Re: [DNSOP] AS112 for TLDs

2008-04-14 Thread Paul Vixie
[EMAIL PROTECTED] (William F. Maton Sotomayor) writes: At this point, I'd like to see the current pair of drafts move forward, and would cast this particular issue as the subject of some sort of other document. likewise, me. -- Paul Vixie ___

Re: [DNSOP] AS112 for TLDs

2008-04-07 Thread Andrew Sullivan
Dear colleagues, Not to pick on Mark, but I have the sinking feeling that this discussion is a good example of why some operators think the IETF doesn't understand operational problems. On Sat, Apr 05, 2008 at 10:07:54AM +1100, Mark Andrews wrote: I said COPY. I did not say THEIR OWN

Re: [DNSOP] AS112 for TLDs

2008-04-07 Thread Mark Andrews
Dear colleagues, Not to pick on Mark, but I have the sinking feeling that this discussion is a good example of why some operators think the IETF doesn't understand operational problems. On Sat, Apr 05, 2008 at 10:07:54AM +1100, Mark Andrews wrote: I said COPY. I did not say

Re: [DNSOP] AS112 for TLDs

2008-04-06 Thread Florian Weimer
* Mark Andrews: There really is only one solution to preventing bogus traffic reaching the root servers and that is to run a local copy of the root zone. Or sign the root and use aggressive negative caching (which is currently prohibited by the RFCs, I'm told). I agree that

Re: [DNSOP] AS112 for TLDs

2008-04-06 Thread Florian Weimer
* Joe Baptista: I agree that information leakage is a problem. Curiously enough, no root server or TLD operators that I know of has published some sort of privacy statement that underlines how they deal with this issue. They are not the ones generating this traffic. Its users as they cross

Re: [DNSOP] AS112 for TLDs

2008-04-06 Thread Joe Baptista
On Sun, Apr 6, 2008 at 9:15 AM, Florian Weimer [EMAIL PROTECTED] wrote: It means that everybody who can make a BGP announcement can legitimately hijack DNS traffic to those TLDs. Is this really what we want? Thats an AS112 security issue. Are they to be trusted? Maybe? Maybe not. AS112

Re: [DNSOP] AS112 for TLDs

2008-04-04 Thread Frederico A C Neves
On Fri, Apr 04, 2008 at 11:19:58AM -0400, Andrew Sullivan wrote: On Fri, Apr 04, 2008 at 07:37:31AM -0700, David Conrad wrote: ... I can just imagine the hue and cry that would happen when new top level domains don't work for everybody. Or in a future, actually very far from today, when DS

Re: [DNSOP] AS112 for TLDs

2008-04-04 Thread David Conrad
On Apr 4, 2008, at 8:30 AM, Frederico A C Neves wrote: On Fri, Apr 04, 2008 at 11:19:58AM -0400, Andrew Sullivan wrote: On Fri, Apr 04, 2008 at 07:37:31AM -0700, David Conrad wrote: ... I can just imagine the hue and cry that would happen when new top level domains don't work for everybody.

Re: [DNSOP] AS112 for TLDs

2008-04-04 Thread David Conrad
Andrew, On Apr 4, 2008, at 10:08 AM, Andrew Sullivan wrote: A self-correcting problem. The folks that are affected are the ones using the non-updated server and no one else. The problem is that those folks are _exactly_ the people who don't understand any of this Internet plumbing anyway.

Re: [DNSOP] AS112 for TLDs

2008-04-04 Thread John L. Crain
Hi all. I fully agree with Andrew that the cause is far worse than the disease. I don't think the disease is life threatening. I keep hearing about the Problem of bogus queries to the root. It is certainly messy and ugly but from my perspective as an operator it is more of irritant than

Re: [DNSOP] AS112 for TLDs

2008-04-04 Thread Mark Andrews
On Fri, Apr 04, 2008 at 07:37:31AM -0700, David Conrad wrote: On Apr 4, 2008, at 7:02 AM, Andrew Sullivan wrote: On Fri, Apr 04, 2008 at 02:16:32PM +1100, Mark Andrews wrote: er, it (the bogus ttraffic) still reaches the root. just your copy of the root, not mine.

Re: [DNSOP] AS112 for TLDs

2008-04-03 Thread Andrew Sullivan
On Thu, Apr 03, 2008 at 12:00:11AM -0500, Joe Abley wrote: it's barely worth suggesting them. Call me cynical :-) Or on the money. Whichever fits :-) A -- Andrew Sullivan [EMAIL PROTECTED] +1 503 667 4564 x104 http://www.commandprompt.com/ ___

Re: [DNSOP] AS112 for TLDs

2008-04-03 Thread Mark Andrews
There really is only one solution to preventing bogus traffic reaching the root servers and that is to run a local copy of the root zone. Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET:

Re: [DNSOP] AS112 for TLDs

2008-04-02 Thread Joe Abley
On 1 Apr 2008, at 13:38 , William F. Maton Sotomayor wrote: I suppose I should dust off my notes on this issue and hammer something out, as there were some on this list who were interested in seeing a proposal. Mind you, I wonder if the WG might be out of scope for dealing with 'junk'

Re: [DNSOP] AS112 for TLDs

2008-04-01 Thread Sebastian Castro Avila
Edward Lewis wrote: At 12:57 -0800 12/3/07, Brian Dickson wrote: What are the pros/cons of this, other than the obvious offloading of junk TLD lookups? From http://www.nanog.org/mtg-0310/pdf/wessels.pdf: See (unnumbered) slide Punchline from Last Year's Talk: Category

Re: [DNSOP] AS112 for TLDs

2008-04-01 Thread Edward Lewis
At 10:35 -0700 4/1/08, Sebastian Castro Avila wrote: Sorry for the late response. About this matter, using the data collected at the root server instances participating in DITL 2007, we found 24.73% of the queries seen at the roots were for invalid TLD's. Doing an analysis per root, the numbers

Re: [DNSOP] AS112 for TLDs

2008-04-01 Thread William F. Maton Sotomayor
On Tue, 1 Apr 2008, Sebastian Castro wrote: So the data seems to be useful (but not complete). Once we got all the data for DITL 2008 we could try to run the same test and look for trends. But it is a good start in having a look at the problem (or if anyone could consider to be a problem).

Re: [DNSOP] AS112 for TLDs

2007-12-13 Thread Florian Weimer
* Stephane Bortzmeyer: I cannot find another report about the TLDs most often queried at a root name server. Other reports I've seen aggregated data, while this small glimpse, however partial, at least *names* the TLDs. All the non-existing TLDs queried are local domains (such as Apple's

Re: [DNSOP] AS112 for TLDs

2007-12-04 Thread Elmar K. Bins
[EMAIL PROTECTED] (Masataka Ohta) wrote: Zone transfer is the mechanism. You then don't have to use AS112 to absorb the load. The local resolver will answer the query. It will be an interesting experiment to let AS112 nameservers offer root zone transfer for any client. Would

Re: [DNSOP] AS112 for TLDs

2007-12-04 Thread William F. Maton Sotomayor
On Mon, 3 Dec 2007, Phil Regnauld wrote: The first step is to decide whether delegating to AS112 is reserved to standardized (read: RFC) zones, like RFC1918, 169.254, etc..., or whether anything sufficiently large -- and bogus -- is sufficient. Step 0 of course is to

Re: [DNSOP] AS112 for TLDs

2007-12-04 Thread Mohsen Souissi
On 03 Dec, Brian Dickson wrote: | I wonder if it is even necessary to enumerate/instantiate the junk TLDs? | | Given that root servers have (by definition) *the* authoritative list of | TLDs, everything else is junk. | | Would not it make sense to put in wildcard delegations to AS112? |

Re: [DNSOP] AS112 for TLDs

2007-12-03 Thread Joe Baptista
Mark Andrews wrote: We should be looking at mechanisms to allow the root zone to be distributed to every iterative resolver in the world. You then don't have to use AS112 to absorb the load. The local resolver will answer the query. For the last two years

Re: L-Root address change [Re: [DNSOP] AS112 for TLDs]

2007-11-28 Thread bert hubert
On Wed, Nov 28, 2007 at 10:55:44AM +0100, Peter Koch wrote: On Tue, Nov 27, 2007 at 02:35:29PM -0800, John Crain wrote: Currently about 60% New IP to 40% old IP... and rising slowly So clearly a lot of folks still need to up date their hints files :( part of that traffic will be due

Re: L-Root address change [Re: [DNSOP] AS112 for TLDs]

2007-11-28 Thread Matt Larson
On Wed, 28 Nov 2007, Peter Koch wrote: On Tue, Nov 27, 2007 at 02:35:29PM -0800, John Crain wrote: Currently about 60% New IP to 40% old IP... and rising slowly So clearly a lot of folks still need to up date their hints files :( part of that traffic will be due to old hints files,

Re: L-Root address change [Re: [DNSOP] AS112 for TLDs]

2007-11-28 Thread bmanning
On Wed, Nov 28, 2007 at 10:58:17AM -0500, Matt Larson wrote: On Wed, 28 Nov 2007, Peter Koch wrote: On Tue, Nov 27, 2007 at 02:35:29PM -0800, John Crain wrote: Currently about 60% New IP to 40% old IP... and rising slowly So clearly a lot of folks still need to up date their hints

Re: L-Root address change [Re: [DNSOP] AS112 for TLDs]

2007-11-28 Thread bmanning
On Wed, Nov 28, 2007 at 05:15:59PM +0100, bert hubert wrote: On Wed, Nov 28, 2007 at 04:07:59PM +, [EMAIL PROTECTED] wrote: and perhaps more interesting, the old address for B showed a tapering off of traffic and then an INCREASE last year. Old L and J got their numbers

Re: L-Root address change [Re: [DNSOP] AS112 for TLDs]

2007-11-28 Thread bert hubert
On Wed, Nov 28, 2007 at 04:22:41PM +, [EMAIL PROTECTED] wrote: The increase in traffic might easily be due to more favourable connectivity to 'B', which would lead many resolver implementations to shift more queries to it. Bert old B topolgy didnt change... :)

Re: B-Root address change [Re: [DNSOP] AS112 for TLDs]

2007-11-28 Thread bmanning
On Wed, Nov 28, 2007 at 05:28:47PM +0100, bert hubert wrote: On Wed, Nov 28, 2007 at 04:22:41PM +, [EMAIL PROTECTED] wrote: The increase in traffic might easily be due to more favourable connectivity to 'B', which would lead many resolver implementations to shift more queries

Re: [DNSOP] AS112 for TLDs

2007-11-27 Thread Joe Baptista
Phil Regnauld wrote: Stephane Bortzmeyer (bortzmeyer) writes: I cannot find another report about the TLDs most often queried at a root name server. Other reports I've seen aggregated data, while this small glimpse, however partial, at least *names* the TLDs. I'm posting the comments

Re: [DNSOP] AS112 for TLDs

2007-11-27 Thread John Crain
Hi Joe, It is exactly reflective of traffic as seen at l.root-servers.net and measured by DSC. there is no trickery, plots or evil schemes involved. Shame that your paranoia gets the better of you;) Those are percentages not queries indeed. Total queries varies between 8Kq/s and 10Kq/s

Re: [DNSOP] AS112 for TLDs

2007-11-27 Thread Joe Baptista
John Crain wrote: Hi Joe, It is exactly reflective of traffic as seen at l.root-servers.net and measured by DSC. there is no trickery, plots or evil schemes involved. Shame that your paranoia gets the better of you;) Your right. There is no trickery, plots or evil schemes involved. I

Re: [DNSOP] AS112 for TLDs

2007-11-27 Thread Joe Baptista
John Crain wrote: Hi Joe. I didn't do the math, I was using DSC. I'm sure I could figure it out with some DSC tweaking... However with beign completely unscientific and measuring rates averaging from 8kq/s (low) to 10kq/s (high) over a 24hr period it's between 691.2 million and 864

Re: [DNSOP] AS112 for TLDs

2007-11-27 Thread John Crain
Hi Joe. I didn't do the math, I was using DSC. I'm sure I could figure it out with some DSC tweaking... However with beign completely unscientific and measuring rates averaging from 8kq/s (low) to 10kq/s (high) over a 24hr period it's between 691.2 million and 864 million queries. So a