ICANN’s Registry Failover project - please comment
Dear All ICANN’s Registry Failover project has recently provided an update to the ICANN Board and also gave a presentation to the ccNSO in Lisbon. The GAC Communique released in Lisbon also contains language on registry failover. In an effort to reach out directly with ALAC and users, they have posted on the ICANN blog some of the types of questions that the community, users and public may want answered in the event of a registry failure. See HYPERLINK "http://blog.icann.org/?p=105"http://blog.icann.org/?p=105. Please comment. Thanks, Jacqueline No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.5.463 / Virus Database: 269.5.9/773 - Release Date: 4/22/2007 8:18 PM
When Hurricane Katrina hit New Orleans, it knocked out a registrar, DirectNIC. I happened to have some stuff hosted with them and no longer do. Apparently it knocked out their DNS servers. If a registry should fail, it would cause a much more dramatic failure of the system. There definitely should be a plan in place for such failures, including remote backups, maximum downtime, and a plan to replace the organization handling it. -Randy Glass A@L On 4/23/07, Jacqueline A. Morris <jam@jacquelinemorris.com> wrote:
Dear All
ICANN's Registry Failover project has recently provided an update to the ICANN Board and also gave a presentation to the ccNSO in Lisbon. The GAC Communique released in Lisbon also contains language on registry failover. In an effort to reach out directly with ALAC and users, they have posted on the ICANN blog some of the types of questions that the community, users and public may want answered in the event of a registry failure. See http://blog.icann.org/?p=105. Please comment.
Thanks,
Jacqueline
No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.5.463 / Virus Database: 269.5.9/773 - Release Date: 4/22/2007 8:18 PM
_______________________________________________ ALAC mailing list ALAC@atlarge-lists.icann.org
http://atlarge-lists.icann.org/mailman/listinfo/alac_atlarge-lists.icann.org
www.alac.icann.org www.icannalac.org
-- ------------------------- AmericaAtLarge.org RJPacific.com DDMF.org
Kind of tricky business this... Looks clear that registry failure is something like an "Extition Level Event", so each and every step should be taken to avoid it from happening altogether. But as any "Act of God" there is no sure way to prevent that it could happen some day. We should start deploying failsafe structures behind today ( or should i say ten years ago? ). One suggestion appearing on ICANN blog comments is the creation of a "Backup registry operator". I do support the idea but it has some problems that need to be clarified. One thing is the decision on what model should registry operate. Should it be a thick or thin registry. The thick model is robust when catastrophic things happens at regsitrar level ( take the Registry Fly debacle as an example ). On the other hand the thin model appears to be more robust when dealing with registry failure as data is distributed through so many places. I do not have a definitive opininon of what model should we choose, since both have goods and bads. Maybe some kind of hybrid? One thing is clear though and that is the need for data redundancy, something that could be attained by pu in place strong data escrow both at regsitry and registrar level Rui Bebiano On 23 Apr 2007 at 14:53, RJGlass | America@Large wrote:
When Hurricane Katrina hit New Orleans, it knocked out a registrar, DirectNIC. I happened to have some stuff hosted with them and no longer do. Apparently it knocked out their DNS servers.
If a registry should fail, it would cause a much more dramatic failure of the system. There definitely should be a plan in place for such failures, including remote backups, maximum downtime, and a plan to replace the organization handling it.
-Randy Glass A@L
On 4/23/07, Jacqueline A. Morris <jam@jacquelinemorris.com> wrote: Dear All ICANN's Registry Failover project has recently provided an update to the ICANN Board and also gave a presentation to the ccNSO in Lisbon. The GAC Communique released in Lisbon also contains language on registry failover. In an effort to reach out directly with ALAC and users, they have posted on the ICANN blog some of the types of questions that the community, users and public may want answered in the event of a registry failure. See http://blog.icann.org/?p=105 . Please comment.
Thanks,
Jacqueline
No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.5.463 / Virus Database: 269.5.9/773 - Release Date: 4/22/2007 8:18 PM
_______________________________________________ ALAC mailing list ALAC@atlarge-lists.icann.org http://atlarge-lists.icann.org/mailman/listinfo/alac_atlarge-lists.icann.org
www.alac.icann.org www.icannalac.org
-- ------------------------- AmericaAtLarge.org RJPacific.com DDMF.org
I think ICANN (and any escrow organisation named by ICANN) should have a zone copy of the 2nd level TLDs (root being the first level). This would ensure continuity of the DNS in case of failures. The business continuity is the responsability of the registry and/or registrar. As a side benefit it would allow ICANN to publish stats on the domain names and check that zones are correct (technically that is). Cheers On 4/24/07, info@dnsportugal.com <info@dnsportugal.com> wrote:
Kind of tricky business this...
Looks clear that registry failure is something like an "Extition Level Event", so each and every step should be taken to avoid it from happening altogether. But as any "Act of God" there is no sure way to prevent that it could happen some day.
We should start deploying failsafe structures behind today ( or should i say ten years ago? ).
One suggestion appearing on ICANN blog comments is the creation of a "Backup registry operator". I do support the idea but it has some problems that need to be clarified.
One thing is the decision on what model should registry operate. Should it be a thick or thin registry. The thick model is robust when catastrophic things happens at regsitrar level ( take the Registry Fly debacle as an example ). On the other hand the thin model appears to be more robust when dealing with registry failure as data is distributed through so many places. I do not have a definitive opininon of what model should we choose, since both have goods and bads.
Maybe some kind of hybrid? One thing is clear though and that is the need for data redundancy, something that could be attained by pu in place strong data escrow both at regsitry and registrar level
Rui Bebiano
On 23 Apr 2007 at 14:53, RJGlass | America@Large wrote:
When Hurricane Katrina hit New Orleans, it knocked out a registrar,
DirectNIC. I happened to
have some stuff hosted with them and no longer do. Apparently it knocked out their DNS servers.
If a registry should fail, it would cause a much more dramatic failure of the system. There definitely should be a plan in place for such failures, including remote backups, maximum downtime, and a plan to replace the organization handling it.
-Randy Glass A@L
On 4/23/07, Jacqueline A. Morris <jam@jacquelinemorris.com> wrote: Dear All ICANN's Registry Failover project has recently provided an update to the ICANN Board and also gave a presentation to the ccNSO in Lisbon. The GAC Communique released in Lisbon also contains language on registry failover. In an effort to reach out directly with ALAC and users, they have posted on the ICANN blog some of the types of questions that the community, users and public may want answered in the event of a registry failure. See http://blog.icann.org/?p=105 . Please comment.
Thanks,
Jacqueline
No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.5.463 / Virus Database: 269.5.9/773 - Release Date: 4/22/2007 8:18 PM
_______________________________________________ ALAC mailing list ALAC@atlarge-lists.icann.org
http://atlarge-lists.icann.org/mailman/listinfo/alac_atlarge-lists.icann.org
www.alac.icann.org www.icannalac.org
-- ------------------------- AmericaAtLarge.org RJPacific.com DDMF.org
_______________________________________________ ALAC mailing list ALAC@atlarge-lists.icann.org
http://atlarge-lists.icann.org/mailman/listinfo/alac_atlarge-lists.icann.org
www.alac.icann.org www.icannalac.org
-- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Franck Martin franck.martin@gmail.com "Toute connaissance est une réponse à une question" G. Bachelard
On 2007-04-24 12:55:45 +1200, Franck Martin wrote:
I think ICANN (and any escrow organisation named by ICANN) should have a zone copy of the 2nd level TLDs (root being the first level). This would ensure continuity of the DNS in case of failures. The business continuity is the responsability of the registry and/or registrar.
As a side benefit it would allow ICANN to publish stats on the domain names and check that zones are correct (technically that is).
The other critical piece of data are any that let registrants claim the domain names they have registered. (I'm wording things that way quite deliberately, since there are a number of ways to implement that kind of thing.) Even more than DNS information, that's the data that are being maintained by registrars and that need to survive a failure -- in fact, the DNS might very well point to hosted services that have just gone down together with the registrar in question; being able to write to the DNS is the critical ability that's needed. Cheers, -- Thomas Roessler <roessler@does-not-exist.org>
Guys - I think to keep ICANN out of hot water completely, and keep registrants happy, it would be a public vote via Poll. This way ICANN avoids the ³too close in proximity² problem it has in many eyes regarding Verisign. Similarly - Karl Auerbach (former ICANN) suggests if there was such a failure: [if ICANN were to vanish] "...we would notice that the net had not even stuttered; not one packet would fail to reach its intended destination and DNS registration and renewal would continue as if nothing had happened." "ICANN is the USSR of the internet" - Karl Auerbach speaks out STORY AT WWW.INTERNETCOMMERCE.ORG -Jude On 4/24/07 1:39 AM, "Thomas Roessler" <roessler@does-not-exist.org> wrote:
On 2007-04-24 12:55:45 +1200, Franck Martin wrote:
I think ICANN (and any escrow organisation named by ICANN) should have a zone copy of the 2nd level TLDs (root being the first level). This would ensure continuity of the DNS in case of failures. The business continuity is the responsability of the registry and/or registrar.
As a side benefit it would allow ICANN to publish stats on the domain names and check that zones are correct (technically that is).
The other critical piece of data are any that let registrants claim the domain names they have registered. (I'm wording things that way quite deliberately, since there are a number of ways to implement that kind of thing.)
Even more than DNS information, that's the data that are being maintained by registrars and that need to survive a failure -- in fact, the DNS might very well point to hosted services that have just gone down together with the registrar in question; being able to write to the DNS is the critical ability that's needed.
Cheers,
I think ICANN (and any escrow organisation named by ICANN) should have a zone copy of the 2nd level TLDs (root being the first level).
The 2LD zone files are all available for download to anyone who asks,* so I presume there are thousands of copies all over the world. Lots of us collect statistics on them. For example, see my blog posting a year ago when .MUSEUM and .AERO and .COOP renewals were under discussion. As someone else noted, the critical data that escrow needs to preserve is the ownership of each domain. So it's just wrong that the current proposal doesn't escrow the actual owner behind names that use domain privacy proxies. Regards, John Levine, johnl@iecc.com, Primary Perpetrator of "The Internet for Dummies", Information Superhighwayman wanna-be, http://johnlevine.com, Mayor "I dropped the toothpaste", said Tom, crestfallenly. * - except for .TRAVEL, which has consistently refused to provide it
I think that ICANN should not get involved in keeping escrow data directly. This was the approach years ago, but it has been proven impractical from the operational point of view, and illegal because of data privacy laws in some countries. This does not mean that escrow data should not be kept, but only that this activity should be performed by trusted third parties. Regards, Roberto _____ From: alac-bounces@atlarge-lists.icann.org [mailto:alac-bounces@atlarge-lists.icann.org] On Behalf Of Franck Martin Sent: 24 April 2007 02:56 To: info@dnsportugal.com Cc: alac@atlarge-lists.icann.org Subject: Re: [At-Large]ICANNs Registry Failover project - please comment I think ICANN (and any escrow organisation named by ICANN) should have a zone copy of the 2nd level TLDs (root being the first level). This would ensure continuity of the DNS in case of failures. The business continuity is the responsability of the registry and/or registrar. As a side benefit it would allow ICANN to publish stats on the domain names and check that zones are correct (technically that is). Cheers On 4/24/07, info@dnsportugal.com <info@dnsportugal.com> wrote: Kind of tricky business this... Looks clear that registry failure is something like an "Extition Level Event", so each and every step should be taken to avoid it from happening altogether. But as any "Act of God" there is no sure way to prevent that it could happen some day. We should start deploying failsafe structures behind today ( or should i say ten years ago? ). One suggestion appearing on ICANN blog comments is the creation of a "Backup registry operator". I do support the idea but it has some problems that need to be clarified. One thing is the decision on what model should registry operate. Should it be a thick or thin registry. The thick model is robust when catastrophic things happens at regsitrar level ( take the Registry Fly debacle as an example ). On the other hand the thin model appears to be more robust when dealing with registry failure as data is distributed through so many places. I do not have a definitive opininon of what model should we choose, since both have goods and bads. Maybe some kind of hybrid? One thing is clear though and that is the need for data redundancy, something that could be attained by pu in place strong data escrow both at regsitry and registrar level Rui Bebiano On 23 Apr 2007 at 14:53, RJGlass | America@Large wrote:
When Hurricane Katrina hit New Orleans, it knocked out a registrar,
DirectNIC. I happened to
have some stuff hosted with them and no longer do. Apparently it knocked out their DNS servers.
If a registry should fail, it would cause a much more dramatic failure of the system. There definitely should be a plan in place for such failures, including remote backups, maximum downtime, and a plan to replace the organization handling it.
-Randy Glass A@L
On 4/23/07, Jacqueline A. Morris <jam@jacquelinemorris.com <mailto:jam@jacquelinemorris.com> > wrote: Dear All ICANN's Registry Failover project has recently provided an update to the ICANN Board and also gave a presentation to the ccNSO in Lisbon. The GAC Communique released in Lisbon also contains language on registry failover. In an effort to reach out directly with ALAC and users, they have posted on the ICANN blog some of the types of questions that the community, users and public may want answered in the event of a registry failure. See http://blog.icann.org/?p=105 . Please comment.
Thanks,
Jacqueline
No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.5.463 / Virus Database: 269.5.9/773 - Release Date: 4/22/2007 8:18 PM
_______________________________________________ ALAC mailing list ALAC@atlarge-lists.icann.org
http://atlarge-lists.icann.org/mailman/listinfo/alac_atlarge-lists.icann.org <http://atlarge-lists.icann.org/mailman/listinfo/alac_atlarge-lists.icann.or g>
www.alac.icann.org www.icannalac.org
-- ------------------------- AmericaAtLarge.org RJPacific.com DDMF.org
_______________________________________________ ALAC mailing list ALAC@atlarge-lists.icann.org http://atlarge-lists.icann.org/mailman/listinfo/alac_atlarge-lists.icann.org www.alac.icann.org <http://www.alac.icann.org> www.icannalac.org -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Franck Martin franck.martin@gmail.com "Toute connaissance est une réponse à une question" G. Bachelard
This does not mean that escrow data should not be kept, but only that this activity should be performed by trusted third parties.
Doesn't the registrar agreement allow ICANN to designate a mutually agreeable escrow agent? I agree, it doesn't matter who does the escrow so long as it's somebody. Regards, John Levine, johnl@iecc.com, Primary Perpetrator of "The Internet for Dummies", Information Superhighwayman wanna-be, http://johnlevine.com, Mayor "I dropped the toothpaste", said Tom, crestfallenly.
That's the rub: "Mutually Agreeable" - to whom? Cheers, -Jude On 4/25/07 3:42 AM, "John L" <johnl@iecc.com> wrote:
This does not mean that escrow data should not be kept, but only that this activity should be performed by trusted third parties.
Doesn't the registrar agreement allow ICANN to designate a mutually agreeable escrow agent? I agree, it doesn't matter who does the escrow so long as it's somebody.
Regards, John Levine, johnl@iecc.com, Primary Perpetrator of "The Internet for Dummies", Information Superhighwayman wanna-be, http://johnlevine.com, Mayor "I dropped the toothpaste", said Tom, crestfallenly.
_______________________________________________ ALAC mailing list ALAC@atlarge-lists.icann.org http://atlarge-lists.icann.org/mailman/listinfo/alac_atlarge-lists.icann.org
www.alac.icann.org www.icannalac.org
That's the rub: "Mutually Agreeable" - to whom?
Um, perhaps this would be a good time to read the registrar agreement. It's on ICANN's web site. Using a mutually agreeable third party to perform a specialized technical task like date escrow is utterly standard in the computer industry. R's, John
On 4/25/07 3:42 AM, "John L" <johnl@iecc.com> wrote:
This does not mean that escrow data should not be kept, but only that this activity should be performed by trusted third parties.
Doesn't the registrar agreement allow ICANN to designate a mutually agreeable escrow agent? I agree, it doesn't matter who does the escrow so long as it's somebody.
Regards, John Levine, johnl@iecc.com, Primary Perpetrator of "The Internet for Dummies", Information Superhighwayman wanna-be, http://johnlevine.com, Mayor "I dropped the toothpaste", said Tom, crestfallenly.
participants (8)
-
Franck Martin -
info@dnsportugal.com -
Jacqueline A. Morris -
John L -
Jude Augusta -
RJGlass | America@Large -
Roberto Gaetano -
Thomas Roessler