[TriLUG] OT: Router then Firewall

Rick DeNatale rick.denatale at gmail.com
Mon May 22 18:02:43 EDT 2006 

I don't know for sure, but I'm pretty sure that the root name servers
NEVER answered directly for ANY top level domains.  They are part of
the mechanism of dns, and have been pretty much policy free for quite
some time, the matter of how domains are registered and by whom, is a
matter of policy set by ICANN now, and DOD/Jon Postel at ISC/USC
before.

A good overview of just what the root name servers do can be found at:
http://www.isoc.org/briefings/019/

I think that there's still some confusion about terminology here.
Maybe I'm wrong in which case I'm sure that Aaron will correct me, for
which I'll express my gratitude in advance.

A top level domain, is ONLY the last component in a domain name, e.g.
com., org., net. are all top level domains, trilug.org. is NOT.

The domain name system is a tree.  The root name servers effectively
are the authority for the root of the tree, i.e. "."  the branches off
of "." are the TLDs.  That's why:

   1) The root name servers are quite small, and
   2) They don't change often, because changes to the registry
        servers for the TLDs aren't very frequent.
   3) Changes to the root servers are done very slowly and carefully
        with a lot of human checking.
   4) I put the "." after the tld names two paragraphs above, to
       show the relationship between the tlds and the root.

Now, I'm not sure what the correct terminology for a second level
domain like trilug.org is, for want of a better term, let's call it a
second level domain.  I'd argue that this is what most folks think of
as a domain, it's what you register with a registrar.

I'm still almost certain, that you can't get the OVERALL internet to
see the nameserver(s) for your domain without going through your
registrar*.  Now it's true that you can have third (and perhaps
higher) level name servers which are only visible because your second
level name server knows about them, but I'm also pretty sure that this
whole discussion has been about second level domains.

* I suppose that it MIGHT be possible through a misconfiguration of
secondary/slave servers outside of your domain which serve your domain
to partially advertise a new name server, but this will lead to an
inconsistent view of your domain to the internet. I guess that this
might have been what Aaron was hinting about with his "by accident"
remark.
-- 
Rick DeNatale

IPMS/USA Region 12 Coordinator
http://ipmsr12.denhaven2.com/

Visit the Project Mercury Wiki Site
http://www.mercuryspacecraft.com/

More information about the TriLUG mailing list