Slashdot Mirror
ICANN Won't Get DNS Root Servers
daria42 writes "The US Department of Commerce has reversed its original decision on the Internet's root DNS servers, which would have eventually seen them pass into the hands of ICANN. While the original decision would have seen ICANN take full responsibility after it met a number of conditions, the new declaration means Commerce would keep that control, regardless of whether and when those conditions are met. It is possible that some countries could withdraw support from ICANN, and this decision even opens up the gate for a separate DNS system to be established outside the US's control."
ICANN'T even .tel you how bad this news is for the internet community at large. ICANN and the root dns need to Server all ties with the bush administration.
(oh god... I am a horrible person).
with the idiotic patriotic dick waving really...why is the US so afraid to cooperate with international organizations?
What is the reasoning behind this step, apart from making more money for some corporations? Is it really a viable threat that ICANN is some Al-Quaeda offspring organization?
Mod me as you like, but please think at least for a second about what i said.
It takes a man to suffer ignorance and smile
Be yourself no matter what they say
Yeah, the best step would be for ICANN and supporting countries to just donate money to set up alternative root dns servers. Redundancy never hurts, but there is the problem changing the hardcoded ips of root nameservers too (i guess it's inevitable to change those sometimes, so why not start sooner?).
It takes a man to suffer ignorance and smile
Be yourself no matter what they say
And I want a pony.
One line blog. I hear that they're called Twitters now.
From CNN -- "US keeps control over internet computers"
From the Brits -- "US appears to affirm its authority on the internet"
From the Canadians -- "US to control internet traffic"
India -- "US won't cede monopoly on the internet"
Seems like the same story has several different headlines, and to the uniformed eye some of them in conflict (yes. I know you can make the case they're not all that different. But monopoly on the internet it isn't). It would be nice if the people writing the stories understood what a root server was. Might make for a more informed public, you know?
Check out "SarBox And The World Of Tomorrow"
completely wrong. The Root DNS servers are the servers which have the authoritative DNS records. You probably use a ISPs DNS server, which will cache DNS queries. If it doesn't have a DNS lookup it will query DNS servers further up hierachy. The Buck stops with the Root DNS servers.
Don't interact w/ a summarized article. Read the actual statement from the US government. I wish these news sites would link to their sources when they're available.
I'm not really sure what to make of this. I definitely do not think that having the root domains under control by the US government is a good idea, and I also do not think that ICAAN is really up to the task either. I wonder if it might be better to have the root domain servers be distributed throughout the world (run as non-profit organizations, with only minimal fees required to maintain the servers, and executive salaries at these orgs capped).
"Teleporting Rodents with D-Cell Battery Displacement" theory -- IgnoramusMaximus (692000)
And we should just allow people to pick and use whatever IP address they want too.
With IPv6, that may not be so far-fetched.
And I want a pony
Now that's far-fetched. We've already had this discussion...every pony I get for you dies. No more ponies until you learn some responsibility!
____
~ |rip/\/\aster /\/\onkey
This is my thought, too. I am surprised that for something as critical as a root server, that there are not a well distributed (geographically) set of servers. I know that local caching goes a long way to resolve this, but at least spreading them around a bit may help out if any of the major intercontinental links fail, like the recent SME-3 failure which knocked Pakistan off the net.
The problem is that now that the Internet has grown to the size it has, it will take quite a long time for the changed IP addresses to filter through if the root servers get moved. There would be any number of smaller ISPs, specialised applications or even techie home users who poll the root servers occasionally, and who won't bother to update the IP address. Why they are polling the root servers in the first place, and not their local upstream copy, is probably due to a design failure which will require the maintenance of the current root servers to continue operating.
InfoSec that matters, when it counts.
Come on where's the D in DNS if we need central authority... Crypto has gone a long way since! Some authorities could sign pairs of DNS + IPs and have these distributed anywhere. For exemple I could chose to trust organization foo and bar to provide me safe a safe DNS. Requiring coincidence of two unrelated authorities would marginalize the risks of dns poisoning. The authority don't even need bandwith for that, they could be goolgle, yahoo, ibm, gnu, ms etc. As for who decides who gets a domain name, except for specific extensions (gov, countries etc) this should be open to anyone, and basically registering would simply consist in referring one's domain name to major authorities before someone else does.
\u262D = \u5350
http://www.orsn.org/
While it is technically accurate to say that these 13 servers don't really control the internet, it may still be perceived as such from the perspective of the average home user while he/she is using all of their favorite web sites. Most home users don't know what an IP address is, much less what the IP addresses are for all of the sites they use on a regular basis. We're not really using hosts files anymore (thank goodnes for that), so what happens when their cache expires? The "Internet" is broken.
"Teleporting Rodents with D-Cell Battery Displacement" theory -- IgnoramusMaximus (692000)
Well, that's the point - France owns .fr, but it's not a ROOT server.
.com, .fr, .gov, .uk, .org, .ru main DNS servers are located.
ROOT severs are the '.' servers, which manage where the
I see no good reason why the 13 root servers shouldn't be owned by different organisations, one of them by France, one by US, one by China, etc - because currently US Government can pull the plug on the DNS system if they wish so. You can't find something.gov.fr without going through the root servers.
You got it almost right, but it works like this:
...not the other way around. The whole thing starts with the dns servers, they are Archimedes' one (13) fixed points the whole dns revolves around.
The ISP nameserver has a huge cache with a timeout. If a record cannot be found (because it hasn't been cached before or it has been discarded because of the timeout) then it goes to resolve the domain. To resolve the domain, you actually go backwards (from a higher hierarchy to lower), thus:
root -> country level -> domain level
It takes a man to suffer ignorance and smile
Be yourself no matter what they say
While I don't trust ICANN (a group that spends most of their money on law firms) the US has to get a clue. The US is WAY behind in IPv6 adoption (excluding the military). If the US continues to hoard its control of DNS on the IPv4 internet, and simultaneously refuses to adopt IPv6, it will get to watch while the rest of the world migrates to IPv6 and obseletes the US's authority.
Look at this in terms of China's bid to pwned Unocal. (CNOOC is *not* a company, it is a corporate-smelling arm of the Chinese government). Energy is a strategic asset. Now look at all of the credit card information stolen/lost/inappropriately xferred lately. Information is a strategic asset.
Xferring control of Root DNS servers does not necessarily lead to compromise/abuse any more than leaving your credit card lying in a bus station will necessarily lead to your account being, er, misused. Similarly, retaining control does not guarantee security, but why screw with it? Who should take up this burden--the Oil-for-food-United-Nations?
The fact is, the US created the internetworking protocols, and laid the early hardware. Much of the structure is US assets, which the whole rest of the world is free to use.
I, for one, welcome the same old overlords whom at least we [sorry y'all] can vote on. What will you do when CHINA wants to throw a "broadcast flag"-level wrench into things?
Don't trust anyone under thirty.
Everyone who thinks that beuorcrats, politics and technology go well together raise your hands... now please leave. I know the term "Bush Administration" is a trigger for blind hatred and rhetoric on par with "Microsoft", but this isn't a bad thing. The U.S. has managed these DNS servers for 25 years and has kept the process from being political. The U.S. currently has a significant ECONOMIC (forget "security") stake in ensuring that these domain servers are maintained and stable. ICANN or a world political body does not have the same motiviation. They're motivated by making a name for themselves, expanding their country's control over the Internet, retaliating against other governments for non-Internet policy decisions, etc. A solution to having a single government control such an important resource should be found in order to prevent abuse, but that solution must GUARANTEE that we are reducing the potential for abuse of the system, not increasing it.
Then you will be pleased to hear about my new faith-based initiative to hand over management of the internet to church groups. Just to show that this is not one of those wacky christian-right things, we will have a separate top level domain ".heathen" to carry domains with Muslim, Jewish, and Catholic content.
Ask your pastor how you can help.
Think of the children!
...perhaps it's because the "international organizations" we work with, like the UN, can't even keep their word and uphold the tenets of their own charters for things that are much more important than the root servers?
Also, no one said anything about al-Qaeda.
Except you, of course.
But the US believes that the root servers are important enough that they should be under the control and purview of the same entities that have been their stewards in some cases since the literal inception of DNS itself, rather than an organization along with international entities that may not have the same level of experience. This isn't just about "keeping machines patched" or knowing how to run a DNS box. That's the most vanishingly small part of this equation.
Also, it might help to remember that the US, along with its vast military-industrial complex, the Department of Defense and DARPA's investments into pie-in-the-sky technologies, and our massive academic research establishment are what you and the entire fucking world HAS TO THANK for the "internet", and we've already proven that we can manage the root servers and have a secure and well established network of capable contractors, so I think that, given the geometrically increasing importance of the internet to the US and its economy, you're damned straight we have a vested interest in making sure critical internet infrastructure is properly administered (and by "administered", I don't mean from a sysadmin perspective).
And while the corporations with the root server contracts make some money and might not want to see that go away, this decision is NOT for "making more money for some corporations". It's been made for the security of these critical infrastructure pieces. In our own system, we have some accountability and we know it. Even if ICANN meets the DoC-set guidelines, there are no guarantees that its capability and contingencies are better than, or even meet, the capability that already exists in the prevailing arrangement. Why ratchet back from predictability and reliability, and a known set of variables, frankly, to "please" the international community? The "internet", in general, was not an international creation. It was a US creation, the result of a lot of investment and research dollars from the exact entities that no one else would have supported. The fact that it has easily become an exceedingly open international and global tool is a testament to its creators.
I'm starting to get fed up with the anti-US dick waving on slashdot, really...
Mod me as you like, but please think at least for a second about what i said.
As unlikely as it is for me to concede that the US should still do anything for the world good... the root zone should still be run as it has been for the last couple decades. Few, infrequent changes, and very very stable. THat's what matters.
Why do other parties want control of the root zone? So they can bargain with it? Add new TLD's? Give me a break.
The root zone needs to simply run as it is, that's all.
I have long felt that the internet, while created by the US, should evolve into a complete international body. That ICANN should take over all authority of the internet. Unfortunately, this will bring the same level of difficulty as the UN has, but to a lesser degree.
I have long felt that as we evolve, (socially, and politically), the idea that all of the earth will eventually fall under one global gov't will happen. I also feel that this won't happen until long after space travel becomes a normal mundane thing. Systems like the internet, will not only help bring this, but are an essential part of this.
Keeping with that mentality, the internet needs to serve everyone's interest, and to do so, it must be controlled by an open body made up of an international representation.
In other news: US Government to rename ICANN to NOYOUCANNOT
Hmmm witty sig or funny sig? Maybe elitest techy sig!
Um, only two of the 13 root nameservers are controlled by VeriSign. And three are "controlled" by the government. The rest are at academic/research institutions or telecommunications providers, some international.
Four of the 13 are *already international*, and there are servers directly supported by the root server administrators that are all over the world.
A ns.internic.net - VeriSign - Dulles, Virginia, USA
B ns1.isi.edu - ISI - Marina Del Rey, California, USA
C c.psi.net - Cogent - Herndon, Virginia, USA
D terp.umd.edu - University of Maryland - College Park, Maryland, USA
E ns.nasa.gov - NASA - Mountain View, California, USA
F ns.isc.org - ISC - Palo Alto, California, USA
G ns.nic.ddn.mil - U.S. DoD NIC - Vienna, Virginia, USA
H aos.arl.army.mil - U.S. Army Research Lab - Aberdeen Proving Ground, Maryland, USA
I nic.nordu.net - Autonomica - Stockholm
J VeriSign - Dulles, Virginia, USA
K RIPE - London
L ICANN - Los Angeles, California, USA
M WIDE Project - Tokyo
You should probably, you know, take a look at the actual root servers list for a complete rundown, including locations.
The Internets are a strategic resource of the United States. As an American, it would be swell if France just gave away its wine, South Africa its diamonds, or Saudi Arabia its oil. However, the Internets are ours. If you don't like it, compete with us and create your own, but don't whine that we won't just give it away.
Actually the backbone routers are far more of a liability - take down the DNS root servers and caches would keep things ticking over for a few days. Take down a couple of backbone routers and the resulting BGP storm might take down the internet...
American news is worthless--it's just scenes of car chases and celebrities doing dumb things. That's our news. In America, real news only comes from 2 places--public broadcasting (NPR & PBS which the government clearly wants to kill off) and the internet. Yes, we have to go overseas to find out what's happening in our own country. Broadcast flag, National ID, Downing Street Memo--most Americans have no clue what these things are. If the US government wants to control the internet, you can bet it's so that they can control the information that we receive so that they can carry out their agenda with minimal risk of a revolution. There's no tinfoil hat here. This is right out in the open. We're pwned.
(sorry)
Ah, arrogance and stupidity, all in the same package. How efficient of you. -- Londo Mollari
Bring it in with IPv6. If you look at the spec, nameservers *always* have the same IP address no matter where you are or what you're trying to get to. There are 3 IPs which are guaranteed to resolve to a nameserver, even if the nameserver doesn't have that specific IP.
I'm not clear on the details, but I remember that point.
How many people can read hex if only you and dead people can read hex?
And the rest of the world doesn't?
Do you really want China, who sits on the Security Council, making decisions about the internet? Under the control of the USA, the internet has florished, under the control of the UN, it would be strangled.
Look at all the scandels that constantly plague the UN, all the corruption. And you have no say at all in anything the UN does. You want them to control the internet? This isn't dick waving, this is just common sense. If you think anyone in the international community can do a better job than the USA, please, by all means, tell us who you have in mind and why they can do a better job.
And maybe the US is afraid to 'cooperate', as you put it, because we do all the work, spend all the money, and then get screwed by those we 'cooperate' with, when they don't cooperate back. Just look at the Human Rights commission!
Yeah after all, the UN supports Genocide, Dictator's, suppression of free speech, slavery, and is the most corrupt world body in the history of the world!
Yes, why don't we let the UN look after it? Then they can silence all those stories of their soldiers raping children and Koffi Anann taking bribes to help prop up a sadistic dictator who likes to drop people into shredders feet first.
ICANN is nothing more than a beaurocracy that can't do anything but sniff it's own ass and wonder what it sat in. ICANN is ridiculously selfish with its control over the domain industry as it is. I really, REALLY don't want to see them have any more control over it than they already do. Remember, these are the same people who took about 6 years to open the registration process to other registrars besides Network Solutions/Verisign/InterNIC. $35/year down to, in some cases, less than $8.00 almost imediately after they relinquished control.
They wouldn't know a proper business decision if it tossed their collective salad. Believe me, they don't DESERVE more control.
Mike
Inverted Mind: Useless stuff to read when you should be working
http://www.invertedmind.com/
What, the UN that rapes children?? And you want to put them in charge of the root DNS servers? America needs to get over the KofiAddiction and how. I have never seen an International Peace organization allowed to be so frickin' filthy. I would honestly like to know what would happen if it were made public that our soldiers were raping Iraqi children. Or selling them into sex slavery. Have you been to Darfur or Bosnia and seen the conditions of the UN Refugees??? They can't live up to what their charter says they are supposed to do to facilitate peace.
No offense, but the UN needs to pull their head out of the sand, make a complete reformation and revamp the Security Council before they can have *any* more power in the World, developing or otherwise.
Sorry man... the Internet pooped on me.
Root DNS != DNS Registry
.uk, .fr, .to, ...) are generally run by an agency of the country's government, and has total control over the names in their domain. Except for .us, the US government has no power over them. If someone tries to change the root servers to deflect them, it's not hard to set up a few new root servers and point your own resolv.conf files somewhere that uses them.
Good point. And to be a bit more direct, we might point out that it doesn't actually matter all that much who runs "the DNS Root Servers".
After all, the Internet itself (at the network level) doesn't use DNS; it routes entirely on address with no concern for any symbolic names that might be associated with the addresses. If some gang of users wants to set up their own name-to-address mapping scheme, who's to stop them? Who's to even know they're doing it? And how could it impact the current DNS system at all?
In fact, I've taken part in a couple of setups that did this. The purpose was testing some new software, and we didn't want to impact anyone else. So we set up our own set of DNS servers (partly with our own experimental software), and put their addresses in the resolv.conf files of our test setup. It worked just fine. We could debug our software without affecting anyone else at all. When we got it working, we tied it into the public Internet, but I see no reason that we had to do this. We could have kept using it indefinitely as our private DNS system if we'd liked.
I've seen a few claims that there are parts of the Internet that are using their own DNS servers for various reasons. I haven't really investigated, because it's not actually all that interesting an idea. If you understand the Internet at all, you just shrug, say "Why not?" and go about your business.
So, instead of pretending that the US or any other government has total control over "the" DNS system, why don't we discuss the actual alternatives? This would include pointing out that anyone who doesn't like ICANN or the US government or whatever can easily do an end run around them and set up their own DNS system.
In a sense, many countries have already done this. The national domains (.us,
So why all the flamage, when independent DNS servers are so easy?
Am I missing something? Did the independent servers in our test setups do something subtly wrong that we didn't see? Is there some international law against this?
Those who do study history are doomed to stand helplessly by while everyone else repeats it.