ncc-services-wg-admin@ripe.net wrote on 08/10/2007 11:59:22:
On Oct 8, 2007, at 11:16, Ian Meikle wrote:
If the service is not provided by RIPE, who would provide it? Who else has the traffic measurement boxes so well distributed? Not to mention the professional resources and experience.
I believe Verisign uses its global DNS infrastructure to monitor the root servers, as do some of the other root service operators. [Besides the NCC. :-)] UltraDNS/Neustar monitor their global DNS platform. And I expect Afilias would be in a position to offer this service once their anycast infrastructure is fully deployed. Presumably these organisations would be prime candidates to offer a DNS monitoring service if there was a level playing field. CAIDA has monitoring boxes deployed all over the place, though they may be unable to get involved in commercial activities or deliver "service". Another possibility could be for CENTR to offer this service to its members. Maybe ICANN/IANA could do this? Shouldn't they be gathering statistics on the health of the DNS and keeping track of critical DNS infrastructure?
Are these commercial offerings? We are a customer of UltraDNS/Neustar for DNS provision and it has never been suggested that we use their monitoring services. Any new service from Centr or ICANN/IANA would (a) take too long to set up, and (b) be subject to the same arguments you are making against DNSMON.
Your remarks about "professional resources and experience" are particularly troubling for me Ian. It can (and may well be argued) that the NCC's presence in this emerging market is stifling others from offering DNS monitoring services and creates an artificial barrier to entry. That makes it harder for a competitor to pay for equipment, staff and gain operational experience. And meanwhile the NCC has cherry-picked the best (and probably the richest) customers.
Sorry to worry you Jim ;-) What I was trying to point out was that this is already an established service, widely used by the RIPE LIR community and beyond. If we prevent it being extended to ENUM then we are left without a viable way of monitoring those nameservers.
This is why I drew parallels with the NCC's DNS hosting service. In the early days of the net, it made sense for the NCC to host TLDs. Now it doesn't. So the NCC is gracefully exiting that "business". Entering the DNS monitoring business -- and watch the mission creep that's happened here! -- looks to be a repeat of those earlier well- meaning but misplaced intentions.
I see a difference here. DNS hosting is an established field in which there are numerous providers. I am not aware of any other providers of a service similar to DNSMON. It may be that the market is not mature enough yet. In that case, if RIPE is the only place we can go to for this then let us use it. Ian