|
-
Thanks Generic. My conclusion is that China *HAS* add to the top, the guy that claims otherwise is wrong or is trying to buy time for damage control .....
My proof follows:
Grabbing a Chinese domain at random "WWW.CN" I queried the ICANN ROOT which says the following are the official .CN ROOT servers:
Code:
CN NS A.DNS.CN TTL= 172800, 2. DAYS
CN NS DNS2.CNNIC.NET.CN TTL= 172800, 2. DAYS
CN NS NS.CERNET.NET TTL= 172800, 2. DAYS
CN NS DNS4.CNNIC.NET.CN TTL= 172800, 2. DAYS
CN NS B.DNS.CN TTL= 172800, 2. DAYS
CN NS C.DNS.CN TTL= 172800, 2. DAYS
I then queried the official "A.DNS.CN" ROOT server (first on list) which I had noted yesterday was behaving "differently" and asked it for the records for "xn--i6qz82m.xn--55qx5d" which it *SHOULD* have sent me back to the ICANN ROOT server for. But it *DID NOT*, it gave me:
Code:
XN--I6QZ82M.XN--55QX5D NS NS1.I-DNS.BIZ TTL= 3600, 1. HOURS
XN--I6QZ82M.XN--55QX5D NS NS2.I-DNS.BIZ TTL= 3600, 1. HOURS
Which tells us that China *HAS* implemented the new TLDs via; NS1.I-DNS.BIZ, NS2.I-DNS.BIZ. And So I passed the query to the first one (which is *EXACTLY* what your ISP does to resolve a domain) and got:
Code:
XN--I6QZ82M.XN--55QX5D * Response is Authoritative
MAIL.I-DNS.NET A 203. 81. 44. 31 TTL= 42690, 11.8 HOURS
NS1.UNIVERSAL-NAMES.COM A 203. 81. 44. 40 TTL= 20624, 5.72 HOURS
NS2.UNIVERSAL-NAMES.COM A 203. 81. 44. 27 TTL= 20624, 5.72 HOURS
XN--I6QZ82M.XN--55QX5D A 203. 81. 44. 27 TTL= 86400, 1. DAYS
XN--I6QZ82M.XN--55QX5D MX MAIL.I-DNS.NET, PREF = 10 TTL= 86400, 1. DAYS
XN--I6QZ82M.XN--55QX5D NS NS1.UNIVERSAL-NAMES.COM TTL= 86400, 1. DAYS
XN--I6QZ82M.XN--55QX5D NS NS1.UNIVERSAL-NAMES.COM TTL= 86400, 1. DAYS
XN--I6QZ82M.XN--55QX5D NS NS2.UNIVERSAL-NAMES.COM TTL= 86400, 1. DAYS
XN--I6QZ82M.XN--55QX5D NS NS2.UNIVERSAL-NAMES.COM TTL= 86400, 1. DAYS
XN--I6QZ82M.XN--55QX5D SOA PRI DNS = NS2.UNIVERSAL-NAMES.COM
CONTACT = SUPPORT.UNIVERSAL-NAMES.COM
SERIAL = 2003020604
REFRESH = 7200, 2. HOURS
RETRY = 3600, 1. HOURS
EXPIRE = 604800, 1. WEEKS
TTL MIN = 86400, 1. DAYS
TTL = 86400, 1. DAYS
And the most crutial part of this is the first line where that server says it's *AUTHORITATIVE* for that domain name.
It's confirmed.
Now here's the key part: Since ICANN's ROOT says the "xn--55qx5d" TLD does not exists, Chinese ISP's must simple add their countries ROOT server to there list of ROOT servers (a very trivial and reasonsible request / expectation) thus given them identical power and influence as ICANN.
ICANNs's *SCREWED* as this single record, obtained by properly following the DNS chain from China's ROOT servers, is all one needs to prove the case:
Code:
XN--I6QZ82M.XN--55QX5D * Response is Authoritative
XN--I6QZ82M.XN--55QX5D A 203. 81. 44. 27 TTL= 86400, 1. DAYS
And note that this is precisely how I'd earlier propose european TLDs implement their own TLDs and start adding ne TLDs. It's a very trivial and very obvious step. It's just a matter of having the brass to do it.
Last edited by ILikeInfo; 03-07-2006 at 02:21 PM.
-
Seems to me that its just basically isps resolving the names similiar to what NN use to do, in addition to offerance of a plugin. If you are not using an enabled isp - one near china (someone reported that this didnt work even in china with a particular isp) you would never even see these names I would imagine.
Last edited by generic; 03-07-2006 at 02:31 PM.
-
Originally posted by generic
Seems to me that its just basically isps resolving the names similiar to what NN use to do. If you are not using an enabled isp - one near china (someone reported that this didnt work even in china with a particular isp) you would never even see these names I would imagine.
No, it's *NOT* like New.Net.
However *ANYBODY* can use their servers to resolve the new TLDs.
Here's further proof:
I queried NS2.I-DNS.BIZ for DomainState.com:
Code:
DOMAINSTATE.COM * Response is not Authoritative
NS.STATESSERVER2.COM A 64. 65. 0.152 TTL= 172751, 1.99 DAYS
NS.STATESSERVER3.COM A 66.132.233. 18 TTL= 172751, 1.99 DAYS
DOMAINSTATE.COM NS NS.STATESSERVER2.COM TTL= 172751, 1.99 DAYS
DOMAINSTATE.COM NS NS.STATESSERVER2.COM TTL= 172751, 1.99 DAYS
DOMAINSTATE.COM NS NS.STATESSERVER3.COM TTL= 172751, 1.99 DAYS
DOMAINSTATE.COM NS NS.STATESSERVER3.COM TTL= 172751, 1.99 DAYS
Notice the server admited to not being the authority, but yet it went out to the ICANN ROOT and got the correct "next step" records for me to *CIRCUMVENT* the ICANN ROOT ...
They have intentional setup those server to resolve their new TLD *AND* replace the entire ICANN ROOT server system. If this was not the case their response would have been:
Code:
DOMAINSTATE.COM * Response is not Authoritative
A.ROOT-SERVERS.NET A 198. 41. 0. 4 TTL= 191124, 2.21 DAYS
B.ROOT-SERVERS.NET A 192.228. 79.201 TTL= 191124, 2.21 DAYS
C.ROOT-SERVERS.NET A 192. 33. 4. 12 TTL= 191124, 2.21 DAYS
D.ROOT-SERVERS.NET A 128. 8. 10. 90 TTL= 191124, 2.21 DAYS
E.ROOT-SERVERS.NET A 192.203.230. 10 TTL= 191124, 2.21 DAYS
F.ROOT-SERVERS.NET A 192. 5. 5.241 TTL= 191124, 2.21 DAYS
G.ROOT-SERVERS.NET A 192.112. 36. 4 TTL= 191124, 2.21 DAYS
H.ROOT-SERVERS.NET A 128. 63. 2. 53 TTL= 191124, 2.21 DAYS
I.ROOT-SERVERS.NET A 192. 36.148. 17 TTL= 191124, 2.21 DAYS
J.ROOT-SERVERS.NET A 192. 58.128. 30 TTL= 191124, 2.21 DAYS
K.ROOT-SERVERS.NET A 193. 0. 14.129 TTL= 191124, 2.21 DAYS
L.ROOT-SERVERS.NET A 198. 32. 64. 12 TTL= 191124, 2.21 DAYS
M.ROOT-SERVERS.NET A 202. 12. 27. 33 TTL= 191124, 2.21 DAYS
NS A.ROOT-SERVERS.NET TTL= 104724, 1.21 DAYS
NS B.ROOT-SERVERS.NET TTL= 104724, 1.21 DAYS
NS C.ROOT-SERVERS.NET TTL= 104724, 1.21 DAYS
NS D.ROOT-SERVERS.NET TTL= 104724, 1.21 DAYS
NS E.ROOT-SERVERS.NET TTL= 104724, 1.21 DAYS
NS F.ROOT-SERVERS.NET TTL= 104724, 1.21 DAYS
NS G.ROOT-SERVERS.NET TTL= 104724, 1.21 DAYS
NS H.ROOT-SERVERS.NET TTL= 104724, 1.21 DAYS
NS I.ROOT-SERVERS.NET TTL= 104724, 1.21 DAYS
NS J.ROOT-SERVERS.NET TTL= 104724, 1.21 DAYS
NS K.ROOT-SERVERS.NET TTL= 104724, 1.21 DAYS
NS L.ROOT-SERVERS.NET TTL= 104724, 1.21 DAYS
NS M.ROOT-SERVERS.NET TTL= 104724, 1.21 DAYS
Which is the standard response for DNS servers to get you back to the ICANN ROOT to start your query.
ICANN's screwed.
-
maybe someone should tell ICANN
I guess we can go home now 
-
Originally posted by generic
maybe someone should tell ICANN
I guess we can go home now
I'm no genius. ICANN has people that have done this and know what's going on. Now lets see how long it takes for other countries to follow though doing the same thing.
-
Originally posted by ILikeInfo
I'm no genius. ICANN has people that have done this and know what's going on. Now lets see how long it takes for other countries to follow though doing the same thing.
So, can you summarize in plain English what you understand has happened and what are the potential implications?
-
Originally posted by Speculator
So, can you summarize in plain English what you understand has happened and what are the potential implications?
You have to understand one part of the ROOT server *SYSTEM* to understand what they did:
ICANN controls many DNS servers located at *FIXED* locations, these DNS server are call the ROOT and are the starting point to resolve all domain names *BUT* these server do not resolve domain names (a lie you'll have to live with).
These ICANN DNS servers then "point you" to the DNS that *DOES* resolve the TLD you are searching for. For .CN's your browser in effect goes the the ICANN servers which then tell you to go to the .CN Chinese DNS server which then give you the address to visit and your browser takes you there.
So what happens if you go to the say. .INFO server to get the address of a .CN? The .INFO server send you back to the ICANN "ROOT" or "beginning". But the fact that the .CN server does not do that demostrates that China is configuring it's servers to *REPLACE* the ICANN server instead of sending anyone to them as all the other servers *BELOW* the ROOT do.
It's really not much different than your local ISP intercepting your error / typo traffic and dumping you into their own PPC. It's like Verisign with site finder, but a site finder ust limited to China and that does not dump into PPC but actually implements TLDs versus TLD typos.
-
Originally posted by ILikeInfo
You have to understand one part of the ROOT server *SYSTEM* to understand what they did:
ICANN controls many DNS servers located at *FIXED* locations, these DNS server are call the ROOT and are the starting point to resolve all domain names *BUT* these server do not resolve domain names (a lie you'll have to live with).
These ICANN DNS servers then "point you" to the DNS that *DOES* resolve the TLD you are searching for. For .CN's your browser in effect goes the the ICANN servers which then tell you to go to the .CN Chinese DNS server which then give you the address to visit and your browser takes you there.
So what happens if you go to the say. .INFO server to get the address of a .CN? The .INFO server send you back to the ICANN "ROOT" or "beginning". But the fact that the .CN server does not do that demostrates that China is configuring it's servers to *REPLACE* the ICANN server instead of sending anyone to them as all the other servers *BELOW* the ROOT do.
It's really not much different than your local ISP intercepting your error / typo traffic and dumping you into their own PPC. It's like Verisign with site finder, but a site finder ust limited to China and that does not dump into PPC but actually implements TLDs versus TLD typos.
Thanks for taking the time. So, what in your opinion would be the likely impact on various TLDs if any?
-
Originally posted by ILikeInfo
But the fact that the .CN server does not do that demostrates that China is configuring it's servers to *REPLACE* the ICANN server instead of sending anyone to them as all the other servers *BELOW* the ROOT do.
But isnt the .cn dns server (or whatever) still sending everything to the right place just like the ICANN root server would have and the only difference is that it is resolving these nonnewtlds which the root servers wouldnt?
Last edited by generic; 03-07-2006 at 03:09 PM.
-
Originally posted by Speculator
Thanks for taking the time. So, what in your opinion would be the likely impact on various TLDs if any?
I think it's more an issue on what I've been saying about .COM and ICANN's control of the internet.
I think a blow out of TOP level domains that are really meanful just give people more options and give .COM competition. For example, no matter how well recognized .COM is, if it's a foreign character set them there's reason to use a TLD that makes sense in your own country. ust because some organization has said "China == .CN" does not mean China thinks .CN makes sense .....
In this case China is saying "We don't care if the rest of the world can see these TLDs". However others wanting to do buisness inside of China will want those TLDs espically if the government is driving adoption.
I don't think China, or others, would intentional interfere with the current ICANN approved TLD's and would thus insure they continue to work. But now they are not sittting around waiting for ICANN to take action and deploy TLDs that others may feel are needed, and the more this is done the less there is for ICANN to do *AND* ICANN controls less and less of those TLDs and the servers that resolve them.
Furthermore this is the step that helps assure European government to forget about the UN and trying to pry control out of ICANN. Just setup your own server in your country and use them to route around the ICANN route ust like China is doing. Those ICANN ROOT server *ARE NOT* so magical as to make the internet impossible to route around them ... It's trivial to do and it's the same thing as ICANN themselves adding another server to their own list of servers.
-
so, by doing that, all you are really doing is creating a mirror of the icann root server plus adding your own configuration to resolve some internal new tlds that no one else will see, unless you spread by isp
-
Originally posted by generic
But isnt the .cn dns server (or whatever) still sending everything to the right place just like the ICANN root server
*NO*
And that was my point:
It's *RESOLVING THEM* around the ICANN route versus sending the "foreign request" to the ICANN servers and letting them handle the request. They've intentionally made the ICANN servers unneeded / redundent to there own countries servers.
Also note that since China is controling it's citizens use of the internet this also means that China can now actually *HARD ROUTE* all requests to the ICANN servers to their own servers and thus monitor all it's citizens as well as exclude any websites it wants. Yet at the same time nothing will break unless they want to break it / stop a site from resolving.
-
Originally posted by generic
so, by doing that, all you are really doing is creating a mirror of the icann root
*NO*
Their *OFFICAL ICANN SERVER* intercepted my request, then their subsequent DNS server used the ICANN server to resolve it and provide me the correct response.
They are *NOT* making a copy / mirror.
They are simply inserting themselve between ICANN and their citizens. This allows them to freely add new TLD's while supporting all the current and future ICANN TLDs. They can also stop resolving any domain(s) they want to == "Filter" their citizens access to the internet.
Last edited by ILikeInfo; 03-07-2006 at 03:27 PM.
-
well, i dont see how icann is screwed
what, countries are gonna start making their own similar server setups while still resolving icann tlds or not resolving them?
anyway I have a headache now
Last edited by generic; 03-07-2006 at 03:35 PM.
-
I've a strong feeling that although China most probably has a legitimate interest in full deployment of IDNs it's just using ICAAN's delay in doing so as an excuse to basically get a handle (read control) over their citizen's Internet usage for political reasons. As I see the Internet *maturing* it'd be evolving from the utopian concept of being a free, independent, global medium to one which is regionally and nationally controlled by individual governments; I guess its too vital to be left alone !!
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
Forum Rules
|
|
|
View Profile
View Forum Posts
Reply With Quote