Re: [plug] your own root server, anyone?

Top Page

Reply to this message
Author: Anthony Florendo
Date:  
To: Philippine Linux Users' Group (PLUG) Technical Discussion List
Subject: Re: [plug] your own root server, anyone?
Yup, got that.  I was pointing out the official docs as part of the learning process. :-)
When RealNames was launched in the US a few years ago, they allowed for non-compliant TLD's.  Basically, they sold the rights to companies who would buy them.  
https://en.wikipedia.org/wiki/RealNames
To make this work, the DNS resolvers that would use those networks would resolve only to the local root server.  In many of the attempts to do this (RealNames and New.Net) relied on the non-RFC compliant Microsoft Network DNS version to hijack the DNS requests somehow.  The controversy around the companies was lost in the political nature that the Internet created, and as the alternative roots ran out of money, they turned to ad sales shortly before the demise of the companies.  Its noteworthy that a few of the TLDs proposed by RealNames are now mainstream.
I think from a national level, having a 'local' root server for philippine based computers would help us understand our national information technology needs. 
Another aspect of this would be to set up our own PKS certificate authority -- this would help, specially in areas of national security concerns where the root CA is only made available to 'authorized agencies'.  CAs can be used for signing as well as encrypting -- since we would be in control of the CA (instead of say a foreign company) the chance that the root cert can be subpoena'd by a foreign agency is much lower.
If we set up the CA for IPSEC signing, the certs can also be used in such a way that visas are used for travel.  If you have a signed cert, you can traverse our network ;-)


      From: Roberto Verzola <rverzola@???>
 To: Philippine Linux Users' Group (PLUG) Technical Discussion List <plug@???> 
Cc: Anthony Florendo <arfspot-plug@???>
 Sent: Thursday, July 7, 2016 3:48 PM
 Subject: Re: [plug] your own root server, anyone?


By the way, this is the Louis Pouzin I'm talking about:

http://www.techweekeurope.co.uk/workspace/open-root-and-the-grandfather-of-the-internet-97497

Obet



On Fri, 8 Jul 2016 06:13:49 +0800
Roberto Verzola <rverzola@???> wrote:

> Hi Anthony,
>
> The sites you gave are about the official Internet root servers. I'm talking about alternatives to these servers. In the same way that Linux/GNU and FOSS are declarations of independence from Microsoft monopoly and control and from commercial copyrighted software in general, the open root idea is a declaration of independence from the ICANN monopoly in assigning TLDs.
>
> Pls check www.open-root.eu and www.orsn.org.
>
> I don't really know a lot about the details. But I know that the open root concept is also about freedom.
>
> By the way, I think setting up such a root might require a static IP address for the servers, which the bigger companies may have but I don't.
>
> Greetings to all,
>
> Obet
>
>
> On Thu, 7 Jul 2016 16:38:52 +0000 (UTC)
> Anthony Florendo <arfspot-plug@???> wrote:
>
> >
> >
> >
> > Hi Roberto,
> > The IANA site provides some information around how to set up a root server.IANA — Domain Name Services
> >
> > 
> > | 
> > | 
> > | 
> > |  |    |
> >
> >  |
> >
> >  |
> > | 
> > |  | 
> > IANA — Domain Name Services
> >    |  |
> >
> >  |
> >
> >  |
> >
> > 
> >
> > There is also here:
> > http://www.root-servers.org/
> >
> > From my experience, many ISPs here in the US just run a DNS caching service and sometimes just ignores the TTL.  Due to the sheer number of requests to DNS serves maintained by companies like AT&T, Verizon or Earthlink, the servers (or clusters) quickly become populated with almost all the servers that their customers visit.
> > It seems they adjust the TTL to 30 mins to 4 hours, to reduce the outbound UDP calls required for the update
> > There were also some attempts in the past to break away from the approved TLDs -- there were a couple of companies that set up their own root servers and sold "realnames" instead of the usual TLD.  
> >
> >
> >
> >
> >
> >      From: Roberto Verzola <rverzola@???>
> >  To: plug@???
> > Cc: Philippine Linux Users' Group (PLUG) Technical Discussion List <plug@???>; Michael Tinsay <tinsami1@???>
> >  Sent: Tuesday, July 5, 2016 5:27 PM
> >  Subject: Re: [plug] your own root server, anyone?
> > 
> > Hi Mike,
> >
> > I'm only asking for interest in joining a learning process, not really about any commitment to set up a root server.
> >
> > And for further clarification: I'm not talking of DNS servers for subdomains, which a big firm might want to do. I'm talking of alternatives to the ICANN root server. At least two already exist that I know of, the OpenRoot initiative maintains one, and China does too, I am told.
> >
> > Greetings to all,
> >
> > Obet
> >
> >
> > On Mon, 4 Jul 2016 08:26:04 +0000 (UTC)
> > Michael Tinsay <tinsami1@???> wrote:
> >
> > > Setting up a root server and operating one, while it goes hand in hand, are two different matters, IMO.  At the very least, Obet is inviting us for the former.  I am interested, but am on the fence about participating because I'm also thinking of the latter, as it will, for me, justify learning the former.  Setting up a root DNS server behind the firewall, as fooler points out, can contribute to the security of the enterprise network.  I'm unsure if I can commit to setup and operate one for my present employer. Hence, sitting on the fence for now.
> > >
> > >      From: GMDumlao <gmdumlao@???>
> > >  To: Philippine Linux Users' Group (PLUG) Technical Discussion List <plug@???>
> > >  Sent: Sunday, 3 July 2016, 20:10
> > >  Subject: Re: [plug] your own root server, anyone?
> > >   
> > > Of important consideration here are the logistics and business continuity of high availability servers for the purpose. Root server - therefore implying the need for those qualities - lacking those, a root server it ain't.
> > >
> > > Glenn
> > >
> > > On Saturday, 2 July 2016, Roberto Verzola <rverzola@???> wrote:
> > > > Hi fooler,
> > > >
> > > > It is good for me, for all kinds of reasons. And I will leave it to people to decide if it will be good for them, for whatever reason. If not, they can simply not join. And probably we will also realize what other reasons it is good for, after we learn how to do it.
> > > >
> > > > Obet
> > > >
> > > > On Fri, 1 Jul 2016 22:47:53 -0400
> > > > fooler mail <fooler.mail@???> wrote:
> > > >
> > > >> On Fri, Jul 1, 2016 at 10:28 PM, Michael Tinsay <tinsami1@???> wrote:
> > > >>
> > > >> > Aside from the learning experience one gets in setting up a DNS root
> > > >> > server, what would it be good for?
> > > >> >
> > > >>
> > > >> according in their faq
> > > >>
> > > >> https://www.orsn.org/en/faq/
> > > >>
> > > >> security against manipulation..
> > > >>
> > > >> fooler.
> > > >
> > > >
> > > > --
> > > > Roberto Verzola <rverzola@???>
> > > > _________________________________________________
> > > > Philippine Linux Users' Group (PLUG) Mailing List
> > > > http://lists.linux.org.ph/mailman/listinfo/plug
> > > > Searchable Archives: http://archives.free.net.ph
> > > >
> > > _________________________________________________
> > > Philippine Linux Users' Group (PLUG) Mailing List
> > > http://lists.linux.org.ph/mailman/listinfo/plug
> > > Searchable Archives: http://archives.free.net.ph
> > >
> > > 
> >
> >
> > --
> > Roberto Verzola <rverzola@???>
> > _________________________________________________
> > Philippine Linux Users' Group (PLUG) Mailing List
> > http://lists.linux.org.ph/mailman/listinfo/plug
> > Searchable Archives: http://archives.free.net.ph
> >
> >   
> >
> > 
>
>
> --
> Roberto Verzola <rverzola@???>
> _________________________________________________
> Philippine Linux Users' Group (PLUG) Mailing List
> http://lists.linux.org.ph/mailman/listinfo/plug
> Searchable Archives: http://archives.free.net.ph


--
Roberto Verzola <rverzola@???>
_________________________________________________
Philippine Linux Users' Group (PLUG) Mailing List
http://lists.linux.org.ph/mailman/listinfo/plug
Searchable Archives: http://archives.free.net.ph

_________________________________________________
Philippine Linux Users' Group (PLUG) Mailing List
http://lists.linux.org.ph/mailman/listinfo/plug
Searchable Archives: http://archives.free.net.ph