Slashdot Mirror

I am not a big fan of OpenDNS either. Rather than use L3's or Verizon's servers (4.1.1.1 and 4.2.2.2 sets respectively, I think), you might want to try the Open Root Server Confederation's. They are what OpenDNS purports to be; an actual grassroots effort to provide an alternative DNS, without the sleazy failed-lookup pages or obvious profit motive of OpenDNS. There are some TLDs in the ORSC root zone that don't exist in the traditional ICANN one, but you can just ignore them unless you want to take part.

Their top-level servers are listed here. You can also run `dig . ns @ns1.vrx.net` for a more up-to-date list; when I run that I get the following:

a.root-servers.orsc. 172800 IN A 199.166.24.1
c.root-servers.orsc. 172800 IN A 199.166.26.200
f.root-servers.orsc. 172800 IN A 199.166.31.3
i.root-servers.orsc. 172800 IN A 199.166.26.51

I think their intention is that people will put the root file into their local caching nameserver rather than hitting one of their top-level servers with each request (unlike OpenDNS), but there's no actual discouragement of the latter practice and I assume it's considered acceptable for laptops and other portable machines.

http://www.perlmonks.org/
http://en.wikipedia.org/wiki/Scheme_(programming_language)
http://www.schemers.org/Documents/Standards/R5RS/
http://srfi.schemers.org/
http://mitpress.mit.edu/sicp/full-text/book/book.html
http://www.quickref.org/
http://java.sun.com/javase/reference/api.jsp
http://www.rosettacode.org/wiki/Main_Page
http://cprogramming.com/
http://www.stackoverflow.com/
http://cm.bell-labs.com/cm/cs/cbook/
http://yutaka.is-a-geek.net/
http://www.gotapi.com/
http://www.open-rsc.org/
http://www.users.bigpond.com/robin_v/resource.htm
http://www.geocities.com/orion_blastar/contact/
http://en.wikibooks.org/

I don't know much about them, but I think the "Open Root Server Network" might be a possible candidate. It's an alternate root system, independent from but currently mirroring ICANN's, located mostly in Europe. (The sole non-Europe rootserver seems to be run by Paul Vixie, actually.)

I gather from the Wikipedia page their major concern is monopolization of the DNS root by the U.S. Government.

Their site has instructions on switching to their roots, if you run your own DNS server, and a list of publicly-accessible DNS servers that use their roots, if you just want to re-point your workstation or router.

If they're not your style, WP has a list of other alt roots; most of them seem to revolve around the idea of having more or different TLDs than ICANN. The ones I'd probably consider first would be OpenNIC and the Open Root Server Confederation. The latter's website doesn't seem to indicate, at least to a quick reading, their root server addresses or any publicly-accessible DNS servers.

Given these recent outrageous and blatant violations by registrars, and the indifference of ICANN, this should be a perfect time to resurrect the idea of an alternate system of root DNS servers.

If nothing is done to address the problems, the .com, .net domain name space would probably be filled up with spam junk (if they are not saturated with crap already). Given the increasing importance of the Internet infrastructure these days, it's outrageous to think that the basic infrastructure of the Internet is held hostage by a small group of greedy corporate bastards. Remember the last time Verisign tried to redirect all non-existent .com/.net requests to their own portal site? They are willing to screw up anything as long as they can get away with it (and money).

I understand that the worst TLDs in question are .com and .net, but they set the example. How long would it be for country TLDs to follow the corporate footsteps of Verisign, Network Solutions and co?

I think it should be most apt to start meaningful discussion here on Slashdot, where there are enough people who have the expertise and skills --- and interest and passion, to pull this one off.

I have looked around a bit regarding projects such as AlterNIC, OpenNIC, OpenRSC, etc. But all those projects are dead or at the very least in deep hibernation. I have a feeling that the projects aren't really meant to be serious, rather they are hobbyist projects/social experiments that even the founders couldn't care less about.

Does nobody care at all?

That being said, I personally don't have any concrete proposals. But given the enthusiastic response of Slashdot readers (there are 600+ comments here), I believe we can gather enough personnel and expertise to give the old idea a new try. Interested parties might want to post a reply here, or in my Journal.

Any takers?

[Oh and moderators, you might actually want to mod this one up...]

Don't get me wrong, something (food from the UN) is better than nothing (dead people). But is something else (UN regulating Internet) better than what he have now (US overseeing TLDs and no issues).

Besides, if you really want to do things your way there's always http://www.open-rsc.org/, or http://www.opennic.unrated.net/. Ironically http://www.open-rsc.org/ is down right now.

As far as starving people, genocide, and mines; eliminate the problem... The warlords and dictators who create this crap. This myth of unfair trade and economics (ala live8) is bull... I'd say more, but off topic.

Don't get me wrong, something (food from the UN) is better than nothing (dead people). But is something else (UN regulating Internet) better than what he have now (US overseeing TLDs and no issues).

Besides, if you really want to do things your way there's always http://www.open-rsc.org/, or http://www.opennic.unrated.net/. Ironically http://www.open-rsc.org/ is down right now.

As far as starving people, genocide, and mines; eliminate the problem... The warlords and dictators who create this crap. This myth of unfair trade and economics (ala live8) is bull... I'd say more, but off topic.

This just give everybody who's concerned about ICANN's unchecked control even more reasons to learn about and support the Open Root Server Confederation.

The Internet needs to stay unregulated and as free as possible from the corporate mindset if it's going to stay in it's current shape. You can already see problems arising with corporations controlling so much of the public's interest in the Internet such as VeriSign's abusing their power by implementing programs like SiteFinder.

It's reasons like these and ICANN's increasing little fees they charge that something needs to be done at some point and the sooner the better. I suppose the very nature of the Internet is a saving grace - if the current custodians fail the public then the network can always be restructured, if very slowly. There is more than one way millions of computers can be inter-connected.

And the public stays away in droves.

None of these new TLDs is seing any use worth mentioning. I've been to one .info site ever since they were set up. And what the heck is .post for? Is it like .museum - a tiny namespace that under no conceivable argument warrants a TLD?

ICANN has lost touch with reality, that isn't news. Where's .movie so all of hollywood can stop registering blabla-themovie.com ? That's a TLD that would make sense as not only does it offer a namespace that by convention already exists (-themovie.com instead of .movie), but it also makes sense to shift that off since the rules are different - movie sites are very important for a short time, after which most of them could be shut down, really. In addition, the name-rights are already taken care off, and a seperate place to handle disputes (e.g. new versions of old movies re-using the same name) would make sense.

But hey, I guess .jobs really is more important. It's got zero practical use but in this economy, it's a nice political signal, right?

I'm all for killing ICANN and making ORSC more popular.

In theoretical terms you are correct. But in practival terms, absolutely not. You're very very unlikely to get a TLD vetted by ICANN unless you have a "sunrise provision".

We've been fighting this (to no avail) for years. The tradmark lobby has been bigger than you, me, NSI and ICANN put together since about 1995. If you look deep enough you'll find trademaek lawyers and nobody else define the DNS landscape.

See http://sunrise.open-rsc.org/

I've been experimenting with alternative roots over the past couple of months.

The OpenNIC root zone file seems pretty stable, and resolves ICANN domains along with opennic's own .geek, .oss, .parody, .indy, .null, and .opennic . AlterNIC and Pacific Root alternate roots seem to be long gone - I haven't been able to find any current information on these alternate roots, and I have yet to come across a root zone file that allows resolution of any of their names (anybody know?).

I tried the ORSC root zone file, which is FAR more extensive, but it seems to be out of date - I couldn't even resolve some ICANN domains with it!

It seems that the YouCANN and ORSC web sites are possibly horribly out of date - can anyone verify that these projects are even active?

Now for a little editorial criticism: I don't see any indication in the article that ICANN is considering "incorporating" alternative TLDs as much as it's considering bulldozing over them, like it has for .biz . The submitter's take that ICANN roots may soon start resolving these independent root operators is either woefully mistaken or badly misleading.

This really aren't new. I mean, they're new to most of the world, but there ARE alternative root servers people can use. Check out open rsc.org they tell you how to change your name server. There was also an article at wired a few years ago that talked about the .biz not really being a new domain. .biz was being used on orsc, and then icann started to use it after orsc. Anyway, just don't think you don't have options.

Screw that. Try ORSC instead. They have been around longer and they aren't crapware authors.

Because people let them. If more people pointed to alternative root servers, they wouldn't have as much power.

If you want a watch to tell time, buy any $2 or $30 job and when it needs a new battery just buy a new watch.

But, you probably don't need a watch. Your cel phone, car, coffee pot, desk phone, computer(s), microwave, car and God knows what else all tell time for you.

So why do people still buy watches? Status and adornment. Plus there's that collecting thing. Essentially they're either bought for the jewellry value (hey, is jewellry obsolete?) or for the complicated mechanics inside them - the "movement" as the guts are called.

If you look at the numbers from the Swiss luxury good sector they're staggering in both volume of units shipped and price and the average price is increasing. A "decent" watch can barely be had for under a grand. A "good" watch starts at five grand and it just goes up: 10K, 30K, 80K, 250K... whatever you want to spend. Wanna spend millions? No problem, how bout a vintage Patek repating moohphase chrono pocketwatch. One of three made went for something like $13 million at auction setting a new records. Obsolete? You bet. That's sorta the point. But, we're dealing with extrinsic worth here, not intrinsic value or marginal utility.

The watch thing isn't about telling time for the most part. The in-joke in the watch crowd ia a "watch idiot savant" or "WIS": a guy that stares at his watch for an hour but deosn't know what time it is. He's staring at the dial, the applied markers, the hands, what have you. The watch as art might be a good way of thinking about this.

The attraction is a tiny case with up to hundreds of parts in it that all do something and are probably very highly finished, shiney and damn near pefect. And like Lays chips... you probbaly can't stop at one. So, if this bug bites you (phear this!) you'll probbaly up with, uh, quite a few. It is a sickness, no cure is desired.

I'm currently wearing a 60's Rodania Valjoux Caliber 72 chrono [1] and have no use for quartz gizmotronic fluff. I use the chronograph at least once a day and bottom line: mechanical ones are still more reliable and servicable than quartz ones and are cheaper to fix. In 50 years I'll still be able to get parts for this watch. In 10 years getting a quartz module for a Movado will almost certainly be impossible - it's merely "extremely difficult" at the moment.

I suspect the author of the referenced article doesn't know much about watches.

[1] You'll need to go to http://support.open-rsc.org/ to be able to see this.

dig NS .

dig NS .

dig NS .

dig NS .

dig NS .

It's not a big file. Certainly smaller than the last hosts.txt.

It's here: ftp://internic.net/domain/root.zone.gz

Of course if you're feeling really frisky you could use this one: ftp://open-rsc.org/pub/db.root

Back in the good old days when her serene highness the Dalai Lauren worked there and Dave Holtzman was still VP I took the e-ticket tour. The facility is in a nondescript industrial mall a few miles from the NSI mothership.

"oh, you'll want to see this"

"what is it"

"A-ROOT"

"THAT tiny little thing?"

"Yup. Go ahead and touch it, everybody that comes here wants to do that. See where the paint has worn off the case?".

"Uh, ok"

"You use this thing Dave"

"Nah, I download the root zone from you".

"Cool, for that you can buy me lunch".

"Good idea. Thai okay?"

NSI was fun once and there's lots of good stories. When the FNCAC made the NSF tell NSI to start charging for domain names none of the freaks working at NSI could believe you could charge for this and lots of checks were just pinned up to a bulletin board in a "wait and see" holding pattern for a few months. There weren't so many domains back then.

Karl Aurbach also downloads the root zone from me and you should too. Or use OpenNIC's root or even *cough*ICANNs*cough* (ftp://internic.net/domain/root.zone.gz, or any root.zone you want but if you know what's good for you you won't rely any anybody but yourself to serve up the root zone so your computer can find pointers to the various TLD servers: primary the root for yourself and don't worry about DOS attacks on other peoples computers taking your machine off the air.

That really was the dumbest part of the change from hosts.txt to the DNS - it changed the paradigm from your computer knowing where everything was to making your computer rely on the "." zone to be able to find the computers that know where all names can be found and there's really no reason for it.

Certainly it does not scale for everybody to grab a copy of the root from one place, and Dan Bernstein has suggested a cryptographically signed root be distributed via usenet. To this end I've created news:alt.root.orsc and will begin doing just that this quarter.

is available at his blog on O'Reilly. It points out that there is supposed to be no organization with power over the internet and that ICANN has always claimed just to be a sort of "technical facilitator". It mentions the Open Root Server Coalition and although it doesn't mention the OpenNIC guys, it's worth having a look at their more serious project.

I notice a lot of fighting in the comments about whether the UN sucks or not and whether they're worse than ICANN. Simple fact of the matter is that neither of these bodies (or any body that isn't truly democratic) should have any control over OUR internet. Fighting over which master we bow to is a bit ridiculous.

Let's just all switch our root hints files to the ORSC root servers! Then we'll show them ALL who's boss!

Mwahahahahahaha...

Switch to an alternative root server such as this.

I only noticed it because I use my own DNS server to resolve requests; and pay close attention whenever I see any problems resolving host names (there is the possibility of it being a bug with my software).

The person who orchastrated this attack is not very familiar with DNS. Attacking the root name servers is not very effective; all the root servers do is refer people to the .com, .org, or other TLD (top-level-domain) name servers. Most DNS servers remember the list of the name servers for a given TLD for a period of two days, and do not need to contact the root servers to resolve those names. While some lesser-used country codes may have had slower resolution times, an attack on the root servers which only lasts an hour can not even be felt by the average end user.

In the case of MaraDNS, if a DOS (denial of service) is happening against the root servers, MaraDNS will be able to resolve names (albeit more slowly for lesser-used TLDs) until every single root server is sucessfully DOS'd.

- Sam

Oy. Tall order to fill in this timeline in only a few paragraphs, but since I was there here goes.

The National Science Foundation originally had a competition to administed names (domains) and numbers (IPs) and three companies won the award and ran it together: AT&T Ran "DS" directory services, Government Solutions ran "RS" registrations services and General Atomics ran "IS". I forget what IS stood for. RS was "the nic" and took it over from SRI; IS was supposed to create 50 additional NICS.

GA flaked out and GS took their job over and renamed itself Network Solutions.

In 1994 an article appeared in Wired where some clown registered Mcdonalds.com and tried to sell it to Burger King. From that day on the face of the domain name landscape was inexorably changed. Registration volume shot up expoentially and latency went from 3 days to 11 weeks at the peak.

The NSF was paying for all this and while they didn't mind subsidizing research and educational use of the network they were not gonna pay for deoderant.com and the like so they asked the FNCAC what to do. They recommended the NSF tell NSI to charge for domains. They did and everybody got pissed off.

The domain-policy@internic.net mailing list went asymtotic and the "new domain people" split off to the "newdom" mailing list; Postel was one of them and he made up 3 drafts, each successively worsr; the second one had a tithe to none other than ISOC and the third one crated IAHC.

In July of 98 (?) the US Guvmins shut down IAHC as being just too damn silly and began a series of interagency task force meetins (that an ex NSF staffer refers to as "the turkey farm") and Commerce kept saying they had all the answers so everybody giggles and said "Ok, run with it".

In 1999 ni Becky Burr's office, Kathy Kleniman and Mikky Barry suggested some conferences around the world to measure consensus. Rather than debate the contentious points, they were to find where there was consensus. Thus the IFWP meetings were born: one in Virginia, one in Geneva, one in Singaport. Ira Magaziner was at each one (although only on video tape in Singapore) and at each one stated "this is in your peoples hands. Postel himself told me at the Geneva conference that it was "all up to them" (pointing at the conference room) now.

Mike Roberts was on the steering committee for this represennnnting EDUCAUSe (who run .EDU now) and when plans for a 4th meeting to do a wrap up and define what the new company would be to replace IANA, he tanked the whole process.

At this time Ira had been running around with ROger Cochetti of IBM (now a Verisgn VP) picking a board and Joe Sims (now an ICANN attorney) wrote up bylaws and together these lot presented NTIA with a proposal.

Two ther proposals were offered: the Boston Working Group, what was left of IFWP and ORSC.

The NTIA picked the Magaziner/Cochetti/Sims plan and that's the ICANN we have today.

You can see all the early history at http://newdom.faq although you may need to visit http://support.open-rsc.org to see this domain. But it's all there. And it's ugly.

See also http://lists.ifwp.org, altough the CIX who ran this before it fell into my lap loast all the early archives.

http://support.open-rsc.org

Or use OpenNIC (but you wont get as many tlds)

But whatever you do dump ICANNs root zone and while you're atit dump BIND and run DJBDNS lest you be compelely mired in the 80s.

http://slash.dot anybody? Or are you really stuck on this .org thing?

Or better yet, The Open Root Server Confederation (ORSC).

There already exists alternative root servers organized by the ORSC. For the most part, they seem to be providing hundreds their own set of TLD's (.god for example) as well as ICANN's official set (.com/.org/.net).

The only real problem is the ".biz" namespace collision. When ICANN requested suggestions for new gTLDs, the OSRC sumbitted their application, stating that they had been running a functioning .biz TLD for years. However, ICANN selected someone else to run the .biz gTLD.

ICANN really ticks me off sometimes...

They have an alternate link which should work.

Failing that it resolves to Name: scoop.opennic.unrated.net Address: 131.161.247.69 using the Open Root-Server Confeds alternative.

I must admit it all gets a tad confusing at times. I plugged the Open Root-Servers into dnscache the other day but now there's another alternative?
Sheez....
Do I want the red one, yellow one or the striped shiny one? Too many choices.

Well, incase everyone didn't already know icann sux, if the whole world (not likely) would point to a better root zone that plays fair, ppl would control the internet, instead of big companies. Here's the howto....

Well, incase everyone didn't already know icann sux, if the whole world (not likely) would point to a better root zone that plays fair, ppl would control the internet, instead of big companies. Here's the howto....

You can still see the same ICANN-approved .com, .net, .org., et cetera, but with (the original) different .biz and .info, and with an additional thousand or so TLD's that the Open Root Server Confederation supports.

It's important that we all remember that the internet is capitalist and cooperative -- we each pay our own way, and behave in a civilized manner to avoid gumming up the works. If enough of us opt to use the Open Root, then we can marginalize ICANN and take control for the public, the very same public that pays for the thing in the first place.

I like the Open Root Server Confederation because they don't want to rule the internet, but to simply place control of the DNS into the hands of someone who will have the public interest at heart.

You can still see the same ICANN-approved .com, .net, .org., et cetera, but with (the original) different .biz and .info, and with an additional thousand or so TLD's that the Open Root Server Confederation supports.

It's important that we all remember that the internet is capitalist and cooperative -- we each pay our own way, and behave in a civilized manner to avoid gumming up the works. If enough of us opt to use the Open Root, then we can marginalize ICANN and take control for the public, the very same public that pays for the thing in the first place.

I like the Open Root Server Confederation because they don't want to rule the internet, but to simply place control of the DNS into the hands of someone who will have the public interest at heart.

You can still see the same ICANN-approved .com, .net, .org., et cetera, but with (the original) different .biz and .info, and with an additional thousand or so TLD's that the Open Root Server Confederation supports.

It's important that we all remember that the internet is capitalist and cooperative -- we each pay our own way, and behave in a civilized manner to avoid gumming up the works. If enough of us opt to use the Open Root, then we can marginalize ICANN and take control for the public, the very same public that pays for the thing in the first place.

I like the Open Root Server Confederation because they don't want to rule the internet, but to simply place control of the DNS into the hands of someone who will have the public interest at heart.

You can still see the same ICANN-approved .com, .net, .org., et cetera, but with (the original) different .biz and .info, and with an additional thousand or so TLD's that the Open Root Server Confederation supports.

It's important that we all remember that the internet is capitalist and cooperative -- we each pay our own way, and behave in a civilized manner to avoid gumming up the works. If enough of us opt to use the Open Root, then we can marginalize ICANN and take control for the public, the very same public that pays for the thing in the first place.

I like the Open Root Server Confederation because they don't want to rule the internet, but to simply place control of the DNS into the hands of someone who will have the public interest at heart.

OpenNIC is still around, and has been for two years. It was proposed on K5 1 Jun 2000, and was operational soon thereafter. A month later, it was serving 4 alternate TLDs. Today, it serves 6 with a specific new one pending, and talks of serving out several language-related TLDs (like the ccTLDs, but for languages). Others have been around since before us, and they're still reasonably active. There's also AlterNIC, PacRoot, ORSC, ORSN, and others.

Most, if not all, alternative roots peer the majority of legacy TLDs (i.e., those of ICANN), including the new ones. We (OpenNIC) have peering agreements with AlterNIC and PacRoot, and we're working on others as well.

So, what exactly are you talking about? Geeks haven't abandoned alternative roots. We are quite active.

Nuthin' to it but to do it!

No wonder I like the Open Root Server Confederation so much. They get lots of things right, but can't get in the news to save their lives. They give me access to over a thousand top level domains (1105, right now), and if I wanted to play ubergeek and create my own TLD, as long as I could show that I know how to make sense of it all, they'd let me.

Even though I don't run a public root server (I run my own local root cache), and don't own a TLD, they listen when I offer up comments in their mailing lists. I'm only on the tech list, have had only a little bit to say, but dammit, they listened. When's the last time ICANN listened to anyone who wasn't a massive commercial entity?

ICANN makes a big deal about how hard it is to manage a handful of top level domains, how it costs millions of dollars a year and still they need more. What, are we buying Vint Cerf a new vacation home in every country the internet reaches? The Open Root Server Confederation handles 1105 TLD's, gets by on almost no dollars, and what little they're in need of is donated, not extorted. I can get behind that, without reservation.

It's time for ICANN to feel the pressure of the real world, to compete head to head with other folks on a level playing field, and let's see if ICANN can squeal like the pigs they are. Pay a visit to the Open Root Server Confederation, tweak your configuration to use their roots, and see the whole internet... and let's see how long ICANN remains relevant.

No wonder I like the Open Root Server Confederation so much. They get lots of things right, but can't get in the news to save their lives. They give me access to over a thousand top level domains (1105, right now), and if I wanted to play ubergeek and create my own TLD, as long as I could show that I know how to make sense of it all, they'd let me.

Even though I don't run a public root server (I run my own local root cache), and don't own a TLD, they listen when I offer up comments in their mailing lists. I'm only on the tech list, have had only a little bit to say, but dammit, they listened. When's the last time ICANN listened to anyone who wasn't a massive commercial entity?

ICANN makes a big deal about how hard it is to manage a handful of top level domains, how it costs millions of dollars a year and still they need more. What, are we buying Vint Cerf a new vacation home in every country the internet reaches? The Open Root Server Confederation handles 1105 TLD's, gets by on almost no dollars, and what little they're in need of is donated, not extorted. I can get behind that, without reservation.

It's time for ICANN to feel the pressure of the real world, to compete head to head with other folks on a level playing field, and let's see if ICANN can squeal like the pigs they are. Pay a visit to the Open Root Server Confederation, tweak your configuration to use their roots, and see the whole internet... and let's see how long ICANN remains relevant.

No wonder I like the Open Root Server Confederation so much. They get lots of things right, but can't get in the news to save their lives. They give me access to over a thousand top level domains (1105, right now), and if I wanted to play ubergeek and create my own TLD, as long as I could show that I know how to make sense of it all, they'd let me.

Even though I don't run a public root server (I run my own local root cache), and don't own a TLD, they listen when I offer up comments in their mailing lists. I'm only on the tech list, have had only a little bit to say, but dammit, they listened. When's the last time ICANN listened to anyone who wasn't a massive commercial entity?

ICANN makes a big deal about how hard it is to manage a handful of top level domains, how it costs millions of dollars a year and still they need more. What, are we buying Vint Cerf a new vacation home in every country the internet reaches? The Open Root Server Confederation handles 1105 TLD's, gets by on almost no dollars, and what little they're in need of is donated, not extorted. I can get behind that, without reservation.

It's time for ICANN to feel the pressure of the real world, to compete head to head with other folks on a level playing field, and let's see if ICANN can squeal like the pigs they are. Pay a visit to the Open Root Server Confederation, tweak your configuration to use their roots, and see the whole internet... and let's see how long ICANN remains relevant.

I think there are a few things amiss with the pfir plan and I'd like to suggest and comment on some alternatives and have a few comments about our continues use of 20th century DNS.

Look back at the creation of ICANN and it's not difficult to see why it has failed. The timeline goes something like this: when the Wired article came out in 1994 where Joshua Quittner reported he registered mcdonalds.com and McDonalds didn't want it he ended up selling it to Burger King. At the time InterNIC registrations were taking about 3 days. This shot up to 11 weeks in a matter of days. The NSF, who funded NSI to run the InterNIC, did not feel it's role, which is to foster academic and scientific advancement, included subsidizing deodorant.com and the like, so, it asked the FNCAC to do something. What they did was instruct the NSF to tell NSI to begin charging for domains. This caught the Internet community rather off guard and discussion ensued on a "newdom" mailing list (whose archives can be found here). Several forces came into play. First was the rift between the group that felt they too could run a TLD and the group that though this should be run from a great big central registry. The latter became the IAHC/CORE thing while the former became the first alternative root. The US Government shut down the IAHC and began it's own proceedings: the white paper was produced. Other governments, most notably in the form of Paul Twoomey from Australia
and Chris Wilkinson from the EU balked at the plan and the revised plan, the green paper took out the language about creating 5 new TLDs immediately (thereby throwing each conflicted group at least one bone). At the time Mikki Barry and Kathy Kleinman suggested in Becky Burr's office that a set of global meetings take place, not to decide answers to tough problems, but to determine just where there was consensus on the various issues. This became the IFWP forum and 3 meetings were held in Reston Va., Geneva, and Singapore. There was to be a followup meeting to merge these consensus points into a framework for the new corporation that was to replace IANA. While this was happening, NSI and IANA were negotiating, and Ira Magaziner, Clinton's senior science advisor and Roger Cochetti, a VP of IBM were running around selecting a new board. The IFWP wrap up meeting never happened, it was scuttled by Mike Roberts (suspicion is high he had been told be would be president) and the vast amount of time and energy, money, hopes and aspirations that was IFWP went down the toilet - which is a real shame as it was a significant body of work. Three proposals went in to the US government to form the new corporation. The IANA/NSI proposal drafted by Joe Sims and NSI, the Boston Working Group proposal (which is where the wrap-up meeting was to have been) which was a sane version of the NSI/ICANN proposal, and the ORSC proposal which was the BWG plan with greater fiscal responsibility and an existing corporate shell. Citing popular public support for the IANA/NSI plan it was selected - but if you read the public comments on the NTIA site carefully you'll see far less support than implied and much of it was tentative, frankly. A board materialized out if thin air, selected because they didn't know anything about DNS. So what went wrong? Was the original ICANN plan flawed or were the people just the wrong choices? I suggest that if Karl Aurbach and 9 people like him has been the original board we would not now be even talking about DNS; the board appointed from in high did not represent the Internet community whatsoever and instead represented telco, government and trademark special interests. It is believed the concessions made so that foreign government supported the "green paper" was that they got to pick certain members of the board. The first big clue there was trouble was when the board missed it's deadline to define a process for their replacement and simply extended their jobs; they should have been gone over two years ago now.

So what have we learned from this? In my opinion, no group that says "we're in charge" really is; respect is earned, not asserted and I think this was the great failing of both IAHC and ICANN. So while I generally like Weinstein, Newman and Farber, I do distrust the IAB to some extent based on previous debacles like the Boston Tea party where they were thrown out for claiming OSI and not TCP/IP was the way to go. The ISOC is another non-starter, it's wanted to get it's hands on the DNS for over a decade and has been a great supporter of the authoritarian regimes of both IAHC and ICANN. The key, I believe, is not some group claiming they should be in charge or that they have all the answers - nobody does - but the good old fashioned and time proven method of Internet collaborative cooperation. And this means actually doing it, not paying lip service to it like ICANN did. Oh and cut out the 5 star hotels and first class Concorde flights.

Is this about Internet governance? No. Absolutely not. In it's most basic form this is nothing more than an institutionalized debate between Dave Crocker and Karl Denninger in 1986 taken to it's logical conclusion. But it's nothing to do with governance of the Internet. Face it, if all you do is read and write email and/or usenet news, and play on ISC or muck about on the web, you may never have heard of ICANN and it certainly has zero effect on you. This is just about new top level domains, period; the IP addresses have virtually all been handed over to the regional registries and the port allocations are handles by somebody than CAN add one to a number and write it down on a piece of paper.

But didn't ICANN break up NSI ? Nope. That was Ira Magaziners plan executed through the Department of Commerce. You don't really think NSI gave in because ICANN though it was a good idea do you? What has ICANN really done in 4 years? They've knuckled under to WIPO and given us the horribly flawed UDRP and 7 really stupid TLDs that despite $2.$M worth of scrutiny still had huge problems to the point of being dragged into court over it.

What alternative roots exist? Quite a few actually, and while on the face of it you might think this would be a problem, but face it, if you can pick up your mail and get to Yahoo! then they work, and any of them will let you do that. The differences in them are what new TLDs they publish in their root zones. I need to disclaim right away that I coordinate, with Brian Reid's help, the ORSC root, and it's generally believed to have the greatest penetration and is certainly the longest continuously operating one. The barrier to entry it low: show us working TLD servers and we'll list you. Other notable ones are the TINC root which is operated by some old time Usenet people such as Peter da Silva which has a policy of one tld per entity, which I don't like think can be made to work (the now defunct eDNS tried this and it was found to be too easily worked around), PacROOT which in my opinion swings too far the other way with their NameSlinger client - I don't think I know the proper number of TLDS any entity should operate but I do know it's not in the hundreds if not thousands; this raises anti-trust issues, and OpenNIC which is pretty good but only has a small number of new TLDs. There is also NameSpace which believes they should run all tlds. This grates against the notion of the root as a collection of independantly run TLDs in my opinion. But, it doesn't matter to me which one people use as long as they use one of them. Vote with your nameservers - it is in nobody's interest to break anything and using any of these roots will let you see all current DNS names and a whole universe of new ones although how many depends on which one you pick.

Why do we still use root servers? Now this is where it gets interesting. What if the US Government suddenly shut off the legacy root servers? 90% of the net would feel some sort of perturbation immediately especially since at least one TLD (.SE) is name-served directly from the root (not TLD!) servers as are many in-addr.arpa delegations. As the TTLs to TLD servers expired, users of the legacy root would not be able to resolve any DNS names. But, people that use other root servers would be immune to the demise of the legacy roots (modulo one of Swedens 7 .SE nameservers of course) but an even better tactic in my opinion is to primary the root zone for yourself. Then, any or all root servers could be shut off and you wouldn't notice a thing. This would leave you with one remaining problem and that is where could you get the root zone from. Your upstream might be a good place or as DJB has suggested, a cryptographically signed root zone could be posted to usenet periodically. This has the inherent advantage of being out of band of TCP/IP; that is, even a UUCP connection could inject the zone into the news stream. That's one answer to "how do you bootstrap DNS without DNS".

Do I think ORSC should be the next ICANN as the ICANNWATCH poll suggests? No and hell no! Nobody should be in charge, and given that the net and the DNS itself is edge controlled - that is, whoever has the root password to a nameserver determines what dns names exist and what don't - any model that asserts a central authority is doomed to fail. There is need for coordination, but not authority.

Vote with your nameserver; vote early and vote often.

Richard Sexton
March 19, 2002

It has always been that way. Want control your own root? You can do that right now.

You're right. I've been doing it for years. It's just a matter of knowing you can. Knowledge can be a powerful thing ... and dangerous to those who would try to control us. But consider why 99% are "sheep". Many don't even know you can (not that they'd ever get it right). Many are afraid to (it really does work). Many just don't know where to get the info (My zone file is from ORSC).

You mean like this?

While ICANN haggles over how best to rape the internet users of the world by doling out TLDs in artificially limited numbers, stifling competition, the ORSC provides resolution of over a thousand top level domains. ORSC conducts its affairs openly, and listens to input even from non-members such as myself.

Why anyone would choose to even acknowledge ICANN is beyond me.

Apart from a dog and pony show in Stockholm with some V6 blocks that nobody really uses, ICANN never allocated an IP address in it's life. You might be thinking of IANA (may he rest in peace)

The DoC has temporary custody of the legacy root servers because at the interagency domain name task force meetings, the DoC claimed to have all the answers. When the other 13 agencies (NSF, CIA, etc) stopped giggling, they said "ok, run with it".

To say "the US government controls the DNS" is factually incorrect. The US Department of commerce has control over the legacy root servers. That's very different. The sum of the DNS is controlled at the edges of the net by the people that have the root passwords to the namesevers that actually make the net work. If they were to all point to different root servers, the DoC would be in charge of 13 servers nobody used.

However, the notion of using root servers has always been IMO, a little silly. In the transition from the hosts.txt model to the decentralized DNS model, reliance on root servers to point to the tld servers for you is placing far too much faith on those 13 machine. Again IMO the proper way to do this is to secodnary the root zone - any root zone - ICANN's, ORSC's, what have you) thus saving you an intermediate step in looking up names. In other words, you won't need to hit the root servers to find the tld servers, your namesever will know where to find them itself. That same time and network bandwidth.

And of course if you secondary the ORSC root, you'll be able to see the entire Internet, not just the parts the DoC allows you to see.

Do you really think any government controlled domani agency would ever let you see http://free.tibet ?

All it takes for the typical end-user to begin using the open root is a few minutes' engaged in some independent action. I can see a couple hundred TLD's -- ICANNot!

The computer of someone searching for www.bbc.co.uk for the first time would consult the closest root server and would find out that Nominet handles the database of net domains ending .uk.

The root server then would pass on the net address of Nominet to allow the searching machine to find the exact web address of the BBC website.

This is totally inaccurate. If you are searching for www.bbc.co.uk, your computer asks the local DNS cache (listed in /etc/resolv.conf, unless you have some retard OS). That cache then asks a root server for www.bbc.co.uk (if that information has not already been cached). This produces a referral to the .uk nameservers. The process continues for co.uk and bbc.co.uk as necessary. Note that it does not ask the closest root server, because the cache has no way to know what this is. BIND uses the "fastest" server (until it overloads from all the other BIND servers using this strategy); djbdns's dnscache picks one at random.

One way to avoid delays at the root servers is to run your own local root server, and periodically download the root zone. This shows you how to do it using the ORSC root zone, but you can do it with the standard root as well. You can AXFR it from one of the root servers. Then you tell your local cache to use your local root as the root server.

OpenNIC
Open RSC
AlterNIC
Tiny Org
NameSpace

(Links courtesy of Lionfire.)

What you're missing is that there's nothing _really_ being taken away here, so there's nothing a real court could do. All that's happening is that a committee who owns a handful of computers has decided that they're going to make a certain string of characters xyzsucks.com equivalent to a certain string of numbers (1.2.3.4) on their machines. And for whatever reason, the rest of the computer-owning world just goes along with it, blindly putting the same information on _their_ computers. Why? Who knows. Perhaps people just don't realize they have a choice.

In theory, you could personally give the domain right back to the original owner by running a DNS server and pointing xyzsucks.com to whatever computer you want. Only people who talked to _your_ DNS server would have it go to the right person, but it's a start.

A better alternative is to promote the use of open root servers, which pretty much allow for xyzsucks.[anything] (i.e. you are not limited to .com, .net, .org). The way to really attack this insanity is to cut it off at the source. It would be hopeless for a company to try to combat xyzsucks.alt, xyzsucks.www, xyzsucks.pac, etc. The trouble is, people aren't aware that by simply typing a few numbers into their computers they could have access to .[anything], and that if everyone took the 30 seconds or so to do this, we wouldn't have any of these problems any more. And as a bonus, domain names would be free, at least for those not suckered into buying one of the "popular" ones.

Links on how to change the world in 30 seconds:

Alternate name servers (Linux, Windows, etc)

Windows Quick Instructions