[Pr-plan] Public-Root resolution problems and UNIDT (fwd)

Peter_Karin_Dambier · September 30, 2005, 1:57pm

Statement of the Official Public-Root Representative

September 29, 2005

This communication is published on the Internet at URL:

http://www.cynikal.net/~baptista/P-R/2005-09-29%20Memo%20to%20the%20Internet%20Community.pdf

Memo to the Internet Community
Public-Root resolution problems

I in my capacity as the Official Public-Root Representative and
whistle-blower, asked Peter Dambier to publish to NANOG a notice that the
Public-Root had fractured. Namely, the root in Ankara operated by Celep
Bahadir who is also the UNIDT (www.unidt.com) representative to Turkey and
the Middle East.

There was an attempt by UNIDT to start a new root system called the
United-Root. Attempts by Ankara to test this root on l.public-root.net at
195.214.191.125 resulted in a fracturing of the public-root network.

The Ankara root injected a number of older records into the DNS resulting
in false answers to queries. Ankara was also listing as root servers some
DNS that pointed back to ICANN data and did not resolve the Public-Root.
This was very unprofessional behavior on behalf of UNIDT resulting in a
serious violation of their contractual obligations to the Public-Root.

I sent several email communications to UNIDT General Manager Mr. Marty
van Veluw pointing out the problem. I am pleased to announce the problem
is corrected now but no official response was received back from Mr. Van
Veluw. The last time Ankara was checked it was found the root server is
out of sync with the remaining Public-Root network. This is also very
unprofessional. I have sent email messages to Mr. van Veluw pointing out
the problem.

Unfortunately I consider UNIDT unstable and expect they may intentionally
jeopardize the root in order to break their contracts with us. Mr. Martijn
Burger the chair of INAIC and Public-Root has advised me Mr. van Veluw may
close down the Ankara server in the near future. This would also
constitute a violation of the contract between UNIDT and the Public-Root.

I continue to maintain my position that any administrator using the
public-root should select another root system during this period of
reorganization.

I also want to take this time to criticize NANOG (North American Network
Operators Group) and the inclusive and alternative namespace communities.
However, my main concern is NANOG. I find the fact the people of Turkey
are being the subject of technical jokes on NANOG appalling.

Anyone who understands the importance of root servers also understands the
fiduciary responsibilities that go with such an operation. The technical
problems with the public-root pale when one reviews the people involved. I
regret to say that hackers and criminals are behind the Public-Root.
Therefore, this is not a joke, this is a serious issue. The people of
Turkey and Tiscali users have been surfing the Internet using a system
that can compromise their security and privacy.

I hope in future the NANOG and root communities will be more responsive
and civil.

- 33 -

Joe Baptista, Official Public-Root Representative and Lobbyist to the
United States Congress and Senate / Tel: +1 (202) 517-1593

Public-Root Disclosure Documents: http://www.cynikal.net/~baptista/P-R/
Public-Root Discussion Forum: http://lair.lionpost.net/mailman/listinfo/pr-plan

Valdis_Kletnieks · September 30, 2005, 2:54pm

http://www.cynikal.net/~baptista/P-R/2005-09-29%20Memo%20to%20the%20Internet%

20Community.pdf

There was an attempt by UNIDT to start a new root system called the
United-Root. Attempts by Ankara to test this root on l.public-root.net at
195.214.191.125 resulted in a fracturing of the public-root network.

The Ankara root injected a number of older records into the DNS resulting
in false answers to queries. Ankara was also listing as root servers some
DNS that pointed back to ICANN data and did not resolve the Public-Root.
This was very unprofessional behavior on behalf of UNIDT resulting in a
serious violation of their contractual obligations to the Public-Root.

I'm not sure whether to say "We told you so" or just "RFC2826".

Andy_Davidson · September 30, 2005, 3:05pm

Peter Dambier wrote:

The Ankara root injected a number of older records into the DNS resulting
in false answers to queries. Ankara was also listing as root servers some
DNS that pointed back to ICANN data and did not resolve the Public-Root.
This was very unprofessional behavior on behalf of UNIDT resulting in a
serious violation of their contractual obligations to the Public-Root.

Sounds like chaos. If only there was some way of co-ordinating a central root, managed by a trustworthy, established, stable main player.

A bit like an internationally organized, non-profit corporation that has responsibility for Internet Protocol (IP) address space allocation, protocol identifier assignment, generic (gTLD) and country code (ccTLD) Top-Level Domain name system management, and root server system management functions.

Has anyone considered this ?

Roy_Arends · September 30, 2005, 3:13pm

BRIAN:
    Are you the Judean People's Front?
REG:
    Fuck off!
BRIAN:
    What?
REG:
    Judean People's Front. We're the People's Front of Judea! Judean
    People's Front. Cawk.
FRANCIS:
    Wankers.
BRIAN:
    Can I... join your group?
REG:
    No. Piss off.
BRIAN:
    I didn't want to sell this stuff. It's only a job. I hate the Romans
    as much as anybody.
PEOPLE'S FRONT OF JUDEA:
    Shhhh. Shhhh. Shhh. Shh. Shhhh.
REG:
    Schtum.
JUDITH:
    Are you sure?
BRIAN:
    Oh, dead sure. I hate the Romans already.
REG:
    Listen. If you really wanted to join the P.F.J., you'd have to really
    hate the Romans.
BRIAN:
    I do!
REG:
    Oh, yeah? How much?
BRIAN:
    A lot!
REG:
    Right. You're in. Listen. The only people we hate more than the Romans
    are the fucking Judean People's Front.
P.F.J.:
    Yeah...
JUDITH:
    Splitters.
P.F.J.:
    Splitters...
FRANCIS:
    And the Judean Popular People's Front.
P.F.J.:
    Yeah. Oh, yeah. Splitters. Splitters...
LORETTA:
    And the People's Front of Judea.
P.F.J.:
    Yeah. Splitters. Splitters...
REG:
    What?
LORETTA:
    The People's Front of Judea. Splitters.
REG:
    We're the People's Front of Judea!
LORETTA:
    Oh. I thought we were the Popular Front.
REG:
    People's Front! C-huh.
FRANCIS:
    Whatever happened to the Popular Front, Reg?
REG:
    He's over there.
P.F.J.:
    Splitter!
GOLIATH:
    [pant pant pant] Ooh. Ooh. I-- I think I'm about to have a... cardiac
    arrest. Ooh. Ooh.
SPECTATOR:
    Absolutely dreadful. Hmm.
CROWD:
    [cheering]
REG:
    Yes, brother! Ha ha. What's your name?
BRIAN:
    Brian. Brian Cohen.
REG:
    We may have a little job for you, Brian.

Roy

_Stephane_Bortzmeyer · September 30, 2005, 3:16pm

a message of 19 lines which said:

A bit like an internationally organized, non-profit corporation

...

Has anyone considered this ?

Yes, replacing the DoC puppet by an internationally organized
corporation would be a good idea.

Todd_Vierling · September 30, 2005, 9:37pm

Not jokes, my dear Mr. Baptista, what we've been saying is "We told you so"
in about 200 different forms. Chaos is not unexpected from an alternate
root system, though we more expected the problems to start with technical
barriers, before financial or personal ones flared up.

The problem with alternate roots carrying non-universal data was documented
in several RFCs with very sound technical merit, going all the way back to
the Jim Fleming/AlterNIC/PacRoot heyday of alternate root servers. After
all this time has passed, you willfully ignore established technical and
operational facts about how global reachability is compromised by the snake
oil you're peddling.

Just the term "inclusive namespace" is a political PR spin term that is
misleading at best, and coupled with the name "Public-Root", downright
deceptive in practice. (I have to hand it to you, though; that kind of word
play could earn you an official position in Washington. Oh, I see you have
a "lobbyist" title already. Oy vey.

And based on the previous paragraph, I can only conclude that Public-Root is
not meant to take away ICANN's stranglehold -- rather, it's meant to line
the Public-Root group's pockets. Unlike ORSN, which is currently being
discussed on NANOG as well, Public-Root is actually *selling something*, not
simply acting benevolently in the best interest of the Internet.

Public-Root may be operating DNS servers that serve up a root zone, but it
is not operating an "inclusive namespace", nor "Internet" root DNS servers.
In reality, the term "Internet" itself was coined to identify a network of
*globally universal* protocols and their trimmings (which came to include
the DNS). Now, the Public-Root is actively working to reduce global
reachability. That's not "inclusive"; it's *exclusive*.

I'm probably taking to a brick wall here, but here I have tried to appeal to
your sense of technical sanity to drop the facade and work to do the Right
Thing, not the profitable thing.

(Note: All this comes from someone who actually used AlterNIC's roots for
about 13 months back in "the day" -- and finally realized what a bunch of
crap the whole situation was. I don't necessarily expect you to come to the
same realization, but I can still try to echo a common sentiment directly to
you, rather than through a third party such as Mr. Dambier.)