Zone file access

James_Rishaw · May 15, 1998, 3:19pm

Paul Vixie wrote:

If NSI should ask me to restrict outbound zone transfers, then I would of
course immediately ask the IANA whether to comply with that request.

There are issues that come up outside of just "I want the COM tld", which
I haven't seen anyone address yet:

- Registration of domain names under NDA;
- Registration/Allocation of IP addresses under NDA.

By "under NDA," I mean, for example, this: Company X wants to get a /19
for its Internet gatewaying to the Internet. They will give information
to ARIN to justify the IP addresses (which there /is/ an NDA agreement for);
however, they do not want contact information available on the Internet.
Say they want the same for their domain name - Something that doesn't really
make sense, like XYTSDGC.COM, a "secret" domain name for their outside
sales force, extranet/customer information, etc. -- Yes, it's not really
a "right" thing, because if abuse comes from that IP range or gatewayed via
a mail relay from xytsdgc.com (or some other abuse) it becomes difficult to
track -- But the issue still exists.

I wonder if this has been brought up before, and what the results of this
have been (and if NSI or ARIN have replied publicly).

Back on topic--

As far as the root zones go, those userid/password combos were only supposed
to be given out to iTLD and root server operators. It didn't exactly go
that way.. I have one myself.. but I think NSI really is doing the "right
thing" by not giving out zones. The only reason I can think of, that one
would need an entire zone, would be for mailspamming. Other "useful"
things would be webcrawlers getting new zones (altho I dont think it's a good
idea to webcrawl without someone submitting), and to have statistics data.
None of which, just like this post, is critical or important to the operation
of the Internet.

-jamie

Manar_Hussain · May 15, 1998, 4:02pm

As far as the root zones go, those userid/password combos were only supposed
to be given out to iTLD and root server operators. It didn't exactly go
that way.. I have one myself.. but I think NSI really is doing the "right
thing" by not giving out zones. The only reason I can think of, that one
would need an entire zone, would be for mailspamming. Other "useful"
things would be webcrawlers getting new zones (altho I dont think it's a good
idea to webcrawl without someone submitting), and to have statistics data.
None of which, just like this post, is critical or important to the operation
of the Internet.

I'd be happy for some degree of access control - I just don't like the fact
that another UK company here can "legitimately" get access to the zone file
information as a gTLD core and uses it for exactly the same reason we want
it - whereas we're not "supposed" to.

We want to use it to create an in house db of domains so we can track which
domains are being released and do some stats stuff on it as well as do some
degree of local domain querying without having to rely on internic's ropey
whois) ... no desire to farm email addresses or anything.

Manar

Ben_Kirkpatrick · May 15, 1998, 10:24pm

I believe this is why they cut off public access. The NIC was
flooded with requests for domains that had just been deleted.
People were hoping to make a buck. If you have a _legitimate_ need
for zone file access, you will get it. I certainly had no problem
after the NIC figured out their internal policy for granting access.
--Ben Kirkpatrick, ELI Data Products Enginneering

Manar_Hussain · May 16, 1998, 8:23am

I believe this is why they cut off public access. The NIC was
flooded with requests for domains that had just been deleted.
People were hoping to make a buck. If you have a _legitimate_ need
for zone file access, you will get it. I certainly had no problem
after the NIC figured out their internal policy for granting access.

Hmm:

(a) *If* this is considered undesirable - draw up a charter and say so to
avoid anyone from using it for these purposes (why should someone else be
allowed to do this because they claimed/had a "legitimate" reasons "as well").

(b) We don't intend to register for ourselves any domains that we don't
want to use, though I admit that we have considered having some form of
public interface to the info that may allow people to look through the list
of recently de-activated domains and then register them. But even if we
were interested in registering lots of recently de-activated domains -
what's the problem with this - they are available and moreover they are
domains that people have let the payments on drop. At least we'd be
intending to pay for these domain (I know someone with "legitimate" access
to the info who uses it to notice when domains eh never had any intention
of paying for drop out of DNS so that he can look to re-register it - I
should say that this is an induhvidual and that the "company" may have not
idea about this).

(c) At least part of our interest was purely statistical - we thought it
useful to have a stateful track of things so we could do stats on it (and
if it was useful make it publically available).

I'll re-phrase myself a little - there are several things I'd like to do
and I object to not being able to do any one of those when others are
perfectly at liberty to do so. I'm reasonably happy to be told that nobody
can do x,y or z as long as it's reasonably fairly imposed/upheld etc.

Manar