[ga] "Alternative roots": a big technical failure

To: ga@xxxxxxxxxxxxxx
Subject: [ga] "Alternative roots": a big technical failure
From: Stephane Bortzmeyer <bortzmeyer@xxxxxx>
Date: Sat, 06 Mar 2004 22:02:19 +0100
Sender: owner-ga@xxxxxxxxxxxxxx

Proponents of "alternative roots" often explain that these "roots" work as 
well as the ICANN/USG one. It is not a big deal: operating a dozen of 
nameservers with a very low traffic is not a great technical achievement. The 
alternative roots would have much more problems with political, legal or 
financial issues!

But even this (comparatively) simple task is not performed properly. At home, 
I use ORSC, apparently one of the most serious of the alternative roots 
(advices on better roots are welcome).

Today, ORSC managed to break ".org". Names in this TLD cannot be resolved 
anymore, if you happen to use k.root-servers.orsc (it is the closest from me).

Here is the proper reply, as sent by a.root-servers.orsc (or an ICANN/USG root 
nameserver).

~ % dig @a.root-servers.orsc NS org

; <<>> DiG 9.2.1 <<>> @a.root-servers.orsc NS org
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35606
;; flags: qr rd; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 2

;; ANSWER SECTION:
org.                    86400   IN      NS      TLD2.ULTRADNS.NET.
org.                    86400   IN      NS      TLD1.ULTRADNS.NET.

Here is the one sent by the bogus nameserver:

~ % dig  @k.root-servers.orsc NS org 

; <<>> DiG 9.2.1 <<>> @k.root-servers.orsc NS org
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52691
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 9, ADDITIONAL: 9

;; QUESTION SECTION:
;org.                           IN      NS

;; AUTHORITY SECTION:
org.                    86400   IN      NS      a7.nstld.com.
org.                    86400   IN      NS      l7.nstld.com.
org.                    86400   IN      NS      g7.nstld.com.
org.                    86400   IN      NS      f7.nstld.com.
org.                    86400   IN      NS      m5.nstld.com.
org.                    86400   IN      NS      j5.nstld.com.
org.                    86400   IN      NS      i5.nstld.com.
org.                    86400   IN      NS      c5.nstld.com.
org.                    86400   IN      NS      e5.nstld.com.

(These are the old data of ".org", prior to its redelegation to PIR. No wonder 
these nameservers no longer reply for ".org".)

A mail sent to ORSC technical list, tech@xxxxxxxxxxxx, was apparently not 
distributed (I'm on the list and received nothing).

Mail to the mail address in the SOA, hostmaster@xxxxxxxxxxxxxxxxxxx, bounced 
(62.212.100.181: Client host rejected: Access denied, it seems I'm on some 
black list.)

Follow-Ups:
- Re: [ga] "Alternative roots": a big technical failure
  - From: J-F C. (Jefsey) Morfin

Prev by Date: Re: [ga] Verisign vs. ICANN: More at Stake than Sitefinder - From CircleID
Next by Date: Re: [ga] "Alternative roots": a big technical failure
Previous by thread: Re: [ga] Verisign vs. ICANN: More at Stake than Sitefinder - From CircleID
Next by thread: Re: [ga] "Alternative roots": a big technical failure
Index(es):
- Date
- Thread