VeriSign demands website takedown powers

Avri Doria avri at ACM.ORG
Tue Oct 11 22:28:15 CEST 2011


Hi,

But in any case, these would still point to the Verisign servers for resolving .com names.  It does not really matter where the roots are in this particular issue.  The only relevance of the root servers if for identifying where to find .com or any of the other top levels. I don't assume that K will be redefining the location of the .com server.

avri

On 11 Oct 2011, at 16:10, Nuno Garcia wrote:

> Yes, but besides the A servers, which they can tweak, you have another 12 classes of servers that are at the same root level. So, for example, can they access the DB of class K server which is in the Netherlands?
> 
> The update feature in the protocol propagates the changes in the DB and that eventually affects all the DB in all the DNS servers in the world.
> 
> So - this is possible because of their location and because of root server update algorithms.
> 
> If, by chance, the K server chose not to update*, users in Europe would still be able to find a US-canceled .com domain.
> 
> BR
> NG
> 
> * this is fact impossible because the RFC that rules this states that it has to update.
> 
> On 11 October 2011 18:18, McTim <dogwallah at gmail.com> wrote:
> 
> 
> On Tue, Oct 11, 2011 at 7:41 PM, Nuno Garcia <ngarcia at ngarcia.net> wrote:
> I am not sure I agree when you say the registry is in the US.
> 
> Verisign is the Registry.  They run "A" root-server and .com and .net They are in the US.  
> 
> If you want to disable a .com domain, you need to delete the zone for that domain from the .com database.
> 
> It's like this:
> 
> C:\Documents and Settings\Administrator>dig com. ngarcia.net @a.gtld-servers.net.
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 640
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
> 
> ;; QUESTION SECTION:
> ;com.                           IN      A
> 
> ;; AUTHORITY SECTION:
> com.                    852     IN      SOA     a.gtld-servers.net. nstld.verisign-grs.com. 1318353338 1800 900 604800 86400
> 
> ;; Query time: 156 msec
> ;; SERVER: 196.200.16.2#53(196.200.16.2)
> ;; WHEN: Tue Oct 11 20:16:58 2011
> ;; MSG SIZE  rcvd: 94
> 
> 
> ; <<>> DiG 9.3.2 <<>> com. ngarcia.net @a.gtld-servers.net.
> ; (1 server found)
> ;; global options:  printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 348
> ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 2
> 
> ;; QUESTION SECTION:
> ;ngarcia.net.                   IN      A
> 
> ;; AUTHORITY SECTION:
> ngarcia.net.            172800  IN      NS      ns25.domaincontrol.com.
> ngarcia.net.            172800  IN      NS      ns26.domaincontrol.com.
> 
> ;; ADDITIONAL SECTION:
> ns25.domaincontrol.com. 172800  IN      A       216.69.185.13
> ns26.domaincontrol.com. 172800  IN      A       208.109.255.13
> 
> ;; Query time: 562 msec
> ;; SERVER: 192.5.6.30#53(192.5.6.30)
> ;; WHEN: Tue Oct 11 20:16:59 2011
> ;; MSG SIZE  rcvd: 116
> 
> 
> 
> -- 
> Cheers,
> 
> McTim
> "A name indicates what we seek. An address indicates where it is. A route indicates how we get there."  Jon Postel
> 


More information about the Ncuc-discuss mailing list