[dns-operations] What is the most pressing need for DNS these days?

Peter Dambier peter at peter-dambier.de
Sat Jul 8 11:10:09 UTC 2006

Brad Knowles wrote:
> 	I want to help, I really do.  I just question the wisdom of 
> continuing to throw good money after bad, especially when we've been 
> shown just how bad it really is.

So do I.

> 	There comes a time when a complete revolution is what is 
> required, as opposed to continuing to play nice with the tyrants and 
> the fascists.

The time is now, and here it is:


China has found its own way to go.
Turkey has found its own way to go.
The arabs have found their own way to go.

There have been many alternative roots comming and going.
Some of them are still alive.

First step) Balkanisation

Second step) Cooperation

ICANN was never good at cooperation.

There used to be a HOLY hostfile and people like John Palmer dared to
have their own. Today everybody has his own hostfile and nobody cares.

I guess the future will be for everybody to have his own personal
root-server. I dont want my gouvernement to do that job for me.

Of course we must find a means to exchange informaton so we can
communicate. One means is to look directly into the authoritative
nameservers of the toplevel domains.

Just an interseting log what happens when you try, taking the
ICANNed rootfile as reference:

host_error("bh.","sv10.batelco.com.bh.","Host not found").
host_error("bw.","daisy.ee.und.ac.za.","Host not found").
host_error("gm.","ns2.nic.gm.","Host not found").
host_error("id.","ns2.id.","Host not found").
host_error("ps.","dns3.gov.ps.","No data").
host_error("so.","mercury.ml.org.","Host not found").
host_error("tl.","ns.tp.timor-leste.net.nz.","Try again").

I took ns.tp.timor-leste.net.nz for an example.

No way to find it using DNS. Try for yourself.
Google did find their ip, but that host did not answer DNS.

Except for a handfull of obedient TLDs the rootfile does not
look promising.

error("mm.","ns-mm.ripe.net.","","no response").
error("mm.","ns.net.mm.","","no response").
error("mm.","ns0.mpt.net.mm.","","no soa").

; <<>> DiG 9.1.3 <<>> -t any mm.
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49606
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 0

;mm.                            IN      ANY

mm.                     56005   IN      NS      NS0.MPT.NET.mm.
mm.                     56005   IN      NS      NS-MM.RIPE.NET.
mm.                     56005   IN      NS      NS.NET.mm.

;; Query time: 598 msec
;; WHEN: Sat Jul  8 12:16:32 2006
;; MSG SIZE  rcvd: 91

error("et.","ns1.gip.net.","","no response").
error("et.","ns2.gip.net.","","no response").
error("et.","ns3.gip.net.","","no response").

error("zm.","ns1.coppernet.zm.","","no soa").
error("zm.","ns1.microlink.zm.","","no soa").
error("zm.","ns3.zamnet.zm.","","no response").

Just some examples. The ICANNed rootfile with 266 domains gives
more than 60 error messages. Not even counted, within domains I
see different soa serialnumbers.

That is one reason why ORSN does exist. I remember they
used to have their own separate databases for DE, AT and
GR, maybe others as well.

Perhaps you have heard of the Baptista vortex striking
again, sinking Public-Root and "accidently" striking
UnifiedRoot as well :)

Having their own database you could not sink ORSN or
the Cesidan Root so easyly.

Turkish ISPs have shown, they can switch roots within
two hours. They have saved their day :)

It is good to know there are alternatives and how to
switch, just in case.

Peter and Karin

Peter and Karin Dambier
Cesidian Root - Radice Cesidiana
Graeffstrasse 14
D-64646 Heppenheim
+49(6252)671-788 (Telekom)
+49(179)108-3978 (O2 Genion)
+49(6252)750-308 (VoIP: sipgate.de)
mail: peter at peter-dambier.de
mail: peter at echnaton.serveftp.com

More information about the dns-operations mailing list