ICANN/DNSO
DNSO Mailling lists archives

[ga]


<<< Chronological Index >>>    <<< Thread Index >>>

[ga] nancy victory and the root



fyi

Joe Baptista - only at www.baptista.god

   EmailFree - Get a free personal email address http://emailfree.ppp/

---------- Forwarded message ----------
Date: Wed, 29 Jan 2003 22:22:56 -0500 (EST)
From: Joe Baptista <baptista@dot-god.com>
Reply-To: johnmacsgroup@yahoogroups.com
To: johnmacsgroup@yahoogroups.com
Subject: [johnmacsgroup] followup root servers


This is why your taxes are so hi - you have dummies running 70% of the
internet (bureacrats actually) who end up buying software to do a 2 hour
job.  I just wrote nancy victory at the ntia about the root issue randall
brought to my attention.  they should not be so surprised at whats going
on.  inclusive namespace is growing up to some 10,000 top level domains as
compared to the 300 top level domain 70% of the internet see through the
U.S. government administered namespace.

I've attached the correspondence - enjoy.

Joe Baptista - only at www.baptista.god

     You Cann http://www.youcann.org
     ....................................................
     information on the inclusive namespace Community.

---------- Forwarded message ----------
Date: Wed, 29 Jan 2003 22:16:45 -0500 (EST)
From: Joe Baptista <baptista@dot-god.com>
To: nvictory@ntia.doc.gov
Cc: members@tlda.net, ga@dnsp.org
Subject: Re: [TLDA-Members] Re: [johnmacsgroup] For Joe Baptista ... (fwd)


First I'm still waiting for your counsil to reply.

Next - I've recently come across some nonsense concerning your root
servers (I don't use them).

http://www.newswise.com/articles/2003/1/SDSCROOT.UCD.html

I would like to make some objections concerning statements made in the
article by CAIDA.  First 152 million queries received by root servers in
a 24 hour period is small patatoes.  Ours are busier.  But considering the
United States Government root zone has only some 300 strings I'm not
surprised your root does not recognize 98% of the traffic which hits it.

The internet nancy has grown.  Every year more and more people, isp's,
businesses etc. leave the bogus u.s. internet and enter the inclusive
namespace.  where have you been.  as i have predicted many many moons ago
- the us governments attempt to control namespace will result in disaster.
Enjoy your cake.

The press release from CAIDA claims that 'About 12 percent of the queries
received by the root server on Oct. 4, were for nonexistent top-level
domains, such as ".elvis", ".corp", and ".localhost".'

Now I want to make clear these top level domains do in fact exist.  And
I'm very surprised CAIDA would make such an unprofessional claim.  They
know very well exist.

I have no idea who runs .elvis - maybe elvis himself or some island root
server out the in the wild.  But I know how to fix that.  But Im not
telling.

.corp is run by NOMAD Internetwork

http://www.dot-god.com/cgi-bin/whoisd/whois.cgi?name=corp

and localhost is well defined too.  It exists too.  It's an ietf standard.
I'm very surprised CAIDA would make such a claim.  The fact the root don't
understand localhost and fix it is - well i'll not say.

Now localhost is a problem that can be fixed immediately and that would
eliminate most of that traffic and be tranparent to the user - but i'm not
telling ;)  However the localhost error your getting are mainly due to
misconfiguration of local user ISP's name servers.  localhost should be
carried on the local ns but alot of people are sloppy - you know how it
goes - your in government - you understand.

The impact of the growth of the inclusive namespace can also be managed by
your root server operators.  but i'm not telling.  i'm smiling because
were growing while your experiment www.icann.net goes plonk.  this i
predicted ;)  But there's no reason for CAIDA to whine about it.  This can
all be managed and at least 12% of you traffic resulting from localhost or
the inclusive namespace universe can go poof overnight.

I suspect all CAIDA is trying to do is peddle their dns software agent.

http://www.caida.org/tools/utilities/dnstop/

as mentioned in the PR referenced earlier.  and you problems can be solved
with a two hour job by a root operator who actually understood the power
of root.

Pass this on dear - maybe the cobwebs will clear and someone will figure
it out.  Anyone who can get rid of that 12% in the period of time
specified by me and who works for you desearves a promotion.  They have a
brain and understand root operations.

p.s. incidentally my new web site is up at www.baptista.god.  Ooops - I
forgot - you can't get there - you roots don't know where we are.  Oh
well.  Thats bureacracy for ya.

regards
joe baptista

Joe Baptista - only at www.baptista.god

    dot.film domain registration http://www.register.film
    a member of the TLDA http://www.tlda.net/

On Wed, 29 Jan 2003, Joe Baptista wrote:

>
> it seems the usg root servers are complaining - full info at end.
>
> Joe Baptista - only at www.baptista.god
>
>      Mac.Independent - Get the most out of your Mac. http://mac.ind/
>
> ---------- Forwarded message ----------
> Date: Fri, 24 Jan 2003 22:07:27 -0500 (EST)
> From: Joe Baptista <baptista@dot-god.com>
> To: johnmacsgroup@yahoogroups.com
> Subject: Re: [johnmacsgroup] For Joe Baptista ...
>
>
> On Fri, 24 Jan 2003, Randall wrote:
>
> > Hey Joe - Coments?
>
> hi randall no prob - let me run through it for you.  it maily old news.
>
> some technicians known to me sometimes annoy me by one reporting what is
> considered standard dns traffic as an end of the world senario.  this
> is also expected the root is fragmenting.
>
> with respect to traffic.  this type of traffic has existed on  the root
> systems since the beginning of time.  so alot of it is standard traffic
> - ratio of error to success on top level domain lookups.  but alot of
> the recent increases, and its only going to get worst, and due to icann
> www.icann.org.
>
> icann or what i like to call the dogs breakfast of government busy bodies
> and bureacratic inertia have parralized the legacy root system creating a
> number of island roots which i suspect are generating alot of bogus
> queries.
>
> island roots are basically independent internet systems which only talk to
> themselves.  alot of bogus dns - or what looks like bogus dns queries end
> up hitting the roots because of this.  but icann is solely responsibly for
> creating this problem with it's violation of the integretty of the
> namespace in duplicating .biz.
>
> anyway - you also have the inclusive namespace generating alot of bogus
> queries.  there's a major push out of these legacy root - especially by
> europeans and some tlds in inclusive namespace are known and advertised
> but people don't know how to configure their systems to get there .. so
> they end up hitting the legacy root which has no idea whats going on in
> the real world.
>
> the legacy root of 13 servers is also over worked.  they are getting for
> the most part what is consider standard dns errors.  a user types in
> www.cnn.cim into browser and root server sends error reporting it does not
> know where .cim is.  but because the roots now handle queries from
> hundreds of millions of hosts the standard error is taxing on the servers.
> The roots were designed with modest forecasts on user levels and demands.
>
> but all that whinning in the farber report is alot of nonsense and i'm
> sure it will be followed with a money request.  typical bureacratic techi
> behaviour.  root as a rule are very robust and as such don't handle many
> queries.
>
> most of the quries to root have been cached at the local isp nameservers
> used by users - so the root are used to refresh information infrequently.
>
> there will be a problem as more island systems grown and the inclusive
> namespace grows.
>
> i suspect thats with the growth of the inclusive namespace and island
> systems (islands systems have mainly ended up being scams - we put
> one in the ftc slammer ourselves) the roots are being queried more often
> by misconfigured computers trying to reach inclusive namespace from a
> legacy system
>
> here's an example of whats happening
>
> the following urls are valid.  they work.  but if your not in inlcusive
> namespace you'll end up sending a query to the roots.  if you click on any
> of the following urls
>
> URL: http://www.dot.cam/
> URL: http://www.dot.low/
> URL: http://marc.cam/
> URL: http://www.dwd.low/
> URL: http://bbc.news/
> URL: http://cnn.news/
> URL: http://ap.news/
> URL: http://www.register.books
> URL: http://www.register.sci
> URL: http://www.register.scifi
> URL: http://www.register.ufo
> URL: http://www.register.mib
> URL: http://www.register.film
> URL: http://www.register.book
> URL: http://www.datarunner.low/
> URL: http://www.gifsonline.low/
> URL: http://www.radio.low/
> URL: http://www.elasticropes.low/
>
> then you'll end up generating one of those bogus errors on the root
> servers.  if however you end up at a site - then that means your in the
> inclusive namespace.  if you want to touch the legacy root server and make
> them work the maybe try the url www.whatever.asadegrtddsefrgrdsds.
>
> if you want to visit the above sites without switching to inclusive
> namespace use our proxy gateway.
>
> http://www.dot-god.com/cgi-bin/cgiproxy/nph-proxy.cgi
>
> it only sees inclusive namespace and not the *.com universe so any lacks
> back to the .com universe won't work.  they will only work in inclusive
> namespace.
>
> i'm sure you can all figure out from this that a root attack is in fact
> easy to do.  A series of bogus dns queries to local isp dns servers which
> use the commerce departments root servers for resolution.  not the lame
> brained efforts which i reported on ... which see
>
> http://www.circleid.com/articles/2553.asp
>
> hope that helps and thanks for bringing this to my attention.
>
> regards
> joe baptista
>
> > >From Dave Farber's list:
> >
> > "Unnecessary Traffic Saturating a Key Internet 'Root' Server"
> > Newswise (01/24/03)
> >
> > Scientists at the University of California's San Diego
> > Supercomputer Center (SDSC) have found that 98 percent of the
> > address mapping requests sent to the Internet's 13 root servers
> > are unnecessary.  The researchers studied 152 million requests
> > sent on Oct. 4, 2002, to one root server in California for their
> > analysis, which they will present to Richard A. Clarke, chairman
> > of the federal Critical Infrastructure Protection Board, later
> > this month.  Clarke has warned that the Domain Name System (DNS)
> > and its 13 root servers are vulnerable and could disrupt the
> > entire Internet if attacked simultaneously.  Such an attack did
> > occur in October of last year, but damage was minimal.  The SDSC
> > scientists discovered that about 70 percent of all received
> > traffic was duplicated, and suggested that ISPs and lower-tier
> > servers could cache the answers to these queries in order to
> > reduce the load at the top level.  The study also found that
> > approximately 12 percent of requests were for nonexistent
> > top-level domains, and that 7 percent had the IP address embedded
> > within the request, making it frivolous.  SDSC researcher Duane
> > Wessels says a major source of the bad requests was the result of
> > misconfigured firewall and packet filter software that bounced
> > back responses from the DNS.  The system requesting the data
> > therefore kept sending queries.  Wessels created a tool for
> > server administrators called dnstop that can help identify and
> > fix these misconfigurations.
> > http://www.newswise.com/articles/2003/1/SDSCROOT.UCD.html
> >
> >
> > ------ End of Forwarded Message
> >
> >
> >
> > To unsubscribe from this group, send an email to:
> > johnmacsgroup-unsubscribe@yahoogroups.com
> >
> >
> >
> > Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
> >
> >
>
>
>
> _______________________________________________
> Members mailing list
> Members@TLDA.NET
> http://MAIL.TLDA.NET/mailman/listinfo/members
>



To unsubscribe from this group, send an email to:
johnmacsgroup-unsubscribe@yahoogroups.com



Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/


--
This message was passed to you via the ga@dnso.org list.
Send mail to majordomo@dnso.org to unsubscribe
("unsubscribe ga" in the body of the message).
Archives at http://www.dnso.org/archives.html



<<< Chronological Index >>>    <<< Thread Index >>>