Re: unqualified domains, was ICANN to allow commercial gTLDs
On 21 Jun 2011, at 00:29, Mark Andrews ma...@isc.org wrote: I will repeat my assertion. There is no such thing as glue records for the nameservers at the top of the zone within the zone itself be they in-baliwick or not. Glue records live in the parent zone and are there to avoid the catch 22 situation of needing the records to find the records. I understand in-bailiwick to be a property of the name of a nameserver, independent of whether you are looking at the glue or authoritative NS RRs - it is not the same as in-zone. In-bailiwick nameservers must have glue. But you said ''There is also no such thing as 'in-bailiwick glue for the TLD's DNS servers'.'' I think you are arguing about the meaning and location of glue, whereas I am arguing about the meaning of in-bailiwick. Tony. -- f.anthony.n.finch d...@dotat.at http://dotat.at/
Re: unqualified domains, was ICANN to allow commercial gTLDs
In message 4dfedb8b.5080...@dougbarton.us, Doug Barton writes: On 06/19/2011 19:31, Paul Vixie wrote: Date: Sun, 19 Jun 2011 19:22:46 -0700 From: Michael Thomasm...@mtcc.com that's a good question. marka mentioned writing an RFC, but i expect that ICANN could also have an impact on this by having applicants sign something that says i know that my single-label top level domain name will not be directly usable the way normal domain names are and i intend to use it only to register subdomain names which will work normally. Isn't this problem self regulating? If sufficient things break with a single label, people will stop making themselves effectively unreachable, right? alas, no. if someone adds something to the internet that doesn't work righ t but they ignore this and press onward until they have market share, then th e final disposition will be based on market size not on first mover advantage . I think you're going to see 2 primary use cases. Those who will do it anyway, either because they are ignorant of the possible downsides, or don't care. The other use case will be the highly risk-averse folks who won't unconditionally enable IPv6 on their web sites because it will cause problems for 1/2000 of their customers. If it will make $YOU (not nec. Paul or Michael) feel better, sure produce an RFC. Shout it from the housetops, whatever. You're not going to change anyone's mind. Meanwhile, David is right. Further pontificating on this topic without even reading the latest DAG is just useless nanog-chin-wagging. Completely aside from the fact that the assumption no one in the ICANN world has put any thought into this for the last 10+ years is sort of insulting. Doug -- Nothin' ever doesn't change, but nothin' changes much. -- OK Go Breadth of IT experience, and depth of knowledge in the DNS. Yours for the right price. :) http://SupersetSolutions.com/ Where is the addition of address/mx records at the zone apex prohibited? B.T.W. Address and mx records are very common, just their *use* at the apex of a TLD is or should be uncommon. There is also no such thing as in-bailiwick glue for the TLDâs DNS servers. The root zone contains glue for TLDs. No TLD zone contains glue for TLDs. The agreement explicitly outlaws the use of wildcard records. It would not have been hard to explicitly outlaw the addition of address and MX records at the zones apex. One can only think that the loose wording here was done to explictly allow address and MX records at the apex of a TLD. Mark 2.2.3.3 TLD Zone Contents ICANN receives a number of inquiries about use of various record types in a registry zone, as entities contemplate different business and technical models. Permissible zone contents for a TLD zone are: * Apex SOA record. * Apex NS records and in-bailiwick glue for the TLDâs DNS servers. * NS records and in-bailiwick glue for DNS servers of registered names in the TLD. * DS records for registered names in the TLD. * Records associated with signing the TLD zone (i.e., RRSIG, DNSKEY, NSEC, and NSEC3). An applicant wishing to place any other record types into its TLD zone should describe in detail its proposal in the registry services section of the application. This will be evaluated and could result in an extended evaluation to determine whether the service would create a risk of a meaningful adverse impact on security or stability of the DNS. Applicants should be aware that a service based on use of less-common DNS resource records in the TLD zone, even if approved in the registry services review, might not work as intended for all users due to lack of application support. -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
Re: unqualified domains, was ICANN to allow commercial gTLDs
* Adam Atkinson: It was a very long time ago, but I seem to recall being shown http://dk, the home page of Denmark, some time in the mid 90s. Must I be recalling incorrectly? It must have been before 1996. Windows environments cannot resolve A/ records for single-label domain names. -- Florian Weimerfwei...@bfk.de BFK edv-consulting GmbH http://www.bfk.de/ Kriegsstraße 100 tel: +49-721-96201-1 D-76133 Karlsruhe fax: +49-721-96201-99
Re: unqualified domains, was ICANN to allow commercial gTLDs
Florian Weimer wrote: It was a very long time ago, but I seem to recall being shown http://dk, the home page of Denmark, some time in the mid 90s. Must I be recalling incorrectly? It must have been before 1996. Windows environments cannot resolve A/ records for single-label domain names. This would have been May 1995 at the latest. And I don't recall the OS being used at the time. Some flavour of Unix, Windows or MacOS (or System 7 or whatever it was called at the time) or possibly even an Amiga.
Re: unqualified domains, was ICANN to allow commercial gTLDs
Another avenue could be At-Large. The North American Regional At-Large Organization (NARALO) - uniquely amongst the RALO's - accepts individual members. http://naralo.org j On Sun, Jun 19, 2011 at 10:26 PM, David Conrad d...@virtualized.org wrote: Well, yes, ICANN could have contracted parties (e.g., the new gTLDs) do this. A bit late to get it into the Applicant's Guidebook, but maybe something could be slipped in after the fact. Who is going to lead the contingent from NANOG to raise this in the GNSO? Of course, changing existing contracts tends to be challenging since the contracted parties have to agree to the changes and I wouldn't be surprised if they demanded ICANN give something up in exchange for agreeing to this new restriction. It'll probably take a while. ICANN can respectfully request ccTLD folks do the same, but whether or not the ccTLDs listen is a separate matter. If the ccTLD folks feel they gain benefit from having naked TLDs, they'll tell ICANN to take a hike. Not sure what will happen with the IDN ccTLDs since they appear to be sort of a combination of ccTLDs and contracted parties. You probably know all this, but things in the ICANN world probably don't work the way most folks think. Regards, -drc -- --- Joly MacFie 218 565 9365 Skype:punkcast WWWhatsup NYC - http://wwwhatsup.com http://pinstand.com - http://punkcast.com VP (Admin) - ISOC-NY - http://isoc-ny.org -- -
Re: unqualified domains, was ICANN to allow commercial gTLDs
From nanog-bounces+bonomi=mail.r-bonomi@nanog.org Mon Jun 20 00:15:32 2011 To: David Conrad d...@virtualized.org From: Mark Andrews ma...@isc.org Subject: Re: unqualified domains, was ICANN to allow commercial gTLDs Date: Mon, 20 Jun 2011 15:14:49 +1000 Cc: NANOG list nanog@nanog.org In message 83163718-fa5b-47ba-ba50-67701abd5...@virtualized.org, David Conrad writes: On Jun 19, 2011, at 6:39 PM, Mark Andrews wrote: I'm curious how anyone that has not signed a agreement with ICANN can be bound to anything in any applicant guide book. =20 In order to obtain a gTLD, you have to sign a contractual agreement with = ICANN. David, you are missing the point. The TM holder doesn't want the gtld, they just want to protect their trademark. The TM holder doesn't have a contract with ICANN. They do however have a legitimate right to the name and want to spend $0 keeping the name out of anybodys hands but theirs. $187K is not longer a amount to be sneezed at. Mark Also rfp-clean-30may11-en.pdf basically deals with tm.gtld. You might want to re-read pretty much any part of that document (e.g., = the title). Regards, -drc -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
Re: unqualified domains, was ICANN to allow commercial gTLDs
Now that the cat is out of the bag, maybe we should look at trying to get people to make use of FQDN's more. I just added a rewrite to my person site to give it a try, and threw a quick note up about it: http://soucy.org./whydot.php So far, it looks like every browser correctly respects the use of a FQDN; though it looks like SSL is completely broken by it. The solution there is either to generate certificates with the correct FQDN CN, or to make browsers assume that every CN is a FQDN (better option IMHO). To be honest, I think we've all been a little lazy leaving off the last dot and are just annoyed now that it's going to cause a potential problem. On Fri, Jun 17, 2011 at 9:33 PM, John Levine jo...@iecc.com wrote: The notion of a single-component FQDN would be quite a breakage for the basic concept of using both FQDNs and Unqualified names. Well, you know, there's a guy whose email address has been n@ai for many years. People have varying amounts of success sending him mail. R's, John -- Ray Soucy Epic Communications Specialist Phone: +1 (207) 561-3526 Networkmaine, a Unit of the University of Maine System http://www.networkmaine.net/
Re: unqualified domains, was ICANN to allow commercial gTLDs
On 20 Jun 2011, at 02:24, Paul Vixie vi...@isc.org wrote: furthermore, the internet has more in it than just the web, and i know that foo@sony. will not have its RHS (sony.) treated as a hierarchical name. Trailing dots are not permitted on mail domains. There has been an ongoing argument about the interaction between unqualified domains and TLDs in mail domains. RFC 2821 said single-label mail domains were syntax errors, but this was probably an editorial mistake and RFC 5321 permits them. It's probably safest to assume that a single-label mail domain is a local unqualified domain which will have its qualifying labels appended by the message submission server, and in other contexts all bets are off. Tony. -- f.anthony.n.finch d...@dotat.at http://dotat.at/
Re: unqualified domains, was ICANN to allow commercial gTLDs
- Original Message - From: Tony Finch d...@dotat.at Trailing dots are not permitted on mail domains. I couldn't believe that, so I went and checked 5322. Tony's right: there is no way to write an email address which is deterministic, unless mail servers ignore the DNS search path. At least, that's what it sounds like to me. There has been an ongoing argument about the interaction between unqualified domains and TLDs in mail domains. RFC 2821 said single-label mail domains were syntax errors, but this was probably an editorial mistake and RFC 5321 permits them. It's probably safest to assume that a single-label mail domain is a local unqualified domain which will have its qualifying labels appended by the message submission server, and in other contexts all bets are off. In fact what matters is what the processing rules and code of mail servers *do* with monocomponent RHSs. Do they try to apply the server's DNS search path to them? Or whatever's in their configs? Or do they just try to look them up in DNS, monocomponent. Cheers, -- jr 'Eric Allman, Wietse Venema, DJB; please pick up the courtesy phone' a -- Jay R. Ashworth Baylink j...@baylink.com Designer The Things I Think RFC 2100 Ashworth Associates http://baylink.pitas.com 2000 Land Rover DII St Petersburg FL USA http://photo.imageinc.us +1 727 647 1274
Re: unqualified domains, was ICANN to allow commercial gTLDs
On 20 Jun 2011, at 08:43, Mark Andrews ma...@isc.org wrote: There is also no such thing as in-bailiwick glue for the TLD’s DNS servers. The root zone contains glue for TLDs. No TLD zone contains glue for TLDs. In-bailiwick means that the nameservers for a zone are under the apex of that zone. So the uk TLD servers are in-bailiwick: they are all of the form nsX.nic.uk for various X. The com TLD servers are not in-bailiwick since they are all under gtld-servers.net; similarly the .aero servers are under .de, .ch, .info, .org. If a zone has in-bailiwick nameservers then it must have glue in the parent zone. It is possible for a TLD to have no glue of its own (like .com) if all of its nameservers are under other TLDs. It is possible for a TLD to have no glue at all if it shares no nameservers with any other TLD - so .com has glue (shared with .net) but the .aero nameservers are all under other TLDs and are different from those TLDs' servers, so it can work without glue. Tony. -- f.anthony.n.finch d...@dotat.at http://dotat.at/
Re: unqualified domains, was ICANN to allow commercial gTLDs
Another avenue could be At-Large. The North American Regional At-Large Organization (NARALO) - uniquely amongst the RALO's - accepts individual members. as the elected unaffiliated member representative (or umr) i suppose i should point out that (a) yes, the structural feature of individual membership exists in the naralo, and (b) it is unique to this ralo, and (c) these members do elect an officer to the ralo leadership, in some cases by accliamation or apathy, depending upon point of view, and (d) redundently, i am that stuckee. points (c) and (d) are not terribly important to the issue of how any number of persons having no other at large structure (als) membership, say a local isoc chapter, may, if they choose, lobby for what they each, jointly or severally -- to express involvement as a liability -- think is in the public interest. i simply mention (c) and (d) for completeness. i do have a caveat to offer. when i switched from the contracted parties to the naralo mailing lists i found a technical working group and hoped right on over. i foud that its purpose was not to provide a venue for the technical evaluation of policy issues, such as the sanity of v6-uber-alles as a non-negotiable requirement for new registries located where there is no v6, but to educate others. at that point i hoped right out. i don't think policy for dummies is any more attractive than tech for dumies as process and competency models. http://naralo.org as joly's comment implies, there's a link to click, and consequences in the form of works, not faith. -e
Re: unqualified domains, was ICANN to allow commercial gTLDs
In message 3da313a7-911e-4439-9082-b50844338...@dotat.at, Tony Finch writes: On 20 Jun 2011, at 08:43, Mark Andrews ma...@isc.org wrote: =20 There is also no such thing as in-bailiwick glue for the TLD=E2=80=99s DN= S servers. The root zone contains glue for TLDs. No TLD zone contains glu= e for TLDs. In-bailiwick means that the nameservers for a zone are under the apex of t= hat zone. So the uk TLD servers are in-bailiwick: they are all of the form n= sX.nic.uk for various X. The com TLD servers are not in-bailiwick since they= are all under gtld-servers.net; similarly the .aero servers are under .de, . = ch, .info, .org. If a zone has in-bailiwick nameservers then it must have gl= ue in the parent zone. It is possible for a TLD to have no glue of its own (= like .com) if all of its nameservers are under other TLDs. It is possible fo= r a TLD to have no glue at all if it shares no nameservers with any other TL= D - so .com has glue (shared with .net) but the .aero nameservers are all un= der other TLDs and are different from those TLDs' servers, so it can work wi= thout glue. Tony. I will repeat my assertion. There is no such thing as glue records for the nameservers at the top of the zone within the zone itself be they in-baliwick or not. Glue records live in the parent zone and are there to avoid the catch 22 situation of needing the records to find the records. Now glue records which match the address records of the nameservers for the zone may still be needed but they are glue records for a delegated zone, not the zone's apex. One can add obsured address records for the zone's nameservers to the zone but they are not glue records and are not needed for operational purposes and will cause problems if loaded into old nameservers as they will incorrectly be returned as answers. Even some modern nameservers treat them incorrectly by returning them as additional data. All glue records are obsured records. Not all obsured records are glue records be they address records or otherwise. Obsured records can be of any type. Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
Re: unqualified domains, was ICANN to allow commercial gTLDs
Now I'm tempted to be the guy that gets .mail On Fri, Jun 17, 2011 at 20:47, Jay Ashworth j...@baylink.com wrote: - Original Message - From: John Levine jo...@iecc.com The notion of a single-component FQDN would be quite a breakage for the basic concept of using both FQDNs and Unqualified names. Well, you know, there's a guy whose email address has been n@ai for many years. People have varying amounts of success sending him mail. My Zimbra UI says it might be invalid; the default postfix config inside it tries to send it to n...@ai.baylink.com, and complains because the domain won't resolve. If I'm reading 3.2.4 of 2822 properly (that notation is one I'm not entirely familiar with, and should be), that really is a valid 2822 address, as odd as it sounds. Clearly, it's semantics are unexpected, though. I guess I should go hang a bug on it. Cheers, -- jra -- Jay R. Ashworth Baylink j...@baylink.com Designer The Things I Think RFC 2100 Ashworth Associates http://baylink.pitas.com 2000 Land Rover DII St Petersburg FL USA http://photo.imageinc.us +1 727 647 1274
Re: unqualified domains, was ICANN to allow commercial gTLDs
Now I'm tempted to be the guy that gets .mail express that temptation in dollars, and well into two commas. randy
Re: unqualified domains, was ICANN to allow commercial gTLDs
Once upon a time, Randy Bush ra...@psg.com said: Now I'm tempted to be the guy that gets .mail express that temptation in dollars, and well into two commas. Imagine the typo-squating someone could do with .con. -- Chris Adams cmad...@hiwaay.net Systems and Network Administrator - HiWAAY Internet Services I don't speak for anybody but myself - that's enough trouble.
Re: unqualified domains, was ICANN to allow commercial gTLDs
On Jun 19, 2011, at 8:49 AM, Chris Adams wrote: Once upon a time, Randy Bush ra...@psg.com said: Now I'm tempted to be the guy that gets .mail express that temptation in dollars, and well into two commas. Imagine the typo-squating someone could do with .con. See section 2.2.1.1 (and section 2.1.2) of http://www.icann.org/en/topics/new-gtlds/rfp-clean-30may11-en.pdf Regards, -drc
Re: unqualified domains, was ICANN to allow commercial gTLDs
It was a very long time ago, but I seem to recall being shown http://dk, the home page of Denmark, some time in the mid 90s. Must I be recalling incorrectly?
Re: unqualified domains, was ICANN to allow commercial gTLDs
The same type that Colombia/NeuStar is doing with .co? On Sun, Jun 19, 2011 at 2:49 PM, Chris Adams cmad...@hiwaay.net wrote: Once upon a time, Randy Bush ra...@psg.com said: Now I'm tempted to be the guy that gets .mail express that temptation in dollars, and well into two commas. Imagine the typo-squating someone could do with .con. -- Chris Adams cmad...@hiwaay.net Systems and Network Administrator - HiWAAY Internet Services I don't speak for anybody but myself - that's enough trouble.
Re: unqualified domains, was ICANN to allow commercial gTLDs
Adam Atkinson gh...@mistral.co.uk writes: It was a very long time ago, but I seem to recall being shown http://dk, the home page of Denmark, some time in the mid 90s. Must I be recalling incorrectly? no you need not must be. it would work as long as no dk.this or dk.that would be found first in a search list containing 'this' and 'that', where the default search list is normally the parent domain name of your own hostname (so for me on six.vix.com the search list would be vix.com and so as long as dk.vix.com did not exist then http://dk/ would reach dk.) -- Paul Vixie KI6YSY
Re: unqualified domains, was ICANN to allow commercial gTLDs
On Jun 19, 2011, at 11:59 AM, David Conrad wrote: On Jun 19, 2011, at 8:49 AM, Chris Adams wrote: Once upon a time, Randy Bush ra...@psg.com said: Now I'm tempted to be the guy that gets .mail express that temptation in dollars, and well into two commas. Imagine the typo-squating someone could do with .con. See section 2.2.1.1 (and section 2.1.2) of http://www.icann.org/en/topics/new-gtlds/rfp-clean-30may11-en.pdf Regards, -drc To save others some eye strain (apologies for the format when pasted from PDF): 2.1.2 History of cybersquatting ICANN will screen applicants against UDRP cases and legal databases as financially feasible for data that may indicate a pattern of cybersquatting behavior pursuant to the criteria listed in section 1.2.1. The applicant is required to make specific declarations regarding these activities in the application. Results returned during the screening process will be matched with the disclosures provided by the applicant and those instances will be followed up to resolve issues of discrepancies or potential false positives. If no hits are returned, the application will generally pass this portion of the background screening. and 2.2.1.1 String Similarity Review This review involves a preliminary comparison of each applied-for gTLD string against existing TLDs, Reserved Names (see subsection 2.2.1.2), and other applied-for strings. The objective of this review is to prevent user confusion and loss of confidence in the DNS resulting from delegation of many similar strings. Note: In this Applicant Guidebook, “similar” means strings so similar that they create a probability of user confusion if more than one of the strings is delegated into the root zone. The visual similarity check that occurs during Initial Evaluation is intended to augment the objection and dispute resolution process (see Module 3, Dispute Resolution Procedures) that addresses all types of similarity. This similarity review will be conducted by an independent String Similarity Panel. 2.2.1.1.1 Reviews Performed The String Similarity Panel’s task is to identify visual string similarities that would create a probability of user confusion. The panel performs this task of assessing similarities that would lead to user confusion in four sets of circumstances, when comparing: Applied-for gTLD strings against existing TLDs and reserved names; Applied-for gTLD strings against other applied-for gTLD strings; Applied-for gTLD strings against strings requested as IDN ccTLDs; and Applied-for 2-character IDN gTLD strings against: o Every other single character. o Any other 2-character ASCII string (to protect possible future ccTLD delegations). Module 2 Evaluation ProceduresApplicant Guidebook (30 May 2011) 2-5 Module 2 Evaluation Procedures Similarity to Existing TLDs or Reserved Names – This review involves cross-checking between each applied-for string and the lists of existing TLD strings and Reserved Names to determine whether two strings are so similar to one another that they create a probability of user confusion. In the simple case in which an applied-for gTLD string is identical to an existing TLD or reserved name, the online application system will not allow the application to be submitted. Testing for identical strings also takes into consideration the code point variants listed in any relevant IDN table. For example, protocols treat equivalent labels as alternative forms of the same label, just as “foo” and “Foo” are treated as alternative forms of the same label (RFC 3490). All TLDs currently in the root zone can be found at http://iana.org/domains/root/db/. IDN tables that have been submitted to ICANN are available at http://www.iana.org/domains/idn-tables/. Similarity to Other Applied-for gTLD Strings (String Contention Sets) – All applied-for gTLD strings will be reviewed against one another to identify any similar strings. In performing this review, the String Similarity Panel will create contention sets that may be used in later stages of evaluation. A contention set contains at least two applied-for strings identical or similar to one another. Refer to Module 4, String Contention Procedures, for more information on contention sets and contention resolution. ICANN will notify applicants who are part of a contention set as soon as the String Similarity review is completed. (This provides a longer period for contending applicants to reach their own resolution before reaching the contention resolution stage.) These contention sets will also be published on ICANN’s website. Similarity to TLD strings requested as IDN ccTLDs -- Applied- for gTLD strings will also be reviewed for similarity to TLD strings requested in the IDN ccTLD Fast Track process (see http://www.icann.org/en/topics/idn/fast-track/). Should a conflict with a prospective fast-track IDN ccTLD be identified, ICANN will take the
Re: unqualified domains, was ICANN to allow commercial gTLDs
In message g339j59ywz@nsa.vix.com, Paul Vixie writes: Adam Atkinson gh...@mistral.co.uk writes: It was a very long time ago, but I seem to recall being shown http://dk, the home page of Denmark, some time in the mid 90s. Must I be recalling incorrectly? no you need not must be. it would work as long as no dk.this or dk.that would be found first in a search list containing 'this' and 'that', where the default search list is normally the parent domain name of your own hostname (so for me on six.vix.com the search list would be vix.com and so as long as dk.vix.com did not exist then http://dk/ would reach dk.) -- Paul Vixie KI6YSY DK should NOT be doing this. DK is *not* a hierarchical host name and the address record should not exist, RFC 897. The Internet stopped using simple host names in the early '80s. In addition to that it is a security issue similar to that described in RFC 1535. Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
Re: unqualified domains, was ICANN to allow commercial gTLDs
Appears to now get you a redirect to https://www.dk-hostmaster.dk/ For those arguing that 512+ octet replies don't occur: baikal:owen (14) ~ % dig @a.nic.dk -t any dk.2011/06/19 17:03:56 ;; Truncated, retrying in TCP mode. ; DiG 9.6.0-APPLE-P2 @a.nic.dk -t any dk. ; (1 server found) ;; global options: +cmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 8417 ;; flags: qr aa rd; QUERY: 1, ANSWER: 19, AUTHORITY: 0, ADDITIONAL: 7 ;; WARNING: recursion requested but not available ;; QUESTION SECTION: ;dk.IN ANY ;; ANSWER SECTION: dk. 86400 IN SOA b.nic.dk. tech.dk-hostmaster.dk. 1308524460 600 300 3024000 3600 dk. 86400 IN A 193.163.102.24 dk. 86400 IN RRSIG A 8 1 86400 20110623053818 20110616000559 42220 dk. vWYPal2lEoKjPUsBLjUibPISlij+zHcqJY7k0WP5C86SgHMERArxLD2r VqJwWlXlhDAmSRitX3aTyyZyI+lL1qSh4u1eNns0/9I/ysV+Hn7NbRgC A0Kwkspgc47MbPPPZOvlL37ZmbEN2jwCLckyESzaPpThF/sI5ZwGKr6N +mI= dk. 86400 IN RRSIG NS 8 1 86400 20110627054850 20110619180550 42220 dk. ckianMaLf8ajkiwk+jaPJyG98Ojv4ScDLB6HORiVXSesJEjLV/W2EF0Q CcOy3KeIws8xPCqKiovIESpwMJlP4Rwk+u9vO546/XdKekU5FdoeWhuw ebLoB29ahKcUvXo9s+uzHmUhbb8jEKDEgxyQIfjSLP+E6Op6+LAwKvOp dYw= dk. 86400 IN RRSIG SOA 8 1 86400 20110626220327 20110619220601 42220 dk. AQFNW7TNXsI4ZOAMzNYYYcDeMBO2mbmdmJt5fzKGrttoZDZmVopN9z7D cA9TIGiLERDxfk/lsuUO+QQAK6V4Gi9fawP/rThqTRv/HbI9+eTBDoTa 3RXEmHmnO+c769Hol7fy7ADkpOtFhb9xl4KLVV8sUDU/rL6wIM73kkl/ sGg= dk. 86400 IN RRSIG TXT 8 1 86400 20110626123535 20110619220601 42220 dk. tmrYWviDeeZmd5Jx1cd79IIjTYQL7do3TOomwqVEkCxwkfSR1H1H5r/x ZigoqqY9DApq3Lyyye95bSDRIaiOjKZksbgpj7Fd4AgxrD5SR1GUZTaz uVP+MAW3x6y0Z02YJmCAt6I0OcdaCAHInQHjnGJCiBSkNickbB1+aRu8 cYM= dk. 86400 IN RRSIG DNSKEY 8 1 86400 20110626014930 20110618154633 26887 dk. G67qd6YFu4ezyVYR5R2Jk7+Rb60bFt7siEaKKs2zZllCx5PFWLZtwrxR 4Rpp+FXtJk759XmaXQf0h33mG1nmJ2ReQNflVDnPddpl5YjbiLt2EHbc OuW3630mbNPVWN7G2HucxNZVzKqpApvfjYfo6cyv2DOk4uXNZCuQlPgM CsCizGgq8qtliY80zYFSsL9UEXlzRgQR7e57v7pOhsaZll0FfdUes2dB nfJtG97cFgOpfdct2YmcRFiowWTu4DMPCPZ5MZEGoqx1pwB0hTJ8KcJX gBhgm0n6riIYxZbbPe449tB+IprAQ+H9pdjOYPOZ74lznZjrcRW0IpnI Kb5DBQ== dk. 3600IN RRSIG NSEC3PARAM 8 1 3600 20110624180533 20110618010606 42220 dk. bgMTmGKNs9M0VVoFIAiOpaAKvkzdV6PWSoCAf+VgFdOC7nJ3SgZG5nkz dubwoebOada+Si1f6kv/sWRUM9WTTY3gnfNFMdv51KLNOq9km2TLPjqG HKmTPTr5nVFSKLj53S5fmI8zfm9nye8fh7GN2WoxW0pdlrZUItCGjCw9 S8E= dk. 86400 IN NS a.nic.dk. dk. 86400 IN NS b.nic.dk. dk. 86400 IN NS c.nic.dk. dk. 86400 IN NS l.nic.dk. dk. 86400 IN NS p.nic.dk. dk. 86400 IN NS s.nic.dk. dk. 86400 IN TXT DK zone update Epoch 1308524460 localtime Mon Jun 20 01:01:00 2011 gmtime Sun Jun 19 23:01:00 2011 dk. 86400 IN DNSKEY 256 3 8 AwEAAcRBGC1Fr12DjYvQQPNnOAzq/oDOibyuF61UzTRnmakZ7rV2xsDb WDl1Jp+Yt/BCqKxZ9M1TkrUFMDWynN7vzqJOKg8WLwIZmB6VvyEQvqv0 qu4B2Ss/ADeoYInVflc/iD6bINriRtWzvefOqrhbctCmQIKqT+BBRu0Q Y4y2twTn dk. 86400 IN DNSKEY 256 3 8 AwEAAd2Ny7OFu4XZ9M3NQQDMxdZwIq8WGfz5n0uAbAw8npuPsmHPtp0N xYpwIg1dUJSnf19RhlWUeu1M32w65oRW0pRxRvk8zdihEewW3wywEjRA 9Zp0eDT0X+xUPL3+xE4wWNl3qBZm1JW0hSqS9TAR05XbO5aQ9/W9o4h+ NJ4Q6Rsf dk. 86400 IN DNSKEY 257 3 8 AwEAAcX56/UAMzmxalCMl5KWD5ViYJIRhWI8upQy/KI7HL8rCkltQOY+ MGkdNIndl1m0IrqJ58pbFn3X6CSfXsbas0G0Pg5NyApomTtalw3E4CQH LeXc6aZF97PcE4w1tjucZAtgGmvPEJLPnkQJOrUoqklAUaKUyT4HXyr8 zPwsuT+S0sSJmpTrtQVbZwY0TXr7CrYRtpg/aFjNzRRSQC8RljQjRZi2 KammIx7PocVx8VXy6pzKEWDP4yOCmcJkh0oa3fP0QCIpSlrlPArKbLsA UN62ARflz04TrA0zskvRo4ah+C9Di9Il6KgkdAcUgdNX1FAvoo80GTqb 6rpZFsx7tn0= dk. 3600IN NSEC3PARAM 1 0 17 96AB3C09C88F066B ;; ADDITIONAL SECTION: b.nic.dk. 86400 IN A 193.163.102.222 c.nic.dk. 86400 IN A 208.76.168.244 l.nic.dk. 86400 IN A 192.38.7.242 p.nic.dk. 86400 IN A 204.61.216.36 s.nic.dk. 86400 IN A 77.72.229.252 b.nic.dk. 86400 IN 2a01:630:0:80::53 s.nic.dk. 86400 IN 2a01:3f0:0:303::53 ;; Query time: 554 msec ;; SERVER: 212.88.78.122#53(212.88.78.122) ;; WHEN: Sun Jun 19 17:04:20 2011 ;; MSG SIZE rcvd: 2137 So... dk. does have an A record (in violation of said 3-digit RFC) and it points to 193.163.102.24... And that host responds with a redirect: baikal:owen (15) ~ % telnet 193.163.102.24 802011/06/19 17:04:20 Trying 193.163.102.24... Connected
Re: unqualified domains, was ICANN to allow commercial gTLDs
- Original Message - From: Paul Vixie vi...@isc.org Adam Atkinson gh...@mistral.co.uk writes: It was a very long time ago, but I seem to recall being shown http://dk, the home page of Denmark, some time in the mid 90s. Must I be recalling incorrectly? no you need not must be. it would work as long as no dk.this or dk.that would be found first in a search list containing 'this' and 'that', where the default search list is normally the parent domain name of your own hostname (so for me on six.vix.com the search list would be vix.com and so as long as dk.vix.com did not exist then http://dk/ would reach dk.) And in fact, it works right now; I clicked through to it from your email, and it's a redirect to their NIC. Cheers, -- jra -- Jay R. Ashworth Baylink j...@baylink.com Designer The Things I Think RFC 2100 Ashworth Associates http://baylink.pitas.com 2000 Land Rover DII St Petersburg FL USA http://photo.imageinc.us +1 727 647 1274
Re: unqualified domains, was ICANN to allow commercial gTLDs
DK may not be hierarchical, but DK. is. If you try to resolve DK on it's own, many (most? all?) DNS clients will attach the search string/domain name of the local system in order to make it a FQDN. The same happens when you try and resolve a non-existent domain. Such as alskdiufwfeiuwdr3948dx.com, in wireshark I see the initial request followed by alskdiufwfeiuwdr3948dx.com.gateway.2wire.net. However if I qualify it with the trailing dot, it stops after the first lookup. DK. is a valid FQDN and should be considered hierarchical due to the dot being the root and anything before that is a branch off of the root. see RFC1034 -Jeremy On Sun, Jun 19, 2011 at 7:08 PM, Mark Andrews ma...@isc.org wrote: In message g339j59ywz@nsa.vix.com, Paul Vixie writes: Adam Atkinson gh...@mistral.co.uk writes: It was a very long time ago, but I seem to recall being shown http://dk, the home page of Denmark, some time in the mid 90s. Must I be recalling incorrectly? no you need not must be. it would work as long as no dk.this or dk.that would be found first in a search list containing 'this' and 'that', where the default search list is normally the parent domain name of your own hostname (so for me on six.vix.com the search list would be vix.com and so as long as dk.vix.com did not exist then http://dk/ would reach dk.) -- Paul Vixie KI6YSY DK should NOT be doing this. DK is *not* a hierarchical host name and the address record should not exist, RFC 897. The Internet stopped using simple host names in the early '80s. In addition to that it is a security issue similar to that described in RFC 1535. Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
Re: unqualified domains, was ICANN to allow commercial gTLDs
In message d066e1c4-cc70-4105-b2ed-a2af9b1b2...@delong.com, Owen DeLong write s: Appears to now get you a redirect to https://www.dk-hostmaster.dk/ For those arguing that 512+ octet replies don't occur: I don't think anyone argues that 512+ octet replies don't occur. They have occured for as long as the DNS has existed. Even RFC 1123 said you SHOULD handle them. Unfortunately there are SOHO router vendors (yes I'm talking about you Netgear) that have shipped products that don't even listen on DNS/TCP yet advertise themselves as recursive DNS servers and don't have fixed images that can be installed (yes the box is field upgradable and yes I have looked for updated images). Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
Re: unqualified domains, was ICANN to allow commercial gTLDs
A surprising number of TLDs have A records. Many are hosts with web servers, a few are hosts with misconfigured or unconfigured web servers (ph. and bi.), some don't respond. No TLD has an record, confirming the theory that nobody actually cares about IPv6. ac. 193.223.78.210 ai. 209.59.119.34 bi. 196.2.8.205 cm. 195.24.205.60 dk. 193.163.102.24 gg. 87.117.196.80 hk. 203.119.2.31 io. 193.223.78.212 je. 87.117.196.80 ph. 203.119.4.7 pn. 80.68.93.100 sh. 64.251.31.234 tk. 217.119.57.22 tm. 193.223.78.213 to. 216.74.32.107 uz. 91.212.89.8 ws. 63.101.245.10 xn--o3cw4h. 203.146.249.130 R's, John
Re: unqualified domains, was ICANN to allow commercial gTLDs
In message BANLkTinAZvLc4oQEW5Nq8eTrch=x6hs...@mail.gmail.com, Jeremy writes: DK may not be hierarchical, but DK. is. If you try to resolve DK on DK. is NOT a hostname (RFC 952). It is NOT legal in a SMTP transaction. It is NOT legal in a HTTP header. it's own, many (most? all?) DNS clients will attach the search string/domain name of the local system in order to make it a FQDN. The same happens when you try and resolve a non-existent domain. Such as alskdiufwfeiuwdr3948dx.com, in wireshark I see the initial request followed by alskdiufwfeiuwdr3948dx.com.gateway.2wire.net. However if I qualify it with the trailing dot, it stops after the first lookup. DK. is a valid FQDN and should be considered hierarchical due to the dot being the root and anything before that is a branch off of the root. see RFC1034 You need to write 1000 lines of: RFC 1034 DOES NOT CHANGE WHAT IS A LEGAL HOSTNAME Go READ RFC 1034. DK. it is NOT a valid heirachical hostname. Just because some random piece of software lets you get away with it does not make it a legal nor does it make it a good idea. Mark -Jeremy On Sun, Jun 19, 2011 at 7:08 PM, Mark Andrews ma...@isc.org wrote: In message g339j59ywz@nsa.vix.com, Paul Vixie writes: Adam Atkinson gh...@mistral.co.uk writes: It was a very long time ago, but I seem to recall being shown http://dk, the home page of Denmark, some time in the mid 90s. Must I be recalling incorrectly? no you need not must be. it would work as long as no dk.this or dk.that would be found first in a search list containing 'this' and 'that', where the default search list is normally the parent domain name of your own hostname (so for me on six.vix.com the search list would be vix.com and so as long as dk.vix.com did not exist then http://dk/ would reach dk.) -- Paul Vixie KI6YSY DK should NOT be doing this. DK is *not* a hierarchical host name and the address record should not exist, RFC 897. The Internet stopped using simple host names in the early '80s. In addition to that it is a security issue similar to that described in RFC 1535. Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org --bcaec51f900961620b04a619d97b Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable quot;DKquot; may not be hierarchical, but quot;DK.quot; is. If you try = to resolve quot;DKquot; on it#39;s own, many (most? all?) DNS clients wi= ll attach the search string/domain name of the local system in order to mak= e it a FQDN. The same happens when you try and resolve a non-existent domai= n. Such as a href=3Dhttp://alskdiufwfeiuwdr3948dx.com;alskdiufwfeiuwdr39= 48dx.com/a, in wireshark I see the initial request followed by =A0meta h= ttp-equiv=3Dcontent-type content=3Dtext/html; charset=3Dutf-8a href= =3Dhttp://alskdiufwfeiuwdr3948dx.com.gateway.2wire.net;alskdiufwfeiuwdr39= 48dx.com.gateway.2wire.net/a. However if I qualify it with the trailing d= ot, it stops after the first lookup. DK. is a valid FQDN and should be cons= idered hierarchical due to the dot being the root and anything before that = is a branch off of the root. see RFC1034div br/divdiv-Jeremybrbrdiv class=3Dgmail_quoteOn Sun, Jun 19, 20= 11 at 7:08 PM, Mark Andrews span dir=3Dltrlt;a href=3Dmailto:marka@i= sc.orgma...@isc.org/agt;/span wrote:brblockquote class=3Dgmail_q= uote style=3Dmargin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1e= x; divdiv/divdiv class=3Dh5br In message lt;a href=3Dmailto:g339j59ywz@nsa.vix.com;g339j59ywz.fsf= @nsa.vix.com/agt;, Paul Vixie writes:br gt; Adam Atkinson lt;a href=3Dmailto:gh...@mistral.co.uk;ghira@mistral= .co.uk/agt; writes:br gt;br gt; gt; It was a very long time ago, but I seem to recall being shown a = href=3Dhttp://dk; target=3D_blankhttp://dk/a,br gt; gt; the home page of Denmark, some time in the mid 90s.br gt; gt;br gt; gt; Must I be recalling incorrectly?br gt;br gt; no you need not must be. =A0it would work as long as no dk.this or dk.= thatbr gt; would be found first in a search list containing #39;this#39; and #= 39;that#39;, wherebr gt; the default search list is normally the parent domain name of your own= br gt; hostname (so for me on a href=3Dhttp://six.vix.com; target=3D_blank= six.vix.com/a the search list would be a href=3Dhttp://vix.com; targe= t=3D_blankvix.com/a andbr gt; so as long as a href=3Dhttp://dk.vix.com; target=3D_blankdk.vix.c= om/a did not exist then a href=3Dhttp://dk/; target=3D_blankhttp://d= k//a would reach quot;dk.quot;)br gt; --br gt; Paul Vixiebr gt; KI6YSYbr br /div/divDK should NOT be doing this. =A0DK is *not* a hierarchical host= namebr and the address record should not exist, RFC 897. =A0The Internetbr stopped using simple host names in the early #39;80s. =A0In addition
Re: unqualified domains, was ICANN to allow commercial gTLDs
Date: Sun, 19 Jun 2011 19:30:58 -0500 From: Jeremy jba...@gmail.com DK may not be hierarchical, but DK. is. If you try to resolve DK on it's own, many (most? all?) DNS clients will attach the search string/domain name of the local system in order to make it a FQDN. The same happens when you try and resolve a non-existent domain. Such as alskdiufwfeiuwdr3948dx.com, in wireshark I see the initial request followed by alskdiufwfeiuwdr3948dx.com.gateway.2wire.net. However if I qualify it with the trailing dot, it stops after the first lookup. DK. is a valid FQDN and should be considered hierarchical due to the dot being the root and anything before that is a branch off of the root. see RFC1034 i think he's seen RFC 1034 :-). anyway, i don't see the difference between http://sony/ and http://sony./ and if a technology person tried to explain to a marketing person that single-token TLD names *can* be used as long as there's a trailing dot, the result would hopefully be that glazed look of nonunderstanding but would far more likely be an interpretation of oh, so it's OK after all, we'll use it that way, thanks! furthermore, the internet has more in it than just the web, and i know that foo@sony. will not have its RHS (sony.) treated as a hierarchical name. i think we have to just discourage lookups of single-token names, universally.
Re: unqualified domains, was ICANN to allow commercial gTLDs
On 6/19/2011 9:24 PM, Paul Vixie wrote: i think we have to just discourage lookups of single-token names, universally. Not to mention the folks of the Redmond persuasion with their additionally ambiguous \\hostname single names. (In the absence of a configured search domain, Windows won't even try DNS for a single name through it's own resolver libraries; although nslookup will). Jeff
Re: unqualified domains, was ICANN to allow commercial gTLDs
Vix: i think he's seen RFC 1034 :-). anyway, i don't see the difference between http://sony/ and http://sony./ The fact that the resolution of sony. is deterministic, and that of sony is location dependent? i think we have to just discourage lookups of single-token names, universally. In order to do which, we have to discourage their *deployment*. And if by universally you mean no Jay, you can't say 'telnet dns1' from your desktop machine to get to your inhouse nameserver, then I'm just gonna have to go ahead and disagree with ya' there, Vix. :-) Cheers, -- jra -- Jay R. Ashworth Baylink j...@baylink.com Designer The Things I Think RFC 2100 Ashworth Associates http://baylink.pitas.com 2000 Land Rover DII St Petersburg FL USA http://photo.imageinc.us +1 727 647 1274
Re: unqualified domains, was ICANN to allow commercial gTLDs
On Jun 19, 2011, at 3:24 PM, Paul Vixie wrote: i think we have to just discourage lookups of single-token names, universally. How? Regards, -drc
Re: unqualified domains, was ICANN to allow commercial gTLDs
From: David Conrad d...@virtualized.org Date: Sun, 19 Jun 2011 16:04:09 -1000 On Jun 19, 2011, at 3:24 PM, Paul Vixie wrote: i think we have to just discourage lookups of single-token names, universally. How? that's a good question. marka mentioned writing an RFC, but i expect that ICANN could also have an impact on this by having applicants sign something that says i know that my single-label top level domain name will not be directly usable the way normal domain names are and i intend to use it only to register subdomain names which will work normally.
Re: unqualified domains, was ICANN to allow commercial gTLDs
On 06/19/2011 07:08 PM, Paul Vixie wrote: From: David Conradd...@virtualized.org Date: Sun, 19 Jun 2011 16:04:09 -1000 On Jun 19, 2011, at 3:24 PM, Paul Vixie wrote: i think we have to just discourage lookups of single-token names, universally. How? that's a good question. marka mentioned writing an RFC, but i expect that ICANN could also have an impact on this by having applicants sign something that says i know that my single-label top level domain name will not be directly usable the way normal domain names are and i intend to use it only to register subdomain names which will work normally. Isn't this problem self regulating? If sufficient things break with a single label, people will stop making themselves effectively unreachable, right? Mike
Re: unqualified domains, was ICANN to allow commercial gTLDs
On Mon, Jun 20, 2011 at 02:08:18AM +, Paul Vixie wrote: From: David Conrad d...@virtualized.org Date: Sun, 19 Jun 2011 16:04:09 -1000 On Jun 19, 2011, at 3:24 PM, Paul Vixie wrote: i think we have to just discourage lookups of single-token names, universally. How? that's a good question. marka mentioned writing an RFC, but i expect that ICANN could also have an impact on this by having applicants sign something that says i know that my single-label top level domain name will not be directly usable the way normal domain names are and i intend to use it only to register subdomain names which will work normally. Whilst we can dream that that will work, I don't think it'll actually last very long in the face of determined marketing department pressure; also, unless that agreement also says I agree to pay the additional costs borne by any party on the Internet that result from my failure to adhere to this agreement, it's worthless. Are your customers going to call Sony when they put http://sony/ into their web browser and it doesn't work? Hell no. They're going to call your helpdesk, and it's going to tie up a non-trivial amount of engineer time either renaming things or reconfiguring the client machine to make that URL work as the user expects it to. - Matt -- It fsck's the volume or it gets the format again. -- Don Quixote, in the Monastery
Re: unqualified domains, was ICANN to allow commercial gTLDs
On Jun 19, 2011, at 4:08 PM, Paul Vixie wrote: ICANN could also have an impact on this by having applicants sign something Well, yes, ICANN could have contracted parties (e.g., the new gTLDs) do this. A bit late to get it into the Applicant's Guidebook, but maybe something could be slipped in after the fact. Who is going to lead the contingent from NANOG to raise this in the GNSO? Of course, changing existing contracts tends to be challenging since the contracted parties have to agree to the changes and I wouldn't be surprised if they demanded ICANN give something up in exchange for agreeing to this new restriction. It'll probably take a while. ICANN can respectfully request ccTLD folks do the same, but whether or not the ccTLDs listen is a separate matter. If the ccTLD folks feel they gain benefit from having naked TLDs, they'll tell ICANN to take a hike. Not sure what will happen with the IDN ccTLDs since they appear to be sort of a combination of ccTLDs and contracted parties. You probably know all this, but things in the ICANN world probably don't work the way most folks think. Regards, -drc
Re: unqualified domains, was ICANN to allow commercial gTLDs
Date: Sun, 19 Jun 2011 19:22:46 -0700 From: Michael Thomas m...@mtcc.com that's a good question. marka mentioned writing an RFC, but i expect that ICANN could also have an impact on this by having applicants sign something that says i know that my single-label top level domain name will not be directly usable the way normal domain names are and i intend to use it only to register subdomain names which will work normally. Isn't this problem self regulating? If sufficient things break with a single label, people will stop making themselves effectively unreachable, right? alas, no. if someone adds something to the internet that doesn't work right but they ignore this and press onward until they have market share, then the final disposition will be based on market size not on first mover advantage. if you live in the san francisco bay area you probably know about the sound walls along the US101 corridor. the freeway was originally built a long way from where the houses were, but then a few generations of people built their houses closer and closer to the freeway. then their descendants or the folks who bought these houses third or fourth hand complained about the road noise and so we have sound walls. no harm exactly, and no foul, except, noone likes the result much. here's this quote again: Distant hands in foreign lands are turning hidden wheels, causing things to come about which no one seems to feel. All invisible from where we stand, the connections come to pass and though too strange to comprehend, they affect us nonetheless, yes. James Taylor, _Migrations_ good stewardship and good governance means trying to avoid such outcomes.
Re: unqualified domains, was ICANN to allow commercial gTLDs
In message 4dfeaef6.70...@mtcc.com, Michael Thomas writes: Isn't this problem self regulating? If sufficient things break with a single label, people will stop making themselves effectively unreachable, right? The failure rate isn't going to be high enough for natural selection to take effect. Remember the protocols we use were designed to work back when there was only a single flat namespace. Simple hostnames will appear to work fine for 99.999% of people. It's just when you get namespace collisions that there will be problems. Unfortunately the nincompoops that decide to use tlds this way don't have to pay the costs of cleaning up the mess they cause. Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
RE: unqualified domains, was ICANN to allow commercial gTLDs
The failure rate isn't going to be high enough for natural selection to take effect. Remember the protocols we use were designed to work back when there was only a single flat namespace. Simple hostnames will appear to work fine for 99.999% of people. It's just when you get namespace collisions that there will be problems. I would guess that most of these are going to be purchased simply to prevent someone else from getting them and that most of them will never actually be placed into production. So it will basically just be a cash cow for ICANN while people pay their $185K/pop application fee to snap up a piece of real estate they don't want anyone else to have.
Re: unqualified domains, was ICANN to allow commercial gTLDs
Mark Andrews wrote: It was a very long time ago, but I seem to recall being shown http://dk, the home page of Denmark, some time in the mid 90s. DK should NOT be doing this. Oh, I'm not claiming it does it now. It certainly doesn't. I _think_ I was shown http://dk in about 1993 or 1994 as an example of something a bit silly. If my recollection is even correct, I would be curious to know at what point Denmark decided it no longer wanted whatever was on that page as the Denmark home page. And it's so long since I saw whatever I saw that I could very well be remembering incorrectly, as I said.
Re: unqualified domains, was ICANN to allow commercial gTLDs
i think he's seen RFC 1034 :-). anyway, i don't see the difference between http://sony/ and http://sony./ Neither do any of the browsers I use, which resolve http://bi/ as well as http://dk./ just fine. Whatever problem unqualified TLD names might present to web browsers has been around for a long time and the world hasn't come to an end. The problems with zillions of single-registrant TLDs are more social and economic than technical. R's, John
Re: unqualified domains, was ICANN to allow commercial gTLDs
Adam Atkinson wrote: It was a very long time ago, but I seem to recall being shown http://dk, the home page of Denmark, some time in the mid 90s. DK should NOT be doing this. Oh, I'm not claiming it does it now. It certainly doesn't. I should have checked before I wrote that. The _last_ time I tried it it redirected to something else in Denmark but that was also years ago, just not as many as I think I remember being shown http://dk _Now_ I get rend up at http://www.dk.com/ if I don't put a dot on the end, and https://www.dk-hostmaster.dk/ if I do.
Re: unqualified domains, was ICANN to allow commercial gTLDs
In message 5a6d953473350c4b9995546afe9939ee0d633...@rwc-ex1.corp.seven.com, G eorge Bonser writes: The failure rate isn't going to be high enough for natural selection to take effect. Remember the protocols we use were designed to work back when there was only a single flat namespace. Simple hostnames will appear to work fine for 99.999% of people. It's just when you get namespace collisions that there will be problems. I would guess that most of these are going to be purchased simply to prevent someone else from getting them I would agree with this part. and that most of them will never actually be placed into production. But not with this part. So it will basically just be a cash cow for ICANN while people pay their $185K/pop application fee to snap up a piece of real estate they don't want anyone else to have. Adding gtlds and opening up the root to brands effectively requires TM holders to register/bid to protect their TM rights. Now $10 or so is not a lot for a TM.gtld and isn't worth the court costs but $185K/pop is a lot and sooner or later a TM holder will sue ICANN because they don't want to have to pay $185K to protect their TM and it will be interesting to see the results. It will be even more interesting if ICANN looses and has to roll back brand delegations it has made. Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
Re: unqualified domains, was ICANN to allow commercial gTLDs
- Original Message - From: John Levine jo...@iecc.com i think he's seen RFC 1034 :-). anyway, i don't see the difference between http://sony/ and http://sony./ Neither do any of the browsers I use, which resolve http://bi/ as well as http://dk./ just fine. Whatever problem unqualified TLD names might present to web browsers has been around for a long time and the world hasn't come to an end. C'mon, John; you've just been skimming the thread? The problem caused by making monocomponent name resolution non-deterministic has been covered in pretty decent detail, just today. We didn't say http://apple/ wouldn't work... we said it wouldn't work (as previously expected) *if someone already had an internal machine called apple*... at which point http://apple/ might resolve to a new and different thing which matched http://apple./ Saying that's very unlikely to happen only displays a fairly shallow knowledge of the *number* of different categories and shapes of large IP networks that exist in the world. Cheers, -- jra -- Jay R. Ashworth Baylink j...@baylink.com Designer The Things I Think RFC 2100 Ashworth Associates http://baylink.pitas.com 2000 Land Rover DII St Petersburg FL USA http://photo.imageinc.us +1 727 647 1274
Re: unqualified domains, was ICANN to allow commercial gTLDs
On Jun 19, 2011, at 5:46 PM, Mark Andrews wrote: I would guess that most of these are going to be purchased simply to prevent someone else from getting them I would agree with this part. I suspect you underestimate the desires and power of marketing folks at larger organizations. Adding gtlds and opening up the root to brands effectively requires TM holders to register/bid to protect their TM rights. Not really. You might want to search on trademark in http://www.icann.org/en/topics/new-gtlds/rfp-clean-30may11-en.pdf. There has been a tremendous amount of traffic on that particular issue and that is reflected in the Applicant Guidebook. It will be even more interesting if ICANN looses and has to roll back brand delegations it has made. Really, if you're going to opine on the disasters that will befall ICANN as a result of the new gTLD program, you might want to actually read what that program does and doesn't do. Really. Regards, -drc
Re: unqualified domains, was ICANN to allow commercial gTLDs
In message 4dfec221.90...@mistral.co.uk, Adam Atkinson writes: Adam Atkinson wrote: It was a very long time ago, but I seem to recall being shown http://dk, the home page of Denmark, some time in the mid 90s. DK should NOT be doing this. Oh, I'm not claiming it does it now. It certainly doesn't. I should have checked before I wrote that. The _last_ time I tried it it redirected to something else in Denmark but that was also years ago, just not as many as I think I remember being shown http://dk _Now_ I get rend up at http://www.dk.com/ if I don't That's your browser trying to be helpful. If it is Firefox this can be turned off with about:config and browser.fixup.alternate.enabled to false. The default is true. put a dot on the end, and https://www.dk-hostmaster.dk/ if I do. Safari, Mozilla and Google Chrome all fail to resolve http://dk/; on my Mac but all resolve http://dk./;. Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
Re: unqualified domains, was ICANN to allow commercial gTLDs
In message 1bc921a3-c4cd-4fff-9ae5-49c1218d5...@virtualized.org, David Conrad writes: On Jun 19, 2011, at 5:46 PM, Mark Andrews wrote: I would guess that most of these are going to be purchased simply to prevent someone else from getting them I would agree with this part. I suspect you underestimate the desires and power of marketing folks at = larger organizations. Adding gtlds and opening up the root to brands effectively requires TM holders to register/bid to protect their TM rights. =20 Not really. You might want to search on trademark in = http://www.icann.org/en/topics/new-gtlds/rfp-clean-30may11-en.pdf. = There has been a tremendous amount of traffic on that particular issue = and that is reflected in the Applicant Guidebook. It will be even more interesting if ICANN looses and has to roll back brand = delegations it has made. Really, if you're going to opine on the disasters that will befall ICANN = as a result of the new gTLD program, you might want to actually read = what that program does and doesn't do. Really. Regards, -drc I'm curious how anyone that has not signed a agreement with ICANN can be bound to anything in any applicant guide book. Also rfp-clean-30may11-en.pdf basically deals with tm.gtld. on a brief skimming not tm or is ICANN going to have a sunrise period for .? Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
Re: unqualified domains, was ICANN to allow commercial gTLDs
Mark Andrews wrote: _Now_ I get rend up at http://www.dk.com/ if I don't That's your browser trying to be helpful. If it is Firefox this can be turned off with about:config and browser.fixup.alternate.enabled to false. The default is true. Ah, thanks. I imagined it was FF trying to be helpul but wandering around the settings thingy didn't produce anything that seemed relevant.
Re: unqualified domains, was ICANN to allow commercial gTLDs
In message 20110620033503.20835.qm...@joyce.lan, John Levine writes: i think he's seen RFC 1034 :-). anyway, i don't see the difference between http://sony/ and http://sony./ Neither do any of the browsers I use, which resolve http://bi/ as well as http://dk./ just fine. Whatever problem unqualified TLD names might present to web browsers has been around for a long time and the world hasn't come to an end. The problems with zillions of single-registrant TLDs are more social and economic than technical. And your technical solution to ensure http://apple/; always resolves to apple. and doesn't break people using http://apple/; to reach http://apple.example.net/; is? Similarly for mail user@apple. Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
RE: unqualified domains, was ICANN to allow commercial gTLDs
I would guess that most of these are going to be purchased simply to prevent someone else from getting them I would agree with this part. and that most of them will never actually be placed into production. But not with this part. Well, I said most, some will likely be placed into use, but I am willing to wager that most of them will not be actively promoted. So mcdonalds. might be set up to point to the same thing as mcdonalds.com but I doubt http://McDonalds will actually be promoted because of the potential breakage. Image what happens in a shop that has a farm of servers named with a fast food theme and they have a mcdonalds.example.com, arbys.example.com, burgerking.example.com, etc. So a user in that domain trying to get to http://mcdonalds ends up going to mcdonalds.example.com A company deploying this would end up with a flood of complaints and the more famous the company is, the more likely they are to have problems.
Re: unqualified domains, was ICANN to allow commercial gTLDs
On Jun 19, 2011, at 6:39 PM, Mark Andrews wrote: I'm curious how anyone that has not signed a agreement with ICANN can be bound to anything in any applicant guide book. In order to obtain a gTLD, you have to sign a contractual agreement with ICANN. Also rfp-clean-30may11-en.pdf basically deals with tm.gtld. You might want to re-read pretty much any part of that document (e.g., the title). Regards, -drc
Re: unqualified domains, was ICANN to allow commercial gTLDs
And your technical solution to ensure http://apple/; always resolves to apple. and doesn't break people using http://apple/; to reach http://apple.example.net/; is? Whatever people have been doing for the past decade to deal with http://dk/ and http://bi/. As I think I said in fairly easy to understand language, this is not a new problem. I am not thrilled about lots of new TLDs, but it is silly to claim that they present any new technical problems. Regards, John Levine, jo...@iecc.com, Primary Perpetrator of The Internet for Dummies, Please consider the environment before reading this e-mail. http://jl.ly
Re: unqualified domains, was ICANN to allow commercial gTLDs
Really, if you're going to opine on the disasters that will befall ICANN as a result of the new gTLD program, you might want to actually read what that program does and doesn't do. Really. you made my morning dave. thanks for the chuckle!
Re: unqualified domains, was ICANN to allow commercial gTLDs
Adding gtlds and opening up the root to brands effectively requires TM holders to register/bid to protect their TM rights. If you had read the applicant handbook, you would know that's not true. But I'm glad to see that people are taking my advice and continuing the traditional uninformed nanog wankage rather than reading the documentation and polluting the discussion with boring facts. R's, John
Re: unqualified domains, was ICANN to allow commercial gTLDs
By the way, the ICANN board just voted to approve the new gTLD program. Time to place bets on what the next move will be. My money is on lawsuits by US trademark lawyers. Regards, John Levine, jo...@iecc.com, Primary Perpetrator of The Internet for Dummies, Please consider the environment before reading this e-mail. http://jl.ly
Re: unqualified domains, was ICANN to allow commercial gTLDs
In message alpine.bsf.2.00.1106200055140.23...@joyce.lan, John R. Levine wr ites: And your technical solution to ensure http://apple/; always resolves to apple. and doesn't break people using http://apple/; to reach http://apple.example.net/; is? Whatever people have been doing for the past decade to deal with http://dk/ and http://bi/. As I think I said in fairly easy to understand language, this is not a new problem. I am not thrilled about lots of new TLDs, but it is silly to claim that they present any new technical problems. There is a big difference between a handful of tld breaking the rules, by making simple hostnames resolve to addresses in the DNS, and thousands of companies wanting the rules re-written because they have purchased tm. and want to be able to use user@tm reliably. Simple host names, as global identifiers, where phase out in the 1980's for good reasons. Those reasons are still relevant. Mark Regards, John Levine, jo...@iecc.com, Primary Perpetrator of The Internet for Dummies , Please consider the environment before reading this e-mail. http://jl.ly -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
Re: unqualified domains, was ICANN to allow commercial gTLDs
On 06/19/2011 19:31, Paul Vixie wrote: Date: Sun, 19 Jun 2011 19:22:46 -0700 From: Michael Thomasm...@mtcc.com that's a good question. marka mentioned writing an RFC, but i expect that ICANN could also have an impact on this by having applicants sign something that says i know that my single-label top level domain name will not be directly usable the way normal domain names are and i intend to use it only to register subdomain names which will work normally. Isn't this problem self regulating? If sufficient things break with a single label, people will stop making themselves effectively unreachable, right? alas, no. if someone adds something to the internet that doesn't work right but they ignore this and press onward until they have market share, then the final disposition will be based on market size not on first mover advantage. I think you're going to see 2 primary use cases. Those who will do it anyway, either because they are ignorant of the possible downsides, or don't care. The other use case will be the highly risk-averse folks who won't unconditionally enable IPv6 on their web sites because it will cause problems for 1/2000 of their customers. If it will make $YOU (not nec. Paul or Michael) feel better, sure produce an RFC. Shout it from the housetops, whatever. You're not going to change anyone's mind. Meanwhile, David is right. Further pontificating on this topic without even reading the latest DAG is just useless nanog-chin-wagging. Completely aside from the fact that the assumption no one in the ICANN world has put any thought into this for the last 10+ years is sort of insulting. Doug -- Nothin' ever doesn't change, but nothin' changes much. -- OK Go Breadth of IT experience, and depth of knowledge in the DNS. Yours for the right price. :) http://SupersetSolutions.com/
Re: unqualified domains, was ICANN to allow commercial gTLDs
In message 83163718-fa5b-47ba-ba50-67701abd5...@virtualized.org, David Conrad writes: On Jun 19, 2011, at 6:39 PM, Mark Andrews wrote: I'm curious how anyone that has not signed a agreement with ICANN can be bound to anything in any applicant guide book. =20 In order to obtain a gTLD, you have to sign a contractual agreement with = ICANN. David, you are missing the point. The TM holder doesn't want the gtld, they just want to protect their trademark. The TM holder doesn't have a contract with ICANN. They do however have a legitimate right to the name and want to spend $0 keeping the name out of anybodys hands but theirs. $187K is not longer a amount to be sneezed at. Mark Also rfp-clean-30may11-en.pdf basically deals with tm.gtld. You might want to re-read pretty much any part of that document (e.g., = the title). Regards, -drc -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
Re: unqualified domains, was ICANN to allow commercial gTLDs
Mark, RTFDAG. Regards, -drc On Jun 19, 2011, at 7:14 PM, Mark Andrews wrote: In order to obtain a gTLD, you have to sign a contractual agreement with = ICANN. David, you are missing the point. The TM holder doesn't want the gtld, they just want to protect their trademark. The TM holder doesn't have a contract with ICANN. They do however have a legitimate right to the name and want to spend $0 keeping the name out of anybodys hands but theirs. $187K is not longer a amount to be sneezed at. Mark Also rfp-clean-30may11-en.pdf basically deals with tm.gtld. You might want to re-read pretty much any part of that document (e.g., = the title). Regards, -drc -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
Re: unqualified domains, was ICANN to allow commercial gTLDs
Date: Sun, 19 Jun 2011 22:32:59 -0700 From: Doug Barton do...@dougbarton.us ... the highly risk-averse folks who won't unconditionally enable IPv6 on their web sites because it will cause problems for 1/2000 of their customers. let me just say that if i was making millions of dollars a day and i had the choice of reducing that by 1/2000th or not i would not choose to reduce it. as much as i love the free interchange of ideas i will point out that commerce is what's paid the internet's bills all these years.
Re: unqualified domains, was ICANN to allow commercial gTLDs
On 06/19/2011 22:47, Paul Vixie wrote: Date: Sun, 19 Jun 2011 22:32:59 -0700 From: Doug Bartondo...@dougbarton.us ... the highly risk-averse folks who won't unconditionally enable IPv6 on their web sites because it will cause problems for 1/2000 of their customers. let me just say that if i was making millions of dollars a day and i had the choice of reducing that by 1/2000th or not i would not choose to reduce it. as much as i love the free interchange of ideas i will point out that commerce is what's paid the internet's bills all these years. I wasn't using that as an example of them doing something wrong. I've spoken several places (including here on NANOG) in support of people doing what they need to do to meet their fiduciary responsibility to their stakeholders. My point was simply that there are 2 schools of thought on this issue, and both are so far out on the poles that meaningful changing of minds is next to impossible (and arguably, totally unnecessary). Doug -- Nothin' ever doesn't change, but nothin' changes much. -- OK Go Breadth of IT experience, and depth of knowledge in the DNS. Yours for the right price. :) http://SupersetSolutions.com/
Re: unqualified domains, was ICANN to allow commercial gTLDs
The notion of a single-component FQDN would be quite a breakage for the basic concept of using both FQDNs and Unqualified names. Well, you know, there's a guy whose email address has been n@ai for many years. People have varying amounts of success sending him mail. R's, John
Re: unqualified domains, was ICANN to allow commercial gTLDs
- Original Message - From: John Levine jo...@iecc.com The notion of a single-component FQDN would be quite a breakage for the basic concept of using both FQDNs and Unqualified names. Well, you know, there's a guy whose email address has been n@ai for many years. People have varying amounts of success sending him mail. My Zimbra UI says it might be invalid; the default postfix config inside it tries to send it to n...@ai.baylink.com, and complains because the domain won't resolve. If I'm reading 3.2.4 of 2822 properly (that notation is one I'm not entirely familiar with, and should be), that really is a valid 2822 address, as odd as it sounds. Clearly, it's semantics are unexpected, though. I guess I should go hang a bug on it. Cheers, -- jra -- Jay R. Ashworth Baylink j...@baylink.com Designer The Things I Think RFC 2100 Ashworth Associates http://baylink.pitas.com 2000 Land Rover DII St Petersburg FL USA http://photo.imageinc.us +1 727 647 1274
