Re: The whole alternate-root ${STATE}horse (was Re: Enable BIND cache server to resolve chinese domain name?)

["Jay R. Ashworth" <jra () baylink com>]

On Tue, Jul 05, 2005 at 08:38:41PM +0200, Brad Knowles wrote:
> At 9:43 AM -0400 2005-07-05, Jay R. Ashworth wrote:
> > >                             Moreover, most of them are unlikely to be
> > >  willing to just live with the problem, if no other suitable technical
> > >  solution can be found.  Instead, they'll believe the sales pitch of
> > >  someone else who says that they can fix the problem, even if that's
> > >  not technically possible.
> >
> >  Well they might.  Well, actually, poorly they might.
> >
> >  But that argument seems to play right *to* the alt-root operators,
> >  since the "fix" is to switch your customer resolvers to point to one of
> >  them.
>
>       I disagree.  The problem is that there are too many alternatives.

To many alt-roots?  Or too many alt-TLD's?

> >         (Assuming, of course, they stay supersets of ICANN, and don't
> >  get at cross-purposes with one another.)
>
>       The problem is that they are pretty much guaranteed to get at 
> cross-purposes.

Well, there have been alt-root zones available for, what 6 or 7 years
now?  And how many collisions have there actually been in practice?  2?
3?

> >                                            In fact, merging them at your
> >  resolvers might be the best solution.
>
>       I don't think that's really practical.  I'm sorry, I just don't 
> trust them to write a resolver that's going to get included in libc 
> (or wherever), and for which the world is going to be dependant.

Well, I meant "at your customer recursive resolver servers", since the
topic at hand was "what do IAP's do to support their retail customers",
but...

>       The alternative roots will always be marginal, at best.  The 
> problem is that while they are marginal, they can still create 
> serious problems for the rest of us.

In the context which people have been discussing, I don't honestly see
how they cause "the rest of us" problems.  People with domains *in*
those aTLD's, yes.  But as I noted somewhere else in this thread, the
only people who would have un-mirrored aTLD domains would be precisely
those who were evangelising for the concept, and it would be in their
best interest to be explaining what was going on...

> >  But Steve's approach doesn't seem to *me* to play in that direction.
> >  Am I wrong?
>
>       I'm not sure I understand which Steve you're talking about.  Do 
> you mean Steve Gibbard, in his post dated Sun, 3 Jul 2005 22:20:13 
> -0700 (PDT)?

I did mean Mr. Gibbard, yes.

>                 If so, then each country running their own alternative 
> root won't solve the problem of data leaking through the edges. 

"Data leaking through the edges"...

> People will always be able to access data by pure IP address, or 
> choosing to use the real root servers.  Push come to shove, and the 
> real root servers could be proxied through other systems via other 
> methods.

"Real" is *such* a metaphysical term here, isn't it?  :-)

>       The reverse problem is more difficult to deal with -- that of 
> people wanting to access Chinese (or whatever) sites that can only be 
> found in the Chinese-owned alternative root.

Stipulated.  But whose problem *is* that?

Cheers,
-- jra
-- 
Jay R. Ashworth                                                jra () baylink com
Designer                          Baylink                             RFC 2100
Ashworth & Associates        The Things I Think                        '87 e24
St Petersburg FL USA      http://baylink.pitas.com             +1 727 647 1274

      If you can read this... thank a system administrator.  Or two.  --me