Slashdot Mirror

https://www.iana.org/domains/r... served from the authoritative DNS root servers http://www.root-servers.org/

APK

P.S.=> For anyone that's interested in the specifics here... apk

Take a wild guess which country the Internet's root DNS servers are located?

Sweden? Netherlands? Japan?

While the USA has a bunch of the root name servers, there's many of them elsewhere. Here's a lovely map of where they are, or at least where they were in 2007. Assuming it's still accurate, there's 4 root nameserver instances in Canada, two each of the F and J nameservers, located in Toronto, Ottawa, Montreal, and Quebec City.

Take a wild guess which country the Internet's root DNS servers are located?

Sweden? Netherlands? Japan?

While the USA has a bunch of the root name servers, there's many of them elsewhere. Here's a lovely map of where they are, or at least where they were in 2007. Assuming it's still accurate, there's 4 root nameserver instances in Canada, two each of the F and J nameservers, located in Toronto, Ottawa, Montreal, and Quebec City.

Take a wild guess which country the Internet's root DNS servers are located?

Sweden? Netherlands? Japan?

While the USA has a bunch of the root name servers, there's many of them elsewhere. Here's a lovely map of where they are, or at least where they were in 2007. Assuming it's still accurate, there's 4 root nameserver instances in Canada, two each of the F and J nameservers, located in Toronto, Ottawa, Montreal, and Quebec City.

The worst part about that particular complaint is that there is nothing about the internet that requires that other countries use the US's root DNS servers. They are free to implement their own.

And many of them have..

The problem is that the root zone is controlled by the US Department of Commerce ("National Telecommunications and Information Administration (NTIA) - which is an office within the United States Department of Commerce - authorizes changes to the root"), so their root servers serve up information that's ultimately US-controlled.

It's always the US government because the US government is in complete control over the DNS for the entire planet

that's just what Americans want the rest of the world to think

http://www.isoc.org/briefings/020/
http://www.root-servers.org/

The UN hasn't bombed their own people either.

You wish. The UN has comitted dozens of genocides. Certainly they've knowingly done things like having their armies commit genocide on citizens of UN member states. Doesn't that count as bombing your own people ?

http://www.cato.org/pubs/fpbriefs/fpb-034.html
http://www.realityzone.com/katanga1.html
(but do not - for a moment - think the UN malice, incompetence and greed is limited to these 2 incidents. I just thought to give an example from the beginning of the UN and a recent example)

These are just a few pointers. Let's also not forget that Qadhafi is the chairman of the UN human rights council (yes, he's "suspended pending investigation").

Which of them deserves to 'own' such an important international technology?

Nobody deserves that, obviously. So why tamper with the situation :
1) UN is a LOT less free than the US. The DMCA is tame compared to the European equivalent, and is a bastion of anarchism compared to Middle eastern or African versions of these laws. The situation WILL NOT improve
2) the US has built the internet. Of course they have some measure of control (though I seriously doubt the US has the power to shutdown the internet world-wide. No, not even the DNS system. Explain, for example, how the US could get the k root server to go down. You know, without bombing half of Europe and Asia's capitals)

Let's not forget too easily that the UN's idea of social justice has, on multiple occasions, involved comitting ethnic and religious genocide.

I was thinking more or less the same thing.

The point is that a good domain name system implementation needs to be secure against protocol attacks. DNSSEC secures it against hackers, but makes it more vulnerable to political attacks.

You do know that DNS root servers are located (and co-located) around the world (20+ countries I believe off the top of my head), and they are all equal. The only US-centric part is that the designated maintainers (ICANN and IANA) are US based organizations, in large part due to historically originating in the US, and this does have the benefit being one of the best legal protection for free-speech in the world.

If you want an alternate system, edit your DNS root hints file.

Join the Internet Society, ICANN, and your national domain registrar if you want to make difference.

The default "root-cache" file (which basically everyone uses) gives your nameserver a list of ALL of the root servers.

In fact, you can't even really pick which ones to use because there are only 11 IPs -- in order to scale the number of servers without making the root-cache huge (and forcing every nameserver on the internet to keep it up-to-date) BGP anycast is used. So you end up seeing the 11 servers who are "close" to you in BGP. This means that they travel through the fewest ASes (Autonomous Systems; basically different network providers). This doesn't mean that they're geographically close but hopefully having the fewest networks in between means they'll be reliable.

There's an interesting map at root-servers.org. Basically, the "rogue" nameserver in Beijing is only one of 34 machines known as i.root-servers.net (aka 192.36.148.17) Through the magic of BGP anycast there are 33 other machines throughout the world with that exact IP address. Again, when your American ISP queries that IP address it doesn't have direct control over which country gets to answer the request

Your suggestion makes sense, but that's not what happened.

Something like this

I.root-servers.net (beijing) -> chinese networks -> Chile networks

So, the real I root server sent correct answers to the querying computer in Chile. But, as the DNS packet travelled across the Chinese network, it was modified, and so the packet received by the Chilean network was false, returning a fake IP address for some domains, like 'facebook.com'.

This is called a 'man-in-the-middle attack'. The Chinese network, in the middle, is modifying packets.

Once the I root server operators realized this was happening, they stopped the BGP route announcement from the I root server node in Beijing, so that queries to i.root-servers.net would not be answered in Beijing, but instead by the other i-root nodes. There are 34 currently, so no problems with load would occur shutting off one node.

Hopefully that makes sense.

P.S. www.root-servers.org

If they were using NSD like the RIPE does for K root, the zone compiler wouldn't have compiled the faulty zone file and the parser would have made noise about it. NSD is very hard to break as the zone files must be compiled into a database before loading. The parser simply refuses to compile when there are zones with errors in them, so the database it creates will never be bogus (similar to the way a compiler won't create an executable if the source code violates its rules).

Not really. ARPANet was your toy. The original core protocols were developed with ARPA funding, but the current generation of the Internet Protocol (version 4, with version 6 being slowly deployed) was created as an international effort. The physical bits of the Internet in the US and some outside were created by US corporations, some with funding from the US government, but most of the current infrastructure is not US-owned.

In reality, ICANN does not control very much. They control the root DNS servers (most of which are outside the USA, by the way). If the UN set up a competing ICANN and mandated that ISPs in their member regions use the new DNS root servers - which could potentially include all of the existing ones outside the USA, since they are not actually run by ICANN, they just carry ICANN's configuration) then there isn't much ICANN could do. US ISPs would have the choice of either switching to the new roots or having their customers potentially have links incorrectly handled in the future, if the two organisations didn't keep their configurations in sync.

If that were really the case it would have already been done. 'Taking over' the root servers is almost impossible. ICANN would simply put another root server up and change the root server list.

Anyone is welcome to start another Domain Naming root service. The reasons this has not been done are look many to list here, but they are easy to figure out if you think about it for a while.

Personally, I am not a huge fan of UN control of DNS but I would not cry a river over it. Actually mundane admin work is one of the few things the UN does correctly.

This assumes the member nations did not vote for some kind of restrictions (Allah-sucks.com, killjews.com, etc not available.. Which I could see happening, which is my fear. As much as the US has been on the wrong side of some decisions, they have kept DNS pretty non-political.

One other thought. To give you an idea of what it might be like with a UN controlled primary registrar, look at Italy. We have several business units in Italy and it literally took 24 months to get a name transferred into our name. On the upside they are getting better. The last one only took 6 months.

Yup, good old USA. Thanks for laying all of that undersea cable and all of that copper and fibre under the whole of the rest of the world. Thanks for all of those satellite links that cover the world and are free to use. Thanks for selflessly hosting all of the root servers.

Are you as stupid as you appear, or just trolling?

This needs to be modded up a long way. ICANN, like any government, exists only so long as it has the consent of the governed. Their only power is to produce a short text file which is mirrored by a few hundred servers on 13 well-known IP addresses and used to define the start of authority records for the top level name servers (e.g. .com, .uk, .edu, .fr).

In another post, I linked to this map, which shows the location of a all of these servers. Note how few are in the USA. Note that they are all (most?) operated by organisations other than ICANN. The only reason that they get traffic is that the backbone providers have configured routes to them, which they only do because they choose to agree with ICANN's suggestions. Note again how few of these routers are in the USA or on US-controlled networks.

We made it, it's our toy, and we'll do with it what we please.

Not really. ARPANet was your toy. The original core protocols were developed with ARPA funding, but the current generation of the Internet Protocol (version 4, with version 6 being slowly deployed) was created as an international effort. The physical bits of the Internet in the US and some outside were created by US corporations, some with funding from the US government, but most of the current infrastructure is not US-owned.

In reality, ICANN does not control very much. They control the root DNS servers (most of which are outside the USA, by the way). If the UN set up a competing ICANN and mandated that ISPs in their member regions use the new DNS root servers - which could potentially include all of the existing ones outside the USA, since they are not actually run by ICANN, they just carry ICANN's configuration) then there isn't much ICANN could do. US ISPs would have the choice of either switching to the new roots or having their customers potentially have links incorrectly handled in the future, if the two organisations didn't keep their configurations in sync.

Seriously, multi-nation governance over the Internet is a terrible idea. Excellent decisions are never made by committee (let alone one with multi-national components), and when you cloud the waters even further with political motivation it makes for an excellent tasting recipe for disaster.

I can make a telephone call to almost any country in the world from here. The UN doesn't seem to have done a bad job ensuring that this works correctly, in spite of the committee that controls the international telephone system having multi-national components.

Unless you can make a better argument than "we use it too so we get some say as well", I see no reason for this to happen.

I seem to recall reading that a variant of this phrase was the rallying call for the American Revolution.

Don't like it? Invent your own interweb.

I assume you know that the web was invented by an Englishman in Switzerland.

This is a spurious argument. Many of the root servers are already maintained by and paid for by organisations from outside the US. See http://www.root-servers.org/ for a list of them. It is one of ICANN's great bugbears that it has no direct control over these independent root server operators.

Besides, Verisign operates only a fraction of the root servers:

http://root-servers.org/

So, reason #N+1 why this data might or might not be worth a bucket of warm piss, with N+2 being as how anycasting biases requests in a more or less geographic fashion.

Meh.

Google makes money with their farm, which makes it far less impressive to me. It takes some serious money and engineering to keep the various root server clusters up 24/7, and it's done basically by a volunteer community.

They also do have a pretty remarkable amount of load, given how rarely they "ought" to be used.

http://h.root-servers.org/128.63.2.53_2.html

The H server averaged 5 megabytes/sec of inbound traffic over the last month. Given how small DNS queries are, that's an awful lot of queries! Over 7,000 packets per second, every second.

Google makes money with their farm, which makes it far less impressive to me. It takes some serious money and engineering to keep the various root server clusters up 24/7, and it's done basically by a volunteer community.

They also do have a pretty remarkable amount of load, given how rarely they "ought" to be used.

http://h.root-servers.org/128.63.2.53_2.html

The H server averaged 5 megabytes/sec of inbound traffic over the last month. Given how small DNS queries are, that's an awful lot of queries! Over 7,000 packets per second, every second.

What exactly does that mean? Do you mean they own the physical hardware? Are you telling me the US owns this hardware? Or do you mean they own the address space? The protocols? The TLDs?

Mad props to the US for funding the development, but that is where it ends.

Still, it was quite a spike. Look at the traffic graphs for M. They were dealing with about 250Mb/s in traffic compared with a typical 20-30Mb/s.

The AP story mentions that UltraDNS may have been targeted. Last May DDoS attackers targeted UltraDNS as part of the attack against Blue Security that ultimately drove BS out of business. That attack managed to knock some UltraDNS customers offline. There was a previous attack on the root servers in 2002.

It's not like they haven't figured out the whole failover/fault tolerance thing.

That's kind of the point here, actually. Several of the root servers do not have any redundancy. You can see the list at http://www.root-servers.org/. In particular, the A, B, D, E, G, H, and L servers have only a single location a piece.

F, I, J, K, and M, on the other hand, are heavily redundant and have multiple geographic locations, routed via Anycast, so a single client only "sees" the server nearest to them. This makes them difficult to DDoS, because a zombie in S. Korea pinging the J server would be sending packets to the server in Seoul, while one in California would get the one in Mountain View.

What's odd, looking at the list, is that anyone operating something as critical to the internet infrastructure, wouldn't develop some geographic and systems redundancy; unfortunately, I suspect that the government agencies in particular tasked with these responsibilities probably don't keep it at the very top of their priority lists when allocating resources and funding.

I think something like this is what you're looking for.

http://www.huntip.com/links/rootdns.html

These are the servers responsible for the '.' domain. Now it's not exactly right, because C, F, I, J, K, & M are actually distributed amongst several physical machines. If you'd like the full list of the servers including locations of all the anycast root servers look here http://www.root-servers.org/.

Yes folks, there is a right and a wrong way to set up NTP. Having each of your individual clients poll stratum 2 or 3 (or Allah forbid a stratum 1 server) directly is like configuring each of your clients to poll the the Internet's DNS Root Servers directly. After all very few of the queries sent to the root servers are unnecessary or frivolous. A proper NTP design is essential for any entreprise-class network. I include in this ISPs. ISPs should provide their customers with a locally-available NTP service. It's extremely easy to do. Then they should block outbound NTP queries from their dynamically-assigned customers (allowing the statics out, like you normally would for exceptions to ACLs like when you block SMTP out (you do block outbound SMTP, don't you?)). I've long-since believed that NTP will someday become a point of attack. It's not that I find a fault in the program or protocol but the very fact that it's a protocol used to enhance security and improve auditing and certainly isn't out of the minds of hackers. NTP would be fairly easy to DoS if proper ACLs aren't in place.

The point of all this is that NTP is very easy to set up correctly and is even easier to set up wrong. I wish everyone would spend the extra 0.001% of effort to do it right.

Um, no. The majority (81 out of 114) of root servers are not in the US. I may have miscounted a few (me being stoned and it being late), but that doesn't invalidate my point, not by a long shot.

According to more complete information approxmately 29 of the over 100 clusters are in the US.

Of course all of this is moot, since this was never about controlling servers, it's about DNS zonefiles.

Though there are a lot of servers outside the US, they are still run by US companies, universities, and the government. There are only two roots, K and M, not run by a US intrest. Have a look at the offical site http://www.root-servers.org/ (which isn't responding right now for some reason) if you want to know what the roots are, who runs them, and so on. You discover that a number of roots have systems all over the world, like F, which has 8 locations in the US, and about 25 outside. However, except K and M, you discover the controlling entity is a US intrest, in F's case it's ISC, the BIND guys, based in Delaware.

Also geographic location doesn't necessitate the use of a given server. Ideally, you use the server that's closest to you network-wise and try down the list if it doesn't respond. In reality there are many DNS servers that just go and ask A for all the answers.

So while the US certianly doesn't have absolute control over DNS, that's an impossibility, US intrests have a large majority controlling stake.

Doesn't seem like the owners of i.root-servers.net think it belongs to ICANN : http://i.root-servers.org/

http://www.root-servers.org/

I've seen the problem described as "Teh US h4xx0r administration can cut off a country from the rest of the Internet". Pray tell, how? Block a range of IPs from making DNS requests? All it takes is one server in a neutral country to forward / cache those requests. If this did happen, you'd likely have about a million sysadmins jump to the task.

The US gov't can't block access to the root servers, because the gov't doesn't run the root servers. Publishing the root zone is not the same as serving it. The worst thing the gov't can do is refuse to acknowledge someone's new TLD idea (see, .xxx).

Here is an information site with some additional (but dry) information;

root-servers.org

It is neither; it is IP, TCP, UDP, DNS and so on. These were all invented in the US. And the specific item in question is not the internet at large, but DNS in particular.

The U.S. government doesn't pay for any maintenance of backbones. All of the backbones in the US are owned by private companies (MCI, ATT, Sprint, L3, etc).

"This would allow them control, as well as decentralize the net even more."

The Internet is already about as decentralized is it's going to get (I assume we talking about placements of the DNS root servers). Here's a list of cities/countries that have a root server: Ottawa; Palo Alto; San Jose CA; New York City; San Francisco; Madrid; Hong Kong; Los Angeles; Rome; Auckland; Sao Paulo; Beijing; Seoul; Moscow; Taipei; Dubai; Paris; Singapore; Brisbane; Toronto; Monterrey; Lisbon; Johannesburg; Tel Aviv; Jakarta; Munich; Osaka; Prague; Amsterdam; Barcelona; Nairobi; Chennai; London.....just to name a few. For a complete list go to http://www.root-servers.org/.

"The largest logistic in this endeavour would be an accepted system of standards which would have to be adhered to and enforced by a coalition of countries, so that again no one country was in complete control."

I'd like to know what country has complete control right now? There isn't any. There's ICANN, but that's not apart of any government. ICANN does have people from all over the world.

The people that are demanding "control" of the Internet don't even know what they want control of.

-Nick

Weird to be told that from someone who doesn't really make sense..

You mention that the world relies on middle easter oil, so you (assuming you to be in the US, as it sounds from your mentioning of wheatfields in the US, and your ownership) then say effectively "The US should turn over ownership of a foreign country's resources to someone else."
I hope you know just how wrong that sounds.

Nobody is mentioning anything about taking control of anything that affects US geographical territory. So the mention of wheat fields and so on is purely spurious. Which I'm sure you were well aware of when posting this.

As to interdependance of technologies, my post was simply stating that the world did have an interdependance on technology. I'm sure you'd be entirely miffed if some governing body still held on to an idea that it had created Agriculture, so it required scribes present on each US farm to oversee the fields you grew. Just to make sure.

As to the buildings housing root servers. The US doesn't actually own the buildings that many of them are held in (check out http://www.root-servers.org/ if you don't believe me).

Hoarding the root servers (meaning, keep direct control of them, without allowing the rest of the world to have a real say, even when it affects the world at large) is exactly what is happening.
There again, I suspect you knew that also.

I hope that explains where I was coming from. And while I don't claim to have achieved true enlightenment, I'm actually working on it.
I suggest you try the same.

All I see is a bunch of member countries who want control of the toys, and have no clear direction on why or how they need them.

I think every country has the same need in it: communication. Everyone should be able to use it with the same rights as everyone does.

If they're going to try to "force" the US, I can certainly see the US resigning.

No, they won't resign just because of some silly internet control dispute.

The UN has been nothing but a pain for the longest time, passing resolutions that no one but the US is supposed to carry out.

The US are nothing but a pain for the UN. They don't obey to the UN like most other countries do obey. They aren't worth much as a member.

we're censured as being an "empire builders" or "warmongerers".

'cause it's true...

Again, the US doesn't "control" the internet. ICANN does. Check the first letter there: International

There, I agree with you. I actually dont't know what they're discussing about. The root servers aren't alltogether located in the US. Just have a look at http://root-servers.org/ and you'll see many european or asian locations.

I hope that was sarcasm? Because you may be surprised at what you find in the history of the internet's invention.

History. Sure it was invented mostly by american scientists, but there were also others involved. Sure the US financed it's development. But the further development that made the internet what it is today was an international effort.
The first car was invented in Germany, but the whole world uses them now. Quite much of the internet software we use every day was developed or invented to some extend in other countries than the US.
All in all, the internet works just fine, but noone really has control over it.

You'd better sign off the Internet now then, because according to http://www.root-servers.org/ quite a few of them are located in what you would probably class as "non-democratic countries", and far less than half are within the US.

Not all the root servers are in the USA. In fact, after looking at http://www.root-servers.org/, it seems that many of them actually consist of several servers, sharing an IP address. The ones with (physical) servers outside of the USA are F, I, J, K and M, it seems.

I did and it turns out the DNS servers are everywhere.

Exactly. We already have the infrastructure.

But it's absurd that US tax dollars are paying all the costs for the existing DNS root servers. Want proof?

http://i.root-servers.org/

"Therefore "I" is no longer available only from the (main) site in Stockholm, Sweden, but also from several other
sites, including

- Helsinki, Finland
- Milano, Italy
- London, Great Britain ...

  We pay for all the hardware needed to deploy new sites and maintain complete administrative control over each site, but we are happy to accept help with everything else (i.e. rackspace, connectivity, IP transit, etc). Such help is actually crucial to make this expansion possible."

As you can clearly see, my Swedish tax dollars (and I pay a lot of tax) are in fact paying for the operation of the I server already.

And yes. I would happily give control over something as important as the root servers to someone else than the Swedish government. The Swedish government are wankers, just like your government, just in a different way.

I read this and thought they were bitching about the root servers, ran around looking up information/sources to point out there's no real problem with the current root servers setup, then found out they're whining about goddamned ICANN.

Repeat after me:
DNS is *not* the web.

ICANN's not perfect, but if you look at how they operate, you'd be surprised to find out they weren't setup by the UN. They're clearly the product and brainchild of a bunch of bureaucrats. There are huge fees to apply and propose, and then they arbitrarily create new TLDs to sustain the new fees rolling in the following application period. They burn through their government contract cash when all they do is push paper around, and then ask for more like a fat kid with a food fetish.

If the UN really wants to take control, I say fine - fuck it, stop our government wasting some money on this albatross.

ICANN
"In 2000, ICANN introduced seven new gTLDs: .aero, .biz, .coop, .info, .museum, .name, and .pro. The ICANN community is currently exploring possibilities to add additional gTLDs." ... amazing. what will they* think of next?
* (and by they, I mean the people who dropped the huge fee to apply for those gTLDs, as ICANN doesn't think them up only approve them)

All they ever did was introduce competition by having multiple registrars, and that's not exactly some amazing idea, it's something that was *long* overdue.

Not to mention that a good portion of the other *.root-server.net servers are at different physical locations around the world. http://www.root-servers.org/

The root servers are found in lots of places already: http://www.root-servers.org/

Let them try to take control of the Internet. We have nothing to worry about because all they will do is write carefully worded letters.

Seriously, why does the UN need to be involved? I thought that each country had control over its own TLD, and assigned number authorities are assigned to each continent. . The root servers themselves are located all over the world.

AFAIK, the only thing the US really has a "monopoly" on is the .com, .net, and .org domains, as well as anything else ICANN may want to create. But for the UN to use that as a pretext to take over the ENTIRE Internet? I don't think so. Besides you only have to take one look at their track record to extrapolate the doom of the Internet should they somehow push this through.

The "main" DNS servers - http://www.root-servers.org/presentations/wsis.pdf

No, they only run a few top level servers, most top-level servers are run for no fee at all by third parties. check here. ICANN only runs L, Verisign only runs A and J.

RIPE, ISC and NORDUnet/Autonomica do all of the heavy lifting, really.

So, basically, ICANN and Verisign are only in the business of making an entry in the master database.

So if something is developed in the US using US resources, and becomes an indispensable international asset because of its quality and/or usefulness, then the US government should retain control over said asset?

I didn't say that, and that's already not the case. There is significant international presence among the root servers, but the contract administrator will continue to be the National Telecommunications and Information Administration, a component of the US Department of Commerce. There are already international organizations administering root servers.

Would it really kill us to at least allow other countries to have some input on how these assets are managed?

No, and they already do.

And turning control over this asset over to an organization where other countries have input into that control (along with the US) would definitely impact our economy negatively?

I didn't say it "definitely" would. The NTIA statement itself says it best:

Given the Internet's importance to the world's economy, it is essential that the underlying DNS of the Internet remain stable and secure. As such, the United States is committed to taking no action that would have the potential to adversely impact the effective and efficient operation of the DNS and will therefore maintain its historic role in authorizing changes or modifications to the authoritative root zone file.

We have an established, secure, stable system, chain of command and accountability, and administrative and technical infrastructure built to administer the root servers. Any changes to this system have a potential for unacceptable disruptions in service.

There's smart people in other countries too. It's not just in the US where a growing chunk of the economy is reliant on the Internet's operation; other countries have a "vested interest" in keeping it up and running as well.

They may have a "vested interest", but that doesn't mean they have the same capability. Further, there is a lot of political angling going on for such control - a heck of a lot more political motivated than any US political motivations for keeping control centralized here. This political angling for expansion of other nations' or international bodies' control over internet infrastructure has a potential for grave consequences, not to mention the possibilities for miscommunication, misunderstandings, and misapplication in such a transition. However, what is already known at present is our proven ability to properly and securely administer the root servers in a stable and predictable fashion.

First of all, it's pretty ignorant of you to assume that an organization that has an international scope definitely can't manage an asset as well as the US government.

The current management capability is already proven. It has nothing to do with whether someone else might or might not be able to functionally do the job. The point here is that we already KNOW we can do the job. This is a technical, mechanical process. And yes, the proportion of our control over the processes most certainly should be somewhat proportional to our historical and continuing contributions.

Secondly, nobody can say for sure how well ICANN will manage this asset.

Touché. That is *exactly* the issue.

it might do a BETTER job than the existing arrangement, since it has a larger talent pool to draw from.

And it might not (and probably wouldn't, given the fact that there would be a lot more political game-playing and posturing, a la ITER, going on, whereas the current system's mission is only stable, secure, and accountable management of DNS.)

And as for "talent pool", anyone with anything significant to contribute to the internet at large is welcome to do so. The US's transparent administrat

Has it occurred to you, though, that it was the US's investment, and its military, academic, and research establishments, that literally created and grew the internet in the first place?

I'm not saying that gives the US perpetual rights to control everything about it, but that's already not the case. The internet is an open, global tool, and the US has been awfully transparent in terms of how the internet is managed and with regard to the standards that make it work.

The US contribution to the internet has been immense, has eclipsed any other nations' collective contribution in terms of money and manhours, and has been as such for decades now. The US has PROVEN beyond a shadow of a doubt that it can fairly administer the root servers in a secure and stable fashion (and there ALREADY IS an international presence among the root servers, albeit not international "control").

You think it's politics that the US wants to keep administrative control of the root servers? There's a hell of a lot more "politics" involved with international entities and other nations angling for their own little slice of control over critical internet infrastructure. And with all that political angling comes a great potential for instability, miscommunication, and mismanagement.

Just look at the nightmare of deciding where to build ITER, and the US wasn't even a potential site. We don't want that type of thing going on with the root servers.

with the kneejerk slashdot reactions that come from pulling shit out of your asshole, rather than actually considering the truth, such as the actual NTIA statement itself:

U.S. Principles on the Internet's Domain Name and Addressing System

The United States Government intends to preserve the security and stability of the Internet's Domain Name and Addressing System (DNS). Given the Internet's importance to the world's economy, it is essential that the underlying DNS of the Internet remain stable and secure. As such, the United States is committed to taking no action that would have the potential to adversely impact the effective and efficient operation of the DNS and will therefore maintain its historic role in authorizing changes or modifications to the authoritative root zone file.

Governments have legitimate interest in the management of their country code top level domains (ccTLD). The United States recognizes that governments have legitimate public policy and sovereignty concerns with respect to the management of their ccTLD. As such, the United States is committed to working with the international community to address these concerns, bearing in mind the fundamental need to ensure stability and security of the Internet's DNS.

ICANN is the appropriate technical manager of the Internet DNS. The United States continues to support the ongoing work of ICANN as the technical manager of the DNS and related technical operations and recognizes the progress it has made to date. The United States will continue to provide oversight so that ICANN maintains its focus and meets its core technical mission.

Dialogue related to Internet governance should continue in relevant multiple fora. Given the breadth of topics potentially encompassed under the rubric of Internet governance there is no one venue to appropriately address the subject in its entirety. While the United States recognizes that the current Internet system is working, we encourage an ongoing dialogue with all stakeholders around the world in the various fora as a way to facilitate discussion and to advance our shared interest in the ongoing robustness and dynamism of the Internet. In these fora, the United States will continue to support market-based approaches and private sector leadership in Internet development broadly.

You may also take note that there are plenty of "international organizations" already involved with the root servers.

Um, only two of the 13 root nameservers are controlled by VeriSign. And three are "controlled" by the government. The rest are at academic/research institutions or telecommunications providers, some international.

Four of the 13 are *already international*, and there are servers directly supported by the root server administrators that are all over the world.

A ns.internic.net - VeriSign - Dulles, Virginia, USA
B ns1.isi.edu - ISI - Marina Del Rey, California, USA
C c.psi.net - Cogent - Herndon, Virginia, USA
D terp.umd.edu - University of Maryland - College Park, Maryland, USA
E ns.nasa.gov - NASA - Mountain View, California, USA
F ns.isc.org - ISC - Palo Alto, California, USA
G ns.nic.ddn.mil - U.S. DoD NIC - Vienna, Virginia, USA
H aos.arl.army.mil - U.S. Army Research Lab - Aberdeen Proving Ground, Maryland, USA
I nic.nordu.net - Autonomica - Stockholm
J VeriSign - Dulles, Virginia, USA
K RIPE - London
L ICANN - Los Angeles, California, USA
M WIDE Project - Tokyo

You should probably, you know, take a look at the actual root servers list for a complete rundown, including locations.