VeriSign demands website takedown powers

Nuno Garcia ngarcia at NGARCIA.NET
Tue Oct 11 22:10:20 CEST 2011


Yes, but besides the A servers, which they can tweak, you have another 12
classes of servers that are at the same root level. So, for example, can
they access the DB of class K server which is in the Netherlands?

The update feature in the protocol propagates the changes in the DB and that
eventually affects all the DB in all the DNS servers in the world.

So - this is possible because of their location and because of root server
update algorithms.

If, by chance, the K server chose not to update*, users in Europe would
still be able to find a US-canceled .com domain.

BR
NG

* this is fact impossible because the RFC that rules this states that it has
to update.

On 11 October 2011 18:18, McTim <dogwallah at gmail.com> wrote:

>
>
> On Tue, Oct 11, 2011 at 7:41 PM, Nuno Garcia <ngarcia at ngarcia.net> wrote:
>
>> I am not sure I agree when you say the registry is in the US.
>
>
> Verisign is the Registry.  They run "A" root-server and .com and .net They
> are in the US.
>
>  If you want to disable a .com domain, you need to delete the zone for that
> domain from the .com database.
>
> It's like this:
>
> C:\Documents and Settings\Administrator>dig com. ngarcia.net @
> a.gtld-servers.net.
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 640
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
>
> ;; QUESTION SECTION:
> ;com.                           IN      A
>
> ;; AUTHORITY SECTION:
> com.                    852     IN      SOA     a.gtld-servers.net.
> nstld.verisign-grs.com. 1318353338 1800 900 604800 86400
>
> ;; Query time: 156 msec
> ;; SERVER: 196.200.16.2#53(196.200.16.2)
> ;; WHEN: Tue Oct 11 20:16:58 2011
> ;; MSG SIZE  rcvd: 94
>
>
> ; <<>> DiG 9.3.2 <<>> com. ngarcia.net @a.gtld-servers.net.
> ; (1 server found)
> ;; global options:  printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 348
> ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 2
>
> ;; QUESTION SECTION:
> ;ngarcia.net.                   IN      A
>
> ;; AUTHORITY SECTION:
> ngarcia.net.            172800  IN      NS      ns25.domaincontrol.com.
> ngarcia.net.            172800  IN      NS      ns26.domaincontrol.com.
>
> ;; ADDITIONAL SECTION:
> ns25.domaincontrol.com. 172800  IN      A       216.69.185.13
> ns26.domaincontrol.com. 172800  IN      A       208.109.255.13
>
> ;; Query time: 562 msec
> ;; SERVER: 192.5.6.30#53(192.5.6.30)
> ;; WHEN: Tue Oct 11 20:16:59 2011
> ;; MSG SIZE  rcvd: 116
>
>
>
> --
> Cheers,
>
> McTim
> "A name indicates what we seek. An address indicates where it is. A route
> indicates how we get there."  Jon Postel
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ncuc.org/pipermail/ncuc-discuss/attachments/20111011/228543d9/attachment-0001.html>


More information about the Ncuc-discuss mailing list