Re: [dns-operations] Is it illegal to query the .berlin TLD servers?
Florian Streibelt wrote: # dig +short txt berlin ;; Truncated, retrying in TCP mode. The .berlin-zone is protected through the German Copyright-Law. Beyond it is protected by criminal law and data protection law. Unauthorised entry to the zone is prohibited. All rights, in particular the right of duplication, circulation or usage, belong exclusively to nic.berlin, unless you have an explicit written agreement with nic.berlin. As the backend operator for .berlin, we have now removed the respective record from our zone generation logic. As far as I understand, the original intent of the record was to attach a legal notice to the zone that survives a zone transfer, and - as far as i know - the intent was also that this disclaimer would only apply to the zone as a whole. A similar record has been in use under .at for ages, and never caused any technical nor administrative issues. thanks, Alex Mayrhofer ___ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
Re: [dns-operations] Is it illegal to query the .berlin TLD servers?
Em 13/01/2014, à(s) 12:52:000, Alexander Mayrhofer alexander.mayrho...@nic.at escreveu: Florian Streibelt wrote: # dig +short txt berlin ;; Truncated, retrying in TCP mode. The .berlin-zone is protected through the German Copyright-Law. Beyond it is protected by criminal law and data protection law. Unauthorised entry to the zone is prohibited. All rights, in particular the right of duplication, circulation or usage, belong exclusively to nic.berlin, unless you have an explicit written agreement with nic.berlin. As the backend operator for .berlin, we have now removed the respective record from our zone generation logic. As far as I understand, the original intent of the record was to attach a legal notice to the zone that survives a zone transfer, and - as far as i know - the intent was also that this disclaimer would only apply to the zone as a whole. A similar record has been in use under .at for ages, and never caused any technical nor administrative issues. There's also been a dot less A record for .dk for ages, but even then ICANN prohibited those on gTLDs and IAB considered them harmful. Rubens ___ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
Re: [dns-operations] Is it illegal to query the .berlin TLD servers?
On Sat, Jan 11, 2014 at 06:32:00PM +0100, Peter Koch p...@denic.de wrote a message of 21 lines which said: Take a breath - or let the compliance jihad begin: These ICANN rules (against dotless domains) are meaningless and ridiculous, anyway. I agree that such a TXT or TYPE65534 does no harm and should not be forbidden. If it is, it means the law is wrong (Dickens?) ___ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
Re: [dns-operations] Is it illegal to query the .berlin TLD servers?
On Sat, Jan 11, 2014 at 09:41:51PM +0100, Jaap Akkerhuis j...@nlnetlabs.nl wrote a message of 18 lines which said: I vaguelt remember that the AFNIC.fr people also noticed these popping up in some cases. https://www.dns-oarc.net/files/workshop-201103/DNSSEC_Key_Deletion_Issue-Vincent_Levigneron-afnic.pdf ___ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
Re: [dns-operations] Is it illegal to query the .berlin TLD servers?
On Mon, Jan 13, 2014 at 01:16:43PM -0200, Rubens Kuhl rube...@nic.br wrote a message of 43 lines which said: There's also been a dot less A record for .dk for ages, Many TLD have a A at the apex. .dk is the only one with a at the apex :-) See RFC 7085 ___ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
Re: [dns-operations] Is it illegal to query the .berlin TLD servers?
On Mon, Jan 13, 2014 at 10:54 AM, Stephane Bortzmeyer bortzme...@nic.fr wrote: On Sat, Jan 11, 2014 at 06:32:00PM +0100, Peter Koch p...@denic.de wrote a message of 21 lines which said: Take a breath - or let the compliance jihad begin: These ICANN rules (against dotless domains) are meaningless and ridiculous, anyway. I agree that such a TXT or TYPE65534 does no harm and should not be forbidden. If it is, it means the law is wrong (Dickens?) Perhaps -- but them's the laws (in *this* context). ccTLDs are not constrained by these, new gTLDs are -- they signed a contract. If you believe the laws are wrong (as many do!), come help change them. I personally think that many of the USA laws are wrong, but seeing as I don't (usefully) participate in the political process I've lost the right to kvetch... W And yes, they are not laws, they are contracty bits, and participating is hard / icky, but... _ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs ___ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
Re: [dns-operations] Is it illegal to query the .berlin TLD servers?
On Jan 13, 2014, at 6:52 AM, Alexander Mayrhofer alexander.mayrho...@nic.at wrote: As the backend operator for .berlin, we have now removed the respective record from our zone generation logic. Cool, thanks. As far as I understand, the original intent of the record was to attach a legal notice to the zone that survives a zone transfer, and - as far as i know - the intent was also that this disclaimer would only apply to the zone as a whole. Interesting logic. You should bring this up with ICANN, given that you earlier agreed to not put any such records in your zone, but it sounds like you have a believable business case to want something there. A similar record has been in use under .at for ages, and never caused any technical nor administrative issues. ccTLDs cannot have administrative issues because politics. --Paul Hoffman ___ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
Re: [dns-operations] Is it illegal to query the .berlin TLD servers?
On Mon, Jan 13, 2014 at 02:52:47PM +, Alexander Mayrhofer wrote: A similar record has been in use under .at for ages, and never caused any technical nor administrative issues. Without addressing the issues around text records and claims of copyright, I'm curious about one other thing - why is the record in English? The nic.at website isn't (at least, not by default), and I would expect the record to be likewise. Bill. ___ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
Re: [dns-operations] Is it illegal to query the .berlin TLD servers?
In message 19f54f2956911544a32543b8a9bde0750a42c...@nics-exch2.sbg.nic.at, Al exander Mayrhofer writes: Florian Streibelt wrote: # dig +short txt berlin ;; Truncated, retrying in TCP mode. The .berlin-zone is protected through the German Copyright-Law. Beyond it is protected by criminal law and data protection law. Unauthorised entry to the zone is prohibited. All rights, in particular the right of duplicati on, circulation or usage, belong exclusively to nic.berlin, unless you have an explicit written agreement with nic.berlin. As the backend operator for .berlin, we have now removed the respective recor d from our zone generation logic. As far as I understand, the original intent of the record was to attach a legal notice to the zone that survives a zone transfer, and - as far as i know - the intent was also that this disclaimer w ould only apply to the zone as a whole. A similar record has been in use unde r .at for ages, and never caused any technical nor administrative issues. That you have been made aware of. Entering anything at a zone apex of a tld is effectively introducing unqualified data into the system. No, the period at the end does not qualify the name given how search algorithms in stub resolvers work. This would be less if a issue if searches stopped on no data responses but they don't. Note entering anything that is found by adding a automatic prefix to a tld which is found as the result of the resolver searching is also effectively unqualified data. e.g. _http._tcp.berlin SRV would be just as bad a berlin A or berlin (assuming that _http._tcp is the eventual SRV prefix for http) as it would be found by entering berlin and searching. However entering _whois._tcp.berlin would not be as whois arguments are absolute by default. thanks, Alex Mayrhofer ___ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org ___ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
Re: [dns-operations] Is it illegal to query the .berlin TLD servers?
These ICANN rules (against dotless domains) are meaningless and ridiculous, anyway. not at all. they serve to remind us of icann's relevance. randy pgpy8iUxci4Km.pgp Description: PGP signature ___ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
Re: [dns-operations] Is it illegal to query the .berlin TLD servers?
On 13 jan 2014, at 16:54, Stephane Bortzmeyer bortzme...@nic.fr wrote: These ICANN rules (against dotless domains) are meaningless and ridiculous, anyway. I agree that such a TXT or TYPE65534 does no harm and should not be forbidden. If it is, it means the law is wrong (Dickens?) Possible, but there is a difference, as you point out implicitly, between whether TXT or whatever might create problems or not and the question whether the rules of ICANN is violated. Lets keep the two issues separated from each other. Patrik signature.asc Description: Message signed with OpenPGP using GPGMail ___ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
Re: [dns-operations] Is it illegal to query the .berlin TLD servers?
If you believe the laws are wrong (as many do!), come help change them. i know this will come as a shock, warren. but some people do not see bashing their heads against concrete walls as a good use of their time. randy pgprHfxoA80bE.pgp Description: PGP signature ___ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
Re: [dns-operations] Is it illegal to query the .berlin TLD servers?
* Randy Bush: as to the content of the txt rr, it seems to say you may not transfer the zone file. not being able to transfer the zone file is rather common. The TLDs for which zone files are not available for download are now in the minority. Per their ICANN agreement, the BERLIN zone should be downloadable as well. ___ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
Re: [dns-operations] Is it illegal to query the .berlin TLD servers?
I hope we aren't going to see TXT records containing fatuous legal disclaimers added to DNS responses in the annoying way that they are too often used in e-mail... :-) Too late, Chris: $ dig 1.2.+.rp.secret-wg.org txt ;; ANSWER SECTION: 1.2.+.rp.secret-wg.org. 10 IN TXT 3 1.2.+.rp.secret-wg.org. 10 IN TXT This DNS message (including the RR(s) in the additional section) is confidential, proprietary, may be subject to copyright and legal privilege and no related rights are waived. If you are not the intended recipient or its agent, any review, dissemination, distribution or copying of this DNS message. or any of its content is strictly prohibited and may be unlawful. All messages may be monitored as permitted by applicable law and regulations and our policies to protect our business. DNS messages are not secure and you are deemed to have accepted any risk if you communicate with us using DNS. If received in error, please notify us immediately and delete the DNS message (and any of its sections) from any computer or any storage medium without printing a copy. ;-) -JP ___ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
Re: [dns-operations] Is it illegal to query the .berlin TLD servers?
On 1/12/2014 7:59 AM, Jan-Piet Mens wrote: 1.2.+.rp.secret-wg.org. 10 IN TXT This DNS message (including the RR(s) in the additional section) is confidential, proprietary, may be subject to copyright and legal privilege and no related rights are waived. If you are not the intended recipient or its agent, any review, dissemination, distribution or copying of this DNS message. or any of its content is strictly prohibited and may be unlawful. All messages may be monitored as permitted by applicable law and regulations and our policies to protect our business. DNS messages are not secure and you are deemed to have accepted any risk if you communicate with us using DNS. If received in error, please notify us immediately and delete the DNS message (and any of its sections) from any computer or any storage medium without printing a copy. I'd love to see a lawyer try to align that with it being used for a DNS-amp DDoS. ___ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
Re: [dns-operations] Is it illegal to query the .berlin TLD, servers?
Miek Gieben wrote: | Message-ID:20140110210545.ga10...@miek.nl | Content-Type: text/plain; charset=us-ascii | | [ Quotingrube...@nic.br in Re: [dns-operations] Is it illegal ... ] | the zone is prohibited. All rights, in particular the right of duplication, | circulation or usage, belong exclusively to nic.berlin, unless you have an | explicit written agreement with nic.berlin. |Actually this is a compliance issue, as only NS, DS and glue records should be present at the zone... | .wien seems to have the same 'issue'. | | I don't really care about this, but it does seem a bit silly to have such a TXT | record in a DNS zone. | | -- | Miek Gieben Under South African copyright law, this would probably give the zone operator some protection against someone duplicating the *entire* zone and doing something nefarious. Actually - I think that right is already there in the case of a compiled complete database, but such a notice would help preserve such right. but then IANAL and South Africa != Germany. And I'm referring to the entire zone (or a significant portion of it). --Calvin ___ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
Re: [dns-operations] Is it illegal to query the .berlin TLD servers?
From an operations point of view, this TXT is problematic in that it shows that the zone operator is willing to break its agreement with ICANN without notice. They agreed to only put the following in the TLD zone: • Apex SOA record. • Apex NS records and in-bailiwick glue for the TLD’s DNS servers. • NS records and in-bailiwick glue for DNS servers of registered names in the TLD. • DS records for registered names in the TLD. • Records associated with signing the TLD zone (i.e., RRSIG, DNSKEY, NSEC, and NSEC3). They broke that agreement as soon as they could. Which other agreements with ICANN are they willing to break? Or, if this really is a simple mistake, which other simple mistakes are they willing to make until ICANN tells them not to? --Paul Hoffman ___ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
Re: [dns-operations] Is it illegal to query the .berlin TLD servers?
On Sat, Jan 11, 2014 at 08:49:15AM -0800, Paul Hoffman wrote: From an operations point of view, this TXT is problematic in that it shows that the zone operator is willing to break its agreement with ICANN without notice. They agreed to only put the following in the TLD zone: ? Apex SOA record. ? Apex NS records and in-bailiwick glue for the TLD?s DNS servers. there is no such thing. They broke that agreement as soon as they could. Which other agreements with ICANN are they willing to break? Or, if this really is a simple mistake, which other simple mistakes are they willing to make until ICANN tells them not to? Take a breath - or let the compliance jihad begin: ninja. 0 IN TYPE65534 \# 5 08D7050001 ninja. 0 IN TYPE65534 \# 5 0818510001 -Peter ___ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
Re: [dns-operations] Is it illegal to query the .berlin TLD servers?
In message m27ga71bzo.wl%ra...@psg.com, Randy Bush writes: # dig +short txt berlin ;; Truncated, retrying in TCP mode. The .berlin-zone is protected through the German Copyright-Law. Beyond it is protected by criminal law and data protection law. Unauthorised entry to the zone is prohibited. All rights, in particular the right of duplicati on, circulation or usage, belong exclusively to nic.berlin, unless you have an explicit written agreement with nic.berlin. you asked for a txt rr and got one as to the content of the txt rr, it seems to say you may not transfer the zone file. not being able to transfer the zone file is rather common. No it doesn't. As far as I can see a ordinary query for record in the zone is covered by the request for written permission. All rights, in particular the right of duplication, circulation or usage, belong exclusively to nic.berlin, unless you have an explicit written agreement with nic.berlin. That doesn't say in full which would restrict it to the complete zone., this is about as exciting as a schnitzel. randy -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org ___ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
Re: [dns-operations] Is it illegal to query the .berlin TLD servers?
On Jan 10, 2014, at 3:09 PM, Florian Streibelt dnsops_x730df7...@spamfaenger.f-streibelt.de wrote: # dig +short txt berlin ;; Truncated, retrying in TCP mode. The .berlin-zone is protected through the German Copyright-Law. Beyond it is protected by criminal law and data protection law. Unauthorised entry to the zone is prohibited. All rights, in particular the right of duplication, circulation or usage, belong exclusively to nic.berlin, unless you have an explicit written agreement with nic.berlin.” Is this the famed Berlin wall? AlanC -- Alan Clegg | +1-919-355-8851 | a...@clegg.com signature.asc Description: Message signed with OpenPGP using GPGMail ___ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
Re: [dns-operations] Is it illegal to query the .berlin TLD servers?
[ Quoting rube...@nic.br in Re: [dns-operations] Is it illegal ... ] the zone is prohibited. All rights, in particular the right of duplication, circulation or usage, belong exclusively to nic.berlin, unless you have an explicit written agreement with nic.berlin. Actually this is a compliance issue, as only NS, DS and glue records should be present at the zone... .wien seems to have the same 'issue'. I don't really care about this, but it does seem a bit silly to have such a TXT record in a DNS zone. -- Miek Gieben ___ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
Re: [dns-operations] Is it illegal to query the .berlin TLD servers?
On Jan 10, 2014, at 12:45 PM, Rubens Kuhl rube...@nic.br wrote: Actually this is a compliance issue, as only NS, DS and glue records should be present at the zone... And yet there is this TXT record. :-) Or, to state it more bluntly, and yet there is a record type that the owners of .berlin agreed with ICANN that they would *not* put in the root zone. --Paul Hoffman ___ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
Re: [dns-operations] Is it illegal to query the .berlin TLD servers?
Em 10/01/2014, à(s) 19:05:000, Miek Gieben m...@miek.nl escreveu: [ Quoting rube...@nic.br in Re: [dns-operations] Is it illegal ... ] the zone is prohibited. All rights, in particular the right of duplication, circulation or usage, belong exclusively to nic.berlin, unless you have an explicit written agreement with nic.berlin. Actually this is a compliance issue, as only NS, DS and glue records should be present at the zone... .wien seems to have the same 'issue'. I don't really care about this, but it does seem a bit silly to have such a TXT record in a DNS zone. Same back-end registry. Rubens ___ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
Re: [dns-operations] Is it illegal to query the .berlin TLD servers?
# dig +short txt berlin ;; Truncated, retrying in TCP mode. The .berlin-zone is protected through the German Copyright-Law. Beyond it is protected by criminal law and data protection law. Unauthorised entry to the zone is prohibited. All rights, in particular the right of duplication, circulation or usage, belong exclusively to nic.berlin, unless you have an explicit written agreement with nic.berlin. you asked for a txt rr and got one as to the content of the txt rr, it seems to say you may not transfer the zone file. not being able to transfer the zone file is rather common. this is about as exciting as a schnitzel. randy pgpMI5xIbPn0F.pgp Description: PGP signature ___ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
Re: [dns-operations] Is it illegal to query the .berlin TLD servers?
On 2014-01-10 16:05, Miek Gieben wrote: ... I don't really care about this, but it does seem a bit silly to have such a TXT record in a DNS zone. ... Why? They got Florian to see what they wanted him to see, didn't they? As far as whether it's illegal - the English-language rendition didn't seem clear to me (too many unspecified pronouns). I'd have to say, if you want to know, contact the zone's manager. I certainly won't lose sleep over it. ;~) Joe Yao ___ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs