Inside ICANNWatch  
Submit Story
Lost Password
Site Messages
Top 10 Lists
Latest Comments
Search by topic

Our Mission
ICANN for Beginners
About Us
How To Use This Site
Slash Tech Info
Link to Us
Write to Us

  Useful ICANN sites  
  • ICANN itself
  • Bret Fausett's ICANN Blog
  • Internet Governance Project
  • UN Working Group on Internet Governance
  • Karl Auerbach web site
  • Müller-Maguhn home
  • UDRPinfo.com;
  • UDRPlaw.net;
  • CircleID;
  • LatinoamerICANN Project
  • ICB Tollfree News

  •   At Large Membership and Civil Society Participation in ICANN  
  • icannatlarge.com;
  • Noncommercial Users Constituency of ICANN
  • NAIS Project
  • ICANN At Large Study Committee Final Report
  • ICANN (non)Members page
  • ICANN Membership Election site

  • ICANN-Related Reading
    Browse ICANNWatch by Subject

    Ted Byfied
    - ICANN: Defending Our Precious Bodily Fluids
    - Ushering in Banality
    - ICANN! No U CANN't!
    - roving_reporter
    - DNS: A Short History and a Short Future

    David Farber
    - Overcoming ICANN (PFIR statement)

    A. Michael Froomkin
    - When We Say US™, We Mean It!
    - ICANN 2.0: Meet The New Boss
    - Habermas@ discourse.net: Toward a Critical Theory of Cyberspace
    - ICANN and Anti-Trust (with Mark Lemley)
    - Wrong Turn in Cyberspace: Using ICANN to Route Around the APA & the Constitution (html)
    - Form and Substance in Cyberspace
    - ICANN's "Uniform Dispute Resolution Policy"-- Causes and (Partial) Cures

    Milton Mueller
    - Ruling the Root
    - Success by Default: A New Profile of Domain Name Trademark Disputes under ICANN's UDRP
    - Dancing the Quango: ICANN as International Regulatory Regime
    - Goverments and Country Names: ICANN's Transformation into an Intergovernmental Regime
    - Competing DNS Roots: Creative Destruction or Just Plain Destruction?
    - Rough Justice: A Statistical Assessment of the UDRP
    - ICANN and Internet Governance

    David Post
    - Governing Cyberspace, or Where is James Madison When We Need Him?
    - The 'Unsettled Paradox': The Internet, the State, and the Consent of the Governed

    Jonathan Weinberg
    - Sitefinder and Internet Governance
    - ICANN, Internet Stability, and New Top Level Domains
    - Geeks and Greeks
    - ICANN and the Problem of Legitimacy

    Highlights of the ICANNWatch Archive
    (June 1999 - March 2001)

    This discussion has been archived. No new comments can be posted.
    Where Did the .root TLD Come From? | Log in/Create an Account | Top | 26 comments | Search Discussion
    Click this button to post a comment to this story
    The options below will change how the comments display
    Check box to change your default comment view
    The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
    I remember seeing this
    by dmehus on Monday March 08 2004, @08:42AM (#13130)
    User #3626 Info | http://doug.mehus.info/
    Funny you mention this, Karl. I remember seeing it a few months ago when I download the root zone file from the InterNIC FTP site. I was a bit perplexed by it, because I was sure ICANN nor the U.S. DoC never gave approval for the new dot-root TLD. Correct?

    Typical VeriSign abuse of power. So much for ICANN doing its real duty of acting as a technical coordinator of the DNS root. :(

    Doug Mehus http://doug.mehus.info/ [mehus.info]
    [ Reply to This | Parent ]
    The 13 Root Servers No Longer Exist
    by Anonymous on Monday March 08 2004, @04:51PM (#13131)
    The 13 Root Servers No Longer Exist. Without any discussion, approvals, etc, the 32-bit IPv4 addresses of the legacy root servers are now being re-used by many physical servers. It is in an ISP's best interest NOT to route those 13 addresses. An ISP can set up a couple of internal servers to be imposters for all of those 13 addresses. This improves the performance for their customers and their other name-servers and it allows the ISP to enhance/extend/embellish the root zone. It also restores the reliability of the root servers which will not operate properly in all situations in the any-cast (imposter) arrangement that ICANN has allowed to evolve without any public input from real DNS experts. By placing strange-looking, one-of-a-kind entries in their root zone, an ISP can mark their servers to help them make sure they know which physical server they are talking to. It appears that Verisign is just marking their servers and the consensus is to use the .ROOT TLD to do that. You are free to name your imposter root servers with your own obscur name. If you are waiting for the ICANN Board's approval to do that, don't hold your breath. If you have not noticed, ICANN knows very little about the DNS and root servers. ICANN is focused on contracts and funding and opening 7 more offices around the world.
    [ Reply to This | Parent ]
    by Anonymous on Monday March 08 2004, @05:02PM (#13132)
    I can't believe the minutia Karl ponders ... I guess it's safer and easier than dealing with the really important issues. Karl should be writing about his findings upon inspection of ICANN's financial records, as well as other records. I must have missed that one ...

    I also must have missed how Karl is following-up on Richard Henderson's noteworthy quest for truth and accountability in the .info fiasco. You know, seriously conflicted Afilias Directors and ethically-challenged registrars f-cking consumers out of cash and domain names.

    Go ahead Karl, please tell us more about .root, we're waiting on pins and needles.

    Thanks a little!
    [ Reply to This | Parent ]
    • Re:Minutia by KarlAuerbach Monday March 08 2004, @06:57PM
    Checking that the zone is OK
    by bortzmeyer on Monday March 08 2004, @11:18PM (#13135)
    User #3933 Info
    The purpose of this record is obvious: making sure that you do not get a truncated zone file. If, for some reasons, a unsecured (by DNSsec or GnuPG) zone transfer fails partly, it is easy to pinpoint it: nameservers monitor just have to check this record, the last one of the zone.
    [ Reply to This | Parent ]
    dig commands are no longer proof of anything
    by Anonymous on Tuesday March 09 2004, @05:24AM (#13142)
    Using dig does not prove anything. You may be doing a dig on your ISP's imposter root servers.

    You would have to also do trace routes and even those are no longer valid because the U.S. Government could be re-directing your traffic and changing the TTL values on the fly to hide their eaves-dropping. It is in Verisign's best interest to assist the U.S. Government in surveilance activities which Verisign views as counter to their dominance of the DNS industry. ICANN's thugs have of course set themselves up as the security and stability team, ready to assist the U.S. Government with the silencing of anyone that threatens their job security. Misinformation, disinformation and covert operations are funded by the domain name fees that you pay.

    If you are in another country, you may be doing a dig on the local country's imposter root-servers that they have set up to encourage all root-server traffic to remain in their country. This gives them total control of their view of "the root" and also reduces the bandwidth required for DNS traffic in and out of the country.

    For your dig commands to be validated, you would have to prove (via physical access) that you watched each packet traverse each LAN link, router and WAN link. With the 13 legacy root-server addresses being duplicated all over on imposter servers, this would be very difficult.

    The only way an ISP or large organization can ensure that the traffic to and from the 13 root servers is reliable and secure is to deploy servers which answer for those 13 addresses. Those are trivial servers to deploy because all the root servers normally do is hand out referrals to the various TLD server clusters.

    In order for Verisign to lock people into using their servers, they of course can add obscur records directly in the root zone. The various Verisgn plug-ins can then check for those obscur records and shape service based on what they find. An ISP's imposter root servers may not have the proper obscur records and services could fail, sending customers back to Verisign/ICANN for support and more fees. ICANN can then dispatch highly paid DNS consultants from the seven offices they plan to open around the world.

    Since many people are not able to do a dig command and rely only on browser clicks to determine their view of reality, this quick
    check may help. Just type "%ae.com" (percent ae) into your browser's address bar.
    [ Reply to This | Parent ]
    Note: Paul Vixie is at war with his own army ?
    by Anonymous on Tuesday March 09 2004, @05:52AM (#13143)
    Note: Paul Vixie is at war with his own army ?

    http://www.merit.edu/mail.archives/nanog/msg02075. html

    "this is war, information warfare. let's deprive the enemy
    of options until we can force them to meet us on our own chosen terms."
    Paul Vixie

    [ Reply to This | Parent ]
    by Anonymous on Tuesday March 09 2004, @08:52AM (#13146)
    This explains much. I was surfing along one day, minding my own business, when BAM, the Internet became very unstable and everything went to heck. "Oh my, what has happened to the stability of the Internet?", I pondered. I suspect this was the exact moment that .root was added to the, well, root.

    I used to think that the opponents of adding new TLDs were wrong. No longer. I see now that stability is a very real issue that ICANN should take seriously.

    And that was just one name in .root. Imagine the ill consequences of perhaps ten or more...
    [ Reply to This | Parent ]
    .FR (FRANCE) Can Not Even Operate a TLD ?
    by Anonymous on Tuesday March 09 2004, @07:41PM (#13153)

    Be careful what you "dig" for and turn up.
    Look at the .FR (FRANCE?) zone as an example.

    The .FR TLD nameservers are operated by:

    VIX.COM which is Paul Vixie's for-profit pocket.
    Paul Vixie of course has a non-profit pocket on
    the other side (ISC.ORG) to serve all people
    willing to send money in those directions.

    [ Reply to This | Parent ]
    Does ICANN endorse Blacklisting and Mailbombing ?
    by Anonymous on Wednesday March 10 2004, @07:18AM (#13155)
    Does the ICANN cartel endorse Blacklisting and Mailbombing to coerce "the Community" ?

    http://www.ietf.org/mail-archive/ietf/Current/msg2 4594.html

    "Alan Brown has lost 3 separate
    lawsuits involving defamation and false statements. 2 of those lawsuits
    involved him making false statements about ISPs he simply didn't like,
    that is, he put them in his blacklist falsely, just like Mr. Sullivan is
    doing now. Most people aren't involved in three lawsuits their entire
    lives. Yet Mr. Brown has __lost__ three involving false statements. Does
    that make him a pathological liar? ISC (Paul Vixie, Bill Manning) has been
    aware of the abusive and defamatory nature of SORBS for some time now, but
    either don't seem to mind being associated with such disreputable people,
    and don't mind that their services are being used for unlawful and
    defamatory sites, or share in Mr. Sullivan's and Mr. Brown's spite.

    And what are we to make of Mr Sullivan's association with this, and Mr
    Vixie's and Mr. Manning's assocation with Mr. Sullivan? Shouldn't they be
    judged by their association with disreputable people?"
    [ Reply to This | Parent ]

    Search ICANNWatch.org:

    Privacy Policy: We will not knowingly give out your personal data -- other than identifying your postings in the way you direct by setting your configuration options -- without a court order. All logos and trademarks in this site are property of their respective owner. The comments are property of their posters, all the rest © 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008 by ICANNWatch.Org. This web site was made with Slashcode, a web portal system written in perl. Slashcode is Free Software released under the GNU/GPL license.
    You can syndicate our headlines in .rdf, .rss, or .xml. Domain registration services donated by DomainRegistry.com