----- Forwarded by Henning Brauer/BSWS/DE on 30.06.00 13:16 ----- Henning Brauer To: "Sabine Dolderer/Denic" <dolderer@denic.de> 30.06.00 13:14 cc: Subject: Re: Antwort: Re: Antwort: Re: AW: AW: Deletion of .de domain objects (Document link: Henning Brauer) a) agree. But the Maintainer-Scheme works really good, so I do nao see any reason for changing this. b) Just one Example (now): bss004:~ # whois -h whois.denic.de NOC54-RIPE Connection refused; server has reached maximum number of clients. Anonther: dns.denic.de didn't answered authoritative for de-Domains Yesterday evening... c) No One would sya anything if you would just take the ripe-solution so we had to change email-adress for updates. Even other changes, like source: and perhaps phone, fax and so in beeing optional, would be acceptable. But there is no doc how updates will be made! d) customers do agree to this when putting ther data in the DB. As I said before: Just make phone and fax optional, everbody will agree. If it would be true what you are saying here, even Telephone books would be illegal. e) just compare whois -h whois.ripe.net NOC54-RIPE with whois -h whois.denic.de NOC54-RIPE. I'd like to show you this here, but DENIC's whois-Server is not reponding. The problem is that if you di an whois-query for an .de-Domain (in most cases using one of the web-interface) you'll see the crippeled data from ther denic whois-db. f) means there will be costs? You do not answer the question here. g) answer? Thanks for participationg this discussion. But why was this discussion not possible before doing the move?? As said before: RIPE-Meetings and hostmaster-list ARE closed communities, the db-wg@ripe.net would have been the right place. Greetings Henning Brauer Hostmaster BSWS ------------------------------------------------ BS Web Services Roedingsmarkt 14 20459 Hamburg Germany info@bsmail.de www.bsws.de fon: +49 40 3750357-0 fax: +49 40 3750357-5 PLEASE USE EMAIL WHERE POSSIBLE "Sabine Dolderer/Deni To: henning.brauer@bsmail.de c" cc: db-wg@ripe.net, info@denic.de, lir-wg@ripe.net, robert@martin-legene.dk <dolderer@den Subject: Antwort: Re: Antwort: Re: AW: AW: Deletion of .de domain objects ic.de> 30.06.00 12:44 Hello, On 30.06.00 11:07 henning.brauer@bsmail.de wrote:
Hi,
thats not really the point of our critics. a) changes only be made by members????
as every DE-domainowner is our customer and we are responisble to him about the security of his domainname we must assure that changes are made in a verifyable and accountable way. It is important that there is a documented responsibility.
b) technical solution - RIPE's solutions are working really good, DENIC's past solutions are poor
no comment.
c) change in interfaces not acceptable
d) contact info's, especially phone and fax, are REALLY important for
changes in interfaces are sometimes necessary. But I am with you that this should happen very rarely and should be prepared very well and people should be informed very soon -- but we tried to make all this. the
hostmasters to inform each other about technical probs. If this could be against German's laws, just make these fields optional.
we are only allowed to publish these things if the custoumer have signed that he allows the publishing. Currently we think that from nearly none of the persons in the RIPE-DB this allowence is there. For the future we plan to let the people the choice to publish these data.
e) putting so named "non-operational data" or "test data" which is incomplete and partly incorrect in production systems (it IS in productionis - just do an whoi-query...) is not acceptable
sorry I don't understand these point. Maybe you can show me an example of these "test data".
f) plans making life for non-members harder -> DENIC tries to get more payin' members????
As we are working on a costrecovery base (non-profit) more members don't means automatically more income. But surely are we are interested in organisations taking the responsibitlity and sharing the risk to run the German Registry as a self regulating body for the benefits of the German Internet Community.
g) plans to charge for person: and role: records? h) to be continued...
Regards Sabine
pls see http://denicpetition.bsws.de
Greetings from Germany
Henning Brauer Hostmaster BSWS
------------------------------------------------ BS Web Services Roedingsmarkt 14 20459 Hamburg Germany
info@bsmail.de www.bsws.de
fon: +49 40 3750357-0 fax: +49 40 3750357-5
PLEASE USE EMAIL WHERE POSSIBLE
"Sabine Dolderer/Deni To: henning.brauer@bsmail.de c" cc: db-wg@ripe.net,
lir-wg@ripe.net, robert@martin-legene.dk <dolderer@den Subject: Antwort: Re: AW: AW: Deletion of .de domain objects ic.de>
30.06.00 10:39
Hello,
speaking for DENIC ;-). I will try to comment about the reasons why we have (or even must) done the migration.
First of all I want to try to summarize the problems we are faced in the past and then I will come to an explanation of the solution we choose.
Problems:
There were a lot of discussions in the past about domain-objects in the RIPE-database and that they cause too much capacity for RIPE to maintain their database for this amount of objects.
There was a common understanding that RIPE is not a service provider for domainregistries like ccTLDs but there were indeed suggestions to offer or assist us in this kind of service.
There were a lot of pressure from our dataprotection office that due to our business we pubish data (or we urge provider to puplish data of
customers) which is not allowed to publish under German data protection laws. Mainly the existence of the inverse query feature and the
of data like phone-, faxnumbers and email addresses was critisized.
We have had also a lot of discussions about the issue with other ccTLDs and with people from the EU commission. The fundamental outcome of these discussion was that there is no real issue to export personal data from the coutries to acentral database and that this should therefore stopped very soon. If the data is stored locally everybody can impose individually there dataprotection laws. Nevertheless there should be a central entrypoint to look for domain-data and therefore we support the RIPE referal mechanism and are looking together with other ccTLDs and the db-wg from RIPE at solutions like using the SRV-RR for whois-queries (see rfc2782 for a documentation)
Solution
So as I pointed out above there was no other solution than to migrate
domainobjects to a DENIC based domainquery mechanism. People who followed the discussion know that DENIC is on there way out of RIPE. Actually it was a dicission made by the RIPE db-wg in Amsterdam (February?) that
should be no domainobject in the database after June 30th.
Why do we publish less data than RIPE does?
I have tried to explain it also above due to German dataprotection laws we are allowed to publish only "necessary data" without formal agreement with the applicant.
Whats necessary concerning a domainname?
We agreed with the people from the dataprotection office that there is no necessity to no more about a admin-c of the domain than his address because if you need for legal issues to come in contact with him thats
only thing you need.
Concerning the tech-c and the zone-c he finally agreed that there is a necessity due to technical urgencies to publish phone and email-addresses and so we will implement this very soon.
I hope I have help you a little bit in understanding our position. I am really sorry that due to this discussion I get the feeling that people felt we are doing things without thinking or good reasons or just to make them angry. I hope you see there are - as usual - two sides of a medal and you see know the other side a little bit better,
Regards Sabine
On 30.06.00 09:39 henning.brauer@bsmail.de wrote:
Hi,
I'm sorry for that, received a mail in german and replied.... once again in english:
I'd like to see a common procedure against the behaviour od DENIC. There are lot's of problems with the DENIC's solution, and if you
on
the past working of DENIC, you would really wish that there are no domain or person or role-objects in a database controlled by them.... The current solution by RIPE (for the Handles) works great. Most of us developed tools, webinterfaces, mailrobos and so on to deal with the procedure of creating, updating and deleting RIPE-Handles. All of us could live with a change of the email-adress to send the requests to, but not with totally new formats and and totally different concepts. It would be a good idea for DENIC to take the (really great working) RIPE-solution. The manner aof DENICs working now is inacceptable. Anybody making whois-querys with one of the uncountable webinterfaces gets the cripled contact data displayed. How the not with blindness strucked of us have seen, there is lots of data missing in the persons:s and role:s-data: remarks, mnt-by, phone, fax, trouble, notify, changed and (for the role:s) admin-c and tech-c. On Example: in our role-handle (compare whois -h whois.denic.de NOC54-RIPE against whois -h whois.ripe.net NOC54-RIPE) is described how to make updates and who to cantact for whatever. This info is now missing. Remember: this (in DENICs words "non-operational data" or "just a test") criple data is displayed whenever you query a german domain! The most people won't hav the idea to query whois.denic.de for the domain and then whois.ripe.net for the person:s and role:s, and I'm sure that even no webinterface to whois does so. This means tons of senseless work for us! It is really inacceptable insolence by DENIC to take data out of the RIPE-Database, changing it and then publishing it! With RIPE this is inconceivablily, have a look at their policy. I'm not sure if this is not against german or europeen laws, but I'm not a lawyer. If I think of
future, all domain:s, person:s and role:s at DENICs database... beam me back a few years, please. Putting the domain:s in DENICs own database is acceptable. There is no really change for us (ok, I had to add two exra lines to our whois-webinterface's code...), because we register Domains through DENIC or resellers (most of us are not members of DENIC because this is really expensive, so we are depend on resellers). With person:s and role:s-objects, surely all of us are working directly with the RIPE-Database. It is inacccetable if changes will only be possible by DENIC's members. This means weeks or eve months of handwork for us. Then the resellers will complete their (mail-)interfaces for changing , and parallel tio doing lots of work by hand we have to completely redevelop our tools, webinterfaces, mailrobos and so on!!!
This can not be the way to our future.
Let's join to make DENIC know that this is inacceptable. Contact your DENIC reseller and tell them what you think about this. They control DENICs board...
Greetings from Germany
Henning Brauer Hostmaster BSWS
------------------------------------------------ BS Web Services Roedingsmarkt 14 20459 Hamburg Germany
info@bsmail.de www.bsws.de
fon: +49 40 3750357-0 fax: +49 40 3750357-5
PLEASE USE EMAIL WHERE POSSIBLE
Robert Martin-Legène To: henning.brauer@bsmail.de <robert@martin- cc: legene.dk> Subject: Re: AW: AW: Deletion of .de domain objects Sent by: r@jenslyn.nisse .dk
30.06.00 05:49
Hallo.
This is a list in English.
What did you write?
On Thu, 29 Jun 2000 henning.brauer@bsmail.de wrote:
Ein gemeinsames Vorgehen gegen dieses Vorgehen des DENIC sähe ich
gerne. Es ergeben sich zig Probleme aus der DENIC-Lösung, und wenn ich so an die Bearbeitungszeiten denke... Die Lösung mit den RIPE-Handles funktioniert wunderbar. Die meisten von uns haben Werkzeuge/Webinterfaces/Mailrobos/.... entwickelt, um damit zu Arbeiten. Mit einer Änderung der eMail-Adresse und einer Abfrage DENIC-oder-nicht können wir wohl alle leben, mit völlig neuen Formaten und Vorgehensweise zum Updaten/Anlegen von RIPE (oder dann DENIC)-Handles nicht. Das DENIC wäre gut beraten, die RIPE-Lösung zu übernehmen. Die Art und Weise, mit der DENIC hier vorgeht, finde ich unverantwortlich. Jeder, der jetzt Abfragen über eins der zahllosen Webinterfaces für whois macht (oder gar selbst whois kennt ;-)) kriegt jetzt die DENIC-(test? -)Handles angezeigt. In unserem Rollenhandle ist unter anderem klar beschrieben, was für Updates etc. zu tun ist und wer für was zu kontaktieren ist. Kommen diese Infos jetzt nicht mehr, laufen wieder alle, zum Teil unnützen, Anfragen irgendwo zentral auf und verursachen unnötigerweise zusätzliche Arbeit. Und das das DENIC ohne Zustimmung der Betroffenen Daten derselben ändert und Infos rausfallen lässt, ist eine bodenlose Frechheit. Beim RIPE ist das durch deren Policy ganz klar ausgeschlossen. Wenn ich die vergangene und vor allem jetztige Arbeitsweise des DENIC sehe, wird mir ganz anders bei dem Gedanken daran, das alle Domain und vor allem Personenrecords bei denen in der Datenbank
den Domainrecords ist das aktzeptabel, da sich an der Arbeitsweise für uns nichts ändert - registrieren, update usw tun wir eh übers DENIC oder deren Reseller. Bei den Person- und Role-Records arbeiten wir wohl alle
sehr sehr liegen. Bei direct
auf die RIPE-Datenbank, und da ist es nicht akzeptabel wenn
info@denic.de, their publishing the there the think the plötzlich
alle
Änderungen nur noch über DENIC-Mitglieder möglich sind - für uns als nicht-Mitglied also nur über nen Reseller. Bis die dann soweit sind und eine automatisierbare Möglichkeit zum Anlegen/Updaten usw. von Persons/Roles geschaffen haben, geht sicherlich noch einige Zeit ins Land, und dann wird es da wohl auch auf ein völlig neues Format rauslaufen. Folge also? Wir müssen erstmal Wochen- oder gar Monatelang Handles per Hand bearbeiten und dann auch noch parallel (wenn die Reseller soweit sind) unsere Robos umbauen... nein danke.
Gruss
Henning Brauer Hostmaster BSWS
------------------------------------------------ BS Web Services Roedingsmarkt 14 20459 Hamburg Germany
info@bsmail.de www.bsws.de
fon: +49 40 3750357-0 fax: +49 40 3750357-5
PLEASE USE EMAIL WHERE POSSIBLE
"NCC Network Coordination To: <henning.brauer@bsmail.de> Center" cc: <owner-loca-ir@ripe.net> <ncc@mediasca Subject: AW: AW: Deletion of .de domain objects pe.de>
29.06.00 18:04
Wie wärs mit einem gemeinschaftlichen Complaint ans DENIC? Einige an der Diskussion beteiligte Leute bemerkerten ja auch schon, das es weder statthaft noch logisch sei, seitens der DENIC Maintainerlose Objekte mit einem DENIC-P Maintainer zu versehen. Die nun bei einer Abrage des denics4 gezeigten Objekte enthalten ja, wie unten schon bemerkt, gar keinen Maintainer. Wenn dieser Datenbestand nun doch Tatsache ist oder wird, dann... au weia. In der Diskussion wurde ja auch schon darüber gemutmasst, dass wahrscheinlich auch wieder nur DENIC Mitglieder überhaupt Änderungen vornehmen können und das ist dann wahrhaftig grauselig.
MfG Martin Ahrens
Mediascape Hostmasters
-----Ursprüngliche Nachricht----- Von: henning.brauer@bsmail.de [mailto:henning.brauer@bsmail.de] Gesendet: Donnerstag, 29. Juni 2000 17:40 An: NCC Network Coordination Center Betreff: Re: AW: Deletion of .de domain objects
Kann ich nur hoffen. Wie andere in der Liste (mit weniger Tomaten auf den Augen) schon bemerkt haben, fehlen auch die mnt-by's, notifys, phone, und diverser anderer Kram.
Gruss
Henning Brauer Hostmaster BSWS ------------------------------------------------ BS Web Services Roedingsmarkt 14 20459 Hamburg Germany
info@bsmail.de www.bsws.de
fon: +49 40 3750357-0 fax: +49 40 3750357-5
PLEASE USE EMAIL WHERE POSSIBLE
"NCC Network Coordination To: <henning.brauer@bsmail.de> Center" cc: <ncc@mediasca Subject: AW: Deletion of .de domain objects pe.de>
29.06.00 16:00
Hallo,
was Sie (w.u.) bemerkten, ist mir auch schon aufgefallen. DENIC hat Daten aus Person und Role Objekten des Ripe NCC offenbar in gekürzter Form übernommen. Allerdings sind alle Objekte mit
changed: test@nowhere.denic.de 2000MMDD
versehen. Handelt es sich hier ggf. noch um eine Testvariante der Übernahme?
MfG Martin Ahrens
Mediascape Hostmasters
-----Ursprüngliche Nachricht----- Von: owner-local-ir@ripe.net [mailto:owner-local-ir@ripe.net]Im Auftrag von henning.brauer@bsmail.de Gesendet: Donnerstag, 29. Juni 2000 13:23 An: lir-wg@ripe.net; db-wg@ripe.net; local-ir@ripe.net Betreff: Re: Deletion of .de domain objects
Hi,
I just queryed our own main domain and have seen that the person and roles had also "DENIC" as source. But really more interesting: WHERE ARE THE REMARK:s???? try whois -h whois.ripe.net NOC54-RIPE and whois -h whois.denic.de NOC54-RIPE.
Greetings from Germany
Henning Brauer Hostmaster BSWS ------------------------------------------------ BS Web Services Roedingsmarkt 14 20459 Hamburg Germany
info@bsmail.de www.bsws.de
fon: +49 40 3750357-0 fax: +49 40 3750357-5
PLEASE USE EMAIL WHERE POSSIBLE
RIPE Database Administratio To: lir-wg@ripe.net, db-wg@ripe.net, local-ir@ripe.net n cc: <ripe-dbm@rip Subject: Deletion of .de domain objects e.net> Sent by: owner-lir-wg@ ripe.net
29.06.00 12:45
-------- Dear Colleauges,
We are happy to announce that we have successfully completed the first phase of migrating .de domain objects and related objects to DENIC's own whois database. Now there are no .de domain objects in RIPE whois database except for the top level one.
Normal operation of our database has been resumed at 9:30am, Central European Summer Time.
If you have any question, please reply to ripe-dbm@ripe.net.
-- Filippo Portera
-- Robert Martin-Legene
Sabine Dolderer DENIC eG Wiesenhüttenplatz 26 D-60329 Frankfurt
eMail: Sabine.Dolderer@denic.de Fon: +49 69 27235 0 Fax: +49 69 27235 235
Sabine Dolderer DENIC eG Wiesenhüttenplatz 26 D-60329 Frankfurt eMail: Sabine.Dolderer@denic.de Fon: +49 69 27235 0 Fax: +49 69 27235 235