ICANNWatch
 
  Inside ICANNWatch  
Submit Story
Home
Lost Password
Preferences
Site Messages
Top 10 Lists
Latest Comments
Search by topic
Our Mission
ICANN for Beginners
About Us
How To Use This Site
ICANNWatch FAQ
Slash Tech Info
Link to Us
Write to Us

  Useful ICANN sites  
  • ICANN itself
  • Bret Fausett's ICANN Blog
  • Internet Governance Project
  • UN Working Group on Internet Governance
  • Karl Auerbach web site
  • Müller-Maguhn home
  • UDRPinfo.com;
  • UDRPlaw.net;
  • CircleID;
  • LatinoamerICANN Project
  • ICB Tollfree News

    •   At Large Membership and Civil Society Participation in ICANN  
  • icannatlarge.com;
  • Noncommercial Users Constituency of ICANN
  • NAIS Project
  • ICANN At Large Study Committee Final Report
  • ICANN (non)Members page
  • ICANN Membership Election site

    • ICANN-Related Reading
    Browse ICANNWatch by Subject

    Ted Byfied
    - ICANN: Defending Our Precious Bodily Fluids
    - Ushering in Banality
    - ICANN! No U CANN't!
    - roving_reporter
    - DNS: A Short History and a Short Future

    David Farber
    - Overcoming ICANN (PFIR statement)

    A. Michael Froomkin
    - When We Say US™, We Mean It!
    - ICANN 2.0: Meet The New Boss
    - Habermas@ discourse.net: Toward a Critical Theory of Cyberspace
    - ICANN and Anti-Trust (with Mark Lemley)
    - Wrong Turn in Cyberspace: Using ICANN to Route Around the APA & the Constitution (html)
    - Form and Substance in Cyberspace
    - ICANN's "Uniform Dispute Resolution Policy"-- Causes and (Partial) Cures

    Milton Mueller
    - Ruling the Root
    - Success by Default: A New Profile of Domain Name Trademark Disputes under ICANN's UDRP
    - Dancing the Quango: ICANN as International Regulatory Regime
    - Goverments and Country Names: ICANN's Transformation into an Intergovernmental Regime
    - Competing DNS Roots: Creative Destruction or Just Plain Destruction?
    - Rough Justice: A Statistical Assessment of the UDRP
    - ICANN and Internet Governance

    David Post
    - Governing Cyberspace, or Where is James Madison When We Need Him?
    - The 'Unsettled Paradox': The Internet, the State, and the Consent of the Governed

    Jonathan Weinberg
    - Sitefinder and Internet Governance
    - ICANN, Internet Stability, and New Top Level Domains
    - Geeks and Greeks
    - ICANN and the Problem of Legitimacy

    Highlights of the ICANNWatch Archive
    (June 1999 - March 2001)


    		 
    This discussion has been archived. No new comments can be posted.
    Anonymous ICANNwatch Messages Considered Harmful? | Log in/Create an Account | Top | 65 comments | Search Discussion
    Click this button to post a comment to this story
    The options below will change how the comments display
    Threshold:
    Check box to change your default comment view
    The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
    a local instance of the f-root server address?
    by Anonymous on Saturday June 05 2004, @06:03PM (#13703)
    It gets better. It is now standard operating procedure to run what some call two-faced DNS. The legacy root server addresses are pulled *inside* of a site's fire-wall, and no traffic flows to Paul Trixie's duplicated (any-casted) servers, which he of course makes boat loads of money from, supporting them around the world.

    Any claims that Paul makes about traffic to and from his servers is bogus, because tens of thousands of instances of those server addresses, operating on local sub-nets, locally-route the traffic for better, more reliable, operations. ICANN always claims to be interested in more secure and stable operations, what better way than to know that one's root traffic never leaves their physical site.

    Going one step further, the sub-nets that the legacy root servers use are largely wasted with only one lone IP address in use from large blocks. That makes those sub-nets useful for local DHCP allocations. Scripts are commonly available which discover the legacy root servers and then dynamically write the DHCP config file to allow other machines to grab an open IP address from what amount to site-local blocks. By changing the number of root servers and the sub-nets they use, an external provider can provide the information to auto-configure a complete site. For PC novices here, you may see this in your Network Control Panel as "Obtain IP Address Automatically".

    It is truely ironic that Paul Trixie has made mega-millions from the BIND and DHCP software and it is that software which can be easily configured to render his beloved f-troop servers useless.

    Beyond the above, Paul is of course not looking at the usage of an IP address surrounded by other prefix and/or suffix address bits, as one sees with IPv6. It will be interesting to see if Paul claims that he owns all addresses with the f-troop 32-bit pattern anywhere in the larger bit field. He could be chasing billions of bit patterns in use around the world.

    Speaking of chasing, Paul has announced on the IETF list that he will open an office in any locale just for the purpose of filing a lawsuit against anyone who uses the f-troop 32-bit address. He must have pretty deep pockets from the years of dominating the DNS market with his "non-profit" vest-pocket companies. Even ICANN only plans to open a total of 8 offices to cover the litigation landscape around the world.

    It might be useful to have Paul provide the contact of his main legal counsel in all 50 States as a starting point. ISPs could then spend a few hours or days with each attorney to fully digest what Paul asserts. After the State-level discussions start, the ISPs could move to the City-level and obtain the contact for the 20,000+ major U.S. cities. That should be pocket-change for Paul to handle that many simultaneous legal activities. That may help to head off any need to actually test the legal theories in the various Circuit Courts. Just think of the savings in legal fees, long-term.

    [ Reply to This | Parent ]
    a local instance of the f-root server address? by Anonymous
    Starting Score:    0  points
    Moderation   +1  
    Extra 'Interesting' Modifier   0  
    Total Score:   1  
    Re:a local instance of the f-root server address?
    by Anonymous on Saturday June 05 2004, @07:55PM (#13706)
    * Subject: Re: Root Anycast
            * From: Paul Vixie
            * Date: Tue, 18 May 2004 18:56:54 +0000
            *

    > Paul, and other rootserveroperators (good scrabble word :), what would
    > your answer/problem/arguments/... be if an ISP would decide to inject
    > routes to the root-servers into their local network and point these
    > request to a local dns cache(s), which would have the correct routes to
    > the the global rootservers of course.

    if someone injects 192.5.5.241 (or any route which covers it) anywhere
    that a dns client will see it whose owner has not explicitly agreed to
    have their f-root service modified in this way, and then modifies the
    service (which means does something with the queries other than forward
    them to an ISC-owned server) then we would of course file a lawsuit of
    some kind, even if it meant opening an ISC office in some new place in
    order to have "standing."

    > Or another thought that have been raised recently on the 6bone list:
    > Would it be an idea to have 2+ independent globaly routable prefixes,
    > thus in IPv4 2x at least /24 and in IPv6 2x /32 which are allowed to be
    > anycasted by anyone, just like the 6to4 stuff currently. So that ISP's
    > could point these prefixes to their local dns caches, similar to the
    > above but: documented which prefixes those are and no evil hijacking.
    > This could also allow for DNS-client to have hardcoded addresses of
    > these caching DNS prefixes lightening the load on the root servers as
    > with anycast you will always get an answer from the closest one, if all
    > is well and murphy is on his day off of course ;)

    as far as i know, this would have to be done by iana rather than by ietf,
    and the risk/reward tradeoff is such that it's not likely to see daylight.
    last time i heard it discussed, the final determination was "better the
    evil that we already know."

    AS112 uses unowned anycast and it works well, but then, if wrong answers
    were sent back by an AS112 server, it wouldn't exactly hurt anybody.
    root name service seems more sensitive, to my eye.
    [ Reply to This | Parent ]


    Search ICANNWatch.org:

    Privacy Policy: We will not knowingly give out your personal data -- other than identifying your postings in the way you direct by setting your configuration options -- without a court order. All logos and trademarks in this site are property of their respective owner. The comments are property of their posters, all the rest © 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008 by ICANNWatch.Org. This web site was made with Slashcode, a web portal system written in perl. Slashcode is Free Software released under the GNU/GPL license.
    You can syndicate our headlines in .rdf, .rss, or .xml. Domain registration services donated by DomainRegistry.com