Comments on: Ghosts of Root Servers Past http://blog.icann.org/2008/05/ghosts-of-root-servers-past/ Internet Corporation for Assigned Names and Numbers Mon, 23 Nov 2009 02:20:28 -0800 http://wordpress.org/?v=2.8.6 hourly 1 By: jyxpearl http://blog.icann.org/2008/05/ghosts-of-root-servers-past/comment-page-1/#comment-14625 jyxpearl Mon, 21 Jul 2008 04:45:52 +0000 http://blog.icann.org/?p=309#comment-14625 Manufacturer,wholesaler of Pearl jewelry,freshwater pearl beads,akoya pearls,pearl necklaces, wedding & bridal jewelry,crystal necklace,wholesale beads,fine jewelry. http://www.jyxpearl.com Manufacturer,wholesaler of Pearl jewelry,freshwater pearl beads,akoya pearls,pearl necklaces,
wedding & bridal jewelry,crystal necklace,wholesale beads,fine jewelry.

http://www.jyxpearl.com

]]> By: della http://blog.icann.org/2008/05/ghosts-of-root-servers-past/comment-page-1/#comment-14569 della Fri, 27 Jun 2008 07:58:00 +0000 http://blog.icann.org/?p=309#comment-14569 www.tangjewelry.com http://www.tangjewelry.com

]]> By: tom http://blog.icann.org/2008/05/ghosts-of-root-servers-past/comment-page-1/#comment-14567 tom Fri, 27 Jun 2008 01:13:39 +0000 http://blog.icann.org/?p=309#comment-14567 […] former peeps over at Yahoo just released 10 more components, 3 Flash and 5 Flex components. The also fixed some of the bugs […] […] former peeps over at Yahoo just released 10 more components, 3 Flash and 5 Flex components. The also fixed some of the bugs […]

]]> By: bill manning http://blog.icann.org/2008/05/ghosts-of-root-servers-past/comment-page-1/#comment-14499 bill manning Tue, 03 Jun 2008 16:05:26 +0000 http://blog.icann.org/?p=309#comment-14499 KC, I'd be more than happy to send you the data, have not been able to get past the OARC authentication thresholds. KC,
I’d be more than happy to send you the data, have not been able to get past the OARC authentication thresholds.

]]> By: bill manning http://blog.icann.org/2008/05/ghosts-of-root-servers-past/comment-page-1/#comment-14498 bill manning Tue, 03 Jun 2008 16:03:36 +0000 http://blog.icann.org/?p=309#comment-14498 David, You are mistaken. 198.32.0.0/16 was never assigned to USC/ISI. It came with me when Jon Postel asked me to work for him and he agreed to its use for exchanges, root servers, and other network infrastructure. David,
You are mistaken. 198.32.0.0/16 was never assigned to USC/ISI. It came with me when Jon Postel asked me to work for him and he agreed to its use for exchanges, root servers, and other network infrastructure.

]]> By: David Conrad http://blog.icann.org/2008/05/ghosts-of-root-servers-past/comment-page-1/#comment-14490 David Conrad Fri, 30 May 2008 23:00:22 +0000 http://blog.icann.org/?p=309#comment-14490 <i>Facts like this expose to the sun how ICANN has under control what it is doing.</i> Actually, facts like these expose how individuals associated with the root servers are independent actors and how the decentralized nature of the Internet routing system currently works. <i>It makes really no sense to have a single corp under the supervision of a single nation.</i> Fortunately, ICANN is "under the supervision" of a wide array of stakeholders and constituencies. <i>Hope Mr. President doesn’t decide know to democratically switch off ccTLD for the country I live because of my comment.</i> This comment indicates a fundamental misunderstanding of how changes to the root of the DNS are made as well as the relationships between ICANN, the ccTLDs, the root server operators, and (presumably) the U.S. government. Ignoring for the moment the reality that any change as you describe, even if it got that far (which it wouldn't) would have to be approved by ICANN's multi-national and multi-cultural board, the fact that the root servers are independently operated is usually identified as a reason why "Mr. President" (whoever that might be) can't decide (democratically or not) to "switch off" a ccTLD and have that change propagated to the Internet as a whole. Facts like this expose to the sun how ICANN has under control what it is doing.

Actually, facts like these expose how individuals associated with the root servers are independent actors and how the decentralized nature of the Internet routing system currently works.

It makes really no sense to have a single corp under the supervision of a single nation.

Fortunately, ICANN is “under the supervision” of a wide array of stakeholders and constituencies.

Hope Mr. President doesn’t decide know to democratically switch off ccTLD for the country I live because of my comment.

This comment indicates a fundamental misunderstanding of how changes to the root of the DNS are made as well as the relationships between ICANN, the ccTLDs, the root server operators, and (presumably) the U.S. government. Ignoring for the moment the reality that any change as you describe, even if it got that far (which it wouldn’t) would have to be approved by ICANN’s multi-national and multi-cultural board, the fact that the root servers are independently operated is usually identified as a reason why “Mr. President” (whoever that might be) can’t decide (democratically or not) to “switch off” a ccTLD and have that change propagated to the Internet as a whole.

]]> By: AT http://blog.icann.org/2008/05/ghosts-of-root-servers-past/comment-page-1/#comment-14489 AT Fri, 30 May 2008 21:31:10 +0000 http://blog.icann.org/?p=309#comment-14489 Facts like this expose to the sun how ICANN has under control what it is doing. It is time to close this corporation and pass the rights to manage TLDs to various confederated organisms distributed at least by continent when not by nation. It makes really no sense to have a single corp under the supervision of a single nation. The specific case demonstrates not the strength, au-contraire!, the fragility of the actual architecture, Hope Mr. President doesn't decide know to democratically switch off ccTLD for the country I live because of my comment. ;-) Facts like this expose to the sun how ICANN has under control what it is doing.
It is time to close this corporation and pass the rights to manage TLDs to various confederated organisms distributed at least by continent when not by nation.
It makes really no sense to have a single corp under the supervision of a single nation.

The specific case demonstrates not the strength, au-contraire!, the fragility of the actual architecture,

Hope Mr. President doesn’t decide know to democratically switch off ccTLD for the country I live because of my comment. ;-)

]]> By: » Blog Archive » L-root DNS Server “stolen” http://blog.icann.org/2008/05/ghosts-of-root-servers-past/comment-page-1/#comment-14488 » Blog Archive » L-root DNS Server “stolen” Fri, 30 May 2008 18:44:16 +0000 http://blog.icann.org/?p=309#comment-14488 [...] Interesting story… http://blog.icann.org/?p=309 [...] [...] Interesting story… http://blog.icann.org/?p=309 [...]

]]> By: kc http://blog.icann.org/2008/05/ghosts-of-root-servers-past/comment-page-1/#comment-14486 kc Fri, 30 May 2008 00:45:47 +0000 http://blog.icann.org/?p=309#comment-14486 regarding the call for "open, transparent, accountable" discussion of this topic, next week's <a href="http://public.oarci.net/dns-operations/workshop-2008/agenda" rel="nofollow">OARC meeting</a> (open to all, at no charge) kicks off with a Renesys talk on "Who is Manning the L-Root." given usual OARC meeting attendance, it should be quite informative. regarding the call for “open, transparent, accountable” discussion of
this topic, next week’s OARC meeting (open to all, at no charge) kicks off with a Renesys talk on
“Who is Manning the L-Root.” given usual OARC meeting attendance,
it should be quite informative.

]]> By: kc http://blog.icann.org/2008/05/ghosts-of-root-servers-past/comment-page-1/#comment-14484 kc Thu, 29 May 2008 07:26:39 +0000 http://blog.icann.org/?p=309#comment-14484 maybe i'm naive, but i'm extremely surprised to see CAIDA and <a href="http://blog.caida.org/best_available_data/2008/03/28/ditl-2008-phase-one-complete/" rel="nofollow">DITL 2008</a> implicated in Bill's justification, not only because we never received any DITL2008 data from Bill, but also because we knew nothing of any plans to impersonate root dns servers. Bill refers to our <a href="http://www.caida.org/workshops/wide/0611/" rel="nofollow">2006 workshop</a> where he described his <a>honeypot at the old b-root address</a>, which responded with ICMP port unreachables. but at this year's <a href="http://www.caida.org/workshops/wide/0801/" rel="nofollow">DITL2008 planning workshop</a>, i only remember Bill and John Crain discussing collecting data from old roots, not setting up responders. we also had a pre-DITL prep conference call on 17 march 2008, which Bill missed but sent mail saying: Date: Mon, 17 Mar 2008 15:26:21 +0000 From: bmanning@vacation.karoshi.com To: Keith Mitchell Cc: mlarson@verisign.com, john.crain@icann.org, kato@wide.ad.jp, kc@caida.org Subject: Re: DITL08 Pre-collection conference call not going to make the call. have set up and there is active collection going for the old "M" and "L" nodes - working on the old "B" node. data looks like ~ 200M/hr - will store locally and figure out details later. Hope that John and Matt have similar collections running for their old numbers as well. --bill if by "active collection" (as opposed to 'passive collection', the canonical description for tcpdump/dnscap), he meant to notify icann and verisign and caida that he was setting up a responder on old-L, i'm not sure how we were supposed to figure that out. it would have never occurred to me, even having heard the honeypot talk in 2006 (which used tcpdump and icmp port unreachables). that's the only email i have on the topic, so if Bill is referring to some other notification, i hope he posts it. (did he have active responders on old-M and old-B?) we'd be delighted to have Bill contribute 2008 data to DITL as he implied he would. but the connection to DNS root impersonation both surprises and troubles me. of course it's even more troubling that we haven't figured out stewardship of old root IP addresses yet, but since we haven't really figured out stewardship of any IP addresses yet, i can't claim surprise. maybe i’m naive, but i’m extremely surprised to see CAIDA and DITL 2008 implicated in Bill’s justification, not only because we never received any DITL2008 data from Bill, but also because we knew nothing of any plans to impersonate root dns servers. Bill refers to our 2006 workshop where he described his honeypot at the old b-root address, which responded with ICMP port unreachables. but at this year’s DITL2008 planning workshop, i only remember Bill and John Crain discussing collecting data from old roots, not setting up responders. we also had a pre-DITL prep conference call on 17 march 2008, which Bill missed but sent mail saying:

Date: Mon, 17 Mar 2008 15:26:21 +0000
From: bmanning@vacation.karoshi.com
To: Keith Mitchell
Cc: mlarson@verisign.com, john.crain@icann.org, kato@wide.ad.jp, kc@caida.org
Subject: Re: DITL08 Pre-collection conference call

not going to make the call. have set up and there is active collection going
for the old “M” and “L” nodes – working on the old “B” node. data looks like
~ 200M/hr – will store locally and figure out details later. Hope that John
and Matt have similar collections running for their old numbers as well.

–bill

if by “active collection” (as opposed to ‘passive collection’, the canonical description for tcpdump/dnscap), he meant to notify icann and verisign and caida that he was setting up a responder on old-L, i’m not sure how we were supposed to figure that out. it would have never occurred to me, even having heard the honeypot talk in 2006 (which used tcpdump and icmp port unreachables). that’s the only email i have on the topic, so if Bill is referring to some other notification, i hope he posts it. (did he have active responders on old-M and old-B?)

we’d be delighted to have Bill contribute 2008 data to DITL as he implied he would. but the connection to DNS root impersonation both surprises and troubles me. of course it’s even more troubling that we haven’t figured out stewardship of old root IP addresses yet, but since we haven’t really figured out stewardship of any IP addresses yet, i can’t claim surprise.

]]>