From webmaster at ripe.net Thu Jul 4 13:59:40 2002 From: webmaster at ripe.net (RIPE NCC Document Announcement Service) Date: Thu, 04 Jul 2002 13:59:40 +0200 Subject: New Document available: RIPE-244 Message-ID: <200207041159.g64BxeC15707@birch.ripe.net> New RIPE Document Announcement -------------------------------------- A new document is available from the RIPE document store. Ref: ripe-244 Title: Policy for Reverse Address Delegation under in-addr.arpa in the RIPE NCC Service Region Author: Joao Luis Silva Damas, Leo Vegoda Date: 4 July 2002 Format: PS=13515 TXT=4723 Obsoletes: Obsoleted by: Updates: Updated by: Short content description ------------------------- This document describes the policy for reverse delegation of IPv4 assignments and allocations in the RIPE NCC service region. Accessing the RIPE document store --------------------------------- You can access the "Policy for Reverse Address Delegation under in-addr.arpa in the RIPE NCC Service Region" in HTML format at the following URL: http://www.ripe.net/ripe/docs/rev-del.html The RIPE document store is also available via anonymous FTP to ftp.ripe.net, in the directory ripe/docs. The URLs for the new documents on the FTP-server are: ftp://ftp.ripe.net/ripe/docs/ripe-244.ps PostScript version ftp://ftp.ripe.net/ripe/docs/ripe-244.txt plain text version From hank at att.net.il Fri Jul 5 08:51:28 2002 From: hank at att.net.il (Hank Nussbacher) Date: Fri, 05 Jul 2002 09:51:28 +0300 Subject: [lir-wg] New Document available: RIPE-244 In-Reply-To: <200207041159.g64BxeC15707@birch.ripe.net> Message-ID: <5.1.0.14.2.20020705095029.01025c90@max.att.net.il> At 01:59 PM 04-07-02 +0200, RIPE NCC Document Announcement Service wrote: Shouldn't this be listed at: http://www.ripe.net/ripe/docs/titletoc.html http://www.ripe.net/ripe/docs/internet-registries.html as well? -Hank >New RIPE Document Announcement >-------------------------------------- >A new document is available from the RIPE document store. > > >Ref: ripe-244 >Title: Policy for Reverse Address Delegation > under in-addr.arpa in the RIPE NCC Service Region > >Author: Joao Luis Silva Damas, Leo Vegoda >Date: 4 July 2002 >Format: PS=13515 TXT=4723 >Obsoletes: >Obsoleted by: >Updates: >Updated by: > > >Short content description ------------------------- > >This document describes the policy for reverse delegation of IPv4 >assignments and allocations in the RIPE NCC service region. > >Accessing the RIPE document store --------------------------------- > >You can access the "Policy for Reverse Address Delegation under >in-addr.arpa in the RIPE NCC Service Region" in HTML format at the >following URL: > > http://www.ripe.net/ripe/docs/rev-del.html > >The RIPE document store is also available via anonymous FTP to >ftp.ripe.net, in the directory ripe/docs. >The URLs for the new documents on the FTP-server are: > > ftp://ftp.ripe.net/ripe/docs/ripe-244.ps PostScript version > ftp://ftp.ripe.net/ripe/docs/ripe-244.txt plain text version From nader at interlink.com.eg Sun Jul 7 13:52:37 2002 From: nader at interlink.com.eg (nader) Date: Sun, 07 Jul 2002 14:52:37 +0300 Subject: Dear Sir Message-ID: <3D282B85.AEB17EC4@interlink.com.eg> Hi , I have DNS Version 4 installed on NT4 machine , I have a problem that many sites did not open although when i changed to use another DNS IP's it worked very well , How can I make my dns work properly? Waiting for your reply Nader From pk at TechFak.Uni-Bielefeld.DE Wed Jul 10 17:14:29 2002 From: pk at TechFak.Uni-Bielefeld.DE (Peter Koch) Date: Wed, 10 Jul 2002 17:14:29 +0200 Subject: New draft charter for the RIPE DNS WG Message-ID: <200207101514.RAA24683@grimsvotn.TechFak.Uni-Bielefeld.DE> Dear DNS WG members, the working group charter posted at http://www.ripe.net/ripe/wg/dns/ is a bit out of date and no longer really accurate: The Domain Name System working group discusses current BIND versions. It is also concerned with potential pollution of the DNS and with domain name related issues. Jim and I have discussed this and we thought the charter should be adjusted to better reflect what the WG has been dealing with during the past couple of meetings and is going to do in the near future. Together with the meeting agendas this may help (new) participants to decide whether to attend and contribute ideas and questions. So, this is our suggestion for an updated charter: The Domain Name System (DNS) working group discusses current DNS related issues in technology and operations. It supports deployment of newly developed DNS and DNS related protocol components by collecting experience and documenting current practice and recommendations. It is therefore also a feedback channel to the IETF. The WG also discusses DNS software implementations, especially security and scalability aspects as well as performance and interoperability. It does not try to ``support'' all these software products. Bugs in specific products are only discussed if they affect critical infrastructure or interoperability at a large scale (differential analysis). The DNS WG works as a contact for the Registry and Registrar community, watching DNS quality. It discusses registration policies only to the extent technical questions are concerned (e.g. pre delegation checks & quality control). Please send comments to this list. -Peter From rodney at declarator.net Wed Jul 10 17:23:04 2002 From: rodney at declarator.net (Rodney Thayer) Date: Wed, 10 Jul 2002 08:23:04 -0700 Subject: New draft charter for the RIPE DNS WG In-Reply-To: <200207101514.RAA24683@grimsvotn.TechFak.Uni-Bielefeld.DE> Message-ID: <5.1.0.14.2.20020710081928.02e51500@mail.declarator.net> That sounds fine, except the WG also discusses operational and procedural issues, for example how to sign zones. How about, as a replacement sentence... "The WG also discusses DNS software implementations, especially security and scalability aspects as well as performance, interoperability, and operational procedures needed by newly developed and deployed DNS features." That covers new things for DNSSEC whilst being general. At 05:14 PM 7/10/02 +0200, Peter Koch wrote: >Dear DNS WG members, > >the working group charter posted at http://www.ripe.net/ripe/wg/dns/ >is a bit out of date and no longer really accurate: > > The Domain Name System working group discusses current BIND versions. > It is also concerned with potential pollution of the DNS and with domain > name related issues. > >Jim and I have discussed this and we thought the charter should be adjusted >to better reflect what the WG has been dealing with during the past couple >of meetings and is going to do in the near future. Together with the meeting >agendas this may help (new) participants to decide whether to attend and >contribute ideas and questions. So, this is our suggestion for an updated >charter: > > The Domain Name System (DNS) working group discusses current DNS related > issues in technology and operations. It supports deployment of newly > developed DNS and DNS related protocol components by collecting > experience and documenting current practice and recommendations. > It is therefore also a feedback channel to the IETF. > The WG also discusses DNS software implementations, especially security > and scalability aspects as well as performance and interoperability. > It does not try to ``support'' all these software products. Bugs in > specific products are only discussed if they affect critical > infrastructure or interoperability at a large scale (differential > analysis). > The DNS WG works as a contact for the Registry and Registrar community, > watching DNS quality. > It discusses registration policies only to the extent technical > questions > are concerned (e.g. pre delegation checks & quality control). > >Please send comments to this list. > >-Peter From brad.knowles at skynet.be Wed Jul 10 17:36:01 2002 From: brad.knowles at skynet.be (Brad Knowles) Date: Wed, 10 Jul 2002 17:36:01 +0200 Subject: New draft charter for the RIPE DNS WG In-Reply-To: <200207101514.RAA24683@grimsvotn.TechFak.Uni-Bielefeld.DE> References: <200207101514.RAA24683@grimsvotn.TechFak.Uni-Bielefeld.DE> Message-ID: At 5:14 PM +0200 2002/07/10, Peter Koch wrote: > Jim and I have discussed this and we thought the charter should be adjusted > to better reflect what the WG has been dealing with during the past couple > of meetings and is going to do in the near future. I think that you've come up with a much better charter for this group. Out of curiosity, do you think that the group should also help sponsor the development of open source tools to help monitor DNS-related issues, or evaluate DNS-related tools (either open source or commercial)? I ask because I am the current maintainer for "doc" (a DNS debugging tool) and I am (theoretically) also a co-maintainer for dnswalk (another DNS debugging tool). I say theoretically because I have not yet started to actively work with the dnswalk code, and I don't think that Dave Barr has done anything with it since moving the project to SourceForge. If I could get some sponsorship for some work like this, that would help me justify to my employer my work in this field, and would help me deliver improved tools to the community. In addition, I am aware of some upcoming commercial tools that I think that at least some DNS WG members might be interested in. What about inviting spokespeople from the respective companies to attend future meetings, and perhaps get involved with the DNS WG (if they are not already)? -- Brad Knowles, "They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." -Benjamin Franklin, Historical Review of Pennsylvania. From Jim.Reid at nominum.com Thu Jul 11 11:14:14 2002 From: Jim.Reid at nominum.com (Jim Reid) Date: Thu, 11 Jul 2002 02:14:14 -0700 Subject: New draft charter for the RIPE DNS WG In-Reply-To: Message from Brad Knowles of "Wed, 10 Jul 2002 17:36:01 +0200." Message-ID: <45682.1026378854@shell.nominum.com> >>>>> "Brad" == Brad Knowles writes: >> Jim and I have discussed this and we thought the charter should >> be adjusted to better reflect what the WG has been dealing with >> during the past couple of meetings and is going to do in the >> near future. Brad> I think that you've come up with a much better charter Brad> for this group. Thank you, though Peter deserves all the credit for coming up with the revised charter. Brad> Out of curiosity, do you think that the group should Brad> also help sponsor the development of open source tools to Brad> help monitor DNS-related issues, or evaluate DNS-related Brad> tools (either open source or commercial)? Yes, absolutely. These are clearly things that will be of interest to the WG membership and the DNS community as a whole. Do you feel there's nothing in the revised charter which addresses your points? If not, please suggest some text we could add or at least discuss. Your question of sponsorship is a good one. But there's a problem about how the term is defined. If you mean sponsor in the the sense of encourage or nurture, then I would say yes, that's definitely something the WG can and should do. If you mean hand over money, I'd have to uhm and ahh. The WG has no money or budget and I'd be pleasantly surprised if the members would be willing to put their hands in their pockets. Deciding how any money raised got spent would also present an administrative headache. These are not intractable problems. My view is that if the WG decided it did want to fund tool development or support, Peter and I would have to try and find a way of making that happen. Some guidance from the WG would be welcome: maybe this should be an agenda item for RIPE43? One thing I would ask people on this list to do is give more feedback and suggestions on what the WG should and should not do. Peter and I have outlined our ideas for the future of the WG and had little response so far. This is disappointing. I'm not sure if we should interpret the silence as approval for our ideas or if there's little interest in them from the WG membership. From stephenb at uk.uu.net Thu Jul 11 11:32:55 2002 From: stephenb at uk.uu.net (Stephen Burley) Date: Thu, 11 Jul 2002 10:32:55 +0100 Subject: New draft charter for the RIPE DNS WG References: <5.1.0.14.2.20020710081928.02e51500@mail.declarator.net> Message-ID: <020901c228bd$f05a87b0$2e04bf3e@eu.frd.uu.net> I would just like to remind all that the more RIPE/NCC get diversified in their focus, the less gets done in the areas that realy matter to us. I am not disagreeing with the outline i just feel we need to evaluate how much of what is discussed at the meetings is IP relavent. We can not complain at the NCC about high wait times on requests if we the community are distracting the NCC with none core function projects and fact finding. Regards, Stephen Burley WorldCom EMEA Hostmaster SB855-RIPE ----- Original Message ----- From: "Rodney Thayer" To: Sent: Wednesday, July 10, 2002 4:23 PM Subject: Re: New draft charter for the RIPE DNS WG > That sounds fine, except the WG also discusses operational > and procedural issues, for example how to sign zones. > > How about, as a replacement sentence... > > > "The WG also discusses DNS software implementations, especially security > and scalability aspects as well as performance, interoperability, and > operational procedures needed by newly developed and deployed DNS features." > > That covers new things for DNSSEC whilst being general. > > At 05:14 PM 7/10/02 +0200, Peter Koch wrote: > > >Dear DNS WG members, > > > >the working group charter posted at http://www.ripe.net/ripe/wg/dns/ > >is a bit out of date and no longer really accurate: > > > > The Domain Name System working group discusses current BIND versions. > > It is also concerned with potential pollution of the DNS and with domain > > name related issues. > > > >Jim and I have discussed this and we thought the charter should be adjusted > >to better reflect what the WG has been dealing with during the past couple > >of meetings and is going to do in the near future. Together with the meeting > >agendas this may help (new) participants to decide whether to attend and > >contribute ideas and questions. So, this is our suggestion for an updated > >charter: > > > > The Domain Name System (DNS) working group discusses current DNS related > > issues in technology and operations. It supports deployment of newly > > developed DNS and DNS related protocol components by collecting > > experience and documenting current practice and recommendations. > > It is therefore also a feedback channel to the IETF. > > The WG also discusses DNS software implementations, especially security > > and scalability aspects as well as performance and interoperability. > > It does not try to ``support'' all these software products. Bugs in > > specific products are only discussed if they affect critical > > infrastructure or interoperability at a large scale (differential > > analysis). > > The DNS WG works as a contact for the Registry and Registrar community, > > watching DNS quality. > > It discusses registration policies only to the extent technical > > questions > > are concerned (e.g. pre delegation checks & quality control). > > > >Please send comments to this list. > > > >-Peter > From pierre at baume.org Thu Jul 11 11:47:11 2002 From: pierre at baume.org (Pierre Baume) Date: Thu, 11 Jul 2002 11:47:11 +0200 (CEST) Subject: New draft charter for the RIPE DNS WG In-Reply-To: <020901c228bd$f05a87b0$2e04bf3e@eu.frd.uu.net> Message-ID: Stephen, Can you be a bit more specific and tell us what parts of the proposed charter cover non-core items, please? Or is it the entire DNS WG?... ;-) Thanks in advance. Pierre. On Thu, 11 Jul 2002, Stephen Burley wrote: > I would just like to remind all that the more RIPE/NCC get diversified > in their focus, the less gets done in the areas that realy matter to us. > I am not disagreeing with the outline i just feel we need to evaluate > how much of what is discussed at the meetings is IP relavent. We can not > complain at the NCC about high wait times on requests if we the > community are distracting the NCC with none core function projects and > fact finding. > > Regards, > > Stephen Burley > WorldCom EMEA Hostmaster > SB855-RIPE [snip] From niallm-ripe at enigma.ie Thu Jul 11 14:07:29 2002 From: niallm-ripe at enigma.ie (Niall Richard Murphy) Date: Thu, 11 Jul 2002 13:07:29 +0100 Subject: New draft charter for the RIPE DNS WG In-Reply-To: <200207101514.RAA24683@grimsvotn.TechFak.Uni-Bielefeld.DE>; from pk@TechFak.Uni-Bielefeld.DE on Wed, Jul 10, 2002 at 05:14:29PM +0200 References: <200207101514.RAA24683@grimsvotn.TechFak.Uni-Bielefeld.DE> Message-ID: <20020711130729.A45279@enigma.ie> On Wed, Jul 10, 2002 at 05:14:29PM +0200, Peter Koch wrote: Folks, > The Domain Name System (DNS) working group discusses current DNS related > issues in technology and operations. It supports deployment of newly > developed DNS and DNS related protocol components by collecting > experience and documenting current practice and recommendations. All good. Perhaps some people would complain that "best" should be prefixed to "current practice", but I'm not one of those people :-) > The DNS WG works as a contact for the Registry and Registrar community, > watching DNS quality. What is the overlap between this and the technical function of CENTR, for example? > Please send comments to this list. Looks good Peter. Niall -- Enigma Consulting Limited: Security, UNIX and telecommunications consultants. Address: Floor 2, 45 Dawson Street, Dublin 2, Ireland. http://www.enigma.ie/ From niallm-ripe at enigma.ie Thu Jul 11 14:11:39 2002 From: niallm-ripe at enigma.ie (Niall Richard Murphy) Date: Thu, 11 Jul 2002 13:11:39 +0100 Subject: New draft charter for the RIPE DNS WG In-Reply-To: <020901c228bd$f05a87b0$2e04bf3e@eu.frd.uu.net>; from stephenb@uk.uu.net on Thu, Jul 11, 2002 at 10:32:55AM +0100 References: <5.1.0.14.2.20020710081928.02e51500@mail.declarator.net> <020901c228bd$f05a87b0$2e04bf3e@eu.frd.uu.net> Message-ID: <20020711131139.B45279@enigma.ie> On Thu, Jul 11, 2002 at 10:32:55AM +0100, Stephen Burley wrote: Stephen, I'm not sure to what extent the hostmaster function of the NCC provides the cycles to make the WG go. My impression is that the majority of the work comes from the members, the chairs, and non-directly-registration-related NCC staff. Hence my contention would be that an expanded charter will not change the wait-queue time. Niall > I would just like to remind all that the more RIPE/NCC get diversified in > their focus, the less gets done in the areas that realy matter to us. I am > not disagreeing with the outline i just feel we need to evaluate how much of > what is discussed at the meetings is IP relavent. We can not complain at the > NCC about high wait times on requests if we the community are distracting > the NCC with none core function projects and fact finding. -- Enigma Consulting Limited: Security, UNIX and telecommunications consultants. Address: Floor 2, 45 Dawson Street, Dublin 2, Ireland. http://www.enigma.ie/ From jaap at sidn.nl Thu Jul 11 14:45:00 2002 From: jaap at sidn.nl (Jaap Akkerhuis) Date: Thu, 11 Jul 2002 14:45:00 +0200 Subject: New draft charter for the RIPE DNS WG In-Reply-To: Your message of Thu, 11 Jul 2002 13:07:29 +0100. <20020711130729.A45279@enigma.ie> Message-ID: <200207111245.g6BCj15d045811@bartok.sidn.nl> Hi, Niall: > The DNS WG works as a contact for the Registry and Registrar community, > watching DNS quality. What is the overlap between this and the technical function of CENTR, for example? I was also wondering about this a bit. There is the ENTR technical workgroup and he DNR forum. The first group is not an RIPE thingy at all. They happen to meet often at RIPE meetings, because it is convenient. The intention, as far as can judge, is to bring registry techies together to discuss, exchange information for problems at registrie. And since the core business of a registry (at least, that is my personal opinion) is the maintenance of the zonefile, there is overlap with the dns-wg. But this group does more, registry systems etc. And for the dns part, they are more on the operating end of the spectrum. The DNR-Forum is a Centr/Ripe thingy, but, as Rob always says, Ripe is only just accomodating the meeting (see also the charter, http://www.ripe.net/ripe/wg/dnr/index.html). Again there is an overlap with the dns-wg but the focus of his is more towards registrar/registry interaction (nice way of saying politics). So, one way to answer your question would be to say that DNS-wg is more concerned with the dns protocol sec then with other things surrounding it. jaap From pk at TechFak.Uni-Bielefeld.DE Thu Jul 11 15:15:57 2002 From: pk at TechFak.Uni-Bielefeld.DE (Peter Koch) Date: Thu, 11 Jul 2002 15:15:57 +0200 Subject: New draft charter for the RIPE DNS WG In-Reply-To: Your message of "Thu, 11 Jul 2002 14:45:00 +0200." <200207111245.g6BCj15d045811@bartok.sidn.nl> Message-ID: <200207111315.PAA27856@grimsvotn.TechFak.Uni-Bielefeld.DE> Hello Jaap, > the core business of a registry (at least, that is my personal > opinion) is the maintenance of the zonefile, there is overlap with well, the registries do a lot of database, whois, "IP", lawyers and politics work and one side effect is they produce a zone file. > So, one way to answer your question would be to say that DNS-wg is > more concerned with the dns protocol sec then with other things > surrounding it. That's it. The emphasis on "quality" really meant DNS technical and operational quality, like lame delegations, server redundancy, TTL values, future KEY issues and so on. It's not about the accuracy of the whois data or the quality of the registration policy documents. These nevertheless important topics are covered e.g. in the DNR forum. So, do you think that particular sentence needs rewording? -Peter From stephenb at uk.uu.net Thu Jul 11 15:17:22 2002 From: stephenb at uk.uu.net (Stephen Burley) Date: Thu, 11 Jul 2002 14:17:22 +0100 Subject: New draft charter for the RIPE DNS WG References: <5.1.0.14.2.20020710081928.02e51500@mail.declarator.net> <020901c228bd$f05a87b0$2e04bf3e@eu.frd.uu.net> <20020711131139.B45279@enigma.ie> Message-ID: <031a01c228dd$4a9e7fa0$2e04bf3e@eu.frd.uu.net> As i said in the email i am not against the charter i just wanted to clarify that we will not take resources from the NCC like the Test Traffic white elephant did (though i am sure Daniel would disagree ;). Stephen Burley WorldCom EMEA Hostmaster SB855-RIPE ----- Original Message ----- From: "Niall Richard Murphy" To: "Stephen Burley" Cc: Sent: Thursday, July 11, 2002 1:11 PM Subject: Re: New draft charter for the RIPE DNS WG > On Thu, Jul 11, 2002 at 10:32:55AM +0100, Stephen Burley wrote: > > Stephen, > > I'm not sure to what extent the hostmaster function of the NCC provides > the cycles to make the WG go. > > My impression is that the majority of the work comes from the members, the > chairs, and non-directly-registration-related NCC staff. Hence my contention > would be that an expanded charter will not change the wait-queue time. > > Niall > > > I would just like to remind all that the more RIPE/NCC get diversified in > > their focus, the less gets done in the areas that realy matter to us. I am > > not disagreeing with the outline i just feel we need to evaluate how much of > > what is discussed at the meetings is IP relavent. We can not complain at the > > NCC about high wait times on requests if we the community are distracting > > the NCC with none core function projects and fact finding. > > -- > Enigma Consulting Limited: Security, UNIX and telecommunications consultants. > Address: Floor 2, 45 Dawson Street, Dublin 2, Ireland. > http://www.enigma.ie/ From rodney at declarator.net Thu Jul 11 16:24:42 2002 From: rodney at declarator.net (Rodney Thayer) Date: Thu, 11 Jul 2002 07:24:42 -0700 Subject: New draft charter for the RIPE DNS WG In-Reply-To: <20020711130729.A45279@enigma.ie> References: <200207101514.RAA24683@grimsvotn.TechFak.Uni-Bielefeld.DE> <200207101514.RAA24683@grimsvotn.TechFak.Uni-Bielefeld.DE> Message-ID: <5.1.0.14.2.20020711072204.032a1e20@mail.declarator.net> At 01:07 PM 7/11/02 +0100, Niall Richard Murphy wrote: >On Wed, Jul 10, 2002 at 05:14:29PM +0200, Peter Koch wrote: > >Folks, > > > The Domain Name System (DNS) working group discusses current DNS > related > > issues in technology and operations. It supports deployment of newly > > developed DNS and DNS related protocol components by collecting > > experience and documenting current practice and recommendations. > >All good. Perhaps some people would complain that "best" should be prefixed >to "current practice", but I'm not one of those people :-) Not to borrow too much from RIPE's (dis)functional distant cousin, IETF, but it would generally make sense to have a WG enumerate, through consensus, what the relevant "current practice" is before declaring, as a WG, what the "best current practice" is. If of course that's something the WG wishes to address. DNS timeouts might be the wrong topic. How within the RIPE community you address the issue of TLD's dropping off the internet transiently, from odd-numbered counties within the UK, like .to did last night, might be relevant. From Jim.Reid at nominum.com Thu Jul 11 16:33:25 2002 From: Jim.Reid at nominum.com (Jim Reid) Date: Thu, 11 Jul 2002 07:33:25 -0700 Subject: New draft charter for the RIPE DNS WG In-Reply-To: Message from "Stephen Burley" of "Thu, 11 Jul 2002 10:32:55 BST." <020901c228bd$f05a87b0$2e04bf3e@eu.frd.uu.net> Message-ID: <47579.1026398005@shell.nominum.com> >>>>> "Stephen" == Stephen Burley writes: Stephen> I would just like to remind all that the more RIPE/NCC Stephen> get diversified in their focus, the less gets done in the Stephen> areas that realy matter to us. I am not disagreeing with Stephen> the outline i just feel we need to evaluate how much of Stephen> what is discussed at the meetings is IP relavent. What you say is reasonable, but I think you are working from a false assumption. It's the job of the RIPE Working Groups to, well, work on the stuff that interests them. NCC staff might contribute to those efforts, presumably if this is OK with the NCC management and the stuff done for the WG doesn't affect their day-to-day workload in their real jobs. It certainly should not be assumed that RIPE NCC would stop doing the excellent job they do on the stuff that matters to all RIPE members, just to satisfy the whims of a WG. [I exaggerate for effect.] The WGs do not have any input to the policy and business decisions made by the RIPE NCC board and management. Unless WG members happen to be board members too, obviously... In my limited experience, RIPE NCC staff just provide the things that help to make the DNS WG happen: arranging venues, organising the meeting space, providing net connectivity, giving the odd presentation and so on. Speaking as one of the DNS WG chairs, I don't expect the RIPE NCC staff to do much more than that for the WG. Though if the likes of Olaf or Daniel volunteer tools and resources, I'd be delighted to accept their help just as I'd take contributions to the WG from whoever provided them. It's really up to the people who come to the WG and are active in the mailing list to make the Working Group work, not the NCC staff. Stephen> We can not complain at the NCC about high wait times on Stephen> requests if we the community are distracting the NCC with Stephen> none core function projects and fact finding. If you have any specific examples of this, you should take it up with the RIPE NCC Management and the WG Chairs who have created that extra load on the people at RIPE NCC. I would hope that if this has happened, the NCC staff would already have made that known to the NCC management. From jaap at sidn.nl Thu Jul 11 15:48:42 2002 From: jaap at sidn.nl (Jaap Akkerhuis) Date: Thu, 11 Jul 2002 15:48:42 +0200 Subject: New draft charter for the RIPE DNS WG In-Reply-To: Your message of Thu, 11 Jul 2002 15:15:57 +0200. <200207111315.PAA27856@grimsvotn.TechFak.Uni-Bielefeld.DE> Message-ID: <200207111348.g6BDmg5d045986@bartok.sidn.nl> Hi Peter, > the core business of a registry (at least, that is my personal > opinion) is the maintenance of the zonefile, there is overlap with well, the registries do a lot of database, whois, "IP", lawyers and politics work and one side effect is they produce a zone file. My point is that all if all the database lawyers work etc. is senseless if the net result doesn't end up in a zonefile. Why register something if it isn't used? But that is a nice subject for a bar-bof. > So, one way to answer your question would be to say that DNS-wg is > more concerned with the dns protocol sec then with other things > surrounding it. That's it. The emphasis on "quality" really meant DNS technical and operational quality, like lame delegations, server redundancy, TTL values, future KEY issues and so on. It's not about the accuracy of the whois data or the quality of the registration policy documents. These nevertheless important topics are covered e.g. in the DNR forum. So, do you think that particular sentence needs rewording? If somebody can come up with a better wording, yes. I came up with: The DNS WG pomotes the quality of the DNS for the Internet community. but I think that some better wordings can be found. jaap From brad.knowles at skynet.be Thu Jul 11 23:35:46 2002 From: brad.knowles at skynet.be (Brad Knowles) Date: Thu, 11 Jul 2002 23:35:46 +0200 Subject: New draft charter for the RIPE DNS WG In-Reply-To: <45682.1026378854@shell.nominum.com> References: <45682.1026378854@shell.nominum.com> Message-ID: At 2:14 AM -0700 2002/07/11, Jim Reid wrote: > Yes, absolutely. These are clearly things that will be of interest to > the WG membership and the DNS community as a whole. Do you feel > there's nothing in the revised charter which addresses your points? If > not, please suggest some text we could add or at least discuss. Well, what about having the RIPE NCC actually using DNS debugging tools like doc, dnswalk, etc... to monitor domains served by RIPE (including reverse delegations), and making this information publicly available (or at least available to RIPE members)? > Your question of sponsorship is a good one. But there's a problem > about how the term is defined. If you mean sponsor in the the sense of > encourage or nurture, then I would say yes, that's definitely > something the WG can and should do. I was thinking about some of the kinds of tools that the NetNews WG has developed (e.g., flow maps, nhns, etc...), or the Tools WG, or the Test Traffic WG. > If you mean hand over money, I'd > have to uhm and ahh. I'd have to talk to my employers, but I might be able to get them to donate some of my time to work on things like this, if there was some sort of "official" sponsorship from RIPE or RIPE NCC, with official recognition, etc.... Absolutely no guarantees, of course. But they might just go for it, if they got something in return, especially if that might potentially lead to future consulting work. > The WG has no money or budget and I'd be > pleasantly surprised if the members would be willing to put their > hands in their pockets. Actually being paid money for the work would also help. ;-) > One thing I would ask people on this list to do is give more feedback > and suggestions on what the WG should and should not do. Despite other comments I have made, I believe that the WG should first focus on things like determining what the current best practice is, and then documenting and advocating that. This would be with regard to DNS Operations, DNS Policy, etc.... However, I also believe that the DNS WG should work with the RIPE NCC to help implement these best practices, at least insofar as RIPE and the RIPE NCC has influence or the ability to do so. This would also include the development or sponsoring the development of tools to help implement these best practices. In other words, I take a rather activist view. -- Brad Knowles, "They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." -Benjamin Franklin, Historical Review of Pennsylvania. From brad.knowles at skynet.be Thu Jul 11 23:19:38 2002 From: brad.knowles at skynet.be (Brad Knowles) Date: Thu, 11 Jul 2002 23:19:38 +0200 Subject: New draft charter for the RIPE DNS WG In-Reply-To: <5.1.0.14.2.20020711072204.032a1e20@mail.declarator.net> References: <200207101514.RAA24683@grimsvotn.TechFak.Uni-Bielefeld.DE> <200207101514.RAA24683@grimsvotn.TechFak.Uni-Bielefeld.DE> <5.1.0.14.2.20020711072204.032a1e20@mail.declarator.net> Message-ID: At 7:24 AM -0700 2002/07/11, Rodney Thayer wrote: > DNS timeouts might be the wrong topic. How within the RIPE > community you address the issue of TLD's dropping off the > internet transiently, from odd-numbered counties within the > UK, like .to did last night, might be relevant. Distribution of RIPE-area TLDs across a robust set of servers that are geographically diverse, and making this a "Best Current Practice" advocated by the WG, and then taking the next step and making this an actual RIPE requirement (and something that RIPE NCC could help make happen), is something that I think would be *VERY* good. I think the benefit to the Internet community as a whole could be almost unbelievable. -- Brad Knowles, "They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." -Benjamin Franklin, Historical Review of Pennsylvania. From pk at TechFak.Uni-Bielefeld.DE Fri Jul 12 09:45:17 2002 From: pk at TechFak.Uni-Bielefeld.DE (Peter Koch) Date: Fri, 12 Jul 2002 09:45:17 +0200 Subject: New draft charter for the RIPE DNS WG In-Reply-To: Your message of "Thu, 11 Jul 2002 23:19:38 +0200." Message-ID: <200207120745.JAA29678@grimsvotn.TechFak.Uni-Bielefeld.DE> Brad Knowles wrote: > Distribution of RIPE-area TLDs across a robust set of servers > that are geographically diverse, and making this a "Best Current > Practice" advocated by the WG, and then taking the next step and > making this an actual RIPE requirement (and something that RIPE NCC what do you mean by "RIPE requirement" in this context? I do not see any means by which the NCC, the WG or RIPE could or should try to "enforce" anything in that field. Anyway, the NCC already contributes to this BCP by providing DNS secondary service for TLDs (even more recently). The aspect of topological diversity is approached by the ``shared secondary servers(?)'' project, which I think is led by DE-NIC under the umbrella of CENTR. So, should we try to learn more about these efforts? -Peter From bruce.campbell at ripe.net Fri Jul 12 10:57:43 2002 From: bruce.campbell at ripe.net (Bruce Campbell) Date: Fri, 12 Jul 2002 10:57:43 +0200 (CEST) Subject: New draft charter for the RIPE DNS WG In-Reply-To: Message-ID: On Thu, 11 Jul 2002, Brad Knowles wrote: > Well, what about having the RIPE NCC actually using DNS debugging > tools like doc, dnswalk, etc... to monitor domains served by RIPE > (including reverse delegations), and making this information publicly > available (or at least available to RIPE members)? I believe that you are referring to these? : Reverse domains (weekly): http://www.ripe.net/ripencc/pub-services/stats/revdns/index.html Forward domains in the RIPE region (monthly): http://www.ripe.net/ripencc/pub-services/stats/hostcount/index.html Regards, -- Bruce Campbell RIPE Systems/Network Engineer NCC www.ripe.net - PGP562C8B1B Operations/Security From brad.knowles at skynet.be Fri Jul 12 15:36:17 2002 From: brad.knowles at skynet.be (Brad Knowles) Date: Fri, 12 Jul 2002 15:36:17 +0200 Subject: New draft charter for the RIPE DNS WG In-Reply-To: <200207120745.JAA29678@grimsvotn.TechFak.Uni-Bielefeld.DE> References: <200207120745.JAA29678@grimsvotn.TechFak.Uni-Bielefeld.DE> Message-ID: At 9:45 AM +0200 2002/07/12, Peter Koch wrote: > what do you mean by "RIPE requirement" in this context? I do not see > any means by which the NCC, the WG or RIPE could or should try to "enforce" > anything in that field. Well, at least for those zones that are delegated from the RIPE NCC, warnings could be sent to the delegees, and if those warnings are not acted on and the problem solved (within a specified period of time), then the delegation could be removed -- no information is better than bad information. > Anyway, the NCC already contributes to this BCP by providing DNS secondary > service for TLDs (even more recently). For the TLDs, notices could be sent to the owners of the zone, as well as the owners of the problem servers, and requests could be made to the root server operators to de-list the problematical servers, or to otherwise request that they enforce the policies. If there aren't any complaint procedures to request this kind of action, and/or policies that the TLD zone administrators and TLD server operators are required to follow, then I would suggest that we could help create them and then work to get them implemented. > The aspect of topological diversity > is approached by the ``shared secondary servers(?)'' project, which I think > is led by DE-NIC under the umbrella of CENTR. So, should we try to learn > more about these efforts? That would be something we should learn more about, and perhaps provide any additional support or assistance that we can. -- Brad Knowles, "They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." -Benjamin Franklin, Historical Review of Pennsylvania. From brad.knowles at skynet.be Fri Jul 12 15:57:15 2002 From: brad.knowles at skynet.be (Brad Knowles) Date: Fri, 12 Jul 2002 15:57:15 +0200 Subject: New draft charter for the RIPE DNS WG In-Reply-To: References: Message-ID: At 10:57 AM +0200 2002/07/12, Bruce Campbell wrote: > Reverse domains (weekly): > http://www.ripe.net/ripencc/pub-services/stats/revdns/index.html This is a start, but there's not enough information here. We see how many zones are "OK" vs. "not OK", but we don't see how many zones have problems like lame delegations, SOA serial number mis-matches, mis-matches in zone content even though the serial number is the same, which servers don't have proper reverse DNS set up for their IP address, what I like to call orphan delegations (where additional servers are listed as being authoritative within the zone but are not listed in the delegation data), etc.... No DNS debugging tool I know of catches all these problems, but we could work on that. We also don't see tests like which servers are public caching recursive nameservers, what versions of what nameservers are running (both by doing a version.bind query and by doing fingerprinting of the server) or otherwise exhibit behaviour that would be considered insecure. Moreover, while this information is being made publicly available, it does not appear that any pro-active use of this information is being made (i.e., e-mail messages being sent to the owners of the zone as well as the owners of the server(s) in question, etc...). Even if this deeper level of investigation & reporting were done for just the TLD zones that are in the geographical area belonging to RIPE, I think that this would be a very good thing. > Forward domains in the RIPE region (monthly): > http://www.ripe.net/ripencc/pub-services/stats/hostcount/index.html Again, there's just not enough detail here. -- Brad Knowles, "They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." -Benjamin Franklin, Historical Review of Pennsylvania. From bruce.campbell at ripe.net Fri Jul 12 16:13:30 2002 From: bruce.campbell at ripe.net (Bruce Campbell) Date: Fri, 12 Jul 2002 16:13:30 +0200 (CEST) Subject: New draft charter for the RIPE DNS WG In-Reply-To: Message-ID: On Fri, 12 Jul 2002, Brad Knowles wrote: > At 10:57 AM +0200 2002/07/12, Bruce Campbell wrote: > > > Reverse domains (weekly): > > http://www.ripe.net/ripencc/pub-services/stats/revdns/index.html > > This is a start, but there's not enough information here. We see > how many zones are "OK" vs. "not OK", but we don't see how many zones Although this would be interesting to discuss in detail, I'd suggest doing so under a different subject line ;) ( ie, the RIPE NCC would be happy to make reasonable changes to the DNS statistics gathering that is performed, but I don't think an in-depth technical discussion is appropriate under this particular thread. ) > Moreover, while this information is being made publicly > available, it does not appear that any pro-active use of this > information is being made (i.e., e-mail messages being sent to the > owners of the zone as well as the owners of the server(s) in > question, etc...). However, this item is appropriate under the charter thread. You are correct, there is no really active usage made of the results (indeed, the urls quoted predate my time at the NCC). Hence, perhaps the WG would like to consider that as a charter item? -- Bruce Campbell RIPE Systems/Network Engineer NCC www.ripe.net - PGP562C8B1B Operations/Security From rodney at declarator.net Fri Jul 12 16:10:50 2002 From: rodney at declarator.net (Rodney Thayer) Date: Fri, 12 Jul 2002 07:10:50 -0700 Subject: New draft charter for the RIPE DNS WG In-Reply-To: <200207120745.JAA29678@grimsvotn.TechFak.Uni-Bielefeld.DE> References: Message-ID: <5.1.0.14.2.20020712070810.0345a750@mail.declarator.net> At 09:45 AM 7/12/02 +0200, pk at TechFak.Uni-Bielefeld.DE wrote: >Brad Knowles wrote: > > > Distribution of RIPE-area TLDs across a robust set of servers > > that are geographically diverse, and making this a "Best Current > > Practice" advocated by the WG, and then taking the next step and > > making this an actual RIPE requirement (and something that RIPE NCC > >what do you mean by "RIPE requirement" in this context? There are technical details about operating the infrastructure that might merit further codification. For example, who do you contact if a tld "disappears"? what ripe object do you look up? my point is, perhaps the technical part of this (e.g. making sure there is a ripe object, and a spec on how to use them) is a proper WG topic. From sanz at denic.de Mon Jul 15 15:13:18 2002 From: sanz at denic.de (Marcos Sanz/Denic) Date: Mon, 15 Jul 2002 15:13:18 +0200 Subject: New draft charter for the RIPE DNS WG Message-ID: On 12.07.2002 15:36 Brad Knowles wrote: > > > The aspect of topological diversity > > is approached by the ``shared secondary servers(?)'' project, which I think > > is led by DE-NIC under the umbrella of CENTR. So, should we try to learn > > more about these efforts? > > That would be something we should learn more about, and perhaps > provide any additional support or assistance that we can. The charter of the project can be found under http://www.centr.org/groups/sss-wg/ There is also a mailing list, which has been very quiet since its establishment (euphemism for no messages at all). Questions, suggestions and support to the project are really welcome. Regards, Marcos Sanz DENIC eG From brad.knowles at skynet.be Fri Jul 12 16:23:23 2002 From: brad.knowles at skynet.be (Brad Knowles) Date: Fri, 12 Jul 2002 16:23:23 +0200 Subject: Other potential areas of interest for the DNS WG & RIPE NCC (was: Re: New draft charter for the RIPE DNS WG) In-Reply-To: References: Message-ID: At 4:13 PM +0200 2002/07/12, Bruce Campbell wrote: > ( ie, the RIPE NCC would be happy to make reasonable changes to the > DNS statistics gathering that is performed, but I don't think an > in-depth technical discussion is appropriate under this particular > thread. ) Fair enough. Done. -- Brad Knowles, "They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." -Benjamin Franklin, Historical Review of Pennsylvania. From brad.knowles at skynet.be Fri Jul 12 16:26:15 2002 From: brad.knowles at skynet.be (Brad Knowles) Date: Fri, 12 Jul 2002 16:26:15 +0200 Subject: New draft charter for the RIPE DNS WG In-Reply-To: References: Message-ID: At 4:13 PM +0200 2002/07/12, Bruce Campbell wrote: > However, this item is appropriate under the charter thread. You are > correct, there is no really active usage made of the results (indeed, the > urls quoted predate my time at the NCC). Hence, perhaps the WG would like > to consider that as a charter item? I would definitely like to consider active (and pro-active) use of information like this as part of the DNS WG. Even if the DNS WG only recommends policy on what should be done and the actual implementation of that policy is performed by the RIPE NCC (i.e., the DNS WG itself does not actually make active or pro-active use of this information), that would be fine by me. I think that we'll all agree that the DNS really needs to be seriously cleaned up, and if we don't do what we can to help spur that process along, then who will? -- Brad Knowles, "They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." -Benjamin Franklin, Historical Review of Pennsylvania. From pk at TechFak.Uni-Bielefeld.DE Mon Jul 15 12:26:43 2002 From: pk at TechFak.Uni-Bielefeld.DE (Peter Koch) Date: Mon, 15 Jul 2002 12:26:43 +0200 Subject: New draft charter for the RIPE DNS WG In-Reply-To: Your message of "Fri, 12 Jul 2002 15:36:17 +0200." Message-ID: <200207151026.MAA05298@grimsvotn.TechFak.Uni-Bielefeld.DE> Brad Knowles wrote: > Well, at least for those zones that are delegated from the RIPE > NCC, warnings could be sent to the delegees, and if those warnings > are not acted on and the problem solved (within a specified period of > time), then the delegation could be removed -- no information is > better than bad information. the zones delegated by the RIPE NCC almost all are zones within the IN-ADDR.ARPA tree. My personal opinion is that there's not much educational gain by revoking such delegations. Let's take this as a suggestion that the WG could discuss operational standards for this kind of zones and encourage monitoring (and notifying). > well as the owners of the problem servers, and requests could be made > to the root server operators to de-list the problematical servers, or > to otherwise request that they enforce the policies. Brad, please. The root server operators currently are not in charge of ``delisting the problematical servers''. It's even hard enough to have a TLD delegation changed if you are the officially registered TLD contact (which is, of course, not a fault of the root NS operators). > If there aren't any complaint procedures to request this kind of > action, and/or policies that the TLD zone administrators and TLD > server operators are required to follow, then I would suggest that we > could help create them and then work to get them implemented. -Peter From gerhard.winkler at univie.ac.at Tue Jul 16 18:50:37 2002 From: gerhard.winkler at univie.ac.at (Gerhard Winkler) Date: Tue, 16 Jul 2002 18:50:37 +0200 Subject: draft-whois-srv-02.txt Message-ID: <20020716185037.C27590@snoopy.cc.univie.ac.at> Hi, we have now changed our first version and have incorporated a lot of comments which were made during/after the last RIPE meeting. Please feel free to discuss and send any comments. We will try to move this paper forward. regards, Gerhard draft-whois-srv-02.txt Linus Corin Marcos Sanz Gerhard Winkler 1 July 2002 Using DNS SRV records to locate whois servers Status of this Memo This document is a draft on the usage of the DNS SRV RR for the location of whois servers. Abstract Whois servers are used to locate administrative, technical and security contacts for given IP addresses, domain names or other network objects associated with an organisation, e.g. AS numbers. While usually Top Level Domain (TLD) registries run a whois server, there is no generic name for it and it may not even be obvious that the TLD registry's whois server is the right one to ask, since there are TLDs where registration takes place under specialised second level domains (e.g. UK, AT). The Regional Internet Registries (RIR) also provide whois service as part of their coordination task. All this can be solved by central "master" or "meta" whois servers, which keep track of all new and changing servers and refer to the DNS registries' or RIRs' whois servers. This document proposes an approach which eliminates the need for a central master repository and works down to lower levels in the hierarchy. It is the intent to locate a whois server as close to the target (in terms of hierarchy) as possible, while preserving the opportunity to locate higher level servers for escalation purposes. This situation can be improved by using DNS SRV records and SRV-cognizant whois clients. This document deals with domain information only and it describes how DNS SRV records should be used but it does not define any search strategies (this will be discussed in a additional document). 0. Definitions The key words "MUST", "SHOULD", and "RECOMMENDED" in this document are to be interpreted as described in [RFC 2119]. Other terms used in this document are defined in the DNS specification, [RFC 1034]. 1. Format The general format of DNS SRV records is documented in RFC 2782: _Service._Proto.Name TTL Class SRV Priority Weight Port Target Therefore the simplest format of an SRV record to locate a whois server is: _nicname._tcp IN SRV 0 0 43 whois.nic.example. [IANA-NUM] foresees the possibility of a whois service over UDP. Common use is TCP but nothing would prevent from analogously setting the _Proto field to the value _udp. Nevertheless this document deals with the TCP case only. The symbolic name of the service is defined as "nicname" (case insensitive), because it is defined in [RFC 954] in this way; though the most familiar name is "whois". Priority and Weight have a value of 0 in the example above just for readability purposes. It is RECOMMENDED to use the port number 43, as specified in [IANA-NUM]. SRV-cognizant whois clients SHOULD interoperate with traditional whois servers which are in place right now. 2. Usage If there is a whois server running for a specific domain, such an SRV record can be defined. When used for looking up information about a domain, whois clients can do DNS lookups for SRV records, and can use the retrieved target information to point their whois queries accordingly. This kind of client is called "SRV-cognizant" or "SRV-aware" whois client. It is imaginable that this functionality could be extended for other purposes (like IP address space allocation or handle lookup), but this remains open for a future discussion. 3. Restrictions The service record functionality is meant as an extension to the existing whois service and not as a new service. In the absence of a whois protocol whose specification calls for the use of other weighting information, the field Weight in the SRV record keeps the standard meaning specified in [RFC 2782]. As defined in [RFC 2782] the client SHOULD abort if it finds a record defined like: _nicname._tcp IN SRV 0 0 0 . This means the SRV processing should be aborted at that level. But nothing avoids the client to search for other SRV records above or under that level. This behavior should be scope of search strategies. The given SRV record does not provide any information about the existance/absence of a service with the same name on subdomains or zones below or above. The search behavior of the client must be defined as it should be independant from conventional DNS search algorithms defined by searchlists. To avoid unnecessary load on the DNS root servers, a client MUST NOT ask for a whois server for the root domain, i.e. it MUST NOT issue queries for _nicname._tcp. 4. Authority There is no authority which defines who should run a whois server, though it is usual that the TLD registry runs a whois service for the zone where it is authoritative. There is no definition of which target should be used as a default for an SRV-cognizant whois client if no whois server could be discovered by means of SRV records. The use of a default whois server is local dependent. 5. Security Considerations The same security considerations as defined in [RFC 2782] should apply. There is no discussion on security, data protection and privacy relating to the contents of the whois server in this paper. This is the responsibility of the whois server operator and has nothing to do with a mechanism that describes how whois servers can be reached. A client developer must be aware that DNS search algorithms can lead to this problem: By using DNS query logging an organisation could find out who is issuing whois queries about them even without operating a whois server themselves. 6. References [RFC 954] NICNAME/WHOIS [RFC 1034] Domain names - concepts and facilities [RFC 2119] Key words for use in RFCs to Indicate Requirement Levels [RFC 2782] A DNS RR for specifying the location of services (DNS SRV) [IANA-NUM] www.iana.org: Directory of General Assigned Numbers 7. Authors' Addresses Linus Corin Telia International Carrier 4th Floor, 330 High Holborn WC1V 7QY London, United Kingdom linus at telia.net Marcos Sanz DENIC eG Wiesenhuettenplatz 26 D-60329 Frankfurt/Main, Germany sanz at denic.de Gerhard Winkler Vienna University Computer Center / NIC.AT Universitaetsstrasse 7 A-1100 Vienna, Austria gerhard.winkler at univie.ac.at -- Gerhard Winkler | E-Mail: gerhard.winkler at univie.ac.at Vienna University Computer Center | Universitaetsstrasse 7 | Tel: +43 1 4277 14035 A-1010 Vienna, Austria | Fax: +43 1 4277 9140 From Jim.Reid at nominum.com Wed Jul 17 15:43:49 2002 From: Jim.Reid at nominum.com (Jim Reid) Date: Wed, 17 Jul 2002 06:43:49 -0700 Subject: New draft charter for the RIPE DNS WG In-Reply-To: Message from Brad Knowles of "Fri, 12 Jul 2002 16:26:15 +0200." Message-ID: <88416.1026913429@shell.nominum.com> >>>>> "Brad" == Brad Knowles writes: Brad> I think that we'll all agree that the DNS really needs Brad> to be seriously cleaned up, and if we don't do what we can Brad> to help spur that process along, then who will? This is fair comment. The trouble is how to improve things. There isn't a DNS police to enforce BCPs or whatever and throw persistent offenders in jail. Having a hall of shame for the people with the most badly broken setups is hardly likely to be productive either. And as Peter pointed out, the process for getting TLD delegations amended can be painful and slow, even when the TLD wants to make a change. Friendly persuasion and quiet words of advice from a Jon Postel would probably be effective. But who is there that has that stature and broad acceptance today?