Slashdot Mirror
NSI closes top level Domain Servers
Cris writes "Looks
like NSI is closing access to all it's top level domain
servers, except for people that "need access." This is
allegedly a way to eliminate spamming, but they've denied
access to many companies which depend on these servers for
their businesses. "
They do precisely that, and they offer all the alternate Top Level Domains you want.
Been quite a controversy a while back, but essentially it bypasses the InterNICs hold, as far as I understand.
HarryZ
Remember the story from a few days ago that mentioned in passing that Sendmail had 78% marketshare? I wrote a script I was going to use to verify this, but I need to feed it with domain names. How can I get a big dump of TLD's?
Learn how to use punctuation.
I don't see how this restriction is going to stop spammers in any way. What does it prevent?
Just another battle against Fascism masquerading as Capitalism.
grrr
Paul
I think it's reasonable. If this stops domain speculators from registering names just to screw people out of money, I'm all for it.
If you think $50 a year is unreasonable to NSI, how about $10,000 to a speculator. Screw that.
On the other hand, I don't see any guarantee that the people who are "allowed" access to the files won't do the same thing.
And maybe it will cut down on spamming, or maybe the spammers will just use the old copies of the zone files they already have. I don't know.
Well, since I want the results to be valid, I'll probably need to query 2000-5000 servers.
That means I'd probably need about 1000 TLDs (since many have more than one MX record).
But I want the sample to be random, so I dunno if something like Webring will work...
It appears that f.root-servers.net (192.5.5.241) is still letting root-level domain requests in. I just did a zone transfer of .com.
Jim where Mary had had had had had had had had had was correct.
What does the above mean?
Jim, where Mary had had "had" had had "had had". "Had had" was correct.
And speaking of pathological sentences, let's dispose of the "don't end a sentence with a prepostion" rule:
What did you bring that book that I do not like to be read to out of about Down Under up for?
If you count "Down Under" as two prepositions (rather than one proper noun), we've got 8 prepositions there.
I have had to deal with speculators on three seperate ocassions. For this reason, I am glad to see what NSI has done. In fact, a few weeks ago I sent them an e-mail to bitch about (and report) a speculator that was holding literally **thousands** of domain names.
This particular speculator, like many others, would get 'new business' lists and register domains off that list. But the thing is, like some others, they never paid for the domain unless someone showed interest in it. So, in other words, they held it for free for 90 days. Then as soon as it would expire they would have a sister company pick it up and hold it for another 90 days.
They also kept up on expiring domains like it mentions in the article.
If they were paying for it and holding it, that would be one thing. But the way they were (are) doing it was (is) a bunch of shit. People like that should be blocked from accessing NSI altogether. They just slow the system down for everyone else and raise operating costs. Bastards.
Choose lots of random IP's and see if port 25 is open and running sendmail. Better yet, do something like netcraft.com. They don't have to search at all.
Even if it seems like it, it's no different than microsoft.com on the normal nameserver heirarchy... you use it by 'choice'.. in fact, the whole internet is built 'by choice'.
Sure... if you have a different nameserver, you cna put any name you want in it. if you are selling microsoft.com, microsoft could still say that you are marketing their trademark and trying to profit by it.. blah.
You could set up your server to be authoritative for "." and for whatever TLDs you want to create, and refer to internic's servers for com, org, net, edu, etc. But you'd still have to get everybody to search you for "."
if federal united states tax dollars were ever involved... which they were... as a us citizen one can get access to the zone files. nsi is mistaken in the zone files being their intellectual property. a lawyer might have to be involved, but if tax dollars paid for any part of it then access must be given.
This is really no surprise. There was a time when the internet
would have nothing to do with advertising and some
of the other ilk that seems to go hand in hand with
commercialisation. Now we have a king of the hill
playing fast and loose with the TLD's.
The internet has gone from one extreme to another
and I think this news may be a line of demarcation in regards to the
bad extreme. I still miss miss the good old days
..*sigh*.
But..TLD's *shrug*. I can bookmark an IP address just as easy..
I could do this but IP's aren't distributed randomly with respect to MX's. That is, imagine a world with two TLD's. Each has one mail server. But one domain has 1000 IP's and one domain has 10.
If I choose....
Oh wait. Don't count the same server twice. Got it.
Of course, then I'm choosing a definition of "marketshare". Does it mean "number of installations" or "number of people who rely on it"?
Well, I was setting up my caching nameserver and it wouldn't let me "get" the file, but I was able to "cat" the file and pipe it locally to a new file. That was about 3 weeks ago. Go figure.
Canada Kicks Azz!
Don't you yankees forget it
we're the pot smoking snowboarding toqued canadian youth socialist nice people
basically domain names are just stored in records that point to ip adresses or other nameservers [for zones on top of the domain] so actually, domain names are bound to ip addresses [ie, more than one domain -> ip address].
check this out
host -a -l -v somedomain.com
or
dig ns somedomain.com
(and then)
dig @nameserver.that.you.got somedomain.com axfr
if you want zone transfers to see what i eman
ok
chix: you dig me
kweiheri
basically domain names are just stored in records that point to ip adresses or other nameservers [for zones on top of the domain] so actually, domain names are bound to ip addresses [ie, more than one domain -> ip address].
check this out
host -a -l -v somedomain.com
or
dig ns somedomain.com
(and then)
dig @nameserver.that.you.got somedomain.com axfr
if you want zone transfers to see what i eman
ok
chix: you dig me
kweiheri pic
Monsanta
.--GRRLZ GO HERE
Proctor & Gamble..
If you think this is bad, you should read up on corporate exploitation of humans abroad (I'm not talking about restricting zone transfers).
Unregulated market economies turn happy booming businesses into cruel machines powered by the drive for shareholder profit.
Don't ever, ever, ever forget the human factor.
compassion, reason
kweiheri
I work for an ISP that successfuly regained TLD zone access. We applaud the severing of access to speculators, and regret the inconvenience to third party registrars. From our point of view, it is a tasty omlette indeed.
I was in the middle of reading the stimulating discussion of this Internic debauchery when I happened to look to the top of my browser and see a banner ad for a domain-name registration broker. I got quite a laugh out of this, because that poor company is right now experiencing the pain of being anally violated by an organization who has a total iron glove around the lifeblood of the entire network and who is blatantly overstepping any concievable authority it may have ever had. I think some kind of a boycott is necessary to stop this madness. Perhaps the second-tier domain servers should put together a database of all the existing domains from their current records and create a new, non-fascist registration service, or something...
Just set up a daemon process to continuously
query one of the root servers, perhaps
a.root-servers.net to put some extra load on
them. The famous slashdot effect could be
put to good use if everybody would spare a bit
of bandwidth and some time to set up some
scripts. If the can be convinced to see the
error of their ways, it will be worth it.
Is there a way to pull in a list of just the domains they have listed with any of my nameservers listed as authorative?
It would be nice to see how many domains are "parked" on my servers over the years.
cyril@cyril.com
Actually, you _can_ pay online via credit card.
Try https://payments.internic.net/
proy -> pray please...
I'm 18 and working as a full time programmer
i still smoke pot and snowboard
i play with linux at home and at work
i'm just canadian
KOKANEE GOLD FOR LIFE
DONT YOU YANKEES FORGET IT
Whois shows a company named Idexis in Canada has registered thousands of names. Anyone know more about Idexis? Couldn't find much about them.
How long does it usually take them to register a PGP key? I'd like to know if I'm just waiting for nothing...
The trick would be to have the new servers host "alt" top-level domain .. that way people could use the official and the unofficial systems without conflicts...
:)
Hmm, quite an amusing idea actually
That's ok though, their days are numbered.
Or so we're lead to believe...
Can anyone tell me what, exactly, they're restricting access to? I read the ZD article twice and I still can't make heads or tails of it. I'm hoping that the fault lies in the writing, not in the reading...
Yeah, no problem. You just need a set of root servers and a bunch of clients pointed at them. Root servers are easy... there's no practical difference between a hostname, a domain name, and a TLD, so BIND and a fat pipe'll do you. The problem is getting enough clients to use your servers in preference to/in addition to NSI's. You'd need to convince a significant portion of the Internet in order to do any good...
Ah. Got it now. So it's just full zone transfers they're restricting, not any access to the root zone information (which, unless my reading comprehension is failing me, is what the article says). I didn't _think_ it was the latter... the whole system would break if they did that...
(And, yes, I have set up a few DNS servers... I own and operate two domains and their associated name servers.)
I was bothered by the restrictions placed on the information but was alarmed that they consider the information their 'Intellectual Property'.
Sounds mighty corporate to me.
Codifex Maximus ~ In search of... a shorter sig.
It was just recently that I learned that you could download these files. "This is great," I thought, "for once somebody has done something useful. Now I can cache domains over the local net!" So, I eagerly ftped to the directory, and noting the small file size, I read the README. It explained basically the same thing that this article did. Curses, foiled again!
F0 07 C7 C8
The only contact info found in the zone file is the e-mail address in the SOA of the zone itself, and while name server maintainers probably get their share of junk e-mail, there is no point in downloading the entire .COM zone (with some 3.5 million subdomains) in order to find out that <hostmaster@INTERNIC.NET> is the maintainer of that zone.
Thus, I can't say I'm buying into the anti-UCE argument in this case. What exactly have they done to that end?
As long as they merely prevent bulk access to the entire thing, but I can still access individual records as needed, I don't mind too much.
The Software Publishers Association spammed a number of e-mail addresses found in the WHOIS once (I could tell, because my WHOIS address is not used for anything else) merely to "inform" me that my FTP server could be used for distribution of pirated software! They haven't apologized yet, and I haven't reported a single case of piracy to them since.
Shorten the grace period for new domain names. Or even make them pay up front. That would really kill domain name speculation. There's no need to disable a valid service of DNS to get rid of speculators.
As an example, Netscape could modify its browser to use their own server for DNS lookups by default (the user could change it later if desired). Netscape's own DNS server could support Cool New TLDs and pass anything it doesn't trap out to conventional DNS servers. This could result in massive segments of internet users migrating to a new DNS provider and new domain naming scheme. This might be sufficient to make NSI want to be competitive and to change their evil ways. :)
Oh yeah, MS could do this with IE too, so maybe this isn't such a good idea.
Ya know, if you max out your credit card(s), you can live pretty high on the hog for a while... until the bills come.
This is exactly what socialist democracies like Canada and New Zealand (and others) do, with the exception, that the government maxes out each of the residents' "credit cards", and if your a lucky citizen, you might get something back for the charge, less "administrative government expenses", of course.
I was born, and lived in, Canada from 1961 to 1997, and I saw the rise of socialized this and that, to see it all crumble pretty badly by the time I left. I paid the approximate equivalent of US$23k income tax on an income of US$43k, supporting a non-employed spouse and child, as well as myself. Add to that 8% provincial and 7% federal "value added" taxes on about everything you buy. Take away all the supposed social benefits that got "clawed back" because I was a "high income" earner.
Socialist democracies are unsustainable in the long term, regardless of how seductive the idea appears in the short term.
Pointing to the failings and corruption within the U.S. government (of which there are many), blaming them on a capitalist economic system, and suggesting that some kind of socialist democracy is the answer is either very short-sighted thinking, or an attempt to stage a communist-style coup d'etat.
In Liberty, Rene
I can see why they are tightening up access to the information.
I have a couple of domains registered. One of the domains has a company name that ONLY appears in the DNS records. I have been recieving snail mail from companies that have been "mining" the DNS record for thier own slimey purposes. It really pisses me off how many corporate bottom-feeders consider the net their own way of "Making Money Fast".
And people wonder why I hate sales people so much.
"Trademarks are the heraldry of the new feudalism."
I work for an ISP and over the past year we've purchased two smaller local providers. They were both running NT and I had to convert everything over to run on our Linux servers.
Among the issues I ran into was determining which domains were registered to the other ISP's nameservers. Their nameservers were poorly maintained, some domains had transferred, etc.. I also wanted to know if there were any domains that listed these nameservers as authoritative but weren't listed in the config files.
The only way to do this was a root zone transfer. I received an e-mail a few weeks ago from InterNIC stating that access would be renigged soon. I just checked and my access is gone. Luckily, I downloaded them all a few days ago.
Yes, some of the things I needed to check could have been done with Whois. But others couldn't. Of course, InterNIC is now offering monthly reports of domains associated with a nameserver but at the time, this service didn't exist.
I think it's bad policy to restrict access to people who have a legitimite need. Restricting access to root zone files will not stop spam to domain contacts. The spammers will simply scour other sources for e-mail addresses and run Whois queries on each domain they encounter. Yeah, it makes it a little bit harder but they'll do it nonetheless.
dig @192.5.5.241 com. axfr | gzip - > com.zone.gz
For the last few years, I have must have heard ten or twenty people talk about mining the zone files for marketing information. I can only assume that some of these obnoxious people have gone ahead and done just that.
I'm curious, though, if NSI will now open up a "service" for companies that want the files...
When those guys say
"All customer data is our intellectual property,"
are they saying that what they own is the knowledge that 205.244.119.10 = http://www.familycom.com or that what they own is the knowledge that http://www.familycom.com = 205.244.119.10 or what?
I see even classic Slashdot is now pretty much unusable on dial up anymore.
DNS spammers search the DNS database for valuable domains that are about to expire, then send repeated requests for the domain by E-mail, hoping they'll get it first. NSI is getting hit with thousands of spam requests a minute. As a result, it took me two weeks and a few phone calls to get a new domain registered. Fortunately, NSI's customer service is pretty good -- it had better be for what we pay.
Although NSI is certainly in the pocket of the military-industrial complex, I have even more contempt for most of the people who have complaints about namespace issues. In our culture, such disputes generally have nothing to do with free speech and everything to do with rip-offs, con artists and scumsuckers like the Canadian who owns 200,000 domain names and the "whitehouse.com" guy.
I love busybodies especially anonymous coward know it all mothery busybodies. Must be an american. Ha...
Land of the Free. Aside from all the people telling each other how to live their lives because it raises taxes for the rest of us.
Grrrrr....
While I'm not thrilled at the prospect of the root zones being considered "intellectual property" of NSI, I'm sick and tired of getting spammed with messages promoting hosting and search engine placement every fscking time that I register a domain for a client. Can a person both applaud and decry at the same time?
________________________
Corporate Jenga: You take a blockhead from the bottom and you put him on top...
Could someone explain to the more ignorant of us exactly *what* has been closed off? Just Zone transfers from the root servers? Or ability to send queries (and then, recursive, or not?)
If they did block non-recursive queries, surely the DNS system would stop....
Sorry, but I didn't find the article technically clear.
Adrian
complaining about the load on its servers.
That having been said. The DNS database is a public databse. The governement should have torn up thier contract.
Im work for one of the compaines that no longer has access to these.
They gave me a nice letter stating that using their list doesn't benifit the net so I can't have access. Now I have to craw the net looking for the same information. That seems to me to be alot worse for the net to me.
I heard rhumors that just about everyone will be denied access... seems to be true to me since I was withing acceptable use 6 months ago.
I'm not an expert on this, but aside from MS suing for copyright violation (which they'd almost certainly have a case for), yeah, I think that would be legal since the microsoft.com issued by Internic is different from the one issued by Alternic.
Kinda like if I have mr_poe@cats.ucsc.edu for an email address and I copyrighted the name, could I sue mr_poe@baltimore.ma.us? Hmmm... =:)
Ok, to preempt the flamers, yes that was a bad example.
I find the present DNS situation highly disturbing. I have written a very comprehensive document explaining why this is such a big threat.
Network Solutions monopolistic ambitions are clear. The difficult question is how to stop them. Right now there appears little that can be done other than trusting that the government and ICANN don't screw up.
not "transport". And it's IP addresses, not ...
TCP/IP addresses. And are they really bound
to domains? I'm not an expert on this, so I
better shut up now
Someone just tried to auction some domain names
on eBay for $1000.00, item #67595554, nobody
bid on em.
try { do() || do_not(); } catch (JediException err) { yoda(err); }
As stated above, these are one possible route to undermining NSI's total grip on the "domain name market". But is it really all that impossible to get a new TLD widely listed? What about fine examples like .nu or .us? Heck, if you get enough important sysadmins to go along with it, you could have all kind of crazy TLDs flying around in the near future... (how about .alt, .biz, .fsf, or maybe even .slash? :o) )
This is what always happens when things get privatized. God, how long will it take the US to learn...
on another note, is it possible to set up an entirely separate hierarchy of domain names - entirely bypassing all these tyrrainical abuses of power?
-Laxative
Well, I can't speak for Sweden, but NZ does not have a socialist system, or anything close. Maybe fifteen or twenty years ago you could say that we had something close, but these days the economy is as capitalist as they come. I think that we actually have a more open market than the US (basically no tarrifs or subsidies). Whether this is a good thing or not is, of course, the subject of much debate...
- "I never could learn to drink that blood and call it wine" - Bob Dylan (Tight Connection to my Heart)
One who makes insulting generalizations about people an ocean away had better be perfect, or he leaves himself open to be attacked on any possible front.
"All of the data under the original cooperative agreement comes under our auspices. All customer data is our intellectual property," Clough said.
OK, I'm going to make a map and declare it my intelectual property, then everybody will have to pay me mucho dineros to use any of the roads...
I'm sick of it all
Has it ever occurred to you that God might be a committee?
Has it ever occurred to you that God might be a committee?
--- Jubal Harshaw
No, my first language isn't English. And the bad punctuation is more a matter of me being tired. My fingers keep thinking faster than my mind can type...
;-)
And I do love my ignorant self
Has it ever occurred to you that God might be a committee?
Has it ever occurred to you that God might be a committee?
--- Jubal Harshaw
# nslookup
.com in the file com.zone in the current directory.
Default Server: xxxxxxxxx
Address: X.Y.Z.W
> server f.root-servers.net
Default Server: f.root-servers.net
Address: 192.5.5.241
> ls com > com.zone
---
You get to see a lot of hashes (#) and end up with
Has it ever occurred to you that God might be a committee?
Has it ever occurred to you that God might be a committee?
--- Jubal Harshaw
You are correct, it is not mine and I have modified it to show this. When I found the quote, it was not attributed to anybody. If you have a reference I'd appreciate it.
Has it ever occurred to you that God might be a committee?
Has it ever occurred to you that God might be a committee?
--- Jubal Harshaw
While I agree that capitalism sucks, it's not a type of government, and neither is socialism. They are both types of economies, entirely different from government. You could easily have a capitalist dictatorship, or a socialist democracy, or a communist republic. I also wasn't aware that Sweden and New Zealand were socialist countries.
-matt
I agree. I really hate to think what I must sound like to someone who speeks spanish as their native tongue.
-matt
Some ISPs and universities need to stand up for freedom. If the InterNIC wants to stop spamming, they should announce a policy that they will remove any spamming domains on sight. Of course, they won't do that.
Has anyone ever looked into the history of NSI? From what I can tell, they were originally formed to perform contract work for the government whe, say, a company like AT&T was working for the government but needed to be 10% minority owned to comply with affirmativeaction regulations. NSI would step in and actually do the work, since they were (technically) minority-owned. It seems like an incredible abuse of the
affirmativeaction plan, which was intended to help small minority-owned businesses, not one or two millionaires.
Oh well. Entropy is always increasing, and the Internet is not excepted from that rule. Let's just hang together and do what *we* can for freedom.
Cheers,
Joshua. (I do mourn the death of --jon. all the more deeply because he kept this kind of madness from going on.)
--jon. Postel is dead. May we all mourn his, and our, loss.
From what I gathered from the article, they aren't closing access to the top level servers, in fact they aren't changing anything on the top level servers. They are taking away access to the zone files for the top level domains. You can still use whois and all that, personally it's an unfortunate consequence of people abusing those files. I can't tell you how much mail (e-mail and snail mail) I suddenly recieved after registering a domain for myself. I've stopped the address the domain is registered under because of all the spam it gets. However, I do think that they are also using it to deny access to competitors who should be given access. It doesn't seem to be as horrid as the original post makes it seem, but I'm sure that their motives aren't exactly pure. Goes to show how badly we need new domain policy and infrastructure in place.
Ummm...yeah. Actually brainchild, this is what happens when the government GIVES someone a monopoly, then realizes it was a mistake and that group does everything it can to hold onto the power it was given. See the phone companies and utilities for more on this.
Kick Ass!
Last time I checked, New Zealand had one of the largest deregulated/privitized telecom industries in the world.
I live there, and the MoneyGrabbingDingDongs (TM) are alive and positively squirming.
:v)
We've got service cutbacks, privatised this, privatised that, user pays and now some dork has the idea that it'd be good to cut the number of MPs. I suspect they'd like to reduce it to one.
DomaiNZ have the internet fairly well wrapped up as a closed shop, plus we have to pay data charges per megabyte (unless you don't mind having your access limited to a few hours - download Staroffice? Haha).
New Zealand ain't what it used to be and it needs a fair amount of stick from the rest of the world to make the policiticans here realise they can't rest on their laurels any longer. Or rely on the goodwill of the average Kiwi; It's all been sold overseas.
Vik
The only type of government that works is socialism. Just look at places such as Sweden and New Zealand!
DES Khaddafi KGB genetic jihad Uzi Rule Psix Qaddafi cryptographic Peking Mossad Legion of Doom Albanian Serbian Saddam
Bad idea. Currently, DNS looks at your local
(ISP, college, company, whatever) server rather
than sending the request halfway across the
Internet. That way the root servers don't melt
down from having to service zillions of requests,
since info is cached locally.
The only way to change this that's feasible is
to have your organization point to somebody else
as a root name server.
No, I believe you can still query their root name servers, just not download the entire database at once. DNS caching is still valid--- it's "prefetching" the entries that you need permission for. The downside for NSI is that they may see increased load on the root servers if fewer sites have up-to-date databases.