[dns-operations] What is the most pressing need for DNS these days?
Peter Dambier
peter at peter-dambier.de
Tue Jun 27 20:41:28 UTC 2006
Edward Lewis wrote:
> There have been a lot of technologists pushing solutions to DNS
> problems. In recent days the IETF has begun reviewing the DNAME
> record and someone pointed out that the work ought to be delayed
> until we get the important stuff done first. In this context, DNSSEC
> is the important stuff.
>
> (http://ops.ietf.org/lists/namedroppers/namedroppers.2006/msg00731.html)
>
> DNAME is one proposed tool to 'solve' internationalized domain names
> (IDN). Not a firm decision, but in preparation the defining document
> of DNAME (RFC 2672) has holes and needs to be fixed.
No need to wait for DNAME
Status China Root
soa("XN--55QX5D.","2006062704","CDNS3.CNNIC.NET.CN","210.52.214.86").
soa("XN--55QX5D.","2006062704","CDNS4.CNNIC.NET.CN","61.145.114.120").
soa("XN--55QX5D.","2006062704","CDNS5.CNNIC.NET.CN","61.139.76.55").
soa("XN--55QX5D.","2006062704","HAWK2.CNNIC.NET.CN","159.226.6.185").
soa("XN--FIQS8S.","2006062704","CDNS3.CNNIC.NET.CN","210.52.214.86").
soa("XN--FIQS8S.","2006062704","CDNS4.CNNIC.NET.CN","61.145.114.120").
soa("XN--FIQS8S.","2006062704","CDNS5.CNNIC.NET.CN","61.139.76.55").
soa("XN--FIQS8S.","2006062704","HAWK2.CNNIC.NET.CN","159.226.6.185").
soa("XN--IO0A7I.","2006062704","CDNS3.CNNIC.NET.CN","210.52.214.86").
soa("XN--IO0A7I.","2006062704","CDNS4.CNNIC.NET.CN","61.145.114.120").
soa("XN--IO0A7I.","2006062704","CDNS5.CNNIC.NET.CN","61.139.76.55").
soa("XN--IO0A7I.","2006062704","HAWK2.CNNIC.NET.CN","159.226.6.185").
Status Arab Root
soa("xn--mgbaam7a8h.","12652","ns2.uaenic.ae","195.229.0.186").
soa("xn--mgbaam7a8h.","12652","ns1.uaenic.ae","213.42.0.226").
error("xn--wgbl6a.","ar-root.qatar.net.qa","212.77.192.68","no response").
soa("xn--wgbl6a.","4","ar-cctld.nic.net.sa","212.26.18.12").
soa("xn--mgberp4a5d4ar.","2006061211","ar-cctld.nic.net.sa","212.26.18.12").
And there is no need to switch roots either. Just include some stub zones
and you are done.
http://nicso.org/links.htm
shows some of the work already done.
>
> The comment that the IETF ought to stick to the important stuff first
> stuck with me. So I want to ask, in an operational setting, what is
> the important work needed for DNS?
I am afraid, that part is outside DNS.
Both ISPs and gouvernements will introduce small boxes, similar to
aDSL routers. The box will include its own nameserver to take stress
away from the ISPs resolvers and it will include its own national
extensions like the chinese or arab roots.
This company
http://www.avm.de/en/
has already conquered a quasi monopoly position for aDSL modems and
routers on the german market. You get the box for free when you
sign your contract for aDSL delivery.
>
> Is DNSSEC more or less important than progress on IDN, for example?
> Has DNSSEC been worked into the ground so long that time has passed
> it by? What about security concerns in general? What's a pain in
> the protocol that can be overcome?
IDN is already implemented and tested outside the root but in DNS.
There is no need to repeat it in the root. Normal DNS does not see
it.
As important pointers, maybe even a copy of the rootzone will be
stored on the local routers, there is no more need for DNSSEC either.
Really important zone informations should be exchanged by secure
means between partners. No way to poison it from outside.
Kind regards
Peter and Karin
--
Peter and Karin Dambier
Cesidian Root - Radice Cesidiana
Graeffstrasse 14
D-64646 Heppenheim
+49(6252)671-788 (Telekom)
+49(179)108-3978 (O2 Genion)
+49(6252)750-308 (VoIP: sipgate.de)
mail: peter at peter-dambier.de
mail: peter at echnaton.serveftp.com
http://iason.site.voila.fr/
https://sourceforge.net/projects/iason/
More information about the dns-operations
mailing list