Slashdot Mirror

← Back to Stories (view on slashdot.org)

Pirate DNS?

Posted by Cliff on from the ahoy-matey!-shove-over-that-.com-or-walk-da-plank dept.

guinsu asks: "After seeing many comments on Slashdot about how disgruntled many people are with the current DNS setup (i.e. total control by NSI) and the amount of trademark lawsuits on an over-commercialized Internet, I was curious if it was possible for a group of people to set up their own 'alternative' or 'pirate' DNS system that would be separate from the NSI controlled one?" Of course it's possible, My worry is that if it gets large enough to rival the regular DNS system (if you want everyone using it, it will have to be), big business will take notice and we'll replay the same fights all over again. Could we protect such a thing from happening if it were formed?

"What I had in mind was a system that was totally open and free, anyone can register any domain name or TLD. Since it was kept separate from NSI, this would include domains already registered there. In order to keep this DNS from leaking into the old DNS, I guess the servers could run on different ports. I also had in mind a modified version of the DNS protocol, where data could be distributed in a Gnutella or FreeNet fashion. This would eliminate the need to have root servers that had to handle a heavy load. However it would be vulnerable to spoofing and faking data.

One question I have though, since this is essentially a private network of computers (even though it is distributed throughout the Internet), can companies bring trademark law to bear on what I choose to name my computers on a private network? Can I call a machine microsoft.com on an intranet or on a network based on a naming scheme different from the standard DNS?

Another alternative would be to only use this system to add new TLD's and use the NSI DNS for .com, etc.. This would allow TLD's such as .god, .sucks or .anything-you-want to be set up without interfering with servers not recognizing this new DNS. This would avoid naming collisions with the old DNS.

My hope was that something built in this fashion would be controlled by the normal everyday users of the Internet, not by corporations. A distributed, cooperative naming system where hopefully less bullying could take place. Is this feasible? Or even desirable by anyone else?"

7 of 217 comments (clear)

  1. uhh. no by Anonymous Coward · · Score: 5
    NSI doesn't control the DNS system, I thought slashdot covered this stuff ages ago.

    There's 12 root servers, these servers handle all authoritative information for registered domain names. When you do an looked for a host, here's the process...

    You'll typically have your ISP's DNS servers in your TCP/IP configuration. When you hit www.slashdot.org, you send an A query to your ISP's DNS server for "www.slashdot.org"

    Your ISP's DNS servers think "well hell, I don't know who the hell www.slashdot.org is, let me contact one of the root servers to see who has authority over that domain."

    Your ISP does an NS query on "slashdot.org" to see what servers are authoritative for that domain.. In this case it will return:

    slashdot.org nameserver = ns3.andover.net slashdot.org nameserver = ns1.andover.net slashdot.org nameserver = ns2.andover.net

    Your ISP's DNS server now knows who has authority for the domain and who can give you the A record for "www.slashdot.org"

    Your ISP's DNS server contacts one of the authoritative name servers to do the A record lookup for "www.slashdot.org", basically saying "what's the IP for www.slashdot.org"

    Andover's DNS server returns 64.28.67.48

    Your web browser hits 64.28.67.48, and your web browser pulls up the site.

    Please, please, please.. UNDERSTAND what you're talking about before posting things like this. You can't just "HIJACK" the DNS system, and NSI DOES NOT CONTROL IT.

    The root servers are 12 servers placed all around the world, and no 1 corporation owns them. I believe it was the IETF that put them in place, who are the saviors of the internet world.

  2. Re:This is bound to fail... by sjames · · Score: 5

    1.Court systems (in whichever country you are in) still exert juristiction. Moving to Sealand isn't going to help. While you (the new DNS people) may not have problems, people using your service still have to face liability in their country of origin. As long as the court systems seems to think that Domain Names are trademarkable, well, we're screwed.

    There's nothing technical that can be done about that. However, simply not disableing a domain name UNTIL a court order is issued would be an improvement over what we have now. Ideally, the court order should go to the domain holder and not the DNS provider. That can be done if the DNS provider maintains that the registrant owns (or purports to own) the name and the provider simply propogates it as a service to the registrant.

    2.You'd have to get the big players (most of the major ISPs) to go along. For legal reasons (see #1), this will never happen. So, if the people that provide 90% of the internet users capacity don't use you, what's the point?

    Even windows allows manual selection of DNS. Nothing requires you to use the DNS provided by your ISP (I don't). We don't need a sweeping revolution, it can be one netizen at a time.

    3.As to this, there is currently AlterNIC. They don't have many of the problems we associate with the current system, but guess how successful they've been?

    You've heard of them, I've heard of them, everyone reading this has heard of them... Their TLDs resolve for me. Again, one at a time.

    4.DNS requires a controlling entity. Distributed control isn't really a good idea. (Distributed operations are, though).

    Why not? As long as a mechanism exists to prevent cheating it should be no problem. The only authority needed is private agreements between the participants, which could perhaps be informal. I need no legal authority to claim that www.microsoft.com = 207.46.130.149. You are free to take my word for it or not.

    A key to avoiding trouble in that area is to stay away from the current TLDs. Let ICANN and the rest have .com etc.

  3. The original poster was [mostly] right by Hamhead · · Score: 5

    First of all: It's 13 root servers, not 12

    $ dig . ns |grep NS |grep -v \; |wc -l
    13

    NSI is really split into two beasts, the registrY and the registRAR.

    The registRAR is the people who auction off old domain names.

    The registrY is the people who maintain the gTLD servers, and only two of the root servers.

    The root servers are maintained by:

    A: NSI
    B: ISI.EDU (California)
    C: PSInet
    D: UMD
    E: NASA
    F: ISC/NOMINUM
    G: DOD/DISA
    H: ARL (ARMY)
    I: Univ Stockholm
    J: NSI
    K: London (LINX)
    M: Tokyo University

    Currently, the COM/NET/ORG are hosted on only a few root servers, namely, A, E, F, and G. There is currently a transition of moving COM/NET/ORG off of the root servers, onto gTLD servers.

    These servers:
    $ dig com. ns |grep NS |grep GTLD
    (snipped)
    K.GTLD-SERVERS.NET.
    A.GTLD-SERVERS.NET.
    M.GTLD-SERVERS.NET.
    H.GTLD-SERVERS.NET.
    C.GTLD-SERVERS.NET.
    I.GTLD-SERVERS.NET.
    F.GTLD-SERVERS.NET.
    J.GTLD-SERVERS.NET.

    All of the gtld servers are administrated by the NSI RegistrY.

    And although the A server was once the master of the Root servers, it is no longer. The root servers use a stealth-primary (that would be one that you don't see) for distributing the root zone.

    ...And NSI does not control policy regarding the root servers, IANA does. If IANA told NSI to stop hosting all of the gtld servers by a certain date, NSI would cry, scream, kick ans wail (maybe even sue), but NSI would eventually have to give it up.

    NSI does not control each of the root servers. If NSI told the root server operators to do a certain thing, like "All root servers must run NT", each individual root server operator could individually refuse to cooperate. (And I certainly hope that they would, NT is evil incarnate).

    And while you're criticizing NSI, maybe you should look at the response time for the COM zone on all of the servers NSI administers. Depending on your connectivity, I haven't ever seen anything more than 100 ms -- Way better than the sucky E and G root servers, which regularly respond after 4000 ms. NSI is throwing a lot of money into making the gTLD servers more responsive, and accurate.

    --
    -- If you met me, you probably wouldn't remember me. I'm pretty hard to remember.
  4. This is bound to fail... by trims · · Score: 5

    While a noble idea, there are several major reasons why you would never be able to get it accepted:

    1. Court systems (in whichever country you are in) still exert juristiction. Moving to Sealand isn't going to help. While you (the new DNS people) may not have problems, people using your service still have to face liability in their country of origin. As long as the court systems seems to think that Domain Names are trademarkable, well, we're screwed.
    2. You'd have to get the big players (most of the major ISPs) to go along. For legal reasons (see #1), this will never happen. So, if the people that provide 90% of the internet users capacity don't use you, what's the point?
    3. As to this, there is currently AlterNIC. They don't have many of the problems we associate with the current system, but guess how successful they've been?
    4. DNS requires a controlling entity. Distributed control isn't really a good idea. (Distributed operations are, though). The controlling entity needs to have some method for enforcing it's decisions, and whoops, that means it needs to derive authority from some legal method. Right now, I'm voting for a U.N.-sponsored organization that then delegates to national orgs. Honestly, I think international treaty is about the only way to go here.

    In the end, however, you fall into the same trap virtually everyone does when attempting to "Reform" the DNS system. They make the assumption that names have connotation. That is, that there is some meaning to the name www.microsoft.com other than it's easier to remember than 207.46.130.149. The DNS system was designed, and SHOULD REMAIN simply a pneumonic (sp?) that makes life easier for machine identification. What we've loaded onto the DNS system is content location, something it's completely unsuitable for.

    Fundamentally, I should NOT be typing in "www.microsoft.com" in IE if I want to look for Windows 98 crap. I should type in "Microsoft Windows 98". There should be no end-user mapping between content and DNS name. Content should be divorced from DNS completely, in the manner that DNS is divorced from IPs. Meta-searching and content discovery/cataloging need to be avanced to the point where honestly, the end-user should NEVER KNOW ABOUT URLs. Does then end-user know about IP addresses nowdays? No. Neither should they need to know about DNS names.

    We need to fix cataloging and searching first, then the DNS problem will go away.

    -Erik

    --
    There are always four sides to every story: your side, their side, the truth, and what really happened.
  5. Good idea, but if fails the legal test... by trims · · Score: 5

    OK, let's say we take your proposal, and create the World's Best Registrar(tm). We have lots of nice, end-user friendly policies, responsive customer service, and we don't screw people over. In short, the polar opposite of NSI. So, everyone hears about you, decides you're cool, and we all switch over to you.

    Heck, you're so nice and cool, and we all trust you so much that you go and create a whole bunch of new TLDs. We like 'em, and use them wonderfully.

    Everything is hunky dory up until the point where you decide to let someone other than Mr. Gates' company register microsoft.com. Or even microsoft.xxx. Suddenly, a whole passel of MS lawyers show up at your doorstep, and demand that they get back the microsoft.xxx domain, because, damnit, they own the trademark.

    Guess what? You're going to have to give the name back to MS. The reason is the current interpretation of law. You, as the service provider, are responsible for following the law, and the law states that MS has the right to the microsoft.xxx domains. You have to comply. Sorry, no way out. This isn't just in the US, anymore, since WIPO decided to essentially impliment the US trademark-on-domains philosophy into internation trade law. So you can't move elsewhere.

    Fundamentally, right now the boundaries are set up for what we can and cannot do on our own - certainly, there is a whole lot of room to improve over NSI (and I'm certainly moving my business from them to someone else), but the current legal atmosphere limits what policies you can put in place for domain registration.

    -Erik

    --
    There are always four sides to every story: your side, their side, the truth, and what really happened.
  6. A strange thought... by Restil · · Score: 5

    just occurred to me (probably due to lack of sleep). Imagine that a service similar to internic was established (I could do it, I got a spare 486 around here somewhere) that acts as a root domain server. I point my nameserver at it to feed me addresses. The root nameserver will check its own databases first and if it doesn't find a match, it will then query the internic root domain servers. This would allow me to use microsoft.com or any other domain that has already been taken.

    Obviously, this has limited use when there's only one person using it, but nobody is FORCED to use the primary internic root nameservers like everybody does. A nameserver could use ANY root nameserver it liked.

    Lets say I run a small isp, something around the size of AOL. I set up my nameservers to use the alternate root nameserver (still using the 486 of course). Then I decide that I don't like microsoft (can't think of any reasons at the moment, but I'll worry about that later). I therefore "register" microsoft.com on my root nameserver and now all the 18 million users using my isp will see the NEW microsoft.com. Microsoft still owns microsoft.com. The original microsoft.com site is very much in the same place it always was. Every other user on the internet is able to access it directly. But not my users. My users see a glimmer of a gentler, kinder microsoft. Perhaps a microsoft that promotes linux.

    Microsoft will eventually catch wind of this.... maybe one of their employees prefers my isp over MSN and notices that the microsoft homepage looks funny, and reports it. After several multimillion dollar lawsuits against internic, they'll eventually discover that all my users are not using internic, but a different name service provider. Microsoft is not pleased. They want microsoft.com.

    But they already HAVE microsoft.com, and despite the fact that they are now in debt greater than the US government, internic insists they STILL have it. At least the lawyers are happy. Microsoft attempts to get us to fix our problem, but our name service provider doesn't conform to any federal regulation. Nobody is forced to use my service any more than a user is forced to use windows on a PC. Of course, my 18 million users might start leaving in droves if they discover that I've been deceiving them all along, but then again... an internet without Microsoft... worse things could happen.

    Lets say that all the microsoft lawyers go on a 6 month vacation and therefore microsoft doesnt' press any legal agenda toward reclaiming their domain from us for a while. I decide to set up another top level domain (.mine) for my personal name service. This way, someone can access microsoft.com.mine to get to the microsoft.com that I provide from outside of my isp service. This means that everyone on the internet now can access my domains even if they don't want to use my name service exclusively. (Its starting to look as if I might have to upgrade that 486).

    But why SHOULDN'T they use my name service over internic's? After all, its just as good. So I go out to IRC and spam everyone to change their nameservers to point to the new root name server instead of the internic one. A few might be unwilling, a few might be confused, but the great mass of users will jump at the chance. I can also send out a large number of emails to all the isp's to use my name service instead of internic's. Promote the advanced technology of the 486 over whatever it is that internic is using. Chances are, it won't be too much of a stretch. Once I have a significant portion of the internet using my root domain servers, microsoft will gradually disappear from the web, and nobody would be the wiser. Oh sure, the news will be blasting it out to everyone every hour of every day, but ILOVEYOU and MELISSA were able to spread despite massive news reports, so I can't see how it will make any difference.

    Internic was established to provide a single source of name service and was regulated by the government (to some extent) to provide those names. However, I know of no law which forces me to use them as my root nameserver, nor do I know of any law that forces me to provide customers with internic root name server access.

    I'm sure I'm missing some key points in trademark law which would bite me in the ass before I got too far with this. But someone with the time and the resources could pull this off on a small scale and get away with it for a while and depending on how the laws work wherever that company is..... it might be viable. But with only a single 486.... very VERY slow.

    -Restil

    --
    Play with my webcams and lights here
  7. Already being done by Seqram · · Score: 5

    Try www.name-space.com, an alternate registry with some 500-odd gTLDs already set up. All you have to do is point to their machines as your resolver and you can access the .bicycle, .sex, .shareware, etc. gTLDs. (so if you have that done, they're also www.name.space). Whether that's a good idea or not is something else: they'll let anyone register any gTLD. They're hoping to get enough popular support (people giving out their "new improved" names) that NSI will have to honor their gTLDs; I tend to think that won't happen. But FYI.