Aren't those guys extremely burocratic w.r.t. domain transfers etc? Didn't they require real paperwork to transfer domains in their.de ccTLD (at least in the past)?
God I hope so. Your domain has never been as fungible as it is right now.
and just this weekend they transferred panix.com (registered through a different registrar) to a hijacke
No they didn't. A Melbourne IT sub-registrar did[1]. NSI did exactly what is was told by the registrar. If they did anything else than do what their registar told them too they're in breach and risk losing everything.
It may not make sense, but that's the way the ICANN contracts are worded. NSI is simply not allowed to fix shit that's broken, even obvioulsy so.
[1]Apparanly this sub-registrar was consolidating a list of domains and typod one causeing panix.com to be transferred. Since ICANN's new rules do not require the losing registar to acknowledge the transfer you're completly at the mercy of the accuracy and intrgrity of the sum of all ICANN registrars. If that doesn't scare you, nothing will. I repeat: some regustrat caused all these troubles by typoing a critical DNS name and it took two days to unfuck it. In the past when NSI had screwed up like this (2 times in 15 years) they fixed it in 3 hours.
They get multi millions of dollars a year. But hey, they're non-profit so it's ok.
Non-profits are one of the best ways to spend lots of money and ignore accountability. "hey, they're a non-profit" doesn't mean they can't piss away millions stupidly on things this crowd might think inappropriate.
Sure, back in 86 that's what is was for. NSI tried for years to enforce this per the RFC but found sneaky people could always get around it while honest people were penalized. For $50 a name they couldn't make this work, there's too much manpower involded. For $6 a name the price the government dictated there's isn't a chance in hell of making this work.
They're just names. Just strings to make things easy for people. No further information can be derived from a TLD with any consistancy. Get over the fact the DNS is not a directory system.
Somebody broke their contractual obligations - it was ICANN, not NSI.
There's a clause in the ICANN/NSI agreement that NSI can't be treated unfaitly, that is, they can't be singled out with TLD policy not other TLD has to endure. At the time of sitefinder there were TWENTY SIX tlds doing wildcarding. So NSI did it too.
ICANN's proper response should have been "oh well, ok all you guys knock off the wildcarding" OR "ok, go boys go". Fair is fair.
But they didn't. They frapped NSI for it and let everybody else slide; there's still wildcaded TLDs out there.
Show me the part of the contract NSI broke. I can show you the part ICANN broke.
BTDT. Big business recoiled in horror at the idea and will not allow it. Since they're the ones ACTUALLY making these decisions it's a non-starter as a strategy, despite whether or not it's the right answer.
They havn't come to grips yet with the fact the root servers are run by volunteers with no contract but they havn't figured out what to do with that yet.
Keep in mind while it's theoretically possible, it's not actually practically pssible to change the IP addresses of the root serevrs; they're embedded in too many places. They shouldn't be, but they are.
.org was moved. Yes indeed. Have you seen how much money is made by administering it? Any idea where it all goes?
While bashing NSI is fashionable, mark my words, the way this is going to pan out you'll wish for the good old days of NSI's stewardship of.com/net/org.
Yeah I uess we could do that. I don't mind using IP addresses instead of domain names.
My confidence in Affilias and those other wonks to handle.net is near zero. DeNIC is a good choice though, the DNS could use a dose of Germanic rigour, and those guys do good work.
Amen to this. I tried a bunch of others too. They seem to be staffed by people who were selling shoes in K-Mart last month. It's nice to talk to people that know what an NS record is.
Some highlights from other registrars I found this week: 1) Domain expired? No problem, pay us $150 or we'll let it go into the deleted pool. They had to have paid $6 to keep it from expiring so this really amounts to extortion. 2) Pay us $4/yr and we'll notify you by email before your domain expires. Oh, niiiiiice.
Yabbut, you've never seen inside there have you? Only a massive amount of funding to Vixie can beat their infrastructure and these days they're one of the better domain name companies if you look into it. You have to dostinguish between NSI's marketing wonks (eejits) and their technical people (the top of their game, frankly). If I had a vote where I want my.net names kept I'd say NSI.
I mean... Affilias? The people that ICANN's lawyers vetted an application TLD for then a court said it was an illegal lottery? They didn't even pass the ethics test out of the box (and apparanly ICANN's lawyers don't actually know the law).
The root dns was never broken. The NS records for panix.com were wrong in the.com zone. The root DNS tells you where to find the pointers to the.com tld servers.
"And it is your own damn fault. Cooking up the DRPs took years of work by the concerned interests, and they were more concerned with enduring legal title then momentary loss of possession. During those years, interest in the DNSO side of ICANN by network operators went from some to zero, and at the Montevideo meeting the ISP and Business constituencies were so small they meet in a small room and only half the seats were taken. After that point they were effectively merged. IMHO, Marilyn Cade and Phillipe Shepard are the ISP/B Constituency, and they can't hear you (for all 24x7 operational values of "you")."
It's *our* fault? Nice try, Eric. I should fly halfway around the world 4X a year at 5 grand a pop to stay in the ICANN 4 or 5 star host-hotel so I get my 15 minutes of being ignored at the mcirophone? BTDT for a couple of years. Even if you think you scored a minor victory ICANN will, and has, quietly chaged the bylaws to circumvent that. Oh, but don't worry, as a membership organization, as dictated by the USG we can all vote on this. Oh that's right, that bit never happened even though ICANN's initial purpose was to only define the organizaion, get members then pass it off to the duly elected board. We still have the current IBM/Magaziner appointed board and the "members" don't exists.
Lesse here, on one side we have the Intellectual Property wonks who ARE funded to fly to every meeting and are paid full time to lobby ICANN. Those buggers are everywhere, do not operate in the open and are anything but transparent. They work for companies with 3 letter names.
On the other side we have "us" and "our funding" (hahahahah). We lose. Thanks for playing; tragedy of the commons.
Interest in the DNSO and ICANN has waned because people are tired of beating their head against a brick wall till it's a bloody pulp; you can't begin to fight the behind the scenes back channel closed shenanigans the IP folks play, you don't even find out what they are till years later (cf the secret, thou shall not disclose meeting that IBM arranged with ICANN and NSI that Farber and Cerf attended that set this all in motion). They and they alone, as correctly pointed out, are and have always been the boogeymen behind virtually all troubles in the DNS today and have been since long before ICANN was a glint in Joe's eye.
To paraphrase Mark Twain, "It's a good thing we don't get all the ICANN we pay for"
Look what happened to Aurbach. ICANN see's openness as a fault and routes around it.
"Which lists the Registrant as one Ann Street, 5 Calder Road, Bellsquarry, Livingston, GB. ann.street@btinternet.com
Fake? Probably. But I'd be sending some buddies with baseball bats over to check it out, anyway, and also to 2530 Cannin Drive, Wilmington, Delaware."
Worse, I sent an IP/domain attorney over there and should hear back soon, complete with celphone cam pics. If nobody's home (it's a residence) not much will happen though.
"This is the sort of lack of responsibility that people forecast when MelbourneIT were set up to take the "au" domain away from the registrar of the time."
Exsqueeze me? One of the biggest registrars that a lot of poeple have had trouble with is CLOSED for the weekend?
I run a bunch of (free) mailing lists and DNS for a variety of stupid things like cars, tropical fish, dns etc. I'm open 24/7 and get calls at 4:30 am, not happily, but I do fix stuff. That MIT as a multimillion dollar organization thinks it's ok to take the weekend off critical internet infrastructure should be enough to get their precious ICANN accreditation yanked. But given how much money MIT pays ICANN this will never happen.
Expect fully a press release from ICANN saying how responsive MIT was in this situation.
It's not like you folks wern't warned this would happen. The NSI-ICANN agreement took away any power NSI had to fix this.
An in band solution altering DNS is probably not a solution, welcome to the modern internet and oddly, I don't see a peep out of ICANNs "Transfer Task Force".
The proper geek way to fix this is with BGP. Why hasn't anybody had the cajones to do this yet?
If somebody cares to contact me preferably by voice I can put the correct NS records for panix i the ORSC root zone and those of you sensible enough to not rely on other people to be in charge of the entire domain tree will be able to get to (alas) poor Panix normally.
John Berryhill is in Deleware and is now aware of the problem. When he stopped laughing he said he'd make some calls, lawyer to lawyer. And he is in Deleware. The address in DE of the NS host to panix is a residence, FWIW. Wilmington is not a large place...
I must say when I heard panix had been hijacked by something in Wilmington De and Canada my heart stopped till I found out is wasn't me and John.
If you're not scared enough, JB suggests you go to any_domain.1bu.com and welcome to the Chinese global phishing site.
It was by no means luck. A bunch of us knew about Henry's tapes and made sure then ended up somewhere usefull. SDSU and UWO got them from 9 track to DAT. I got Brewster Kahle to put them online and told Deja to grab them. It took 2 years but they did but never made them available in any sane format; Google did that.
For all the complaints about google keep in mind: where else can you find an article addressable archive of all of useent?
(Well, most of it, bits and pieces are not there, Henry's tapes were filty and large parts were unreadable)
Slashdot Mirror
Aren't those guys extremely burocratic w.r.t. domain transfers etc? Didn't they require real paperwork to transfer domains in their .de ccTLD (at least in the past)?
God I hope so. Your domain has never been as fungible as it is right now.
and just this weekend they transferred panix.com (registered through a different registrar) to a hijacke
No they didn't. A Melbourne IT sub-registrar did[1]. NSI did exactly what is was told by the registrar. If they did anything else than do what their registar told them too they're in breach and risk losing everything.
It may not make sense, but that's the way the ICANN contracts are worded. NSI is simply not allowed to fix shit that's broken, even obvioulsy so.
[1]Apparanly this sub-registrar was consolidating a list of domains and typod one causeing panix.com to be transferred. Since ICANN's new rules do not require the losing registar to acknowledge the transfer you're completly at the mercy of the accuracy and intrgrity of the sum of all ICANN registrars. If that doesn't scare you, nothing will. I repeat: some regustrat caused all these troubles by typoing a critical DNS name and it took two days to unfuck it. In the past when NSI had screwed up like this (2 times in 15 years) they fixed it in 3 hours.
.ORG
They get multi millions of dollars a year. But hey, they're non-profit so it's ok.
Non-profits are one of the best ways to spend lots of money and ignore accountability. "hey, they're a non-profit" doesn't mean they can't piss away millions stupidly on things this crowd might think inappropriate.
Sure, back in 86 that's what is was for. NSI tried for years to enforce this per the RFC but found sneaky people could always get around it while honest people were penalized. For $50 a name they couldn't make this work, there's too much manpower involded. For $6 a name the price the government dictated there's isn't a chance in hell of making this work.
They're just names. Just strings to make things easy for people. No further information can be derived from a TLD with any consistancy. Get over the fact the DNS is not a directory system.
Somebody broke their contractual obligations - it was ICANN, not NSI.
There's a clause in the ICANN/NSI agreement that NSI can't be treated unfaitly, that is, they can't be singled out with TLD policy not other TLD has to endure. At the time of sitefinder there were TWENTY SIX tlds doing wildcarding. So NSI did it too.
ICANN's proper response should have been "oh well, ok all you guys knock off the wildcarding" OR "ok, go boys go". Fair is fair.
But they didn't. They frapped NSI for it and let everybody else slide; there's still wildcaded TLDs out there.
Show me the part of the contract NSI broke. I can show you the part ICANN broke.
BTDT. Big business recoiled in horror at the idea and will not allow it. Since they're the ones ACTUALLY making these decisions it's a non-starter as a strategy, despite whether or not it's the right answer.
They havn't come to grips yet with the fact the root servers are run by volunteers with no contract but they havn't figured out what to do with that yet.
Keep in mind while it's theoretically possible, it's not actually practically pssible to change the IP addresses of the root serevrs; they're embedded in too many places. They shouldn't be, but they are.
.org was moved. Yes indeed. Have you seen how much money is made by administering it? Any idea where it all goes?
.com/net/org.
While bashing NSI is fashionable, mark my words, the way this is going to pan out you'll wish for the good old days of NSI's stewardship of
Yeah I uess we could do that. I don't mind using IP addresses instead of domain names.
.net is near zero. DeNIC is a good choice though, the DNS could use a dose of Germanic rigour, and those guys do good work.
My confidence in Affilias and those other wonks to handle
Amen to this. I tried a bunch of others too. They seem to be staffed by people who were selling shoes in K-Mart last month. It's nice to talk to people that know what an NS record is.
Some highlights from other registrars I found this week: 1) Domain expired? No problem, pay us $150 or we'll let it go into the deleted pool. They had to have paid $6 to keep it from expiring so this really amounts to extortion. 2) Pay us $4/yr and we'll notify you by email before your domain expires. Oh, niiiiiice.
Yabbut, you've never seen inside there have you? Only a massive amount of funding to Vixie can beat their infrastructure and these days they're one of the better domain name companies if you look into it. You have to dostinguish between NSI's marketing wonks (eejits) and their technical people (the top of their game, frankly). If I had a vote where I want my .net names kept I'd say NSI.
I mean... Affilias? The people that ICANN's lawyers vetted an application TLD for then a court said it was an illegal lottery? They didn't even pass the ethics test out of the box (and apparanly ICANN's lawyers don't actually know the law).
"Wait, IBM is evil now?"
In the domain name arena, yes, very much so.
They are the Emperor behind Darth ICANN.
I'm surprised Vixie/Malamud anc Co. didn't apply.
Can I steal your car or your house by simply faking email and guessing passwords? Of course not
No, but you can walk up to a car dealership and have a key made and steal a car. It's the analog version of hacking a password.
The root dns was never broken. The NS records for panix.com were wrong in the .com zone. The root DNS tells you where to find the pointers to the .com tld servers.
But I'm glad it's fixed.
Berryhill went to the house in Wilmington. The address is bogus.
Or rather the address is real but the guy we're looking for doesn't live there any more and the poeple there get all "sorts of wierd things".
This apparanly is not the first time this happened.
The lawyer in question has moved to PA.
John's gong home to check state corporate registration records to try to find him.
(Yes I'm shouting. I don't even have a caps lock key)
If the oppertunity presents itself to repair this it would be good to know what they are.
We're not talking about the same thing. Go read the NANOG thread and pay attention to the post ragrding a quick BGP change.
"And it is your own damn fault. Cooking up the DRPs took years of work by the concerned interests, and they were more concerned with enduring legal title then momentary loss of possession. During those years, interest in the DNSO side of ICANN by network operators went from some to zero, and at the Montevideo meeting the ISP and Business constituencies were so small they meet in a small room and only half the seats were taken. After that point they were effectively merged. IMHO, Marilyn Cade and Phillipe Shepard are the ISP/B Constituency, and they can't hear you (for all 24x7 operational values of "you")."
It's *our* fault? Nice try, Eric. I should fly halfway around the world 4X a year at 5 grand a pop to stay in the ICANN 4 or 5 star host-hotel so I get my 15 minutes of being ignored at the mcirophone? BTDT for a couple of years. Even if you think you scored a minor victory ICANN will, and has, quietly chaged the bylaws to circumvent that. Oh, but don't worry, as a membership organization, as dictated by the USG we can all vote on this. Oh that's right, that bit never happened even though ICANN's initial purpose was to only define the organizaion, get members then pass it off to the duly elected board. We still have the current IBM/Magaziner appointed board and the "members" don't exists.
Lesse here, on one side we have the Intellectual Property wonks who ARE funded to fly to every meeting and are paid full time to lobby ICANN. Those buggers are everywhere, do not operate in the open and are anything but transparent. They work for companies with 3 letter names.
On the other side we have "us" and "our funding" (hahahahah). We lose. Thanks for playing; tragedy of the commons.
Interest in the DNSO and ICANN has waned because people are tired of beating their head against a brick wall till it's a bloody pulp; you can't begin to fight the behind the scenes back channel closed shenanigans the IP folks play, you don't even find out what they are till years later (cf the secret, thou shall not disclose meeting that IBM arranged with ICANN and NSI that Farber and Cerf attended that set this all in motion). They and they alone, as correctly pointed out, are and have always been the boogeymen behind virtually all troubles in the DNS today and have been since long before ICANN was a glint in Joe's eye.
To paraphrase Mark Twain, "It's a good thing we don't get all the ICANN we pay for"
Look what happened to Aurbach. ICANN see's openness as a fault and routes around it.
"Which lists the Registrant as one Ann Street, 5 Calder Road, Bellsquarry, Livingston, GB. ann.street@btinternet.com
Fake? Probably. But I'd be sending some buddies with baseball bats over to check it out, anyway, and also to 2530 Cannin Drive, Wilmington, Delaware."
Worse, I sent an IP/domain attorney over there and should hear back soon, complete with celphone cam pics. If nobody's home (it's a residence) not much will happen though.
"This is the sort of lack of responsibility that people forecast when MelbourneIT were set up to take the "au" domain away from the registrar of the time."
Yes, because he wasn't "responsible" enough.
We have always been at war with Oceana.
Exsqueeze me? One of the biggest registrars that a lot of poeple have had trouble with is CLOSED for the weekend?
I run a bunch of (free) mailing lists and DNS for a variety of stupid things like cars, tropical fish, dns etc. I'm open 24/7 and get calls at 4:30 am, not happily, but I do fix stuff. That MIT as a multimillion dollar organization thinks it's ok to take the weekend off critical internet infrastructure should be enough to get their precious ICANN accreditation yanked. But given how much money MIT pays ICANN this will never happen.
Expect fully a press release from ICANN saying how responsive MIT was in this situation.
Welcome to the modern internet.
"If the sex.com case is precdent"
What he said. It took what, 5 years to get that fixed?
It's not like you folks wern't warned this would happen. The NSI-ICANN agreement took away any power NSI had to fix this.
An in band solution altering DNS is probably not a solution, welcome to the modern internet and oddly, I don't see a peep out of ICANNs "Transfer Task Force".
The proper geek way to fix this is with BGP. Why hasn't anybody had the cajones to do this yet?
If somebody cares to contact me preferably by voice I can put the correct NS records for panix i the ORSC root zone and those of you sensible enough to not rely on other people to be in charge of the entire domain tree will be able to get to (alas) poor Panix normally.
John Berryhill is in Deleware and is now aware of the problem. When he stopped laughing he said he'd make some calls, lawyer to lawyer. And he is in Deleware. The address in DE of the NS host to panix is a residence, FWIW. Wilmington is not a large place...
I must say when I heard panix had been hijacked by something in Wilmington De and Canada my heart stopped till I found out is wasn't me and John.
If you're not scared enough, JB suggests you go to any_domain.1bu.com and welcome to the Chinese global phishing site.
Jane you ignorant slut;
There's only one "f" in "spaf".
It was by no means luck. A bunch of us knew about Henry's tapes and made sure then ended up somewhere usefull. SDSU and UWO got them from 9 track to DAT. I got Brewster Kahle to put them online and told Deja to grab them. It took 2 years but they did but never made them available in any sane format; Google did that.
For all the complaints about google keep in mind: where else can you find an article addressable archive of all of useent?
(Well, most of it, bits and pieces are not there, Henry's tapes were filty and large parts were unreadable)
Nazi's will be mentioned in three more posts. ANd no, Godwin didn't say it first.
And the timeline sucks ass. For a guy named Pike to leave out sci.aquaria is inexcusable.