[ppml] Policy Proposal: Resource Reclamation Incentives

Dean Anderson dean at av8.com
Tue Jul 3 12:40:45 EDT 2007 

On Tue, 3 Jul 2007, Martin Hannigan wrote:

> > Or not.
> > 
> > Some of us registered our domain names back at a time when
> > they were free.  At some point NSF/NSI decided we should
> > pay a yearly fee, and simply started charging it.  There
> > was no revolt.
> 
> There was no pending shortage either, and I seem to recall
> an outcry when NSI implemented fees. 

Funny how people forget history.  Before the internet was
commercialized, it was a government funded research project: Not only
was commercial use of the government research network forbidden, but you
had to state a research purpose to just to get a connection.  In 1989
and 1991, I worked at companies that filled out this paperwork. And it
was all paper.

If the internet were still a government-funded non-commercial research
program, it would still be "free" to register domains, but there would
be no commercial use: no spam, no ISPs, no web companies, no google, no
nothing; just government research.

The NSF/NSI didn't just 'decide' to charge a yearly fee. The Internet
was commercialized at the joint agreement of industry and the US
government. Commercialization means the Internet wasn't going to be
government-funded anymore. Even most idiots realize that Registry
services can't be free, so one has to pay for domains, etc.

People (the same people it seems) also conveniently "forget" that
Usenet, was always commercial, and it was always 'spammed' in the form
of announcements of commercial products and services.  Indeed, the "UU"
in UUnet refers to 'UUCP'.  UUnet was a commercial UUCP/Usenet operator
before the Internet.  UUnet was able to be one of the first ISPs because
it was previously a commercial usenet operator. Many other companies
like Compuserve were online providers who also pre-dated the internet.  

These people conveniently "forget" that that thing with the Immigration
spam in 1994 was a cancel/repost war between the immigration lawyers and
some idiots who tried to impose their own mistaken ideas on Usenet. The
immigration lawyers didn't post 5000 messages to annoy people, nor to
get people to read their spam 5000 times, as anti-spammer zealots
describe the incident. Rather, the immigration lawyers posted 5000 times
to override 4999 improper cancels.  It was indeed annoying to get 5000
messages (especially tedious at many sites that had already prevented
untrusted cancels), but the true fault of that problem was the people
who improperly posted the cancels: they had no right to say what was
appropriate or not appropriate on usenet.  The lawyers who posted the
announcment of immigration services had every right to use the
commercial usenet network to announce their services; certainly they had
as much right to use it as DEC and other companies that announced new
products and services on Usenet, because usenet was always commercial.

So one wonders how people (junior people, generally) became so confused
about both Usenet and the Internet, that they would zealously post such
cancels.  It makes more sense when you investigate the senior people who
were misleading the junior people, and prompting their misbehavior.

This subject was just discussed on the DJB dns list, concerning
open-rsc.org, which is an alternate root server site. The message below
is not written to be responsive to the history issue, but its still
relevant to the 'outcry' over NSI, and other dirty tricks of the time.

---------------------------


But, I'm a bit dubious about this site. The website is hosted by
UltraDNS. You probably already know UltraDNS is one of the Rodney Joffe
& Paul Vixie "BIND companies". Joffe is also the guy who runs the spam
operation called Whitehat.com. There is some background to this: You've
all probably heard of Sanford Wallace (the proto-spammer).  Not so
well-known is that Sanford Wallace also sold anti-spam software. Wallace
created the nuisance and also sold the cure. Most anti-spammer sites
just talk about the nuisance side of Wallace, and leave out the
anti-spam software he sold. In 1996 or so, Vixie and Joffe just stole
Wallace's business plan, founding a blacklist (MAPS) and founding a Spam
company (Whitehat), and keeping a very low profile on the connection
between them.  Joffe is a founder (or board member)  of UltraDNS. Vixie,
John Levine (now chair of ASRG anti-spam-research-group), and Ray
Everett-Church were on the board of Whitehat.  Joffe connects Vixie to
UltraDNS, but I think there are other connections, too.

In January 1998, in an attempted squeeze-out of network solutions for
"spamming" NetSol domain contacts with NetSol added services (not
something we'd call unsolicited today), Postel, with Vixie and 8 other
server operators, tried to take control of the roots.  They tried to
force out NetSol on the Machiavellian principle of "if you can destroy
something, you control it". By taking over the roots, they could
destabilize the internet, and forcibly remove NetSol.  The government
stepped in, and they lost. There is a good book on this episode,
entitled "Who Controls the Internet" subtitled "Illusions of a
borderless world"  by Goldsmith and Wu.  

Prophetically, open-rsc was formed 18-Dec-1997. A month _before_ Postel
tried to take over with Vixie and co.  Interested yet? 

Open-rsc.org is currently seviced by:

open-rsc.org.           172800  IN      NS      mejac.palo-alto.ca.us.
open-rsc.org.           172800  IN      NS      ns1.quasar.net.
open-rsc.org.           172800  IN      NS      ns1.vrx.net.

Richard Sexton and Brian Reid founded open-rsc.org.  Sexton is VRX.net,
and a frequent Nanog poster/Vixie crony.

Brian Reid is:

NetRange:   192.147.236.0 - 192.147.236.255 
CIDR:       192.147.236.0/24 
NetName:    BKR-HOME-NET
NetHandle:  NET-192-147-236-0-1
Parent:     NET-192-0-0-0-0
NetType:    Direct Assignment
NameServer: MEJAC.PALO-ALTO.CA.US
NameServer: UUCP-GW-1.PA.DEC.COM
NameServer: UUCP-GW-2.PA.DEC.COM
Comment:    
RegDate:    1992-02-20
Updated:    1997-06-09

PA.DEC.COM used to be run by Vixie.
MEJAC.PALO-ALTO.CA.US is currently hosted by ISC.

I think we can say Reid is a Vixie crony, too.

And since Vixie is operator of the ICANN F-root, one wonders why
Vixie/UltraDNS and co. would be involved in opposing ICANN.  Seems to be
a bit heretical for the ICANN-approved operator to be doing this. (I
can't help but think of the StarWars Count Dooku/Chancellor Palpatine
thing). I'll just say there is a long history of various dirty tricks
that weren't in anyone's interests but the people selling
spam/anti-spam/ancasted-roots.  Indeed, makes one wonder if we might
know who runs the botnets.  There is unquestionably a rich seam of
dubious antics for soap-opera and conspiracy writers to write about.  
That isn't my point, here though. My point is this: the public interest
has certainly not been well-served by these antics, nor by the clowns
performing the antics.



But....

The time may have come for alternate root servers, though. Because on
the otherhand, since ICANN allows anycasting DNS roots, breaking TCP and
ENDSO replies (in spite of the need to support TCP in the roots), an
alternate (and non-anycasted) set of root servers may be a good idea.

[The Anycasting of roots was also at Vixie's urging. It allows Vixie and
others can sell copies to ISPs for thousands per month. 37+ copies for
ISC, 70+ for Verisign, and RIPE doesn't report the number. Last I heard,
6 of 13 root operators are anycasting or planning to do so.]

Scalability of the roots would be enhanced by a larger number of
non-anycast roots.  Anycasted roots (and non-roots) are more vulnerable
to DDOS attack, because as one falls over, and the path is withdrawn,
more load automatically falls on the remaining servers. If the path
isn't withdrawn, the legit users of that server still lose.  Anycast is
vulnerable to a domino effect. Such a domino effect doesn't occur with
hundreds of unique IPs (using the same number of servers).  Anycast
makes DDoS easier and more effective for the DDoS'r.  Anycast works well
for that 'we can destroy, so we control' thing they tried in 1998.

There is also no need to have optional authority information in the root
response. This also allows more than 13 root servers in a standard
non-ednso response for the nameservers for "."  But this query is
usually only run by humans.  Autoconfiguration using this query is rare,
I think. The hints and caches are not populated this way.  In fact, one
can have hundreds is unique root servers without putting them all in the
hints/cache configuration.  All that is necessary is to have a
distribution system for the current list, and then select from that for
the cache files. I'd say a news server, as DJB suggests, with signed
root zone messages would be a good idea.  Then root servers just have to
be configured to give back a limited number for queries to "."  for type
NS.  

If this is done, anyone can run a root server, just by looking at the
message with the proper (signed) root zone contents, and telling their
customers to put the server in their root hints configuration.  This
makes the root DNS service invulnerable to DDoS attack.  And that, I 
think, well serves the public interest.






		--Dean


-- 
Av8 Internet   Prepared to pay a premium for better service?
www.av8.net         faster, more reliable, better service
617 344 9000

More information about the ARIN-PPML mailing list