ICANN to allow commercial gTLDs

Owen DeLong owen at delong.com
Fri Jun 17 22:02:41 CDT 2011


On Jun 17, 2011, at 7:40 PM, Jay Ashworth wrote:

> ---- Original Message -----
>> From: "Owen DeLong" <owen at delong.com>
> 
>> That won't stop them from building zone files that look like this:
>> 
>> 
>> @ IN SOA ...
>> NS ...
>> ...
>> A ...
>> AAAA ...
>> www A ...
>> AAAA ...
>> 
>> Sure, they'll advertise www.apple, but, you better believe that
>> they'll take whatever lands at http://apple and you can certainly
>> count on the fact that any mal-actors that get control of one of
>> these TLDs (whether they paid the $185k or not) will take full
>> advantage of the situation and its security risks.
> 
> Not necessarily, Owen.  Remember: Since we're *in the TLD space* now, 
> you can't capture the unmodified domain *without adding records to the 
> root*:
> 

You can, actually...

It is perfectly valid for example, in COM to have:


delong.com.			IN	NS		ns.delong.org.
					IN	NS		ns2.delong.org.

and have ns/ns2 .delong.org. return the following:


delong.com.			IN	SOA	.......
					IN	NS		ns.delong.org.
								ns2.delong.org.
						A		192.159.10.2
						AAAA	2620:0:930::200:2
www				IN	A		192.159.10.7
						AAAA	2620:0:930::400:7

Why would this not work equally well for APPLE where the
root zone would have:

apple.				IN	NS		......
					IN	NS		......

Where you would then have the detail (as above in the delong.com
zone file) contained in the apple. zone file on the specified
authoritative nameservers?

> apple.com and www.apple.com are in the same zone file

apple and www.apple are in the same zone file to that extent
as well.

apple.com is a delegation from .com just as apple is a delegation from .

> apple. and www.apple. are *not* -- and the root operators may throw
> their hands up in the air if anyone asks them to have anything in their
> zone except glue -- rightly, I think; it's not a degree of complexity
> that's compatible with the required stability of the root zone.
> 
Sir, either you are very confused, or, I am. I am saying that TLDs
behave with the same delegation rules as SLDs, which I believe
to be correct. You are claiming that TLDs are in some way magical
and that the ability to delegate begins at SLDs. I think the fact that
there is data in the COM zone separate from the root indicates that
I am correct.

> Especially since the root zone actually lives in 14 different places.
> 
But the root zone would still only contain delegation and possibly glue.

Everything else would still be in the zone file, just like a subdelegation
of COM for apple.com, but, this would be  a subdelegation of . for apple.

> No, anything that requires the root zone to be fluid[1] is going to cause even
> more fundamental engineering problems than I've been positing so far tonight.
> 

I agree, but, this doesn't require that to happen. It might cause it to happen
without root zone operator intervention (which may be worse), but, it doesn't
require the root zone operators to cooperate beyond delegating the TLDs
which seems pretty much assured by the current announcement.

Owen






More information about the NANOG mailing list