|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: The whole alternate-root ${STATE}horse (was Re: Enable BIND cache server to resolve chinese domain name?)
On Tue, Jul 05, 2005 at 08:38:41PM +0200, Brad Knowles wrote: > At 9:43 AM -0400 2005-07-05, Jay R. Ashworth wrote: > >> Moreover, most of them are unlikely to be > >> willing to just live with the problem, if no other suitable technical > >> solution can be found. Instead, they'll believe the sales pitch of > >> someone else who says that they can fix the problem, even if that's > >> not technically possible. > > > > Well they might. Well, actually, poorly they might. > > > > But that argument seems to play right *to* the alt-root operators, > > since the "fix" is to switch your customer resolvers to point to one of > > them. > > I disagree. The problem is that there are too many alternatives. To many alt-roots? Or too many alt-TLD's? > > (Assuming, of course, they stay supersets of ICANN, and don't > > get at cross-purposes with one another.) > > The problem is that they are pretty much guaranteed to get at > cross-purposes. Well, there have been alt-root zones available for, what 6 or 7 years now? And how many collisions have there actually been in practice? 2? 3? > > In fact, merging them at your > > resolvers might be the best solution. > > I don't think that's really practical. I'm sorry, I just don't > trust them to write a resolver that's going to get included in libc > (or wherever), and for which the world is going to be dependant. Well, I meant "at your customer recursive resolver servers", since the topic at hand was "what do IAP's do to support their retail customers", but... > The alternative roots will always be marginal, at best. The > problem is that while they are marginal, they can still create > serious problems for the rest of us. In the context which people have been discussing, I don't honestly see how they cause "the rest of us" problems. People with domains *in* those aTLD's, yes. But as I noted somewhere else in this thread, the only people who would have un-mirrored aTLD domains would be precisely those who were evangelising for the concept, and it would be in their best interest to be explaining what was going on... > > But Steve's approach doesn't seem to *me* to play in that direction. > > Am I wrong? > > I'm not sure I understand which Steve you're talking about. Do > you mean Steve Gibbard, in his post dated Sun, 3 Jul 2005 22:20:13 > -0700 (PDT)? I did mean Mr. Gibbard, yes. > If so, then each country running their own alternative > root won't solve the problem of data leaking through the edges. "Data leaking through the edges"... > People will always be able to access data by pure IP address, or > choosing to use the real root servers. Push come to shove, and the > real root servers could be proxied through other systems via other > methods. "Real" is *such* a metaphysical term here, isn't it? :-) > The reverse problem is more difficult to deal with -- that of > people wanting to access Chinese (or whatever) sites that can only be > found in the Chinese-owned alternative root. Stipulated. But whose problem *is* that? Cheers, -- jra -- Jay R. Ashworth [email protected] Designer Baylink RFC 2100 Ashworth & Associates The Things I Think '87 e24 St Petersburg FL USA http://baylink.pitas.com +1 727 647 1274 If you can read this... thank a system administrator. Or two. --me
|