Search /
Advanced search  |  Help  |  Site map
Click for Layer 8! No, really, click NOW!
Networking for Small Business
Where's my gigabit Internet, anyway?
Americans cool with lab-grown organs, but not designer babies
IE6: Retired but not dead yet
Enterprise who? Google says little about Apps, business cloud services in Q1 report
DDoS Attackers Change Techniques To Wallop Sites
Can we talk? Internet of Things vendors face a communications 'mess'
AMD's profitability streak ends at two quarters
Michaels says breach at its stores affected nearly 3M payment cards
Exclusive: Google's Project Loon tests move to LTE band in Nevada
H-1B loophole may help California utility offshore IT jobs
How a cyber cop patrols the underworld of e-commerce
For Red Hat, it's RHEL and then…?
Will the Internet of Things Become the Internet of Broken Things?
Kill switches coming to iPhone, Android, Windows devices in 2015
Israeli start-up, working with GE, out to detect Stuxnet-like attacks
Galaxy S5 deep-dive review: Long on hype, short on delivery
Google revenue jumps 19 percent but still disappoints
Windows XP's retirement turns into major security project for Chinese firm
Teen arrested in Heartbleed attack against Canadian tax site
Still deploying 11n Wi-Fi?  You might want to think again
Collaboration 2.0: Old meets new
9 Things You Need to Know Before You Store Data in the Cloud
Can Heartbleed be used in DDoS attacks?
Secure browsers offer alternatives to Chrome, IE and Firefox
Linksys WRT1900AC Wi-Fi router: Faster than anything we've tested

Taking the wrong root?

Internet veteran's DNS test raises hackles.

Today's breaking news
Send to a friendFeedback

Today's breaking news
Send to a friendFeedback

One man's test is another's attempted hijack.

Postel picLast weekend, Jon Postel, who is responsible for assigning numerical IP addresses and Internet domain names such as .com, .org and .net, attempted to wrest control of some of the root servers that act as the Internet's global IP directories.

Although he was successful, had the test gone awry, it could have brought much of the Internet down. Some in the Internet community also expressed concern over the ease with which one person was able to take control of a key part of the Internet, even if only temporarily.

The root servers normally synchronize their IP information with Root Server A, the master root server owned by the government and run by Network Solutions, Inc. (NSI), in Herndon, Va. These slave root servers are located around the world and receive updates about domain names and IP addresses from the master server.

If the root servers malfunction, users might not be able to access Internet sites because the root servers cannot match the URLs to numerical IP addresses.

Postel is head of the Internet Assigned Numbers Authority (IANA), an organization that establishes IP addresses and oversees Internet domains. This past weekend, he set up a server at IANA to answer domain name queries and handle updates from many of the 12 root servers that normally get their information from Root Server A.

In a written statement, Postel said he wanted to see how easily management of the root servers could be passed to another machine when the government gives up its control of the domain system. A government "green paper" last month recommended handing the system over to an unformed nonprofit group. IANA would be folded into this group under the plan.

Postel had asked NSI for permission to conduct the test last month. However, NSI had said that in accordance with its government contract it had to get official clearance.

But Postel went ahead even without that clearance, said Dave Holtzman, senior vice president of engineering at NSI. Postel last week sent a letter to the operators of the 12 root servers asking them to reconfigure their machines to point to them at an IANA server, instead of Root Server A. This included configuring them to download updated domain files from IANA rather than from the master machine. All but the four root servers operated by the government complied with the request from Postel, long accepted as the leader of the domain community.

"As a verification that such a transfer can be accomplished smoothly and without interruption to the operational service, a test is being performed to rearrange the flow of root zone information," Postel wrote in his request to the operators.

But NSI had no idea what was going on until Akira Kato, who runs a root server in Japan, sent e-mail asking why his machine was out of sync with Root Server A. Postel had told him the test would not result in any noticeable difference between the records on his and the master server.

Becky Burr, a senior official with the Department of Commerce, said the government knew nothing of the test beforehand. "The timing is unfortunate," she said, referring to the release of the controversial domain plan.

Although no Internet users were affected by the test, some 'Net caretakers close to the situation blasted Postel for what they said was really a protest against the government's domain proposal. Some are concerned about the ease with which Postel was able to take control, even if only temporarily.

"Postel [conducted the test] entirely without authority and only stopped with strong comments from the U.S. government," said Karl Denninger, who runs MCSNet, a Chicago-based Internet service provider. "He ought to be investigated and if it is found to be illegal, he should be convicted and sent to jail."

Sources said government officials demanded Postel stop the test and hand back control to Root Server A as soon as they learned what he was doing.

"Had it gone wrong, it could have thrown the whole Internet off," said Richard Sexton, a Domain Name System (DNS) consultant and technologist in Ontario. "The government allowed him to save face by saying it was a test."

Denninger said Postel's test was not necessary because it involved a change in just one line in the servers' configuration files; something that is commonly done.

"There was no technical demonstration here," he said. "Trying to paint this as proof of concept is fraud. There was no reason to believe it would not work."

But Burr said nothing had been harmed and Postel "assured the government that everything would be returned to normal." She attributed Postel's actions to the fact that he is "used to having latitude." Under the new system, he no longer can act independently. However, many 'Net insiders agree, it is unclear who has authority during this transition period.

Adding insult to injury

It is no secret that Postel was unhappy with the government's recommendations about the DNS, sources close to the situation said.

In a statement from IANA, Postel said, "I am in agreement with the main theme of the proposal... I am less comfortable with the details of the proposal on how new generic top-level domains, registrars and registries would be established, and the restriction to only five new gTLDs."

The government's plan flies in the face of a plan that Postel had put forth with the Internet Society to create a Geneva-based cooperative called the Council of Registrars (CORE), 88 companies that would register under seven new gTLDs using a centralized database. Postel told these companies that he had the power to add these new gTLDs for them.

However, the government panned this idea and instead recommended that NSI keep control of the .com, .org and .net domains and that five gTLDs be created, but only one could be administered by CORE.

Once bitten

For some in the 'Net community, Postel's actions brought to mind Eugene Kashpureff, who is facing federal charges of computer and wire fraud for last year hijacking NSI's InterNIC Web site where users register their domain names.

Kashpureff redirected traffic to his AlterNIC Web site.

NWFusion offers more than 40 FREE technology-specific email newsletters in key network technology areas such as NSM, VPNs, Convergence, Security and more.
Click here to sign up!
New Event - WANs: Optimizing Your Network Now.
Hear from the experts about the innovations that are already starting to shake up the WAN world. Free Network World Technology Tour and Expo in Dallas, San Francisco, Washington DC, and New York.
Attend FREE
Your FREE Network World subscription will also include breaking news and information on wireless, storage, infrastructure, carriers and SPs, enterprise applications, videoconferencing, plus product reviews, technology insiders, management surveys and technology updates - GET IT NOW.