You say that like it's a bad thing....
Well yeah, there's tons of possible bad here.
1. Some contractor would get millions over a few years for doing this
2. Spending time to maintain old code that no one cares about just to
make stuff work is kinda annoying (both for those maintaining the code
and #1)
3. I don't want to see the report on how many Allaire ColdFusion with
NT 3.5 .gov sites are out there
.... any other reasons not to do this? Maybe, but here's the real
question - why in the hell would we want to do this?
It's a dollar thing -- show me a substantial return on the investment
and I'll back it all the way. Notice that nowhere in the litany do the
terms "LAMP" or "Linux" show up.
Adobe and Microsoft would *love* the increased revenue from updates that
would have to be applied to all those old servers. And what about those
sites that were made using Front Page? Talk about a nightmare. A
costly one.
"A billion here, a billion there, soon you are talking about real
money." -- misattributed to the late Senator Everett Dirkson
(1896-1969, R-Illinois 1951-69)
Bad idea. I'm betting we'd find half of gov web sites down due to not being
able to reboot and issues in old coldfusion and IIS and the like (and
needing to fix static links and testing etc).You say that like it's a bad thing....
It's a dollar thing -- show me a substantial return on the investment
Indeed
Adobe and Microsoft would *love* the increased revenue from updates that
would have to be applied to all those old servers. And what about those
sites that were made using Front Page? Talk about a nightmare. A
costly one.
Oh yeah, I totally forgot about old FrontPage. I was thinking Homesite
or Dreamweaver, but idk FrontPage from ~10 years back would port very
clean into anything modern. So, if anything there needed changing,
you'd have to do a manual cleanup of that code.
The USA funded the early internet and so it got to make it's own legacy rules.
`murica
See your point 3.
The short version is that that names were a process. In the beginning, hosts simply had names. When DNS came into being, names were transformed from “some-name” to “some-name.ARPA”. A few of what we now all gTLDs then came into being - .com, .net, .int, .mil, .gov, .edu - and the older .arpa names quickly fell into disuse.
ccTLDs came later.
I’ve been told that the reason God was able to create the earth in seven days was that He had no installed base. We do. The funny thing is that you’ll see a reflection of the gTLDs underneath the ccTLDs of a number of countries - .ac, .ed, and the like.
I wish marriages worked like that..
People don’t use in-addr.arpa anymore?
johno
They do use that, of course. But for example they don’t go to IANA using a .arpa name.
Hadn't you noticed how bad the reverse mapping maintenance is?
A
By the time of RFC1591, March 1994, authored by Jon Postel, said:
GOV - This domain was originally intended for any kind of government
office or agency. More recently a decision was taken to
register only agencies of the US Federal government in this
domain.
No reference as to who, when, or how.
That same RFC says:
In the Domain Name System (DNS) naming of computers there is a
hierarchy of names. The root of system is unnamed. There are a set
of what are called "top-level domain names" (TLDs). These are the
generic TLDs (EDU, COM, NET, ORG, GOV, MIL, and INT), and the two
letter country codes from ISO-3166. It is extremely unlikely that
any other TLDs will be created.
Gotta love that last sentence, yes?
--Sandy
FNC “reserved” .gov and .mil for the US.
And Postel was right… there was/is near zero reason to technically extend/expand the number of TLDs.
/bill
PO Box 12317
Marina del Rey, CA 90295
310.322.8102
... I think these questions have been adequately answered.
In regards to the question of "Ok, so what do we do about it?" a simple plan was floated oh, about a decade ago:
1. Create edu.us, gov.us, and mil.us
2. Lock out all new registrations in EDU, GOV, and MIL
3. Set a target date for the removal of those TLDs for 10 years in the future
Obviously there are various implementation details for effecting the move, but application-layer stuff will be as obvious to most readers as it is off-topic for this list.
Regarding the time period in #3, decommissioning a TLD is harder than you might think, and we have plenty of extant examples of others that have taken longer, and/or haven't finished yet *cough*su*cough*.
Obviously no serious consideration was given to that plan 10 years ago, or we wouldn't still be having the conversation today. Meanwhile what most perceive as the USG's privileged position in the operation of the root zone is still being reinforced by those TLDs, in spite of the current IANA stewardship transition talks.
Doug
It appears to this outsider that Postel and others never understood at all that the sole purpose and destiny of what they were inventing was Marketing, with secondary importance in social networking and politics.
I think you're assuming that people go back and fix stuff when they do
massive changes that are out of scope - they don't. First they aren't
being paid to do so, gov contractors always run over budget and work
is never delivered on time so why would they want to make it worse,
etc. No, if a massive domain move started, stuff would be fixed enough
to make it work with a new domain, and stuff would stay at and
possibly worse than the current state of "working". I can handle stuff
staying at the current state as long as China/Russia doesn't use it to
get more of a foothold into our infrastructure, but making this stuff
worse might be a really bad thing.
Just something to consider - lets say web stuff is ok, email ports,
old SOAP (and whatever was/is used on mainframes) stuff doesn't break.
I'm betting something accesses
relay-4.building-10.not-yet-offline.missile-defense-system.mil someone
fails to point to building-10's dns in a dns migration which may be a
cooling system that gets changed by some computer and shit hits the
fan because we wanted to normalize our gov tld with the rest of the
world. No, I think I'll pass on finding out what breaks here.
Again - give me a real reason we should do this. And if not, if it
ain't broke, don't fix it.
PS - MDS is only 10 years old so any part of that still online is
likely to have audits (and any installs would be in east-EU and
hopefully on classified internet - one hopes - so who knows). It was
just an example I pulled. It's more possible that some Blackberry
system can't get updated after we stop holding them up and we budget
for this and gov email goes down Just saying I don't want to find
out what gets left behind and breaks here.
3. Set a target date for the removal of those TLDs for 10 years in the
future
Because this worked for IPv6?
Obviously there are various implementation details for effecting the move,
but application-layer stuff will be as obvious to most readers as it is
off-topic for this list.
In this case, it's all about the "application-layer stuff" - that'd be
the stuff to fail hard - mainframe IP gateways, control systems,
Lotus, Domino, etc. BIND is fine. Even most of the PHP apps would
(should, maybe) be fine. But that's not runs most of the gov.
Regarding the time period in #3, decommissioning a TLD is harder than you
might think, and we have plenty of extant examples of others that have taken
longer, and/or haven't finished yet *cough*su*cough*.
Do we really have any prior examples that are even .1 the size of the
usgov public system? Again, I'm not just referring to BIND and Windows
DNS (and probably some Netware 4 etc stuff) - this would be web, soap
parsers, email systems, vpn, and all of their clients (public,
contractor, and gov). Anything close to what y'all are talking about?
I remember asking this same question when I first started managing DNS records in the early 1990s. Being young and unencumbered by "it's always been done this way" thinking I believed that it would only be a few years of transition and .mil/.gov would be pushed to the history books. Now I'm older and crankier and a grandfather. Along with asking the "who cares?" question the image of Grandpa Simpson also comes to mind: "GET OFF MY LAWN!"
Marc
> 3. Set a target date for the removal of those TLDs for 10 years in the
> futureBecause this worked for IPv6?
Well there wasn't a target date set for the change to IPv6 and it
is starting to happen pretty fast now.
These are nameserver by IP type (IPv4 then IPv6). For Alexa top
1000, Alexa AU zones, Alexa bottom 1000 of top 1M, Alexa GOV zones
and TLD/Root zone.
% foreach f ( tld-report/reports/*2014-10-20* )
foreach? echo $f
foreach? awk '$2 !~ / { print $2}' $f | sort -u | wc
foreach? awk '$2 ~ / { print $2}' $f | sort -u | wc
foreach? end
tld-report/reports/alexa.2014-10-20T00:00:00Z
2178 2178 33180
513 513 11131
tld-report/reports/au.2014-10-20T00:00:12Z
6343 6343 97529
726 726 16441
tld-report/reports/bottom.2014-10-20T00:00:12Z
1788 1788 26945
416 416 9660
tld-report/reports/gov.2014-10-20T00:00:12Z
1263 1263 18821
301 301 6765
tld-report/reports/tld.2014-10-20T00:00:00Z
1602 1602 23035
1065 1065 20276
%
Or over all the servers
% awk '$2 !~ / { print $2}' tld-report/reports/*2014-10-20* | sort -u | wc
11805 11805 178630
% awk '$2 ~ / { print $2}' tld-report/reports/*2014-10-20* | sort -u | wc
2554 2554 53979
%
Now who says IPv6 hasn't taken off?
Setting target dates helps. Having a administator willing to pull
the plug on the set date helps even more. .ARPA was cleared of
hosts because there was a date set and the last entries were removed
even if the operators of the hosts weren't ready. There was never
any intention to remove in-addr.arpa.
> Obviously there are various implementation details for effecting the move,
> but application-layer stuff will be as obvious to most readers as it is
> off-topic for this list.In this case, it's all about the "application-layer stuff" - that'd be
the stuff to fail hard - mainframe IP gateways, control systems,
Lotus, Domino, etc. BIND is fine. Even most of the PHP apps would
(should, maybe) be fine. But that's not runs most of the gov.> Regarding the time period in #3, decommissioning a TLD is harder than you
> might think, and we have plenty of extant examples of others that have take
n
> longer, and/or haven't finished yet *cough*su*cough*.
>Do we really have any prior examples that are even .1 the size of the
usgov public system? Again, I'm not just referring to BIND and Windows
DNS (and probably some Netware 4 etc stuff) - this would be web, soap
parsers, email systems, vpn, and all of their clients (public,
contractor, and gov). Anything close to what y'all are talking about?
Government departments get re-named all the time. Many departments
have already gone through name changes since coming onto the net.
This would just be another one.
Size really isn't a issue, there are more than enough staff to do this.
Mark
Spanish speaking countries .gob.$2lettercodecountry. No problem so far.