Slashdot Mirror
Pirate DNS?
"What I had in mind was a system that was totally open and free, anyone can register any domain name or TLD. Since it was kept separate from NSI, this would include domains already registered there. In order to keep this DNS from leaking into the old DNS, I guess the servers could run on different ports. I also had in mind a modified version of the DNS protocol, where data could be distributed in a Gnutella or FreeNet fashion. This would eliminate the need to have root servers that had to handle a heavy load. However it would be vulnerable to spoofing and faking data.
One question I have though, since this is essentially a private network of computers (even though it is distributed throughout the Internet), can companies bring trademark law to bear on what I choose to name my computers on a private network? Can I call a machine microsoft.com on an intranet or on a network based on a naming scheme different from the standard DNS?
Another alternative would be to only use this system to add new TLD's and use the NSI DNS for .com, etc.. This would allow TLD's such as .god, .sucks or .anything-you-want to be set up without interfering with servers not recognizing this new DNS. This would avoid naming collisions with the old DNS.
My hope was that something built in this fashion would be controlled by the normal everyday users of the Internet, not by corporations. A distributed, cooperative naming system where hopefully less bullying could take place. Is this feasible? Or even desirable by anyone else?"
There's 12 root servers, these servers handle all authoritative information for registered domain names. When you do an looked for a host, here's the process...
You'll typically have your ISP's DNS servers in your TCP/IP configuration. When you hit www.slashdot.org, you send an A query to your ISP's DNS server for "www.slashdot.org"
Your ISP's DNS servers think "well hell, I don't know who the hell www.slashdot.org is, let me contact one of the root servers to see who has authority over that domain."
Your ISP does an NS query on "slashdot.org" to see what servers are authoritative for that domain.. In this case it will return:
slashdot.org nameserver = ns3.andover.net slashdot.org nameserver = ns1.andover.net slashdot.org nameserver = ns2.andover.net
Your ISP's DNS server now knows who has authority for the domain and who can give you the A record for "www.slashdot.org"
Your ISP's DNS server contacts one of the authoritative name servers to do the A record lookup for "www.slashdot.org", basically saying "what's the IP for www.slashdot.org"
Andover's DNS server returns 64.28.67.48
Your web browser hits 64.28.67.48, and your web browser pulls up the site.
Please, please, please.. UNDERSTAND what you're talking about before posting things like this. You can't just "HIJACK" the DNS system, and NSI DOES NOT CONTROL IT.
The root servers are 12 servers placed all around the world, and no 1 corporation owns them. I believe it was the IETF that put them in place, who are the saviors of the internet world.
1.Court systems (in whichever country you are in) still exert juristiction. Moving to Sealand isn't going to help. While you (the new DNS people) may not have problems, people using your service still have to face liability in their country of origin. As long as the court systems seems to think that Domain Names are trademarkable, well, we're screwed.
There's nothing technical that can be done about that. However, simply not disableing a domain name UNTIL a court order is issued would be an improvement over what we have now. Ideally, the court order should go to the domain holder and not the DNS provider. That can be done if the DNS provider maintains that the registrant owns (or purports to own) the name and the provider simply propogates it as a service to the registrant.
2.You'd have to get the big players (most of the major ISPs) to go along. For legal reasons (see #1), this will never happen. So, if the people that provide 90% of the internet users capacity don't use you, what's the point?
Even windows allows manual selection of DNS. Nothing requires you to use the DNS provided by your ISP (I don't). We don't need a sweeping revolution, it can be one netizen at a time.
3.As to this, there is currently AlterNIC. They don't have many of the problems we associate with the current system, but guess how successful they've been?
You've heard of them, I've heard of them, everyone reading this has heard of them... Their TLDs resolve for me. Again, one at a time.
4.DNS requires a controlling entity. Distributed control isn't really a good idea. (Distributed operations are, though).
Why not? As long as a mechanism exists to prevent cheating it should be no problem. The only authority needed is private agreements between the participants, which could perhaps be informal. I need no legal authority to claim that www.microsoft.com = 207.46.130.149. You are free to take my word for it or not.
A key to avoiding trouble in that area is to stay away from the current TLDs. Let ICANN and the rest have .com etc.
IIRC, it was Alternic that tried this once. It wound up breaking a bunch of stuff.
Also, if it COULD be made to work, who'd admin it? How would they get paid? Would their service be any better than NSI?
Chas - The one, the only.
THANK GOD!!!
Chas - The one, the only.
THANK GOD!!!
First of all: It's 13 root servers, not 12
$ dig . ns |grep NS |grep -v \; |wc -l13
NSI is really split into two beasts, the registrY and the registRAR.
The registRAR is the people who auction off old domain names.
The registrY is the people who maintain the gTLD servers, and only two of the root servers.
The root servers are maintained by:
A: NSIB: ISI.EDU (California)
C: PSInet
D: UMD
E: NASA
F: ISC/NOMINUM
G: DOD/DISA
H: ARL (ARMY)
I: Univ Stockholm
J: NSI
K: London (LINX)
M: Tokyo University
Currently, the COM/NET/ORG are hosted on only a few root servers, namely, A, E, F, and G. There is currently a transition of moving COM/NET/ORG off of the root servers, onto gTLD servers.
These servers:
$ dig com. ns |grep NS |grep GTLD
(snipped)
K.GTLD-SERVERS.NET.
A.GTLD-SERVERS.NET.
M.GTLD-SERVERS.NET.
H.GTLD-SERVERS.NET.
C.GTLD-SERVERS.NET.
I.GTLD-SERVERS.NET.
F.GTLD-SERVERS.NET.
J.GTLD-SERVERS.NET.
All of the gtld servers are administrated by the NSI RegistrY.
And although the A server was once the master of the Root servers, it is no longer. The root servers use a stealth-primary (that would be one that you don't see) for distributing the root zone.
...And NSI does not control policy regarding the root servers, IANA does. If IANA told NSI to stop hosting all of the gtld servers by a certain date, NSI would cry, scream, kick ans wail (maybe even sue), but NSI would eventually have to give it up.
NSI does not control each of the root servers. If NSI told the root server operators to do a certain thing, like "All root servers must run NT", each individual root server operator could individually refuse to cooperate. (And I certainly hope that they would, NT is evil incarnate).
And while you're criticizing NSI, maybe you should look at the response time for the COM zone on all of the servers NSI administers. Depending on your connectivity, I haven't ever seen anything more than 100 ms -- Way better than the sucky E and G root servers, which regularly respond after 4000 ms. NSI is throwing a lot of money into making the gTLD servers more responsive, and accurate.
-- If you met me, you probably wouldn't remember me. I'm pretty hard to remember.
While a noble idea, there are several major reasons why you would never be able to get it accepted:
In the end, however, you fall into the same trap virtually everyone does when attempting to "Reform" the DNS system. They make the assumption that names have connotation. That is, that there is some meaning to the name www.microsoft.com other than it's easier to remember than 207.46.130.149. The DNS system was designed, and SHOULD REMAIN simply a pneumonic (sp?) that makes life easier for machine identification. What we've loaded onto the DNS system is content location, something it's completely unsuitable for.
Fundamentally, I should NOT be typing in "www.microsoft.com" in IE if I want to look for Windows 98 crap. I should type in "Microsoft Windows 98". There should be no end-user mapping between content and DNS name. Content should be divorced from DNS completely, in the manner that DNS is divorced from IPs. Meta-searching and content discovery/cataloging need to be avanced to the point where honestly, the end-user should NEVER KNOW ABOUT URLs. Does then end-user know about IP addresses nowdays? No. Neither should they need to know about DNS names.
We need to fix cataloging and searching first, then the DNS problem will go away.
-Erik
There are always four sides to every story: your side, their side, the truth, and what really happened.
OK, let's say we take your proposal, and create the World's Best Registrar(tm). We have lots of nice, end-user friendly policies, responsive customer service, and we don't screw people over. In short, the polar opposite of NSI. So, everyone hears about you, decides you're cool, and we all switch over to you.
Heck, you're so nice and cool, and we all trust you so much that you go and create a whole bunch of new TLDs. We like 'em, and use them wonderfully.
Everything is hunky dory up until the point where you decide to let someone other than Mr. Gates' company register microsoft.com. Or even microsoft.xxx. Suddenly, a whole passel of MS lawyers show up at your doorstep, and demand that they get back the microsoft.xxx domain, because, damnit, they own the trademark.
Guess what? You're going to have to give the name back to MS. The reason is the current interpretation of law. You, as the service provider, are responsible for following the law, and the law states that MS has the right to the microsoft.xxx domains. You have to comply. Sorry, no way out. This isn't just in the US, anymore, since WIPO decided to essentially impliment the US trademark-on-domains philosophy into internation trade law. So you can't move elsewhere.
Fundamentally, right now the boundaries are set up for what we can and cannot do on our own - certainly, there is a whole lot of room to improve over NSI (and I'm certainly moving my business from them to someone else), but the current legal atmosphere limits what policies you can put in place for domain registration.
-Erik
There are always four sides to every story: your side, their side, the truth, and what really happened.
Alternic tried this back around 1996. Here's a link to a boardwatch article that discusses their system. It transparently handled regular Internic (now Network Solutions) requests as well as their own names/TLDs. They mentioned that you could get your own TLD for $98/year. How cool is that? :) I never actually tried changing my DNS servers over to theirs, just because it didn't seem to be catching on at all.
/ \
\ / ASCII ribbon campaign for peace
x
/ \
If you put it in the hands of a known agentcy such as the Free Software Foundation then it would be out of reach of corprate intrests.
In my view RMS and the FSF are IDEAL for running such a system. The pre-existing contempt for all the elements that give rise to the current DNS situation means the FSF would not cave to corprate pressures. Not at all.. they would be stronger as then exist in a state of battle.
It's a whole mindset thing. Basicly they allready hold contempt for corprate mentality so when corprate mentality comes along with "Our way or no way" the reply is swift and automatic "Go To Hell".
Anyway it dosn't need to be the FSF.. as long as it's a known agentcy with similer addatudes. Or form a new agentcy with RMS, ESR, BP and a few other advocates at the head. As long as it's a "known" in that we know it will behave to the benifit of the net and not the benifit of corprate culture.
I don't actually exist.
I mentioned a "missed opportunity" in the subject. Here's what it was. We had a chance to completely BYPASS the entire DNS crap years ago. Where? At the web browser itself. Now, I'm going to use a word that a number of people won't like, and that's "keywords". What if in Netscape, when someone typed in "glorious shoes", it didn't try to DNS it, or search engine it, but to look it up at a keyword registry site? (Sure, okay, its a little too close to AOL for some.) But the idea is to put the power of name lookups into the browser itself, bypassing the DNS mechanism. If this would have been done, NetSol would have been somewhat moot. (But then again, we could have created a new monster.)
Of course, it isn't TOO LATE for this to happen, but there better be a central keyword registry or Netscape and Microsoft will fight with registries of their own. Fun fun fun.
BTW... if someone can pull off this idea, they can become a VERY VERY rich person. If this becomes the case, please hire me. :)
just occurred to me (probably due to lack of sleep). Imagine that a service similar to internic was established (I could do it, I got a spare 486 around here somewhere) that acts as a root domain server. I point my nameserver at it to feed me addresses. The root nameserver will check its own databases first and if it doesn't find a match, it will then query the internic root domain servers. This would allow me to use microsoft.com or any other domain that has already been taken.
Obviously, this has limited use when there's only one person using it, but nobody is FORCED to use the primary internic root nameservers like everybody does. A nameserver could use ANY root nameserver it liked.
Lets say I run a small isp, something around the size of AOL. I set up my nameservers to use the alternate root nameserver (still using the 486 of course). Then I decide that I don't like microsoft (can't think of any reasons at the moment, but I'll worry about that later). I therefore "register" microsoft.com on my root nameserver and now all the 18 million users using my isp will see the NEW microsoft.com. Microsoft still owns microsoft.com. The original microsoft.com site is very much in the same place it always was. Every other user on the internet is able to access it directly. But not my users. My users see a glimmer of a gentler, kinder microsoft. Perhaps a microsoft that promotes linux.
Microsoft will eventually catch wind of this.... maybe one of their employees prefers my isp over MSN and notices that the microsoft homepage looks funny, and reports it. After several multimillion dollar lawsuits against internic, they'll eventually discover that all my users are not using internic, but a different name service provider. Microsoft is not pleased. They want microsoft.com.
But they already HAVE microsoft.com, and despite the fact that they are now in debt greater than the US government, internic insists they STILL have it. At least the lawyers are happy. Microsoft attempts to get us to fix our problem, but our name service provider doesn't conform to any federal regulation. Nobody is forced to use my service any more than a user is forced to use windows on a PC. Of course, my 18 million users might start leaving in droves if they discover that I've been deceiving them all along, but then again... an internet without Microsoft... worse things could happen.
Lets say that all the microsoft lawyers go on a 6 month vacation and therefore microsoft doesnt' press any legal agenda toward reclaiming their domain from us for a while. I decide to set up another top level domain (.mine) for my personal name service. This way, someone can access microsoft.com.mine to get to the microsoft.com that I provide from outside of my isp service. This means that everyone on the internet now can access my domains even if they don't want to use my name service exclusively. (Its starting to look as if I might have to upgrade that 486).
But why SHOULDN'T they use my name service over internic's? After all, its just as good. So I go out to IRC and spam everyone to change their nameservers to point to the new root name server instead of the internic one. A few might be unwilling, a few might be confused, but the great mass of users will jump at the chance. I can also send out a large number of emails to all the isp's to use my name service instead of internic's. Promote the advanced technology of the 486 over whatever it is that internic is using. Chances are, it won't be too much of a stretch. Once I have a significant portion of the internet using my root domain servers, microsoft will gradually disappear from the web, and nobody would be the wiser. Oh sure, the news will be blasting it out to everyone every hour of every day, but ILOVEYOU and MELISSA were able to spread despite massive news reports, so I can't see how it will make any difference.
Internic was established to provide a single source of name service and was regulated by the government (to some extent) to provide those names. However, I know of no law which forces me to use them as my root nameserver, nor do I know of any law that forces me to provide customers with internic root name server access.
I'm sure I'm missing some key points in trademark law which would bite me in the ass before I got too far with this. But someone with the time and the resources could pull this off on a small scale and get away with it for a while and depending on how the laws work wherever that company is..... it might be viable. But with only a single 486.... very VERY slow.
-Restil
Play with my webcams and lights here
Isn't it what the open root server confederation is about?
When I caught him going to Yahoo first and typing www.amazon.com, it opened my eyes. I've since learned that very many people use portals and indexed catalogues as namespace locators, even using them as URL entry forms.
My mind still boggles at this. I have a web hosting client, an attorney who is a bright guy. A while back he registered several related domain names and I pointed them at his site.
About two weeks later, he calls me and he's pissed, claiming I haven't done the job he's paying me to do! The domains don't come up, he complains. But they do! Just type it in your browser, I say. In frustration, I have him describe EVERY step he is taking, and discover that this is EXACTLY what he does, everytime - he goes to Yahoo! and types into the search field.
I am dumbstruck! This makes as much sense to me as putting on pants to take a shit! And this horrible glimpse of another reality dawns and hits me square in the face - he totally lacks distinctions with regard to technology. In fact, in a very real sense, technology=computer=internet for him, no distinctions. He doesn't distinguish the Yahoo! document from the browser it is displayed in from the OS running the browser from the machine running the OS. He can't. Not because he's stupid. He's never needed to. Or known he could. Now considering all of that, he has still managed to make this web shit useful for himself. Confronted with an undistinguished jumble of computer, monitor, browser, preset home page and a lot of text, he DOES distinguish the button labelled "Search", and it produces useful results for him. And it has worked quite well for many months. Until something he wanted couldn't possibly exist yet in the search engines. And he, in the year 2K, is a veritable technogeek compared to most of the population.
But the most stunning aspect of this was what it said about me! About the assumptions I make everywhere: in performing services for people, in delivering information to people, in my day to day conversations with people around me. About how very, very different the same thing can appear, depending on who is doing the perceiving.
"I will gladly pay you today, sir, and eat up
Sacred cows make the best burgers.
But I can't help but think that this is more a matter of typical micro$oft "we're gonna sue you into oblivion if you don't follow the word of bill" than actual law.
For instance... an example from real life...
When I was still in school I was on the admin team for the UNIX network. Now, at one point while I worked there, some drone from one of the pedantic majors (future marketdroid or mba type I think) went looking for information on the US goverment, and surfed over to... you guessed it: whitehouse.com. Well, little miss anal-retentive promptly threw a fit and complained to everyone who would listen... including a nasty letter to the school president. Eventually the order came down from somewhere above: We were to redirect whitehouse.com to whitehouse.gov in our DNS. We did, leaving a easy to exploit way to get to the real whitehouse.gov if anyone cared... as the OFFICIAL policy was not to censor net access (this was well BEFORE the RIAA began harassing schools to block napster).
So, were we, therefore, in violation of the law, for changing DNS on our own PRIVATE network (at a private school, not a state one)? Could whitehouse.com, had they gotten word of it, sued us over the remapping AND WON????
At home, I have microsoft.com remapped to www.kmfms.com so if any of the two other people who have access to these boxen suddenly become drones, they will be sent to a place they can get help. It is ILLEGAL, to change DNS???? On my own PRIVATE network???
That seeme totally idiotic to me, if it is true.
john
Resistance is NOT futile!!!
Haiku:
I am not a drone.
Remove the collective if
Imagine all the people...
We really can have a free world wide web (the way it used to be). Remember all those little banners you used to see a couple years back? "Corporate Web Sites Kill The Internet Dead" I thought the loonies who posted those at that time were paranoid. But they were 100% right. It's happening. Witness the multi-billion dollar corporations bullying private citizens and shaking them down for domain names. It's sick. But how can we stop the big money folks from destroying the new (let's call it FreeDNS) naming service?
We look to GNU and its GPL. That powerful license has kept free software free up until now. The basis of free software is "you're free to play with us, but if you do, you must play by our rules". The GPL says that if you want to use our GNU software, you may, but then you have to play by the rules in this license.
Imagine a contract for new domain name registrants. It will have them agree to play fair if they're going to play. Here's a sample of what I'm thinking of.
FreeDNS terms of service:
1) By registering a domain name with the FreeDNS service, I am agreeing to adhere to any and all terms in this FreeDNS terms of service contract. Where there is a discrepency between this and any other contract, this, the FreeDNS terms of service contract, shall take precendence.
2) By registering a domain name with FreeDNS, I agree to not challenge at any time the ownership of any FreeDNS domain name, neither existing domain names, nor domain names yet to be registered. I agree that any domain name registered by any person or organization containing any of my trademarks or other intellectual property.
3) I understand that if I ever do challenge, civilly or criminally, any domain name held by any other person, I forfeit my rights to participate in FreeDNS. Although I may legally prevent others from using my trademarks and other intellectual property in FreeDNS domain names, I understand that this shall preclude me from participating in FreeDNS.
4) By registering a domain name with FreeDNS, I am relinquishing any domain names such that I have gained control of through civil or criminal prosecution, or through legal settlements, or by coersion via threats of civil or criminal suits, to their previous owners.
5) By registering a domain name with FreeDNS, I am agreeing never to sell any FreeDNS domain name to another party for any fee or in exchange for any good or service or favor of any sort. I understand that any transaction is invalid, and such a transaction puts the sold domain name into the pool of registerable domain names. If it is discovered at any time that I sold a FreeDNS domain name, I make myself liable for any and all damages arising from the breach of this contract.
6) I agree that failure to adhere absolutely to this contract voids any and all FreeDNS domain name registrations that I hold, and that they shall return to the pool of registerable domains.
This does a few different things (and IANAL, so obviously, this would have to be beefed up by a real attorney). First, it says that if you want to participate in FreeDNS, then you can't try to take anyone else's domain name for any reason. If you choose not to participate, then you can sue to have, for example, microsoft.sux removed from use and removed from the pool of registerable domain names. However, if your company, for example, microsoft decides that it DOES want to participate, it will have to give back any siezed domains and play nice. So if my company, DerMarlboro Enterprises, registers dermarlboro.com, and some yahoo registers dermarlboro.sux or dermarlborosucks.com, I can't challenge that, and I can't even threaten the registrants of those names or else I will lose my right to participate. Plus, sale of domain names voids them, and voids all other domain name registrations by the seller, so the motivation to cybersquat is removed. You can't sell it. If you try, someone else can get it for free.
Personally, I think it should have been done this way to begin with. But when nameservice first appeared, who would have imagined the friendly bearded sysadmins who owned the domains SUEING one another because one owns sysadmin.com, and the other registers sysadmins.com? It turns out to be true. Corporate web sites really do kill the internet dead.
Try www.name-space.com, an alternate registry with some 500-odd gTLDs already set up. All you have to do is point to their machines as your resolver and you can access the .bicycle, .sex, .shareware, etc. gTLDs. (so if you have that done, they're also www.name.space). Whether that's a good idea or not is something else: they'll let anyone register any gTLD. They're hoping to get enough popular support (people giving out their "new improved" names) that NSI will have to honor their gTLDs; I tend to think that won't happen. But FYI.
You'd still be faced with the same problem that caused the creation of NSI in the first place: who is ultimately in charge of the database? Some entity somewhere has to have the final say in what's in there, otherwise you have chaos. Not to mention trying to persuade overworked network administrators to add your alternative DNS to their name servers, some of whom wouldn't do so simply because they wouldn't like the idea of, for example, a .guns domain.
I think we're stuck with the present system, so our energies ought to be brought to bear against NSI and its increasingly fascist policies. Where's a tobacco lawyer when you need one?
The first is that many protocols utilizing the DNS lookup function would not work, and would have to be re-configured. While this may seem a small task, remember that (unfortunately) many people rely on so called "point and click" functions of their servers, and have no knowledge base on re-stringing queries.
The second is the functionality behind the current DNS scheme. Domain names are handed out, and related to IP addresses, which works great. Your normal first timer can type in known addresses to get known companies. (.org and .net fall under this too) This easy familiarity makes surfing the internet a breeze, even if some people have to suffer for it.
Another thing is non, or misuse of a new DNS registry system. I don't beleive someone should be allowed to camp on a site that has an easily identifiable corporate name (Wal-Mart, for example) and use it to either coerce the company for money, or for other things, such as placing 600+ ad banners in an effort to get paid. Such misuse demotes the true intent of the internet, which is the free distribution of information. A good example of non-use is the so called "undernet" and "cobranet" that cloned the IRC a few years back. These clones, while functioning perfectly like the IRC, and perhaps even a little better than the IRC, were hardly ever used, and quite a number of them went defunct in a matter of a few months.
An alternate system I support is the "extension" of the current DNS configuration that was rumored to be in the works back around 1998. It involved pushing the extension barrier out a couple steps to include things like .bus (business) .que (web queries or searches) and so on... Rumor has it that someone even came up with the idea of giving each state/local province their extension, (so North Carolina would have the extension of www.*****.ncs.us, and the venezia regional government of italy could have www.*****.vez.it
I firmly support pulling the dollar power away from NSI. I think the distribution of domain registries should incur a one time type in fee only, and that should basically be the cost of the man-hours required to make the changes to the system. Require domains to confirm that said domain is still in use once every month or quarter (and require it to be filled out in a predermined format so it can be parsed out by a PC updater) and that's that.
krystal_blade
It will be easy to motivate our fellow man; there is hardly anything people treasure more than not being annihilated.
A few weeks ago, after submitting the ask slashdot, I put up a web site at www.piratedns.org if anyone is interested in contributing.