ICANNWatch
 
  Inside ICANNWatch  
Submit Story
Home
Lost Password
Preferences
Site Messages
Top 10 Lists
Latest Comments
Search by topic

Our Mission
ICANN for Beginners
About Us
How To Use This Site
ICANNWatch FAQ
Slash Tech Info
Link to Us
Write to Us

  Useful ICANN sites  
  • ICANN itself
  • Bret Fausett's ICANN Blog
  • Internet Governance Project
  • UN Working Group on Internet Governance
  • Karl Auerbach web site
  • Müller-Maguhn home
  • UDRPinfo.com;
  • UDRPlaw.net;
  • CircleID;
  • LatinoamerICANN Project
  • ICB Tollfree News

  •   At Large Membership and Civil Society Participation in ICANN  
  • icannatlarge.com;
  • Noncommercial Users Constituency of ICANN
  • NAIS Project
  • ICANN At Large Study Committee Final Report
  • ICANN (non)Members page
  • ICANN Membership Election site

  • ICANN-Related Reading
    Browse ICANNWatch by Subject

    Ted Byfied
    - ICANN: Defending Our Precious Bodily Fluids
    - Ushering in Banality
    - ICANN! No U CANN't!
    - roving_reporter
    - DNS: A Short History and a Short Future

    David Farber
    - Overcoming ICANN (PFIR statement)

    A. Michael Froomkin
    - When We Say US™, We Mean It!
    - ICANN 2.0: Meet The New Boss
    - Habermas@ discourse.net: Toward a Critical Theory of Cyberspace
    - ICANN and Anti-Trust (with Mark Lemley)
    - Wrong Turn in Cyberspace: Using ICANN to Route Around the APA & the Constitution (html)
    - Form and Substance in Cyberspace
    - ICANN's "Uniform Dispute Resolution Policy"-- Causes and (Partial) Cures

    Milton Mueller
    - Ruling the Root
    - Success by Default: A New Profile of Domain Name Trademark Disputes under ICANN's UDRP
    - Dancing the Quango: ICANN as International Regulatory Regime
    - Goverments and Country Names: ICANN's Transformation into an Intergovernmental Regime
    - Competing DNS Roots: Creative Destruction or Just Plain Destruction?
    - Rough Justice: A Statistical Assessment of the UDRP
    - ICANN and Internet Governance

    David Post
    - Governing Cyberspace, or Where is James Madison When We Need Him?
    - The 'Unsettled Paradox': The Internet, the State, and the Consent of the Governed

    Jonathan Weinberg
    - Sitefinder and Internet Governance
    - ICANN, Internet Stability, and New Top Level Domains
    - Geeks and Greeks
    - ICANN and the Problem of Legitimacy

    Highlights of the ICANNWatch Archive
    (June 1999 - March 2001)


     
    This discussion has been archived. No new comments can be posted.
    .ly Mess: The Wages of Obsessive Secrecy | Log in/Create an Account | Top | 9 comments | Search Discussion
    Click this button to post a comment to this story
    The options below will change how the comments display
    Threshold:
    Check box to change your default comment view
    The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
    Re:Where is the coverage of the broken Root Server
    by Anonymous on Sunday April 18 2004, @05:59AM (#13403)
    The DNS protocol should work with UDP and TCP.

    With DNS via TCP, the anycast legacy Root Servers are not reliable. The TCP session (or stream) may end up at different physical servers, mid-session.

    The best solution is to abstract the 13 root-server addresses on to a local edge appliance (firewall).
    The TCP session then goes to that device, reducing root server traffic on the global Internet.

    For security and easy router management, all 13 of the root-server /16 sub-nets can also be abstracted inside the local site, to the DMZ or "root zone".

    Add to the above the recommendation from New.Net and you have most of the fixes needed to make your site MORE RELIABLE, MORE SECURE, and you REDUCE TRAFFIC on your expensive links to the global Internet.

    http://www.new.net/help_isp_info.tp

    Alternatively, you may slave the root zone, ".", from a master DNS server. // Slave the root zone from a new.net master DNS server.
    zone "." {
        type slave;
        file "root.zone";
        masters {
            206.132.100.42;
        };
    };
    [ Reply to This | Parent ]
    Re:Where is the coverage of the broken Root Server by Anonymous
    the DMZ or "root zone"
    by Anonymous on Sunday April 18 2004, @06:19AM (#13404)
    For security and easy router management, all 13 of the root-server /16 sub-nets can also be abstracted inside the local site, to the DMZ or "root zone".

    128.63.0.0
    128.8.0.0
    192.112.0.0
    192.203.0.0
    192.228.0.0
    192.33.0.0
    192.36.0.0
    192.5.0.0
    192.58.0.0
    193.0.0.0
    198.32.0.0
    198.41.0.0
    202.12.0.0
    [ Reply to This | Parent ]
    Re:Where is the coverage of the broken Root Server
    by KarlAuerbach on Sunday April 18 2004, @11:10AM (#13405)
    User #3243 Info | http://www.cavebear.com/
    So, as I read it, the core of your concern is that DNS-over-TCP doesn't work with anycast servers.

    Actually DNS-over-TCP does work with anycast servers except when there is a routing change in the middle of the TCP connection.

    As a practical matter that is rather rare and easily cured by a software retry.

    As for your DNS appliance - an alternative is to simply set up a local resolver on a box that runs for a long time (e.g. a typical Linux/Bsd platform) and let it build-up a cache.
    [ Reply to This | Parent ]


    Search ICANNWatch.org:


    Privacy Policy: We will not knowingly give out your personal data -- other than identifying your postings in the way you direct by setting your configuration options -- without a court order. All logos and trademarks in this site are property of their respective owner. The comments are property of their posters, all the rest © 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008 by ICANNWatch.Org. This web site was made with Slashcode, a web portal system written in perl. Slashcode is Free Software released under the GNU/GPL license.
    You can syndicate our headlines in .rdf, .rss, or .xml. Domain registration services donated by DomainRegistry.com