Welcome to WebmasterWorld Guest from 54.90.204.233

Forum Moderators: bill

Message Too Old, No Replies

China To Launch DNS Root Server

     
4:17 am on Dec 21, 2006 (gmt 0)

Preferred Member

10+ Year Member

joined:Sept 8, 2004
posts:629
votes: 0


[www1.shanghaidaily.com...]

CHINA will set up a mirror server for Chinese netizens to visit Websites whose domain names end with .com or .net, Sina.com reported today.

Instead of being served by overseas domain servers for making visits, the new server will provide a domain name system or "DNS" function of its own, which will guarantee the security for netizens visiting from China and also raise the linking speed.

China Network Communications Group signed with US-based VeriSign Incorporation, the world's largest domain name registry services provider, to launch the Chinese mirror server of root domain name on December 14.

Looks like a win-win situation...with lots of implications.

2:19 pm on Dec 21, 2006 (gmt 0)

New User

10+ Year Member

joined:Aug 26, 2003
posts:23
votes: 0


What kind of implications?
All I can think of is that the chinese people will be able to lookup a site faster than before, which is of course good.
2:33 pm on Dec 21, 2006 (gmt 0)

Junior Member

10+ Year Member

joined:Mar 27, 2005
posts:53
votes: 0


Oh, I don't know, maybe the fact that China filters a significant portion of the internet.

If they require Chinese ISPs to utilize these DNS servers they can easily block more of the sites they deem not suitable for the Chinese population. I realize they already do this, but this just gives them even more control over the situation.

Nope, nothing bad with that, not at all.

4:18 pm on Dec 21, 2006 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Mar 31, 2003
posts:1316
votes: 0


If they require Chinese ISPs to utilize these DNS servers

Yes, but it would still be easily defeated, unless they set up government-controlled servers to handle all DNS requests, rather than just the root requests.
5:57 pm on Dec 21, 2006 (gmt 0)

Senior Member

WebmasterWorld Senior Member jtara is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Nov 26, 2005
posts:3041
votes: 0


One has to assume that Chinese ISPs would use the new root servers, and that routers would NAT the rest-of-world root servers to the internal Chinese servers, anyway.

Keep in mind, anyway, that the root servers already use IP-Anycast technology. This means that root server requests will normally be routed to the NEAREST server in any case. (There are actually way more than 13 root servers. There are 13 root server ADDRESSES. But most of the root servers use IP-Anycast to provide multiple, geographically-dispersed instances of that root server. )

I'm surprised this wasn't done sooner. By dropping the DNS records of objectionable sites, it would considerably decrease the load on the proxy servers.

Now, here's a little something for the rest of us to think about. Think that while they are dropping the porn sites and politically-objectionable sites, think maybe they will also drop the constant flux of tasting domains, as well as the parked ones?

That would probably cut-down the size of the database by 90%!

7:01 pm on Dec 21, 2006 (gmt 0)

Full Member

10+ Year Member

joined:Mar 23, 2005
posts:331
votes: 0


Chinese ISPs won't try to "defeat" any type of implemented system. If they do, they'll get shutdown real fast, and the responsible employees would "disappear."
7:42 pm on Dec 21, 2006 (gmt 0)

Senior Member

WebmasterWorld Senior Member jtara is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Nov 26, 2005
posts:3041
votes: 0


Yes, but it would still be easily defeated, unless they set up government-controlled servers to handle all DNS requests, rather than just the root requests.

To clarify why this is a non-issue... DNS servers at ISPs are just caching servers. They may get data from servers they peer with, but the ultimate source of their data on second-level domains is the root servers. The ultimate source of data on third-level and down domains is from each domain's DNS servers. (Drop a level down for situations like .co.uk, etc.)

To get information on example.com, one HAS to go to the root servers. Sure, 99% of the time you are getting a cached copy of example.com's root-server record. But it's just that - a cached copy that typically expires in 24-48 hours, and then has to be re-fetched from a root server.

Sub-domains are resolved in a similar manner, except that the ultimate authority is the domain's own DNS servers (as listed in their root record) and they are typically cached for a shorter period of time.

Even if a Chinese ISP could or would do an end-around, this still accomplishes the purpose - this is a technological move rather than a social one. Presumably, most ISPs will go-along. I doubt that the proxy servers would be removed, as China does finer-grain filtering than just at the domain level. Whatever social control China has on the Internet will remain, and presumably will be applied to the Chinese root server.

It will provide better DNS service for Chinese users and at the same time reduce load on the proxy servers used for filtering. I suppose it winds-up a net positive if it reduces delays caused by proxying.

7:49 pm on Dec 21, 2006 (gmt 0)

Preferred Member

10+ Year Member

joined:Nov 21, 2004
posts:369
votes: 0


To put most root servers in US is really not a good idea. I suppose Chinese to deploy root servers (though just mirrored ones) in China.
8:08 pm on Dec 21, 2006 (gmt 0)

Preferred Member

10+ Year Member

joined:June 13, 2004
posts:650
votes: 0


Any effort to decentralize any monopoly is always welcome, even if it comes from China.
For a longer time, there is an independent DNS root service in Europe [orsn.net], who is fully compatible with US-DoC/ICANN/VeriSign triumvirate.

As they put it:

Until now, the administration is done by the USA and/or the ICANN. Therefore, a large number of root-servers is located in America. A loss or the modification of the root-server information could result in serious consequences for all other countries concerning their internet use. It is for example possible to stop a whole country from using the internet. In practice, this scenario didnít happen so far but it canít be excluded either.
8:31 pm on Dec 21, 2006 (gmt 0)

Preferred Member

10+ Year Member

joined:Nov 21, 2004
posts:369
votes: 0


By the way, .EDU and .GOV, supposed to be TLD for the world, are all administrated by US, and are implicitly reserved for US education US government. That's another example to illustrate why a distributed system, either for domain registration and administration or root DNS server is good.
9:14 pm on Dec 21, 2006 (gmt 0)

Preferred Member

10+ Year Member

joined:June 13, 2004
posts:650
votes: 0


By the way, .EDU and .GOV, supposed to be TLD for the world, are all administrated by US, and are implicitly reserved for US education US government.

You mix governing/administering and access, which are two very different terms.
For example ORSN does not intend to administer any existing tld's, neither to create new ones. They fully comply with ICANN decisions.

However, yes, there is a growing pressure for internet governance to become more internationalized.
Last year, United Nations and ITU sided to create WGIG (Working Group on Internet Governance) [wgig.org], challenging US government's dominated control.
There is a good article [news.com.com] regarding the issue.

1:16 am on Dec 22, 2006 (gmt 0)

Preferred Member

10+ Year Member

joined:Nov 21, 2004
posts:369
votes: 0


You mix governing/administering and access, which are two very different terms.
For example ORSN does not intend to administer any existing tld's, neither to create new ones. They fully comply with ICANN decisions.

However, yes, there is a growing pressure for internet governance to become more internationalized.
Last year, United Nations and ITU sided to create WGIG (Working Group on Internet Governance), challenging US government's dominated control.
There is a good article regarding the issue

What I know is US government refuses to give away its actural control on TLD: see [news.bbc.co.uk...] That was 2005, but there is no change in 2006: [computerworld.co.nz...] , and I do not expect changes in 2007, either.

1:24 am on Dec 22, 2006 (gmt 0)

Preferred Member

10+ Year Member

joined:Nov 21, 2004
posts:369
votes: 0


[news.com.com...]

An international political spat is brewing over whether the United Nations will seize control of the heart of the Internet.

U.N. bureaucrats and telecommunications ministers from many less-developed nations claim the U.S. government has undue influence over how things run online. Now they want to be the ones in charge.

Ok, I think it's time for me to stop reading this article, as bold words above have declared author's standing very well.

2:44 am on Dec 22, 2006 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Mar 31, 2003
posts:1316
votes: 0


What I know is US government refuses to give away its actural control on TLD

Good. I wouldn't give it away if I was the US government, either.
11:10 am on Dec 22, 2006 (gmt 0)

New User

10+ Year Member

joined:Aug 26, 2003
posts:23
votes: 0



Oh, I don't know, maybe the fact that China filters a significant portion of the internet.

If they require Chinese ISPs to utilize these DNS servers they can easily block more of the sites they deem not suitable for the Chinese population. I realize they already do this, but this just gives them even more control over the situation.

Nope, nothing bad with that, not at all.

Like others already said, that's not how the DNS system works. The root servers are not recursive dns servers like those at your provider. All they carry is the info about TLD's and they are busy enough with that already. It would be possible to alter records and change an entire TLD, but I don't see the point of that. I gues VeriSign would not be happy with that too and would probably block them very soon if such irregularities happen.

5:46 pm on Dec 22, 2006 (gmt 0)

Senior Member

WebmasterWorld Senior Member jtara is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Nov 26, 2005
posts:3041
votes: 0


I gues VeriSign would not be happy with that

Google wasn't very happy with filtering, either. Then they came around.

There may be some question as to whether Google is evil or not. But, Verisign?

This would be very simple to implement. All they would have to do is filter the zone transfers from the other root servers through an external server. The filter would have a list of blocked domains. The Chinese root server would still be updated whenever anyone changes their nameservers, etc. and when new domains are registered.

 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

Featured Threads

Free SEO Tools

Hire Expert Members