VeriSign demands website takedown powers
Avri Doria
avri at ACM.ORG
Tue Oct 11 22:28:15 CEST 2011
Hi,
But in any case, these would still point to the Verisign servers for resolving .com names. It does not really matter where the roots are in this particular issue. The only relevance of the root servers if for identifying where to find .com or any of the other top levels. I don't assume that K will be redefining the location of the .com server.
avri
On 11 Oct 2011, at 16:10, Nuno Garcia wrote:
> Yes, but besides the A servers, which they can tweak, you have another 12 classes of servers that are at the same root level. So, for example, can they access the DB of class K server which is in the Netherlands?
>
> The update feature in the protocol propagates the changes in the DB and that eventually affects all the DB in all the DNS servers in the world.
>
> So - this is possible because of their location and because of root server update algorithms.
>
> If, by chance, the K server chose not to update*, users in Europe would still be able to find a US-canceled .com domain.
>
> BR
> NG
>
> * this is fact impossible because the RFC that rules this states that it has to update.
>
> On 11 October 2011 18:18, McTim <dogwallah at gmail.com> wrote:
>
>
> On Tue, Oct 11, 2011 at 7:41 PM, Nuno Garcia <ngarcia at ngarcia.net> wrote:
> I am not sure I agree when you say the registry is in the US.
>
> Verisign is the Registry. They run "A" root-server and .com and .net They are in the US.
>
> If you want to disable a .com domain, you need to delete the zone for that domain from the .com database.
>
> It's like this:
>
> C:\Documents and Settings\Administrator>dig com. ngarcia.net @a.gtld-servers.net.
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 640
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
>
> ;; QUESTION SECTION:
> ;com. IN A
>
> ;; AUTHORITY SECTION:
> com. 852 IN SOA a.gtld-servers.net. nstld.verisign-grs.com. 1318353338 1800 900 604800 86400
>
> ;; Query time: 156 msec
> ;; SERVER: 196.200.16.2#53(196.200.16.2)
> ;; WHEN: Tue Oct 11 20:16:58 2011
> ;; MSG SIZE rcvd: 94
>
>
> ; <<>> DiG 9.3.2 <<>> com. ngarcia.net @a.gtld-servers.net.
> ; (1 server found)
> ;; global options: printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 348
> ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 2
>
> ;; QUESTION SECTION:
> ;ngarcia.net. IN A
>
> ;; AUTHORITY SECTION:
> ngarcia.net. 172800 IN NS ns25.domaincontrol.com.
> ngarcia.net. 172800 IN NS ns26.domaincontrol.com.
>
> ;; ADDITIONAL SECTION:
> ns25.domaincontrol.com. 172800 IN A 216.69.185.13
> ns26.domaincontrol.com. 172800 IN A 208.109.255.13
>
> ;; Query time: 562 msec
> ;; SERVER: 192.5.6.30#53(192.5.6.30)
> ;; WHEN: Tue Oct 11 20:16:59 2011
> ;; MSG SIZE rcvd: 116
>
>
>
> --
> Cheers,
>
> McTim
> "A name indicates what we seek. An address indicates where it is. A route indicates how we get there." Jon Postel
>
More information about the Ncuc-discuss
mailing list