[ppml] Policy Proposal: Resource Reclamation Incentives
Dean Anderson
dean at av8.com
Tue Jul 3 12:40:45 EDT 2007
- Previous message: [ppml] Policy Proposal: Resource Reclamation Incentives
- Next message: [ppml] Policy Proposal: Resource Reclamation Incentives
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Tue, 3 Jul 2007, Martin Hannigan wrote: > > Or not. > > > > Some of us registered our domain names back at a time when > > they were free. At some point NSF/NSI decided we should > > pay a yearly fee, and simply started charging it. There > > was no revolt. > > There was no pending shortage either, and I seem to recall > an outcry when NSI implemented fees. Funny how people forget history. Before the internet was commercialized, it was a government funded research project: Not only was commercial use of the government research network forbidden, but you had to state a research purpose to just to get a connection. In 1989 and 1991, I worked at companies that filled out this paperwork. And it was all paper. If the internet were still a government-funded non-commercial research program, it would still be "free" to register domains, but there would be no commercial use: no spam, no ISPs, no web companies, no google, no nothing; just government research. The NSF/NSI didn't just 'decide' to charge a yearly fee. The Internet was commercialized at the joint agreement of industry and the US government. Commercialization means the Internet wasn't going to be government-funded anymore. Even most idiots realize that Registry services can't be free, so one has to pay for domains, etc. People (the same people it seems) also conveniently "forget" that Usenet, was always commercial, and it was always 'spammed' in the form of announcements of commercial products and services. Indeed, the "UU" in UUnet refers to 'UUCP'. UUnet was a commercial UUCP/Usenet operator before the Internet. UUnet was able to be one of the first ISPs because it was previously a commercial usenet operator. Many other companies like Compuserve were online providers who also pre-dated the internet. These people conveniently "forget" that that thing with the Immigration spam in 1994 was a cancel/repost war between the immigration lawyers and some idiots who tried to impose their own mistaken ideas on Usenet. The immigration lawyers didn't post 5000 messages to annoy people, nor to get people to read their spam 5000 times, as anti-spammer zealots describe the incident. Rather, the immigration lawyers posted 5000 times to override 4999 improper cancels. It was indeed annoying to get 5000 messages (especially tedious at many sites that had already prevented untrusted cancels), but the true fault of that problem was the people who improperly posted the cancels: they had no right to say what was appropriate or not appropriate on usenet. The lawyers who posted the announcment of immigration services had every right to use the commercial usenet network to announce their services; certainly they had as much right to use it as DEC and other companies that announced new products and services on Usenet, because usenet was always commercial. So one wonders how people (junior people, generally) became so confused about both Usenet and the Internet, that they would zealously post such cancels. It makes more sense when you investigate the senior people who were misleading the junior people, and prompting their misbehavior. This subject was just discussed on the DJB dns list, concerning open-rsc.org, which is an alternate root server site. The message below is not written to be responsive to the history issue, but its still relevant to the 'outcry' over NSI, and other dirty tricks of the time. --------------------------- But, I'm a bit dubious about this site. The website is hosted by UltraDNS. You probably already know UltraDNS is one of the Rodney Joffe & Paul Vixie "BIND companies". Joffe is also the guy who runs the spam operation called Whitehat.com. There is some background to this: You've all probably heard of Sanford Wallace (the proto-spammer). Not so well-known is that Sanford Wallace also sold anti-spam software. Wallace created the nuisance and also sold the cure. Most anti-spammer sites just talk about the nuisance side of Wallace, and leave out the anti-spam software he sold. In 1996 or so, Vixie and Joffe just stole Wallace's business plan, founding a blacklist (MAPS) and founding a Spam company (Whitehat), and keeping a very low profile on the connection between them. Joffe is a founder (or board member) of UltraDNS. Vixie, John Levine (now chair of ASRG anti-spam-research-group), and Ray Everett-Church were on the board of Whitehat. Joffe connects Vixie to UltraDNS, but I think there are other connections, too. In January 1998, in an attempted squeeze-out of network solutions for "spamming" NetSol domain contacts with NetSol added services (not something we'd call unsolicited today), Postel, with Vixie and 8 other server operators, tried to take control of the roots. They tried to force out NetSol on the Machiavellian principle of "if you can destroy something, you control it". By taking over the roots, they could destabilize the internet, and forcibly remove NetSol. The government stepped in, and they lost. There is a good book on this episode, entitled "Who Controls the Internet" subtitled "Illusions of a borderless world" by Goldsmith and Wu. Prophetically, open-rsc was formed 18-Dec-1997. A month _before_ Postel tried to take over with Vixie and co. Interested yet? Open-rsc.org is currently seviced by: open-rsc.org. 172800 IN NS mejac.palo-alto.ca.us. open-rsc.org. 172800 IN NS ns1.quasar.net. open-rsc.org. 172800 IN NS ns1.vrx.net. Richard Sexton and Brian Reid founded open-rsc.org. Sexton is VRX.net, and a frequent Nanog poster/Vixie crony. Brian Reid is: NetRange: 192.147.236.0 - 192.147.236.255 CIDR: 192.147.236.0/24 NetName: BKR-HOME-NET NetHandle: NET-192-147-236-0-1 Parent: NET-192-0-0-0-0 NetType: Direct Assignment NameServer: MEJAC.PALO-ALTO.CA.US NameServer: UUCP-GW-1.PA.DEC.COM NameServer: UUCP-GW-2.PA.DEC.COM Comment: RegDate: 1992-02-20 Updated: 1997-06-09 PA.DEC.COM used to be run by Vixie. MEJAC.PALO-ALTO.CA.US is currently hosted by ISC. I think we can say Reid is a Vixie crony, too. And since Vixie is operator of the ICANN F-root, one wonders why Vixie/UltraDNS and co. would be involved in opposing ICANN. Seems to be a bit heretical for the ICANN-approved operator to be doing this. (I can't help but think of the StarWars Count Dooku/Chancellor Palpatine thing). I'll just say there is a long history of various dirty tricks that weren't in anyone's interests but the people selling spam/anti-spam/ancasted-roots. Indeed, makes one wonder if we might know who runs the botnets. There is unquestionably a rich seam of dubious antics for soap-opera and conspiracy writers to write about. That isn't my point, here though. My point is this: the public interest has certainly not been well-served by these antics, nor by the clowns performing the antics. But.... The time may have come for alternate root servers, though. Because on the otherhand, since ICANN allows anycasting DNS roots, breaking TCP and ENDSO replies (in spite of the need to support TCP in the roots), an alternate (and non-anycasted) set of root servers may be a good idea. [The Anycasting of roots was also at Vixie's urging. It allows Vixie and others can sell copies to ISPs for thousands per month. 37+ copies for ISC, 70+ for Verisign, and RIPE doesn't report the number. Last I heard, 6 of 13 root operators are anycasting or planning to do so.] Scalability of the roots would be enhanced by a larger number of non-anycast roots. Anycasted roots (and non-roots) are more vulnerable to DDOS attack, because as one falls over, and the path is withdrawn, more load automatically falls on the remaining servers. If the path isn't withdrawn, the legit users of that server still lose. Anycast is vulnerable to a domino effect. Such a domino effect doesn't occur with hundreds of unique IPs (using the same number of servers). Anycast makes DDoS easier and more effective for the DDoS'r. Anycast works well for that 'we can destroy, so we control' thing they tried in 1998. There is also no need to have optional authority information in the root response. This also allows more than 13 root servers in a standard non-ednso response for the nameservers for "." But this query is usually only run by humans. Autoconfiguration using this query is rare, I think. The hints and caches are not populated this way. In fact, one can have hundreds is unique root servers without putting them all in the hints/cache configuration. All that is necessary is to have a distribution system for the current list, and then select from that for the cache files. I'd say a news server, as DJB suggests, with signed root zone messages would be a good idea. Then root servers just have to be configured to give back a limited number for queries to "." for type NS. If this is done, anyone can run a root server, just by looking at the message with the proper (signed) root zone contents, and telling their customers to put the server in their root hints configuration. This makes the root DNS service invulnerable to DDoS attack. And that, I think, well serves the public interest. --Dean -- Av8 Internet Prepared to pay a premium for better service? www.av8.net faster, more reliable, better service 617 344 9000
- Previous message: [ppml] Policy Proposal: Resource Reclamation Incentives
- Next message: [ppml] Policy Proposal: Resource Reclamation Incentives
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the PPML mailing list