Antwort: Re: AW: AW: Deletion of .de domain objects
Hello, speaking for DENIC ;-). I will try to comment about the reasons why we have (or even must) done the migration. First of all I want to try to summarize the problems we are faced in the past and then I will come to an explanation of the solution we choose. Problems: There were a lot of discussions in the past about domain-objects in the RIPE-database and that they cause too much capacity for RIPE to maintain their database for this amount of objects. There was a common understanding that RIPE is not a service provider for domainregistries like ccTLDs but there were indeed suggestions to offer or assist us in this kind of service. There were a lot of pressure from our dataprotection office that due to our business we pubish data (or we urge provider to puplish data of their customers) which is not allowed to publish under German data protection laws. Mainly the existence of the inverse query feature and the publishing of data like phone-, faxnumbers and email addresses was critisized. We have had also a lot of discussions about the issue with other ccTLDs and with people from the EU commission. The fundamental outcome of these discussion was that there is no real issue to export personal data from the coutries to acentral database and that this should therefore stopped very soon. If the data is stored locally everybody can impose individually there dataprotection laws. Nevertheless there should be a central entrypoint to look for domain-data and therefore we support the RIPE referal mechanism and are looking together with other ccTLDs and the db-wg from RIPE at solutions like using the SRV-RR for whois-queries (see rfc2782 for a documentation) Solution So as I pointed out above there was no other solution than to migrate the domainobjects to a DENIC based domainquery mechanism. People who followed the discussion know that DENIC is on there way out of RIPE. Actually it was a dicission made by the RIPE db-wg in Amsterdam (February?) that there should be no domainobject in the database after June 30th. Why do we publish less data than RIPE does? I have tried to explain it also above due to German dataprotection laws we are allowed to publish only "necessary data" without formal agreement with the applicant. Whats necessary concerning a domainname? We agreed with the people from the dataprotection office that there is no necessity to no more about a admin-c of the domain than his address because if you need for legal issues to come in contact with him thats the only thing you need. Concerning the tech-c and the zone-c he finally agreed that there is a necessity due to technical urgencies to publish phone and email-addresses and so we will implement this very soon. I hope I have help you a little bit in understanding our position. I am really sorry that due to this discussion I get the feeling that people felt we are doing things without thinking or good reasons or just to make them angry. I hope you see there are - as usual - two sides of a medal and you see know the other side a little bit better, Regards Sabine On 30.06.00 09:39 henning.brauer@bsmail.de wrote:
Hi,
I'm sorry for that, received a mail in german and replied.... once again in english:
I'd like to see a common procedure against the behaviour od DENIC. There are lot's of problems with the DENIC's solution, and if you think
the past working of DENIC, you would really wish that there are no domain or person or role-objects in a database controlled by them.... The current solution by RIPE (for the Handles) works great. Most of us developed tools, webinterfaces, mailrobos and so on to deal with the procedure of creating, updating and deleting RIPE-Handles. All of us could live with a change of the email-adress to send the requests to, but not with totally new formats and and totally different concepts. It would be a good idea for DENIC to take the (really great working) RIPE-solution. The manner aof DENICs working now is inacceptable. Anybody making whois-querys with one of the uncountable webinterfaces gets the cripled contact data displayed. How the not with blindness strucked of us have seen, there is lots of data missing in the persons:s and role:s-data: remarks, mnt-by, phone, fax, trouble, notify, changed and (for the role:s) admin-c and tech-c. On Example: in our role-handle (compare whois -h whois.denic.de NOC54-RIPE against whois -h whois.ripe.net NOC54-RIPE) is described how to make updates and who to cantact for whatever. This info is now missing. Remember: this (in DENICs words "non-operational data" or "just a test") criple data is displayed whenever you query a german domain! The most people won't hav the idea to query whois.denic.de for the domain and then whois.ripe.net for the person:s and role:s, and I'm sure that even no webinterface to whois does so. This means tons of senseless work for us! It is really inacceptable insolence by DENIC to take data out of the RIPE-Database, changing it and then publishing it! With RIPE this is inconceivablily, have a look at their policy. I'm not sure if this is not against german or europeen laws, but I'm not a lawyer. If I think of the future, all domain:s, person:s and role:s at DENICs database... beam me back a few years, please. Putting the domain:s in DENICs own database is acceptable. There is no really change for us (ok, I had to add two exra lines to our whois-webinterface's code...), because we register Domains through DENIC or resellers (most of us are not members of DENIC because this is really expensive, so we are depend on resellers). With person:s and role:s-objects, surely all of us are working directly with the RIPE-Database. It is inacccetable if changes will only be possible by DENIC's members. This means weeks or eve months of handwork for us. Then the resellers will complete their (mail-)interfaces for changing , and parallel tio doing lots of work by hand we have to completely redevelop our tools, webinterfaces, mailrobos and so on!!!
This can not be the way to our future.
Let's join to make DENIC know that this is inacceptable. Contact your DENIC reseller and tell them what you think about this. They control DENICs board...
Greetings from Germany
Henning Brauer Hostmaster BSWS
------------------------------------------------ BS Web Services Roedingsmarkt 14 20459 Hamburg Germany
info@bsmail.de www.bsws.de
fon: +49 40 3750357-0 fax: +49 40 3750357-5
PLEASE USE EMAIL WHERE POSSIBLE
Robert Martin-Legène To: henning.brauer@bsmail.de <robert@martin- cc: legene.dk> Subject: Re: AW: AW: Deletion of .de domain objects Sent by: r@jenslyn.nisse .dk
30.06.00 05:49
Hallo.
This is a list in English.
What did you write?
On Thu, 29 Jun 2000 henning.brauer@bsmail.de wrote:
Ein gemeinsames Vorgehen gegen dieses Vorgehen des DENIC sähe ich sehr
sehr
gerne. Es ergeben sich zig Probleme aus der DENIC-Lösung, und wenn ich so an die Bearbeitungszeiten denke... Die Lösung mit den RIPE-Handles funktioniert wunderbar. Die meisten von uns haben Werkzeuge/Webinterfaces/Mailrobos/.... entwickelt, um damit zu Arbeiten. Mit einer Änderung der eMail-Adresse und einer Abfrage DENIC-oder-nicht können wir wohl alle leben, mit völlig neuen Formaten und Vorgehensweise zum Updaten/Anlegen von RIPE (oder dann DENIC)-Handles nicht. Das DENIC wäre gut beraten, die RIPE-Lösung zu übernehmen. Die Art und Weise, mit der DENIC hier vorgeht, finde ich unverantwortlich. Jeder, der jetzt Abfragen über eins der zahllosen Webinterfaces für whois macht (oder gar selbst whois kennt ;-)) kriegt jetzt die DENIC-(test? -)Handles angezeigt. In unserem Rollenhandle ist unter anderem klar beschrieben, was für Updates etc. zu tun ist und wer für was zu kontaktieren ist. Kommen diese Infos jetzt nicht mehr, laufen wieder alle, zum Teil unnützen, Anfragen irgendwo zentral auf und verursachen unnötigerweise zusätzliche Arbeit. Und das das DENIC ohne Zustimmung der Betroffenen Daten derselben ändert und Infos rausfallen lässt, ist eine bodenlose Frechheit. Beim RIPE ist das durch deren Policy ganz klar ausgeschlossen. Wenn ich die vergangene und vor allem jetztige Arbeitsweise des DENIC sehe, wird mir ganz anders bei dem Gedanken daran, das alle Domain und vor allem Personenrecords bei denen in der Datenbank
Bei
den Domainrecords ist das aktzeptabel, da sich an der Arbeitsweise für uns nichts ändert - registrieren, update usw tun wir eh übers DENIC oder deren Reseller. Bei den Person- und Role-Records arbeiten wir wohl alle
on liegen. direct
auf die RIPE-Datenbank, und da ist es nicht akzeptabel wenn plötzlich alle Änderungen nur noch über DENIC-Mitglieder möglich sind - für uns als nicht-Mitglied also nur über nen Reseller. Bis die dann soweit sind und eine automatisierbare Möglichkeit zum Anlegen/Updaten usw. von Persons/Roles geschaffen haben, geht sicherlich noch einige Zeit ins Land, und dann wird es da wohl auch auf ein völlig neues Format rauslaufen. Folge also? Wir müssen erstmal Wochen- oder gar Monatelang Handles per Hand bearbeiten und dann auch noch parallel (wenn die Reseller soweit sind) unsere Robos umbauen... nein danke.
Gruss
Henning Brauer Hostmaster BSWS
------------------------------------------------ BS Web Services Roedingsmarkt 14 20459 Hamburg Germany
info@bsmail.de www.bsws.de
fon: +49 40 3750357-0 fax: +49 40 3750357-5
PLEASE USE EMAIL WHERE POSSIBLE
"NCC Network Coordination To: <henning.brauer@bsmail.de> Center" cc: <owner-loca-ir@ripe.net> <ncc@mediasca Subject: AW: AW: Deletion of .de domain objects pe.de>
29.06.00 18:04
Wie wärs mit einem gemeinschaftlichen Complaint ans DENIC? Einige an der Diskussion beteiligte Leute bemerkerten ja auch schon, das es weder statthaft noch logisch sei, seitens der DENIC Maintainerlose Objekte mit einem DENIC-P Maintainer zu versehen. Die nun bei einer Abrage des denics4 gezeigten Objekte enthalten ja, wie unten schon bemerkt, gar keinen Maintainer. Wenn dieser Datenbestand nun doch Tatsache ist oder wird, dann... au weia. In der Diskussion wurde ja auch schon darüber gemutmasst, dass wahrscheinlich auch wieder nur DENIC Mitglieder überhaupt Änderungen vornehmen können und das ist dann wahrhaftig grauselig.
MfG Martin Ahrens
Mediascape Hostmasters
-----Ursprüngliche Nachricht----- Von: henning.brauer@bsmail.de [mailto:henning.brauer@bsmail.de] Gesendet: Donnerstag, 29. Juni 2000 17:40 An: NCC Network Coordination Center Betreff: Re: AW: Deletion of .de domain objects
Kann ich nur hoffen. Wie andere in der Liste (mit weniger Tomaten auf den Augen) schon bemerkt haben, fehlen auch die mnt-by's, notifys, phone, und diverser anderer Kram.
Gruss
Henning Brauer Hostmaster BSWS ------------------------------------------------ BS Web Services Roedingsmarkt 14 20459 Hamburg Germany
info@bsmail.de www.bsws.de
fon: +49 40 3750357-0 fax: +49 40 3750357-5
PLEASE USE EMAIL WHERE POSSIBLE
"NCC Network Coordination To: <henning.brauer@bsmail.de> Center" cc: <ncc@mediasca Subject: AW: Deletion of .de domain objects pe.de>
29.06.00 16:00
Hallo,
was Sie (w.u.) bemerkten, ist mir auch schon aufgefallen. DENIC hat Daten aus Person und Role Objekten des Ripe NCC offenbar in gekürzter Form übernommen. Allerdings sind alle Objekte mit
changed: test@nowhere.denic.de 2000MMDD
versehen. Handelt es sich hier ggf. noch um eine Testvariante der Übernahme?
MfG Martin Ahrens
Mediascape Hostmasters
-----Ursprüngliche Nachricht----- Von: owner-local-ir@ripe.net [mailto:owner-local-ir@ripe.net]Im Auftrag von henning.brauer@bsmail.de Gesendet: Donnerstag, 29. Juni 2000 13:23 An: lir-wg@ripe.net; db-wg@ripe.net; local-ir@ripe.net Betreff: Re: Deletion of .de domain objects
Hi,
I just queryed our own main domain and have seen that the person and roles had also "DENIC" as source. But really more interesting: WHERE ARE THE REMARK:s???? try whois -h whois.ripe.net NOC54-RIPE and whois -h whois.denic.de NOC54-RIPE.
Greetings from Germany
Henning Brauer Hostmaster BSWS ------------------------------------------------ BS Web Services Roedingsmarkt 14 20459 Hamburg Germany
info@bsmail.de www.bsws.de
fon: +49 40 3750357-0 fax: +49 40 3750357-5
PLEASE USE EMAIL WHERE POSSIBLE
RIPE Database Administratio To: lir-wg@ripe.net, db-wg@ripe.net, local-ir@ripe.net n cc: <ripe-dbm@rip Subject: Deletion of .de domain objects e.net> Sent by: owner-lir-wg@ ripe.net
29.06.00 12:45
-------- Dear Colleauges,
We are happy to announce that we have successfully completed the first phase of migrating .de domain objects and related objects to DENIC's own whois database. Now there are no .de domain objects in RIPE whois database except for the top level one.
Normal operation of our database has been resumed at 9:30am, Central European Summer Time.
If you have any question, please reply to ripe-dbm@ripe.net.
-- Filippo Portera
-- Robert Martin-Legene
Sabine Dolderer DENIC eG Wiesenhüttenplatz 26 D-60329 Frankfurt eMail: Sabine.Dolderer@denic.de Fon: +49 69 27235 0 Fax: +49 69 27235 235
Dear Sabine, On Fri, Jun 30, 2000 at 10:39:51AM +0200, Sabine Dolderer/Denic wrote:
speaking for DENIC ;-). I will try to comment about the reasons why we have (or even must) done the migration.
Please explain why you remove the well-working maintainer scheme.
There were a lot of pressure from our dataprotection office that due to our business we pubish data (or we urge provider to puplish data of their customers) which is not allowed to publish under German data protection laws.
It is allowed. Every customer agreed that his information is published in a public database.
Mainly the existence of the inverse query feature and the publishing of data like phone-, faxnumbers and email addresses was critisized.
Regarding phone, fax and email addresses: with this logic even phone books would be illegal.
I am really sorry that due to this discussion I get the feeling that people felt we are doing things without thinking or good reasons or just to make them angry.
Please explain why this was all negotiated behind closed doors (RIPE-Meetings and hostmaster-l ARE closed doors) although it has a wide impact on ALL domain customers and non-DENIC-members (resellers). Best regards, Daniel Roesen Entire Systems NOC -- Entire Systems Network Operations Center noc@entire-systems.com Entire Systems GmbH - Ferbachstrasse 12 - 56203 Hoehr-Grenzhausen, Germany InterNIC-Handle: ES1238-ORG RIPE-Handle: ESN10-RIPE Tel: +49 2624 9550-55 GnuPG/PGP Key-ID: 0xBF3C40C9 http://www.entire-systems.com/noc/noc-key.asc GnuPG/PGP Fingerprint: 1F3F B675 1A38 D87C EB3C 6090 C6B9 DF48 BF3C 40C9
Hi, On Fri, Jun 30, 2000 at 12:05:46PM +0200, Daniel Roesen wrote:
It is allowed. Every customer agreed that his information is published in a public database.
Sorry to correct you on that, Daniel. For example: you never got a form from us, asking for your explicit permission to enter any data into any public database. That you knew in advance, what we would do with your data is of no help, because most customers don't know what they are doing, really ;))
Regarding phone, fax and email addresses: with this logic even phone books would be illegal.
No, you should grab the TDDSG. The scope of Datenschutzgesetz and TDDSG is a little bit different. Greetings, Jens
Hi Jens! [lir-wg stripped] On Fri, Jun 30, 2000 at 12:41:25PM +0200, Jens Hoffmann wrote:
For example: you never got a form from us, asking for your explicit permission to enter any data into any public database.
When we registered domains with you, you knew we know how things work and that the information for the domain objects I feeded to you (in RIPEdb format!) is published like sent.
That you knew in advance, what we would do with your data is of no help, because most customers don't know what they are doing, really ;))
Then this is your fault. We clearly state to each domain customer which data is published and where, IN ADVANCE. We even give them pointers where to look up this data and they specifically agree that this information gets published in the RIPEdb.
No, you should grab the TDDSG. The scope of Datenschutzgesetz and TDDSG is a little bit different.
Interesting. So law is against common sense - again :-| Best regards, Daniel -- Entire Systems Network Operations Center noc@entire-systems.com Entire Systems GmbH - Ferbachstrasse 12 - 56203 Hoehr-Grenzhausen, Germany InterNIC-Handle: ES1238-ORG RIPE-Handle: ESN10-RIPE Tel: +49 2624 9550-55 GnuPG/PGP Key-ID: 0xBF3C40C9 http://www.entire-systems.com/noc/noc-key.asc GnuPG/PGP Fingerprint: 1F3F B675 1A38 D87C EB3C 6090 C6B9 DF48 BF3C 40C9
Hi, while I agree with some of the sentiments, one thing is just not true: On Fri, Jun 30, 2000 at 12:05:46PM +0200, Daniel Roesen wrote:
I am really sorry that due to this discussion I get the feeling that people felt we are doing things without thinking or good reasons or just to make them angry.
Please explain why this was all negotiated behind closed doors (RIPE-Meetings and hostmaster-l ARE closed doors)
The RIPE-Meetings are open for everybody. If you neglect to follow them (or read the minutes, which are open on the web), it's not anybody elses fault. Gert Doering -- NetMaster -- SpaceNet GmbH Mail: netmaster@Space.Net Joseph-Dollinger-Bogen 14 Tel : +49-89-32356-0 80807 Muenchen Fax : +49-89-32356-299
Hi Gerd, [lir-wg stripped out] On Fri, Jun 30, 2000 at 12:49:27PM +0200, Gert Doering, Netmaster wrote:
The RIPE-Meetings are open for everybody.
Open for the ones with big pockets, right.
(or read the minutes, which are open on the web)
See my response to Sabine Dolderer. Give me URL to any information about this massive action somewhere on www.ripe.net. I can't find any. Best regards, Daniel -- Entire Systems Network Operations Center noc@entire-systems.com Entire Systems GmbH - Ferbachstrasse 12 - 56203 Hoehr-Grenzhausen, Germany InterNIC-Handle: ES1238-ORG RIPE-Handle: ESN10-RIPE Tel: +49 2624 9550-55 GnuPG/PGP Key-ID: 0xBF3C40C9 http://www.entire-systems.com/noc/noc-key.asc GnuPG/PGP Fingerprint: 1F3F B675 1A38 D87C EB3C 6090 C6B9 DF48 BF3C 40C9
Dear Sabine, Sabine Dolderer/Denic schrieb per Mail : [...]
I hope I have help you a little bit in understanding our position.
Yes. Thank you. Can you point to a DENIC-document in which the new policies, on how DENIC will handle person-objects in the future, is defined ? It would also be helpful for better understandig. regards, Andreas -- INS Vertriebs GmbH A VIA NET.WORKS Company Postfach 101312 (PLZ 44543), Europaplatz 14 (PLZ 44575), Castrop-Rauxel Andreas Frackowiak Phone: +49-2305-101-0 Fax: +49-2305-101-155 af@ins.de
participants (6)
-
af@ins.de
-
Daniel Roesen
-
Entire Systems NOC
-
Gert Doering, Netmaster
-
Jens Hoffmann
-
Sabine Dolderer/Denic