07/20/99 RMIUG Meeting Minutes - Coming Changes in Internet Domain Registration and the Domain Name System (DNS)

Alek Komarnitsky alek@rmiug.org called the July 1999 meeting of the Rocky Mountain Internet Users Group to order at 7:00 pm.

After welcoming the 55 attendees and introducing the members of the RMIUG executive committee that were present (Dan Murray dan@rmiug.org and Tom Bresnahan tbrez@rmiug.org), Alek opened the floor to announcements.

Dru Whitledge announced that the Boulder Web Developers Group is having their first meeting at XOR Thursday Jul 29. Contact Eliana Berlfein backroads@earthlink.net for more information.

Joe O'Laughlin jol@sni.net is looking for a job providing entry into networking in the Boulder-Broomfield vicinity. He can also be reached at 303-499-3204, PO Box 2002, Boulder CO 80306.

Brad Doctor bdoctor@nda.com announced that NDA is hiring for the position of Senior Unix Administrator/Engineer. For more information, contact him by e-mail, phone (303-449-3596), or see the NDA web page at http://www.nda.com.

Darryl Watson dwatson@xpert.net announced that Expert Internet Service is looking for someone with Javascript Explorer and Netscape experience. He can be reached at: phone: 303-326-0324, fax: 303-365-1724, mail: 1059 Yosemite, Bldg 758, Suite 132, Aurora, CO, 80010-6007

Dan Murray dan@messagemedia.com announced that MessageMedia has job postings for 10 - 20 openings in accounting, programming, and sales. If interested, send an ASCII cover letter and resume to resumes@messagemedia.com, or view their web site at http://www.messagemedia.com/company/workplace/ .

Next, Alek introduced the first speaker.

Carl Oppedahl carl@oppedahl.com is a partner with the intellectual property law firm of Oppedahl & Larson LLP in Frisco, Colorado. He has litigated Internet domain name trademark cases. His firm's web site is http://www.patents.com/. His topic is the breakup of the NSI monopoly for registering COM, Net, and ORG domains.

After the obligatory lawyer jokes, Carl listed three tips for companies:

1. When you write software, register it with the US copyright office. In England, losers generally have to pay the winners' legal fees. In the US, for most types of lawsuits you could win and still have to pay your lawyer. But if it is a copyright case in the US, and if you registered your copyright first, the loser has to pay.

Another benefit: Much stronger position and you can get more money in your suit.

How do you register? Go the Library of Congress web site at http://www.loc.gov/ and download forms. It only costs $20 to register, and it's very important to register! It's amazing how often large companies don't do this.

2. Trademark the name of the business, product, service, and domain name. It costs $245, and you can do it at the website for the Patent Trademark Office at http://www.uspto.gov/ There's an online form, where you pay by credit card, and it's on file as of that day. (TM) (R) (C)

Q. Can I search a database of trademarks and pending apps? A. You can now. The government was "shamed" into it. Carl Melamud got the 9-track tapes posted the database for free for 1.5 yrs, showing the government that it was able to be done.

Absence of finding a name doesn't mean that you can use that name. The search engine is real strict, but real world is fuzzy. Similar names can be disputed.

3. Patents - If you've invented something, get one. Priceline.com has patented online auctions, (but probably can't be enforced). Get one for defensive purposes in case someone attacks you. If you wait too long, it's too late. In the US, you have a year after disclosing the invention, but other countries are less generous. In some, you must file prior to first disclosure of invention. For details see http://www.patents.com/tl

Domain Names The COM names used to go through Network Solutions Inc. (NSI). ICANN, an international commission, was going to assign names and IP numbers, but NSI is probably going to. The COM, ORG, and NET zone files are stored on the A zone server, which propagates to the B through M servers. Domain Name Servers have to interrogate these servers to find the IP addresses that correspond to the domain names. NSI will still administer the root zone, but the retailing of domain names will have competition from Register.com and Melbourne IT from Australia. It was all done by one company, but it didn't have to be just one company. Just like all toll free telephone numbers used to be retailed by AT&T, now you can get a number from anyone like, Sprint, MCI, and US West. Retailers query a central data base administered by Lockheed Martin (used to be BellCore) so you can get a toll free number from Sprint, then change it to MCI.

Q. Do the DNS retail companies have to pay NSI to get their names? A. Four months ago they passed the request to NSI. Three weeks ago, Register.com could go straight to the data base. Register.com charges $70, and $18 goes to NSI, so they make the profit. $18 is too much for the size of the data base. Q. Where does the money go to NSI (stock, lobbying, ads)? A. Yes, especially to lobby in their favor with a Virginia congressman.

Q. Can I get a credit if change? A. No, NSI keeps the money, and Register.com has to pay $18 in advance. If you switch again, NSI collects again.

Q. Can NSI cut off your name if disputed if you go through Register.com. A. They say they won't, just the retail arm of NSI will do it.

ICANN was going to make companies sign a policy that was less bad than NSI. WIPO is also trying to come out with a less bad policy.

Q. What is the annual fee for a toll free telephone number? A. $1/yr.

Access to data base protocols work more reliably than with Register.com

Q. How did NSI get all this power? A. SRI expired in '93, and NSI won contract by virtue of minority ownership (which changed to non-minority ownership right after they won the contract). The NSI contract was set to expire in '98, and CORE was going to take over, but the US government said no to CORE. From '98 to now, NSI cemented their position. They locked up whois so competitors couldn't check on expiring names. The US government made them open it back up. COM NET and ORG zone files used to be open to all, but now they are locked up. NSI made whois searches slow down if multiple searches were performed. NSI is owned by SAIC who makes spy stuff, and the board of directors are all CIA, National Security Council.

Oppedahl & Larson sued SAIC and began encrypting their e-mail because of NSA sniffing. SAIC is $2 billion company funded by the US government. NSI collects $500,000 to $1 million per day in domain name registrations.

---------- Next, Alek introduced the second speaker. Cricket Liu cricket@acmebw.com is the co-author of both the O'Reilly & Associates Nutshell Handbooks on the Domain Name System, "DNS and BIND", and "DNS on Windows NT." He administered hp.com and founded Acme Byte & Wire, which specializes in consulting and training on the Domain Name System. His topic is the new features in the latest release of Berkeley Internet Name Domain (BIND 8.2.1).

Q. What is BIND? A. It's a distributed white pages for matching Domain Name and IP address number.

Q. Who maintains BIND? A. Internet software consortium non-profit grant from Rick Adams (started UUNET). Various task forces IE?TF work on extensions.

New features in BIND 8.2.1 include: - Support for DNSSEC: DNS Security Extensions for cryptographic authentication of DNS data origin and integrity with new record types KEY, SIG, and NXT for storing public keys, digital signatures, and authenticated negative responses.

Q. Public key? A. Yes asymmetrical algorithms Q. It's not as big as encrypting the entire zone? A. Right. Q. Is the public key passed on request or every lookup? A. On request only. Name servers will be a lot busier.

Q. Where was the IP address? Isn't that the whole purpose? A. That stuff is all overhead, the addresses are deeper in the record.

Q. Will IPv6 work with this? A. IPv6 not in BIND yet.

- IXFR support for incremental transfers of only the changed zone data. - Enhanced forwarding for tracking the fastest name servers.

Q. BIND on NT? A. Yes. Q. Are there versions for HP, Sun Solaris? A. Sun and HP at 8.1.2.

- Enhanced slave behavior so the slave server can choose the master with the highest serial number in the SOA record, and to query a master server on a port other than 53. - ndc, the name daemon controller, can send signals to the name server remotely across a network to a configurable port. This is very useful, but also very dangerous. - The sortlist allows the administrator of a name server to "prefer" certain networks based on a query's source. - Configure RRset order (order of records attached to the same domain name with the same class and type) to fixed order, random, and cyclic (round robin). - Caching support for negative responses. - Lame server TTL for protection against a zone delegated to a name server that is not authoritative. - Blackhole networks allow an administrator to specify no response when the query originates from certain networks, so you can ignore spammers. Q. Can't spammer get info from other DNS server? A. Used more for accepting internal, ignoring external requests. - Dialup zones allow the master server to NOTIFY the slave server to initiate a zone transfer during a dialup link. - Version response is now configurable. - Host statistics can be turned off on a per-host basis. - Message IDs can be randomized. - Name checking can be turned off. - Number of resends and retransmission timeout can be configured. - Name server rotation spreads the resolver's query load across several servers.

(Cricket's talk is shown on http://www.acmebw.com/paper.htm under "New Features in BIND 8.2"

Q&A --- Carl asked Cricket - Is there a provision for public key expiration? Cricket - Signature expires. Carl - Expire sooner? Cricket - No revocation. Carl - Could DNS become main server for public keys? Cricket - Could be.

Q. In the old days ORG was dedicated to non-profit organizations, but now a commercial company can get all the extensions (COM NET ORG). That's not right. A. Carl - NSI makes more money if it lets you register them all.

Q. What about the new top level domains (TLD), use them all indiscriminately? A. Carl - These TLD expansions should be exceedingly slow and deliberate. How about the US domain? Also, compare the TLD expansion with the addition of 888 and 877 to the toll free area code. 800 owners had first dibs on the new 888 numbers. New TLDs will not help and the old ones are not all gone.

Q. Has the RMIUG registered rmiug.com? A. Alek - Not yet.

Q. What is the role of the government in this process? What should the governments do? A. Carl -The consensus method of the old days was better than having the government do it. Congress and NSF did a horrible job of watching NSI. We can't avoid having the government trying to control things. I hope regulatory structures will have meaningful consensus from real users with mud under their fingernails. But that's out of step. Cricket - Why should the US think they own it?

Q. I'm registering a domain name in different countries. If I trademark company name help protect me in other countries? A. No, not unless you're big like Disney or Kodak. Q. What about the Mapquest name? A. You will need to look at trademark law in each country. Q. It's difficult to register in each country, so we're losing Mapquest.uk, Mapquest.jp.

Q. I just got a new bill from NSI. How do I switch to Register.com without losing name? A. None of them can transfer yet. Q. Register.com says they will be able to take transfers in one week. A. Something could go wrong, but you could legally get it back. Q. I'm worried about it costing money. A. I'm going to transfer it. But there are risks.

Q. Will NSI, Register.com, Melbourne and others be the same when registering a new name? A. Some are less evil than others. Q. Are there any problems with Register.com? A. Carl - I've registered all my domains with Register.com, and I don't see problems even if the building burns down. The government requires them to maintain files for continuity of service. The zone file will not change unless actively acted on. Cricket - The government has vetted them and checked them out to make sure they can provide the service.

Q. I've tried AltaVista for checking out my name. What else should I check? A. That's a good start. If you get no hits, good, but if you get 20,000 hits, that's bad even if the name is not registered. Q. Why does NSI have such a bad policy for disputed domain names? A. Knowledge.net dispute sued NSI in Illinois. NSI had to pay $120,000 for legal costs just to decide if it would be judged in Illinois or Virginia, so they don't ever want that to happen again. Their policy will grant the domain to the trademark holder, who has all the money. However, NSI failed to take into account that the non-trademark holder would not always roll over and die. We sued over Roadrunner and won. Newer policy has actually resulted in more suits instead of fewer.

Q. Will the new BIND features result in increased processing overhead? A. Cricket - Verification will require more overhead. Q. Chuck the Pentium 90's? A. It's more asymmetrical than it used to be. Lookup is the one that does more of the work.

Q. What should I watch out for when buying a domain name owned by someone else? A. They might take your money and not give you the name. Make sure the seller discloses infirmities, like if someone else has sent them a cease and desist order. Watch out for transition periods, like if you will pass e-mail addresses for them and you could be held responsible for their actions. Cricket - From a technical perspective, it takes time to make the transfer so it will be an orderly transfer. The contract should have a technical steps section.

Q. Traffic solution might be incremental transfers. How long will it take for 8.2 to propagate to realize the benefits of the new features? A. Some customers are still running BIND 4.8.3, 1988-99 vintage. A big thing is Microsoft DNS in Windows 2000 vs Internet Software Consortium. Microsoft almost requires Windows 2000 name server.

Q. Is 10% of traffic still name lookups? A. You could tell that easier before. Richer content takes up a higher bandwidth, so the percentage is certainly smaller.

Q. Carl - acme.net is trademarked but haven't put it on the net. What is protection from someone else getting acme.com. A. Get trademark regardless of Internet. Depends on what you are using it for. You could have a company called Acme.com that sells devices for exploding small birds, but the name Acme is not trademarked for other goods and services.

Q. DNS vs LDAP? A. BIND 9 abstracted back end. Zone files are ASCII. BIND 9 LDAP or database backend. X.500 take over DNS? Not likely in the near future. DNS is tuned to respond quickly. LDAP server has fuzzy search so would be slower. DNS could be front end for LDAP server.

Q. Status of ICANN? A. They ran out of money. Once you do something in name space, it can't be eliminated. It has to stay in the Zone.

Q. NSI thinks they own the name data base. A. They're trying to accomplish with contracts what legal system doesn't grant them. Data should not be proprietary to NSI.

Alek thanked the speakers and audience for their participation and adjourned the meeting at 9:00 pm.

Tentative schedule of upcoming 1999 RMIUG meetings: Sep - Tips and Tools for Web Site Development Nov - Y2K Armageddon, The Coming Internet/World Meltdown ;-)

RMIUG appreciates the ongoing support from XOR Network Engineering ( http://www.xor.com ) for administration of RMIUG's electronic discussion lists & WWW site. Thanks also to NDA ( http://www.nda.com ) for sponsorship of refreshments for our group.

There are email mailing lists set up for this group. To subscribe or unsubscribe, see http://www.rmiug.org/maillist.html You can also reach the RMIUG "Executive" Committee at rmiug-comm@rmiug.org. Our web site is at http://www.rmiug.org/

Respectfully submitted by Tom Bresnahan tbrez@rmiug.org -----