If they can suck down all the top level zone files then it is easy
for them to publish an ALTERNATIVE DNS VIEW that contains their own
additions. Anyone who uses their view will then see the so-called
official DNS info as well as the overlay.
When I see claims like this, I really have to wonder how well people
understand the way that the DNS works. If you want to publish your
own root that merges the real root (the one that the A through M root
servers publish with advice from ICANN) with stuff of your own, you
can do it now, and it wouldn't make any practical difference if you
could AXFR every zone in the world.
If you want to add your own TLDs, the easiest way to do it is to FTP
the root zone, which is easy and quite legal to get, add in your own
TLDs, and try and persuade people to use your servers. The root zone
changes slowly, so downloading and remixing your root once a day would
be plenty.
If you want to offer mutant versions of popular TLDs, the most
practical way to do that is with a semi-transparent proxy that serves
up your versions of the stuff you want to change, and fetches the rest
of the data from the real versions as needed. AXFR access to the
popular TLDs would be useless, because the zones are so big. The
gzipped version of the COM zone is about a gigabyte and takes several
hours to download via my not very busy T1, and an AXFR would be two or
three times that. Even if you had an OC3, you could never keep a
mirror of COM up to date with AXFR, and while the other popular zones
are smaller, they all update in less time than it'd take to AXFR a
copy. No significant zone is propagated by AXFR now, and no useful
mirror or alternate root would use it, either.
The real reason that alternate roots haven't caught on is that there
is no demand for them from the people who use the DNS. (There's
plenty of demand from people who imagine they would get rich if they
could own .WEB or .SEX or whatever, but that's irrelevant.) For all
of the failings of the current roots and of ICANN, with which as a
member of the ICANN ALAC I am extremely familiar, it works well enough
for the things that people use it for, and that shows no sign of
changing despite occasional efforts to screw it up like wildcards in
TLD zones.
With this in mind, I don't see much point in arguing about setting up
something just like DNS but different. When we stick DKIM keys in TXT
records with prefixed names scattered around the leaves of the DNS, it
may injure some people's sense of propriety, but it doesn't break
anything that works, and nobody other than DNS theologists care that
it didn't use a new RR type. I have been publishing the contact info
for abuse.net through the DNS for several years, using a specialized
server (written in perl) that synthesizes TXT, A, and HINFO records on
the fly from the underlying database. Works great, performs much
better than the WHOIS and HTTP versions that preceded it, and doesn't
break anything. Maybe some of my hacks won't work with DNSSEC, but
we'll burn that bridge when we get to it.
Regards,
John Levine, johnl(_at_)iecc(_dot_)com, Primary Perpetrator of "The Internet
for Dummies",
Information Superhighwayman wanna-be, http://www.johnlevine.com, Mayor
"More Wiener schnitzel, please", said Tom, revealingly.
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf