Category Archives: DNS

Belgacom DNS resolvers lack EDNS support

Posted by Patrick Vande Walle on 15 August 2010 2 comments
Share

The DNS resolvers used by default by Belgacom’s Internet customers lack EDNS support, according  to the test performed from OARC’s DNS Reply Size Test Server

hiram$ dig +short rs.dns-oarc.net txt @195.238.2.21
rst.x476.rs.dns-oarc.net.
rst.x485.x476.rs.dns-oarc.net.
rst.x490.x485.x476.rs.dns-oarc.net.
"195.238.24.113 DNS reply size limit is at least 490"
"195.238.24.113 lacks EDNS, defaults to 512"
"Tested at 2010-08-15 11:00:01 UTC"

hiram$ dig +short rs.dns-oarc.net txt @195.238.2.22
rst.x476.rs.dns-oarc.net.
rst.x485.x476.rs.dns-oarc.net.
rst.x490.x485.x476.rs.dns-oarc.net.
"195.238.25.113 DNS reply size limit is at least 490"
"195.238.25.113 lacks EDNS, defaults to 512"
"Tested at 2010-08-15 11:00:11 UTC

» Read more…

New Top Level Domains and software implications

Posted by Patrick Vande Walle on 25 June 2009 2 comments
Share

Many software applications rely on validation routines to check the validity of domain names. By validation, I mean here to test the string submitted by the user and see if it matches a pre-defined pattern. A typical example are web forms that need to validate e-mail addresses.

This is by no means a new issue. It first appeared with the introduction of the .info TLD. Before that TLDs were only two or three letters long, and many validation routines could not cope with the 4 letters of .info. At the time, ICANN had developed a testing tool which allowed developers to test if their code took into account the requirement for 4 letters. Still, you find today on the Internet tons of library routines that do not support 4 or more letter TLDs.

Some of these routines also rely on a hard-coded list of TLDs. Even today, I sometimes find that some web sites cannot deal with my .eu domain, which was introduced 4 years ago.There are hundreds of thousands of these routines written in Javascript, PHP, Perl, ColdFusion, ASP and just about any programming or scripting language you can think of.

» Read more…

Comments on the second draft of ICANN’s gTLD applicant’s guide

Posted by Patrick Vande Walle on 23 March 2009 None comments
Share

These are the comments I sent today to ICANN

Unfortunately, this second draft version of the applicant’s guide does not yet address major concerns in the process.

As stated in the previous comments round, it is fundamentally wrong to assume that all new gTLD applicants will use the .com model of mass market approach for domain names. Both the amount of the application fee and the yearly registry fee imply that the registry will need to sell as many domain names as possible, favouring numbers over quality. This is the wrong approach with regard to community-based TLDs.

The amount of the application fee should be reduced, as it may discriminate against less financially resourceful applicants, such as communities. While I understand ICANN may want to prevent frivolous applications with a high application fee, it nevertheless excludes from the process a lot of potential serious applications targeting a limited community.

It is unfair that only the applicants of the first round would have to cover the past costs of the new gTLD development program. On the other hand, it is difficult to guess how many applications will be submitted on each round. Because these costs have already been expended and that ICANN clearly states that whatever is recovered will be transferred to a reserve fund, it is therefore suggested to simply drop the $26,000 that represents the incidence of gTLD development program cost on each application.

Note that this request for a large up-front investment in the application process is orthogonal to the expectation of ICANN for the applicants to demonstrate the availability of continuation funding. Whatever capital will be invested in submitting the application will not be available in the future. Hence, ICANN’s financial expectations at the application stage may plant the seed of future registry failure.

Further, payment of the application fees in several installments should be offered to TLD applicants. For those applicants that need to submit a strong business plan to their investors, having a pay-as-you-go fee through the application process will make it easier to convince investors.

ICANN should also consider postponing for two or three years the collection of the annual registry fee, to allow new gTLD operators to start operating in a financially sound context, with no loans and other debts that may compromise the start-up of their activities. On the short and medium term, this help new registries to become more solid and will be beneficial for the the long term stability of the DNS space.

The fact that ICANN only allows for payments to be made in USD places a high risk on the business plans of those applicants that work in other currencies. As suggested elsewhere, ICANN should accept payments in other
currencies, at a rate fixed at the time the applicant’s guidebook is published.

There is still a fundamental contradiction in using an auction model as a last resort for community-based applications. By definition, community-based applications will target smaller communities and use a cost-recovery model, rather than a purely commercial one. For the winner of the auction, this will mean recovering its costs through increasing the gross price of registrations. As a consequence, the number of domain names sold may be reduced and the newly launched registry may not meet its business plan. Ultimately, auctions may also be a cause of registry failure.

At-Large Summit news from ICANN Mexico

Posted by Patrick Vande Walle on 4 March 2009 None comments
Share

I was appointed to the ICANN’s Security and Stability Advisory Committee recently and I am very proud of that. This group of esteemed security experts are a crucial element of the ICANN community, because their task is to identify threats to the good working fo the Internet and suggest possible remedies. This is not a glamourous position, but rather behind the scenes work in the interest of the Internet user community at large.

On a similar note, I had the pleasure to co-chair the At-Large working group on DNS security issues, with came up with a statement we were reasonably happy with.  The best part was actually today, where we received kudos from other parts of the community, which tend to view the At-Large more as a political obligation of ICANN that a really useful component.

I hope this will both help the recognition of the At-Large as serious players in the ICANN context, but also motivate the At-Large members, who are often depicted as jerks and end up believing they are.

Whois, my friend

Posted by Patrick Vande Walle on 10 February 2009 None comments
Share

One of my relatives moved into a new house the other day. No big news, except he is a registrant of a generic domain name.

He spent a lot of his time to inform utility companies, banks, insurance companies, administrations, etc of his address change, BUT he did  not tell his registrar.

You see, his registrar sends him every two or three years an e-mail asking to pay for the renewal. He then gets the invoice through e-mail. No postal mail is sent at all. That is all he knows about the domain name he uses. Other than that, it just works. E-mail to his domain gets delivered,  his web site is reachable. What else should he care about ?

As it stands, he should really care about updating his records with his registrar. A whois query on his domain name now returns a false postal address. This honest citizen now has the crowds of those hideous people who leave false information in the whois. Surely, law enforcement authorities may think of him as a terrorist covering his tracks. Intellectual property lawyers may think he is stealing somebody’s trade mark. According to term 3.7.7.2 of the ICANN Registrar Accreditation Agreement, he risks seeing his domain cancelled.

The sad truth is that this nice guy actually does not even know his $10/year domain is at risk. In the unlikely event his domain name gets cancelled, pleading the good faith will not help a lot. He may not notice it until he gets a phoen call telling himl the e-mails to him are undelivered.  It will be too late to react, because human errors by uninformed customers are not taken into account in ICANN policies. So, before he says  “I should have known” maybe I should tell him.