatch
 
  Inside ICANNWatch  
Submit Story
Home
Lost Password
Preferences
Site Messages
Top 10 Lists
Latest Comments
Search by topic

Our Mission
ICANN for Beginners
About Us
How To Use This Site
ICANNWatch FAQ
Slash Tech Info
Link to Us
Write to Us

  Useful ICANN sites  
  • ICANN itself
  • Bret Fausett's ICANN Blog
  • Internet Governance Project
  • UN Working Group on Internet Governance
  • Karl Auerbach web site
  • Müller-Maguhn home
  • UDRPinfo.com;
  • UDRPlaw.net;
  • CircleID;
  • LatinoamerICANN Project
  • ICB Tollfree News

  •   At Large Membership and Civil Society Participation in ICANN  
  • icannatlarge.com;
  • Noncommercial Users Constituency of ICANN
  • NAIS Project
  • ICANN At Large Study Committee Final Report
  • ICANN (non)Members page
  • ICANN Membership Election site

  • ICANN-Related Reading
    Browse ICANNWatch by Subject

    Ted Byfied
    - ICANN: Defending Our Precious Bodily Fluids
    - Ushering in Banality
    - ICANN! No U CANN't!
    - roving_reporter
    - DNS: A Short History and a Short Future

    David Farber
    - Overcoming ICANN (PFIR statement)

    A. Michael Froomkin
    - When We Say US™, We Mean It!
    - ICANN 2.0: Meet The New Boss
    - Habermas@ discourse.net: Toward a Critical Theory of Cyberspace
    - ICANN and Anti-Trust (with Mark Lemley)
    - Wrong Turn in Cyberspace: Using ICANN to Route Around the APA & the Constitution (html)
    - Form and Substance in Cyberspace
    - ICANN's "Uniform Dispute Resolution Policy"-- Causes and (Partial) Cures

    Milton Mueller
    - Ruling the Root
    - Success by Default: A New Profile of Domain Name Trademark Disputes under ICANN's UDRP
    - Dancing the Quango: ICANN as International Regulatory Regime
    - Goverments and Country Names: ICANN's Transformation into an Intergovernmental Regime
    - Competing DNS Roots: Creative Destruction or Just Plain Destruction?
    - Rough Justice: A Statistical Assessment of the UDRP
    - ICANN and Internet Governance

    David Post
    - Governing Cyberspace, or Where is James Madison When We Need Him?
    - The 'Unsettled Paradox': The Internet, the State, and the Consent of the Governed

    Jonathan Weinberg
    - Sitefinder and Internet Governance
    - ICANN, Internet Stability, and New Top Level Domains
    - Geeks and Greeks
    - ICANN and the Problem of Legitimacy

    Highlights of the ICANNWatch Archive
    (June 1999 - March 2001)


     
    New gTLDs Verisign/NSI
    .name Webmail Harmed by Use of Anti-SiteFinder Patch
    posted by michael on Sunday October 12 2003, @06:54AM

    The operator of the .name webmail services has writtent in to the Nanog mailing list to complain (very politely!) that their services are being damaged by (mis?)use of the BIND patch deployed to block VeriSign's Sitefinder.



    Here's the text of the message:
    .name TLD - resolution issues

    * From: Suresh Ramasubramanian
    * Date: Sun Oct 12 11:01:59 2003

    Hi there

    We operate webmail services for the .name TLD (MX and DNS resolution are handled by the nic.name people).

    After the recent Verisign brouhaha, several of y'all patched their nameservers to stop believing Verisign (so did we). Just that quite a few of you also seem to have set up your resolvers to do the same thing with other wildcarded TLDs.

    .name is a wildcarded TLD and does have legit domains on it. Right now we are seeing a lot of problems with .name domains being treated as unresolvable thanks to this, and mail from .name users is not getting through as mailservers are configured not to accept mail from unresolvable domains.

    I know, .name domains don't have zones or NS records attached to them - but yes, this is a legit wildcard (kind of like .museum, but this one is for vanity domains). I'd request DNS admins here to not treat .name as delegation-only.

    thanks
    --srs


     
      ICANNWatch Login  
    Nickname:

    Password:

    [ Don't have an account yet? Please create one. It's not required, but as a registered user you can customize the site, post comments with your name, and accumulate reputation points ("karma") that will make your comments more visible. ]

     
      Related Links  
    · VeriSign/NSI
    · N.Am Network Operators' Group
    · writtent in to the Nanog mailing list
    · More New gTLDs stories
    · Also by michael
     
    This discussion has been archived. No new comments can be posted.
    .name Webmail Harmed by Use of Anti-SiteFinder Patch | Log in/Create an Account | Top | 2 comments | Search Discussion
    Click this button to post a comment to this story
    The options below will change how the comments display
    Threshold:
    Check box to change your default comment view
    The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
    .name misconfigured
    by ldg on Sunday October 12 2003, @02:05PM (#12441)
    User #2935 Info | http://example.com/
    If using DNS properly (applying the patch to BIND) is resulting in mail not being delivered, then the TLD servers are misconfigured according to standards.

    That's why using wildcards is a dangerous thing to do. You run the risk of disrupting the expected results of the DNS. Applying the BIND patch merely forces the DNS to respond properly, so the .name TLD needs to alter the way they are configured. I'd rather sacrifice the misconfigured TLD than to be bombarded with the problems caused by the .com and .net wildcards. All this has done is force servers to be configured according to RFC's.
    [ Reply to This | Parent ]
    .name not "wildcarded", but patch still breaks it
    by Hakon Haugnes on Monday October 13 2003, @03:00AM (#12445)
    User #3878 Info | http://www.nic.name/

    Dear Suresh Ramasubramanian,

    Thank you for your attention to this issue. As you rightly point out, it arose as a result of the patch to the BIND DNS server software. Rest assured that we are working hard with the relevant parties to have it fixed as soon as possible (see also http://marc.theaimsgroup.com/?l=bind-users&m=10657 9662509581&w=2 [theaimsgroup.com])

    However, I just wanted to make a friendly correction to one error in your mail. .name is not a "wildcarded" TLD. There is no "wildcard" or "star-record" response from the .name nameservers.

    Rather, the reason why the hastily launched BIND patch now breaks the .name email functionality is because .name returns non-delegation resource records for the second level, for example MX records for all shared second level names (as contemplated by the .name ICANN contract, http://www.icann.org/tlds/agreements/name/registry -agmt-appc-1-8aug03.htm#d [icann.org]). These valid and vital resource records are now being exchanged for a NXDOMAIN response, resulting in bounced emails to otherwise valid .name email addresses.

    According to a report at the recent SECSAC meeting, 15,000 downloads of this patch have been made. We would urge all operators to NOT install this patch, or more specifically, not to use the root-delegation-only functionality until its problems have been resolved.

    The Internet Community response to the .com "wildcard" was perhaps emotional, but to be clear, the patch to BIND does not break .name functionality because of any "wildcards" or "star records". Rather, it breaks because .name until now has been a third-level domain space where second levels are shared. Not all second levels exist under the .name TLD, but are created as necessary when third levels are registered.

    However, this is changing now that .name will, in addition to its current third level registrations, open its second level for SLD delegations. From January 14th, there will be second levels on .name that are delegated to nameservers, just like on e.g. .com. For more information about this, see www.nic.name [nic.name].

    We regret the consequence of the hastily launched patch to BIND, and are working hard to resolve the issue with the relevant parties. Thank you in the meantime for your patience, and for reporting any seemingly misconfigured ISPs and DNS operators to us as soon as possible. Our contact address for any such reports is delegation-only@gnr.com [mailto].


    Best regards,

    Hakon Haugnes
    President
    The Global Name Registry
    www.nic.name [nic.name]

    [ Reply to This | Parent ]


    Search ICANNWatch.org:


    Privacy Policy: We will not knowingly give out your personal data -- other than identifying your postings in the way you direct by setting your configuration options -- without a court order. All logos and trademarks in this site are property of their respective owner. The comments are property of their posters, all the rest © 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008 by ICANNWatch.Org. This web site was made with Slashcode, a web portal system written in perl. Slashcode is Free Software released under the GNU/GPL license.
    You can syndicate our headlines in .rdf, .rss, or .xml. Domain registration services donated by DomainRegistry.com