[ga] "Alternative roots": a big technical failure
Proponents of "alternative roots" often explain that these "roots" work as
well as the ICANN/USG one. It is not a big deal: operating a dozen of
nameservers with a very low traffic is not a great technical achievement. The
alternative roots would have much more problems with political, legal or
financial issues!
But even this (comparatively) simple task is not performed properly. At home,
I use ORSC, apparently one of the most serious of the alternative roots
(advices on better roots are welcome).
Today, ORSC managed to break ".org". Names in this TLD cannot be resolved
anymore, if you happen to use k.root-servers.orsc (it is the closest from me).
Here is the proper reply, as sent by a.root-servers.orsc (or an ICANN/USG root
nameserver).
~ % dig @a.root-servers.orsc NS org
; <<>> DiG 9.2.1 <<>> @a.root-servers.orsc NS org
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35606
;; flags: qr rd; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 2
;; ANSWER SECTION:
org. 86400 IN NS TLD2.ULTRADNS.NET.
org. 86400 IN NS TLD1.ULTRADNS.NET.
Here is the one sent by the bogus nameserver:
~ % dig @k.root-servers.orsc NS org
; <<>> DiG 9.2.1 <<>> @k.root-servers.orsc NS org
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52691
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 9, ADDITIONAL: 9
;; QUESTION SECTION:
;org. IN NS
;; AUTHORITY SECTION:
org. 86400 IN NS a7.nstld.com.
org. 86400 IN NS l7.nstld.com.
org. 86400 IN NS g7.nstld.com.
org. 86400 IN NS f7.nstld.com.
org. 86400 IN NS m5.nstld.com.
org. 86400 IN NS j5.nstld.com.
org. 86400 IN NS i5.nstld.com.
org. 86400 IN NS c5.nstld.com.
org. 86400 IN NS e5.nstld.com.
(These are the old data of ".org", prior to its redelegation to PIR. No wonder
these nameservers no longer reply for ".org".)
A mail sent to ORSC technical list, tech@xxxxxxxxxxxx, was apparently not
distributed (I'm on the list and received nothing).
Mail to the mail address in the SOA, hostmaster@xxxxxxxxxxxxxxxxxxx, bounced
(62.212.100.181: Client host rejected: Access denied, it seems I'm on some
black list.)