Slashdot Mirror
Inside the Rise of the Domain Name System
Greg Huang writes "Looking back, it's almost impossible to believe that for most of the 1990s, a single company, Network Solutions, had a government-issued monopoly on registering domain names on the Internet. And considering how central the company was to the growth of the Web, it's surprising how little of the company's back story — how it got into the domain name business, or who owned it — has been told. Xconomy has an in-depth interview with two former executives from SAIC, the secretive San Diego defense contractor that bought Network Solutions in 1995 for $5 million and sold off the domain registration business in 2000 for billions of dollars."
It's interesting that Network Solution was the only handler for domain registration back in 90's and while there are lots of registrars now, they still work under ICANN. Yeah the usual argument in slashdot is that you could always start your own tld, but nobody is going to support it unless you're high in chain, aka ICANN.
Interesting aspect was a few months ago when EU wanted more freedom from ICANN and its association with US. Currently the internet domain name system is pretty much controlled by one entity, which isn't really the purpose of internet, and its also why Network Solution was taken off the domain registration game as the single player. Monopoly is never good.
Fact is, currently DNS still relies entirely on *one entity*. It goes completely against the distributed structure of the internet.
There was a definite advantage in terms of ICANN enforcement of registrar responsibilities when there was only one registrar. Now that we have hundreds or thousands of registrars, we have all kinds of nonsense going on in blatant violation of registrar accreditation terms and ICANN can't keep up with the problems. Which apparently lead ICANN to their new strategy - nothing. Now we have unscrupulous registrars all over the world selling domains to bogus registration information, making it much more difficult to uncover who is really behind various nefarious acts on the internet (including but by no means limited to spam).
So in the end, the monopoly was indeed broken up, but the consumer lost, and lost big.
Damn_registrars has no butt-hole. Damn_registrars has no use for a butt-hole.
for most industries (consumer electronics), it should be an unregulated or lightly regulated free-for-all. this maximizes consumer value
but there are certain industries where a regulated monopoly makes sense (electricity grids) and competition actually decreases consumer value
and then there is a third category: certain industries where a regulated OLIGOPOLY makes sense (cable) and competition beyond a select few actually decreases consumer value, and at the same time dominance by one player decreases consumer value as well
and i would say that domain names falls into the oligopoly category: there should only be a few domain registrars. choice should be maintained, with all the free market benefits that come with that, but not at the cost of a deluge of seedy anonymous players
intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
You know, I'm not sure some of you people know how the Naming system works. The difference between the Root Zone and some registrars like Network Solutions(at present)are night and day. If you think a single source of accurate data can be distributed between different companies in different nations, you are high. Really, there are so many things you aren't considering that you short start by considering swallowing your tongue. In the end, there can be only one. It's not that they're just so unhip- it's physical reality.
And I would comment further, but I shouldn't because I actually know what I'm talking about.
DNS became self aware at 2:14 am EDT August 29, 1997.
Be afraid, very afraid.
That said, it's time for distributed secure name resolution. Those name servers are just too easily messed with. There are many approaches, mostly used in P2P, from Kad to Freenet.
thegodmovie.com - watch it
Slightly off-topic, but just a reminder: have you patched the BIND security hole yet? If you're running BIND 9 and your server is the master for any domains (including localhost), and you haven't patched this week, one malicious packet can crash your server.
If you have a master nameserver on a private network or behind a firewall, and your public-facing nameservers are all slaves with no master zones at all, you're safe. If your infrastructure is set up like that, except you use rsync over ssh to send updated zone files to your "slaves" but they're actually configured as masters, you're vulnerable. Contrary to what you may have heard, it does not matter whether you use dynamic updates (e.g. from dhcpd) or not.
This firewall rule blocks all dynamic update requests, including the exploit, on recent versions of Linux (but didn't work on any of my DNS servers, because they're all running older distros):
iptables -A INPUT -p udp --dport 53 -j DROP -m u32 --u32 '30>>27&0xF=5'
Of course if you're running djbdns or something else, you can continue to be gleefully smug.
$x='S24;r)>63/* h@<5+oZ)32"5cz';$me='phroggy'x$];
$x=~y+ -xz+\0-Tx+;print$_^chop$me for split'',$x;
Get rid of all the top level domains except for the country ones. No more .com, .net, .edu, .org, and all the stupid new ones recently concocted.
Instead, you just have the country level domains, and allow each country to control their domains the way they see fit. In most countries a domain name would be handled like any other trademark issue.
In the U.S., you'd eliminate domain name squatting since you must show some sort of actual activity to retain a trademark. Buying "Sporf.com" and sitting on it in hopes that a company called "Sporf" will have to buy the domain from you will no longer be a good business model.
Will greedy capitalist evil corporations steal your domain? All you have to do is show that you've actively used the domain (and not just merely have a parking page), and that you've registered your trademark with the correct authorities (something that could be done by the domain registrar where you bought your domain).
In the U.S., domains can be done on a local basis (memphis.tn.us), on a state basis (state.tn.us), or on a national basis (com.us). This way, two local shops called "The Flowerpot" -- one in chicago and one in memphis -- could have the same domain: flowerpot.memphis.tn.us and flowerpot.chicago.il.us. National companies like Apple and Microsoft could get their domains registered as apple.com.us and microsoft.com.us.
The .com domain could become a virtual domain. You type in a company name with a .com suffix, and your browser will search your local area, then the state, and then nationally for a company with that domain prefix. Thus if I live in Memphis and type in "Flowerpot.com", I get flowerpot.memphis.tn.us. If I lived in Chicago, I get flowerpot.chicago.il.us.
This would allow us to get rid of TDL sprawl (.name, .info, .biz, .mobi, etc.) that isn't benefiting anyone but GoDaddym It would eliminate all the sniping the the U.S. controls domains because they'll only control the .us domain. And, it would greatly simplify the whole domain registration process.
I've been on the Internet a long time, so I remember sri-nic.arpa, nic.ddn.mil, rs.internic.net, and even downloading the Internet host address file, with about 8000+ IPs in it. The early organization was very clear about preserving the namespace of domain names for future generations, with base policies (I believe these are all correct, but it might just be 3 out of 4) of:
* The domain name must relate to the purpose of your organization.
* .net is reserved for network infrastructure, .org for only non-profits, .com for commercial (.mil and .edu are still fairly pristine), etc.
* You must establish two nameservers, that must not be on the same subnet, and must already be providing DNS for the requested domain.
* Each requester gets a single domain, the idea being that the requester's entire organization would then be fully served.
Although they weren't really thinking about the upcoming explosion in web use, their thinking certainly allowed for an explosion in *sub* domain names. So instead of lots of ridiculous domains like www.iatemygrandmamovie.com, we might have later seen something like iatemygrandma.movie.com, with some group running a movie.com site, and an easy way to find a bunch of them, instead of the crapshoot we have now.
So where did the corruption set in? Once the idea of charging for a domain name popped up, some bright boy got a gleam in his eye when a company - I think it might have been Proctor and Gamble - violated registration policy by requesting scores of domain names based on ailments (and possibly some body parts). There was a similar polydomain request by some other group around the same time. Both generated a flurry of controversy. And our illustrious registrar suddenly demonstrated its modern, capitalist colors, dumping the past, conservative policies and making its new mission one of simply selling off every possible domain name, in every possible TLD, as fast as possible.
Effectively, they sold out on future generations' needs in an exercise of total, corrupt greed. The registrar flipped on every policy, encouraging multiple registration of domains, flagrantly pushing registration in every possible TLD, dropping the domain server requirement, dropping the relevancy concept, and now even pushing for more TLDs, in order to sell even more completely unnecessary extra domains.
The idea of allowing some company to register thousands of obviously unrelated domains for cybersquatting would have been anathema in the pre-profit days, but Network Solutions just doesn't care. And that ridiculous article completely misses *all* of this.