Turkey has switched Root-Servers

Mailman List Mirror (Read Only)
1

Here is the birth of a new root-server system:

*.united-root.com

; <<>> DiG 9.1.3 <<>> -t any . @l.public-root.net.
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 11820
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 11, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;. IN ANY

;; ANSWER SECTION:
. 172800 IN SOA a.united-root.com. hostmaster.united-root.com.\
                                         2005091400 43200 3600 1209600 14400

. 172800 IN NS g.united-root.com.
. 172800 IN NS ns1.public-root.com.
. 172800 IN NS tld1.public-root.com.
. 172800 IN NS tld2.public-root.com.
. 172800 IN NS a.united-root.com.
. 172800 IN NS b.united-root.com.
. 172800 IN NS c.united-root.com.
. 172800 IN NS d.united-root.com.
. 172800 IN NS e.united-root.com.
. 172800 IN NS f.united-root.com.

;; Query time: 182 msec
;; SERVER: 195.214.191.125#53(l.public-root.net.)
;; WHEN: Mon Sep 26 16:04:25 2005
;; MSG SIZE rcvd: 248

; <<>> DiG 9.1.3 <<>> -t any a.united-root.com @l.public-root.net.
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 37370
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 0

;; QUESTION SECTION:
;a.united-root.com. IN ANY

;; ANSWER SECTION:
a.united-root.com. 86400 IN A 69.20.9.165

;; AUTHORITY SECTION:
united-root.com. 86400 IN NS ns2.solfix.com.
united-root.com. 86400 IN NS ns1.solfix.net.

;; Query time: 4639 msec
;; SERVER: 195.214.191.125#53(l.public-root.net.)
;; WHEN: Mon Sep 26 16:10:33 2005
;; MSG SIZE rcvd: 104

host_look("69.20.9.165","a.united-root.com","1158941093").

host_look("72.3.230.81","b.united-root.com","1208215121").
host_name("72.3.230.81","us2.tandtt.com").

host_look("83.138.163.17","c.united-root.com","1401594641").
host_name("83.138.163.17","uk1.tandtt.com").

host_look("203.142.18.40","e.united-root.com","3415085608").

host_look("202.157.188.44","f.united-root.com","3399334956").

host_look("202.157.179.24","g.united-root.com","3399332632").

host_look("195.214.191.125","h.united-root.com","3285630845").

look("207.228.237.52","i.united-root.com","3487886644").

host_look("209.172.35.234","j.united-root.com","3517719530").
host_name("209.172.35.234","ip-209-172-35-234.reverse.privatedns.com").
host_look("84.0.0.0","j.united-root.com","1409286144").
host_name("84.0.0.0","catv54000000.pool.t-online.hu").
host_look("46.99.111.109","j.united-root.com","778268525").
host_look("76.111.110.100","j.united-root.com","1282371172").

host_look("209.172.35.241","k.united-root.com","3517719537").
host_name("209.172.35.241","ip-209-172-35-241.reverse.privatedns.com").
host_look("84.0.0.0","k.united-root.com","1409286144").
host_name("84.0.0.0","catv54000000.pool.t-online.hu").
host_look("46.99.111.109","k.united-root.com","778268525").
host_look("76.111.110.100","k.united-root.com","1282371172").

Not all their servers are working. Some return ICANN.

tld1.public-root.com.
tld2.public-root.com.

are nonsense. They return ICANN.

Right now they seem to run old Public-Root data
except for the '.' domain

  G.UNITED-ROOT.COM A 202.157.179.24
  D.UNITED-ROOT.COM A 202.157.181.78
  F.UNITED-ROOT.COM A 202.157.188.44
  E.UNITED-ROOT.COM A 203.142.18.40
  A.UNITED-ROOT.COM A 69.20.9.165
  B.UNITED-ROOT.COM A 72.3.230.81
  C.UNITED-ROOT.COM A 83.138.163.17

Kind regards,
Peter and Karin Dambier

2

What does Turkey have to do with this ?

Roy

3

Here is the birth of a new root-server system:

What does Turkey have to do with this ?

only turkeys switch root servers.

[ sorry, turkey is american slang for fool ]

4

Sensationalistic headlining; one of the IP addresses quoted is located within Turkey. Worlds different from the implication that 'All Internet users in Turkey now use this new root-server system'.

One of these days, people will learn that unless everyone plays from the same root zone, you effectively end up with seperate Internets. Boo, hiss and all that.

5

Ok So what,

I am located in Turkiye…Can Any one simplify the whole stuff in plain
English?

Evren Demirkan

6

a message of 29 lines which said:

I am located in Turkiye..Can Any one simplify the whole stuff in
plain English?

There is nothing related with your country in the whole thread. The
subject is misleading.

(You can do a "dig NS ." on your machine to be sure.)

7

Please, put the alternate root crack-pipe down and back sloooowly away from it
Setting up an alternate root server in turkey and claiming that turkey
has switched root servers is quite specious .. even for drinkers of
the alternate root koolaid

8

Evren Demirkan wrote:

Ok So what,

I am located in Turkiye..Can Any one simplify the whole stuff in plain
English?

Evren Demirkan

Hi Evren Demirkan,

there has been for about one year a turkish root-server:

l.public-root.com

That server did not resolve the ICANN root but The Public-Root.

Until some ISPs in Turkey started selling turkish language toplevel domains
nobody noticed because in the legacy domains ICANN and Public-Root are
compatible.

As I am comparing the root-servers to check compatibility I had to find out
sooner or later that l.public-root.com was drifting away from the rest of
our root-servers.

I found out that l.public-root.com was not only missing updates and losing
compatibility with ICANN but it started servicing a completely new root:

*.united-root.com

Except for the root-servers themselves and the names of the root-servers
united-root.com did run old Public-Root data.

You can check from which root your DNS comes by asking this simple querey
using dig on linux or unix:

dig -t any .

My dig, in the Public-Root, answers:

; <<>> DiG 9.1.3 <<>> -t any .
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 37356
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 14, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;. IN ANY

;; ANSWER SECTION:
. 172800 IN SOA a.public-root.net. \
                                                 hostmaster.public-root.net.\
                                         2005092712 43200 3600 1209600 14400

. 172800 IN NS a.public-root.net.
. 172800 IN NS b.public-root.net.
. 172800 IN NS c.public-root.net.
. 172800 IN NS d.public-root.net.
. 172800 IN NS e.public-root.net.
. 172800 IN NS f.public-root.net.
. 172800 IN NS g.public-root.net.
. 172800 IN NS h.public-root.net.
. 172800 IN NS i.public-root.net.
. 172800 IN NS j.public-root.net.
. 172800 IN NS k.public-root.net.
. 172800 IN NS l.public-root.net.
. 172800 IN NS m.public-root.net.

;; Query time: 207 msec
;; SERVER: 192.168.48.228#53(192.168.48.228)
;; WHEN: Tue Sep 27 17:16:12 2005
;; MSG SIZE rcvd: 273

If you are in the ICANN root your answer should be:

; <<>> DiG 9.1.3 <<>> -t any . @a.root-servers.net
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60636
;; flags: qr aa rd; QUERY: 1, ANSWER: 14, AUTHORITY: 13, ADDITIONAL: 3

;; QUESTION SECTION:
;. IN ANY

;; ANSWER SECTION:
. 518400 IN NS A.ROOT-SERVERS.NET.
. 86400 IN SOA A.ROOT-SERVERS.NET. \
                                                 NSTLD.VERISIGN-GRS.COM. \
                                         2005092601 1800 900 604800 86400

. 518400 IN NS H.ROOT-SERVERS.NET.
. 518400 IN NS C.ROOT-SERVERS.NET.
. 518400 IN NS G.ROOT-SERVERS.NET.
. 518400 IN NS F.ROOT-SERVERS.NET.
. 518400 IN NS B.ROOT-SERVERS.NET.
. 518400 IN NS J.ROOT-SERVERS.NET.
. 518400 IN NS K.ROOT-SERVERS.NET.
. 518400 IN NS L.ROOT-SERVERS.NET.
. 518400 IN NS M.ROOT-SERVERS.NET.
. 518400 IN NS I.ROOT-SERVERS.NET.
. 518400 IN NS E.ROOT-SERVERS.NET.
. 518400 IN NS D.ROOT-SERVERS.NET.

;; AUTHORITY SECTION:
. 518400 IN NS A.ROOT-SERVERS.NET.
. 518400 IN NS H.ROOT-SERVERS.NET.
. 518400 IN NS C.ROOT-SERVERS.NET.
. 518400 IN NS G.ROOT-SERVERS.NET.
. 518400 IN NS F.ROOT-SERVERS.NET.
. 518400 IN NS B.ROOT-SERVERS.NET.
. 518400 IN NS J.ROOT-SERVERS.NET.
. 518400 IN NS K.ROOT-SERVERS.NET.
. 518400 IN NS L.ROOT-SERVERS.NET.
. 518400 IN NS M.ROOT-SERVERS.NET.
. 518400 IN NS I.ROOT-SERVERS.NET.
. 518400 IN NS E.ROOT-SERVERS.NET.
. 518400 IN NS D.ROOT-SERVERS.NET.

;; ADDITIONAL SECTION:
A.ROOT-SERVERS.NET. 3600000 IN A 198.41.0.4
H.ROOT-SERVERS.NET. 3600000 IN A 128.63.2.53
C.ROOT-SERVERS.NET. 3600000 IN A 192.33.4.12

;; Query time: 208 msec
;; SERVER: 198.41.0.4#53(a.root-servers.net)
;; WHEN: Tue Sep 27 17:19:33 2005
;; MSG SIZE rcvd: 502

9

So the basic story here is not really "Turkey is using a new DNS root," but rather, "users of alternate root servers notice alternate root inconsistency," which is exactly what those opposed to alternate roots have been predicting.

There's also a real root server in Turkey. According to www.root-servers.org, there's an anycast copy of i.root-servers.net in Ankara.

-Steve

10

So, I think I'm off the crazy-pills recently... Why is it again that folks
want to balkanize the Internet like this? Why would you intentionally put
your customer base into this situation? If you are going to do this, why
not just drop random packets to 'bad' destinations instead?

I'm confused by the reasoning behind this public-root (alternate root)
problem... It seems to me (minus crazy-pills of course) that there is no
way for it to work, ever. So why keep trying to push it and break other
things along the way?

11

christopher.morrow@mci.com ("Christopher L. Morrow") writes:

So... Why is it again that folks want to balkanize the Internet like this?

the dreams fulfilled and/or still promised by the internet mostly involve
some kind of disintermediation, increases in freedom or autonomy, that kind
of thing.

in that context, centralized control over things like address assignments
and TLD creation is like fingernails on a chalkboard. a lot of folks feel
that "if it has to be centrally controlled, then $me should be in charge"
or at best "if it has to be centrally controlled, then $me want a voice."

this desire is more powerful than any appreciation or understanding of the
benefits of naming universality or address uniqueness. human nature,
especially when individuals interact with herds, is predictable but not
necessarily rational.

I'm confused by the reasoning behind this public-root (alternate root)
problem... It seems to me ... that there is no way for it to work, ever.
So why keep trying to push it and break other things along the way?

i think it's because of what margaret mead wrote:

        "Never doubt that a small group of thoughtful, committed people can
        change the world. Indeed, it is the only thing that ever has."

the internet is supernational. control over it is held by the ruling
political party, and their backers, in one country. thus there's plenty of
money and power ready to back the next hair-brained scheme to break the
lock, even if (as i expect) lack of naming universality would be worse
than lack of naming autonomy.

12

Christopher L. Morrow wrote:

So, I think I'm off the crazy-pills recently... Why is it again that folks
want to balkanize the Internet like this? Why would you intentionally put
your customer base into this situation? If you are going to do this, why
not just drop random packets to 'bad' destinations instead?

There are actually quite a few parties advocating dropping packets to 'bad' destinations. Each of them usually has a different set of criteria to define the 'bad'.

Pete

13

Christopher L. Morrow wrote:

I'm confused by the reasoning behind this public-root (alternate root)
problem... It seems to me (minus crazy-pills of course) that there is no
way for it to work, ever. So why keep trying to push it and break other
things along the way?

Paul Vixie has given very good arguments.

Let me add a design fault:

As more than 80% of all names are registered under '.com' there is no need
for any other domain.

Ok, let us get rid of all those domains and put them under '.com.

Now there is no more need for '.com' either. Let us get rid of it and
we have finally got more than 3000 toplevel domains. That is all we want.

Let me compare Public-Root and ICANNs root:

# IASON ZoneCompiler version 0.0.4
# SOA(".","2005092401","A.ROOT-SERVERS.NET.","NSTLD.VERISIGN-GRS.COM.","1800","900","604800","86400").
# lines: 2334, NS: 1380, A: 878, AAAA: 65, SOA: 2, domains: 263 servers: 64

# IASON ZoneCompiler version 0.0.4
# SOA(".","2005092512","a.public-root.net.","hostmaster.public-root.net.","43200","3600","1209600","14400").
# lines: 11640, NS: 10479, A: 1085, AAAA: 66, SOA: 2, domains: 3043 servers: 65

The Public-Root has got 3043 domains. ICANNs root has got only 263.

There is a political design problem with ICANNs root. It has not got enough toplevel domains.

DNS was designed as a tree. It was designed decentralised.

DNS today has degenerated to a flat file like /etc/hosts was.

It is no longer decentralised but stored mostly in a single registry.

No wonder that some people try a Public-Root that is independent but compatible
to ICANNs root. They do it since about 1995. They never stopped. The name changed.
The players mostly did not. With every new version of this Public-Root compared
to the Monopoly-Root, the number of players gets more. The number of customers
gets more.

Kind regards,
Peter and Karin Dambier

14

Peter,

Thanks for notifying that one of your "Internet Root Zone"
"root-servers" defected to another alternate root without even telling
you.

It nicely shows that "Public Root" is already something that that
"root-server" in Turkey doesn't want to be a part of. Guess Why.

Btw, look up the word 'hierarchy' in the dictionary and become amazed.
You can find a good description at:
http://en.wikipedia.org/wiki/Hierarchy

Do use the ICANN DNS for resolving it though, you might end up at some
other site with different content if you don't. This might have caused
you a lot of confusion already in the past.

Say hello to Karin btw.

Greets,
Jeroen

15

Peter,

I must have missed something here.

Are there not individual root domains for each ISO-registered country, not just the US? And, if there are individual root domains for each ISO-registered country, are they all controlled by the US?

Please explain this in simple words.

Thank you.

Cutler

t 9/27/2005 10:07 PM +0200, Peter Dambier wrote:

Christopher L. Morrow wrote:

I’m confused by the reasoning behind this public-root (alternate root)
problem… It seems to me (minus crazy-pills of course) that there is no
way for it to work, ever. So why keep trying to push it and break other
things along the way?

Paul Vixie has given very good arguments.

Let me add a design fault:

As more than 80% of all names are registered under ‘.com’ there is no need
for any other domain.

Ok, let us get rid of all those domains and put them under '.com.

Now there is no more need for ‘.com’ either. Let us get rid of it and
we have finally got more than 3000 toplevel domains. That is all we want.

Let me compare Public-Root and ICANNs root:

IASON ZoneCompiler version 0.0.4

SOA(“.”,“2005092401”,“A.ROOT-SERVERS.NET.”,“NSTLD.VERISIGN-GRS.COM.”,“1800”,“900”,“604800”,“86400”).

lines: 2334, NS: 1380, A: 878, AAAA: 65, SOA: 2, domains: 263 servers: 64

IASON ZoneCompiler version 0.0.4

SOA(“.”,“2005092512”,“a.public-root.net.”,“hostmaster.public-root.net.”,“43200”,“3600”,“1209600”,“14400”).

lines: 11640, NS: 10479, A: 1085, AAAA: 66, SOA: 2, domains: 3043 servers: 65

The Public-Root has got 3043 domains. ICANNs root has got only 263.

There is a political design problem with ICANNs root. It has not got enough toplevel domains.

DNS was designed as a tree. It was designed decentralised.

DNS today has degenerated to a flat file like /etc/hosts was.

It is no longer decentralised but stored mostly in a single registry.

No wonder that some people try a Public-Root that is independent but compatible
to ICANNs root. They do it since about 1995. They never stopped. The name changed.
The players mostly did not. With every new version of this Public-Root compared
to the Monopoly-Root, the number of players gets more. The number of customers
gets more.

Kind regards,
Peter and Karin Dambier

16

Christopher L. Morrow wrote:

I'm confused by the reasoning behind this public-root (alternate root)
problem... It seems to me (minus crazy-pills of course) that there is no
way for it to work, ever. So why keep trying to push it and break other
things along the way?

No wonder that some people try a Public-Root that is independent but compatible to ICANNs root. They do it since about 1995. They never stopped. The name changed. The players mostly did not. With every new version of this Public-Root compared to the Monopoly-Root, the number of players gets more. The number of customers gets more.

Aww, thats cute.

While I'm sure you've read RFC 2826 and disagree completely with it, what happens if some other schmoe starts public-root2 and duplicates some of your TLD. Then you have different users resolving the same hosts ending up at different destinations.

There has to be 1 globally unique root. ICANN is currently it. Sorry.

sam

17

Christopher L. Morrow wrote:
> I'm confused by the reasoning behind this public-root (alternate root)
> problem... It seems to me (minus crazy-pills of course) that there is no
> way for it to work, ever. So why keep trying to push it and break other
> things along the way?

Paul Vixie has given very good arguments.

paul often does, yes.

Let me add a design fault:
>
The Public-Root has got 3043 domains. ICANNs root has got only 263.

There is a political design problem with ICANNs root. It has not got
enough toplevel domains.

'not enough'... how much is 'enough'? by your calculations or mine or
pauls or G.W. Bush's?

Is your problem that it takes X months/years to get a new TLD put into the
normal ICANN Root system? Or is it that you don't like their choice of
.com and want .common (or some other .com replacement?). There is a
process defined to handle adding new TLD's, I think it's even documented
in an RFC? (I'm a little behind in my NRIC reading about this actually,
sorry) Circumventing a process simply because it's not 'fast enough'
isn't really an answer (in my opinion atleast) especially when it
effectivly breaks the complete system.

DNS was designed as a tree. It was designed decentralised.

DNS today has degenerated to a flat file like /etc/hosts was.

uhm, how so? certainly the tree and decentralized functions still exist.

It is no longer decentralised but stored mostly in a single registry.

huh? how so? Because 25M of the 35M 2nd level domains are in .com? isn't
that more a function of 'everyone knows www.company.com' than anything
else? I can't get people inside my company to realize (well, couldn't when
it mattered to me) remeber that my email address was chris@uu.NET ... they
always wanted to send to chris@uu.net.COM.

.COM got more registrations simply, it seems to me, via marketting.

No wonder that some people try a Public-Root that is independent but
compatible to ICANNs root. They do it since about 1995. They never
stopped. The name changed. The players mostly did not. With every new
version of this Public-Root compared to the Monopoly-Root, the number of
players gets more. The number of customers gets more.

people love crack, it's still not a good idea to smoke it.

18

Peter,

I must have missed something here.

Are there not individual root domains for each ISO-registered
country, not just the US? And, if there are individual root domains
for each ISO-registered country, are they all controlled by the US?

I'm not up on this exactly, but my reading of the NRIC report says that
some ISO document has all the 'official' (for ISO I suppose atleast) 2
letter abbreviations for country codes. These end up in the ccTLD list,
and then in the root servers delegated to the proper ccTLD auth servers
for that 2 letter code.

The ISO list isn't a US owned thing at last I recall...

19

ISO 3166 is what you want.

http://www.iso.org/iso/en/prods-services/iso3166ma/02iso-3166-code-lists/list-en1-semic.txt

20

Hi James,

James R. Cutler wrote:

Peter,

I must have missed something here.

Are there not individual root domains for each ISO-registered country, not just the US? And, if there are individual root domains for each ISO-registered country, are they all controlled by the US?

Please explain this in simple words.

The country domains obviously were not the right place. That is why
you find organisations, companies and whatever in ".com", ".net" and
".org"

I have a ".de" domain but I probably will lose it as soon as I move to
france. I cannot get a ".eu" domain because of bureaucratic reasons.
Anyhow I will lose it as soon as I move to Panama. So some 250 domains
are of no use to me. Sooner or later I will end up in ".com", ".net"
or ".org". Right now I dont have the money to bye me a ".com", ".net"
or ".org" domain. That is why I join with people like me building our
own root and selling toplevel domains to people who cannot afford
bying ICANN for monetarian or religious reasons :slight_smile:

Kind regards,
Peter and Karin