This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/[email protected]/
[dns-wg] Fwd: Re: against broken tld content
- Previous message (by thread): [dns-wg] Next phase in deploying anycast instances of k.root-servers.net
- Next message (by thread): [dns-wg] Fwd: Re: against broken tld content
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Brad Knowles
brad.knowles at skynet.be
Tue Sep 23 18:36:53 CEST 2003
Folks, I don't know if anyone here has seen this, but Ohta-san submitted this draft to IETF DNSOP a few days ago. Should we start discussing this here? >From: Masataka Ohta <mohta at necom830.hpcl.titech.ac.jp> >Subject: Re: against broken tld content >To: dnsop at cafax.se >Date: Tue, 23 Sep 2003 02:25:10 +0859 () >Sender: owner-dnsop at cafax.se > >Below is a revised draft ID with the following changes. > >1) "Content" is added to title. > > Distributed Actions Against Broken TLD Content > >2) some text added to "1. Introduction". > >< the problem, this memo describes distriburted actions as a short >< term solution to protect the Internet against broken TLD zone content. >--- >> the problem, this memo describes distributed actions as a short >> term solution to protect the Internet against broken TLD zone content >> and the damage caused by it. > >3) some text added to "3. Actions of ISPs". > >> If such action considerably reduces the number of available TLD servers, >> ISPs may operate their own servers overriding the IP addresses >> of formal TLD servers. >> Such overriding servers should have >> a copy of old zone content known not to be broken. >> Or, if the fix for the zone content is obvious and easy, the >> overriding servers may act as semi transparent proxies to >> formal servers (routing tricks necessary as IP addresses of >> the proxies and the formal servers are identical) modifying only >> the broken part. >> Considering that NAT-based network providers, >> which provide limited service such as web and e-mail with semi >> transparent DNS proxies, are often called ISP, it is fine >> for ISPs to use DNS proxies, especially when it improves web >> and/or e-mail environment of their customers. However, advance negotiation >> should be made, if the override affects other ISPs. > >Any further comment? > > Masataka Ohta > >-- > > > > > > >INTERNET DRAFT M. Ohta >draft-ohta-broken-tld--1.txt Tokyo Institute of Technology > September 2003 > > Distributed Actions Against Broken TLD Content > >Status of this Memo > > This document is an Internet-Draft and is subject to all provisions > of Section 10 of RFC2026. > > Internet-Drafts are working documents of the Internet Engineering > Task Force (IETF), its areas, and its working groups. Note that > other groups may also distribute working documents as Internet- > Drafts. > > Internet-Drafts are draft documents valid for a maximum of six months > and may be updated, replaced, or obsoleted by other documents at any > time. It is inappropriate to use Internet- Drafts as reference > material or to cite them other than as "work in progress." > > The list of current Internet-Drafts can be accessed at > http://www.ietf.org/1id-abstracts.html The list of Internet-Draft > Shadow Directories can be accessed at http://www.ietf.org/shadow.html > >Abstract > > This memo describes actions against broken content of a primary > server of a TLD. Without waiting for an action of some, if any, > central authority, distributed actions TLD server operators and ISPs > can settle the issue, for a short term. > >1. Introduction > > DNS is a fully distributed database of domain names and their > associated values with loose integrity. > > However, the primary server of a zone is a single point of failure of > the zone to hold the current most copy of the zone and such a failure > at TLD can cause a lot of damage to the Internet. > > As it may take time for a central authority, if any, take care of the > problem, this memo describes distributed actions as a short term > solution to protect the Internet against broken TLD zone content and > the damage caused by it. > > The long term solution is to let the primary server operator fix the > content or to change the primary server operator, which may involve a > > > >M. Ohta Expires on March 22, 2004 [Page 1] > >INTERNET DRAFT Broken TLD June 2003 > > > central authority. > > Similar technique is applicable to root servers with broken contents. > >2. Actions of TLD Server Operators > > A TLD server operator who have found that TLD zone content is broken > should disable zone transfer and use a copy of old zone content known > not to be broken. > > Or, if the fix for the zone content is obvious and easy, the operator > may manually or automatically edit the content of the current most > one without updating SOA serial number. In this case, zone transfer > may not be disabled, though actions of ISPs described in section 3 > may make the transfer from servers of broken content impossible. > >3. Actions of ISPs > > ISPs should disable routes to TLD servers with broken content and/or > filter packets to/from the TLD servers. > > If such action considerably reduces the number of available TLD > servers, ISPs may operate their own servers overriding the IP > addresses of formal TLD servers. Such overriding servers should have > a copy of old zone content known not to be broken. Or, if the fix > for the zone content is obvious and easy, the overriding servers may > act as semi transparent proxies to formal servers (routing tricks > necessary as IP addresses of the proxies and the formal servers are > identical) modifying only the broken part. Considering that NAT- > based network providers, which provide limited service such as web > and e-mail with semi transparent DNS proxies, are often called ISP, > it is fine for ISPs to use DNS proxies, especially when it improves > web and/or e-mail environment of their customers. However, advance > negotiation should be made, if the override affects other ISPs. > > ISPs should periodically check the servers, whether they still > contain broken content or not. > >4. Security Considerations > > As for security, TLD servers should never have broken content. > >5. Author's Address > > Masataka Ohta > Graduate School of Information Science and Engineering > Tokyo Institute of Technology > 2-12-1, O-okayama, Meguro-ku, Tokyo 152-8552, JAPAN > > > >M. Ohta Expires on March 22, 2004 [Page 2] > >INTERNET DRAFT Broken TLD June 2003 > > > Phone: +81-3-5734-3299 > Fax: +81-3-5734-3299 > EMail: mohta at necom830.hpcl.titech.ac.jp > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > >M. Ohta Expires on March 22, 2004 [Page 3] > >#---------------------------------------------------------------------- ># To unsubscribe, send a message to <dnsop-request at cafax.se>. > -- Brad Knowles, <brad.knowles at skynet.be> "They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." -Benjamin Franklin, Historical Review of Pennsylvania. GCS/IT d+(-) s:+(++)>: a C++(+++)$ UMBSHI++++$ P+>++ L+ !E-(---) W+++(--) N+ !w--- O- M++ V PS++(+++) PE- Y+(++) PGP>+++ t+(+++) 5++(+++) X++(+++) R+(+++) tv+(+++) b+(++++) DI+(++++) D+(++) G+(++++) e++>++++ h--- r---(+++)* z(+++)
- Previous message (by thread): [dns-wg] Next phase in deploying anycast instances of k.root-servers.net
- Next message (by thread): [dns-wg] Fwd: Re: against broken tld content
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
[ dns-wg Archives ]