When the Internet Nearly Fractured

An anonymous reader writes "The Atlantic has a fascinating, if lengthy, story about a man named Eugene Kashpureff who 'ignited a battle over the future of the global network' by launching a rogue DNS registry in the late '90s. Here's an excerpt: 'He opted to go a step beyond simply registering sites on alternative top-level domains, and hijacked traffic intended for InterNIC.net. He pointed the domain to his own site, where he lodged a note of protest over how the domain name space was being controlled, and then offered visitors the option of continuing on to Network Solution's site. This was, you'll recall, at about the same moment that the federal government was attempting to make the case to the business community, to the world, that this Internet thing was no digital Wild West.'"

Re:So then,

Such a brave, heroic man, to drive his business by committing cache poisoning intercepts.

Re:So then,

[Jordan+(jman)]

From the article: "Splintering DNS forks the Internet so that Internet users might never know where to go to get domains, or what they might get. If they connected to some DNS directories, they might enter Coke.com and get Pepsi. Chaos could ensue. All for what Vixie sees as not a noble question to uphold the free spirit of the Internet but instead a self-serving marketing stunt intended to promote Kashpureff's own business. Some things, writes Vixie, should just work, and DNS is one of them."

I'm with Vixie on this one. You shouldn't jack with one of the fundamentals of the internet.

Re:no digital Wild West

[snookerhog]

the crucial juncture in history is always the juncture of the past and the future, because it is the only place where we can ever change history. personally, I think you missed option 3. All of the above. Right now both 1 and 2 are true and they will continue to battle for the foreseeable future.

Re:So then,

http://en.wikipedia.org/wiki/Alternative_DNS_root

Alternate DNS roots exist today.

Re:So then,

[mcrbids]

I'm with Vixie on this one. You shouldn't jack with one of the fundamentals of the internet.

One of the fundamentals of the Internet is its distributed, peer-based nature. Merely a method of exchanging packets. Surely, having a centralized authoritarian DNS system falls afoul of this basic premise?

Re:So then,

[blair1q]

You should be allowed to do it as long as you don't step on anyone else's TLDs.

The only problem it causes then is that DNS gets less efficient as servers below the TLDs now have to process a lot more information to find out where to send a request for "www.domain.h4xxx0rr3a1m" and the like.

But there's no way that's less efficient overall than the ridiculous bureaucratic and petty-political process needed to get a new tld erected.

And it would, indeed, free the network from the clutches of ICANN, where it should never have been placed following the death of IANA.

Re:So then,

[gad_zuki!]

Yeah we need more loud-mouth self serving businessmen doing asshole tactics to just make a buck. Oh, you thought he was trying to start a charity? How cute.

Re:Wat

[blair1q]

And he totally knew you!

You would sit at the back, never raised your hand, and refused to sign the attendance sheet.

Re:no digital Wild West

[blair1q]

There's really no such thing as freedom or anarchy, but control is real and needs to be dealt with harshly when it becomes onerous.

DNS not inherent

[slimjim8094]

I must admit that I haven't RTFA. But the summary quotation seems to imply that DNS is somehow part of the Internet.

Just to clarify, it's not. The internet sure would be hard to use without the DNS, absolutely. But it's not unthinkable - we'd just be stuck with IP addresses for everything, and there could be no virtual hosting (multiple domains per IP, disambiguated by the Host: field).

But the DNS is really more of a universal agreement. Everybody agrees on who the roots are, and that's that. But there's no technical reason that the roots have to be who they are - hence the altroots described.

But he didn't "fracture" the Internet. That's a stupid statement. The Internet doesn't concern itself with domain names, just routing IPs - the DNS is built on top of that and maps back down to IPs. Were he successful, he would've fractured the DNS. Pain in the ass? Sure. Coke.com could go to Pepsi's site, but http://216.64.210.28/ would still get me to the Coca-Cola website.

The difference matters, because fracturing the Internet is technical (routing), while fracturing the DNS is more of an administrative-bureaucratic-sociopolitical type of thing. Peering disputes can of course be about non-technical things like money, but it breaks at a technical level.

Re:DNS not inherent

[idontgno]

+1 Right on the Money

I commented upthread, so my marvelous modpoints go unused here. Alas.

If you want to talk about fracturing teh intarwebs, these scenarios, and this incident, and this routing-based DDOS, are the ones to discuss. Not multiple DNS roots.

Re:DNS not inherent

[zill]

You know you have a coke addiction when you've memorized coke.com's IP address in case of DNS failures.

Re:DNS not inherent

[slimjim8094]

Well, the Host: HTTP header came long after the DNS. You can define per-machine, sure, and it'll probably work - but that's not the point. The point is that it's automatic. If I already know that these several names map to one IP, everybody might as well just use a subdirectory. It was for sake of argument, I didn't mix them up.

Re:DNS not inherent

[slimjim8094]

The analogy would be the ability to run an arbitrary number of "Internets" over the same copper and fiber, just as you can run multiple DNS over an IP network. But that would require cooperation from everybody involved, whereas I can tell my laptop to be a root and convince people to point to it without any third-party involvement.

So they're not comparable.

Re:DNS not inherent

[russ1337]

I think search (i.e google) would adapt. Everyone would just bookmark 66.102.7.99 (or whatevs) and use that... let google do the rest.

Re:DNS not inherent

[blincoln]

I think you're forgetting things like browser hostname headers and so forth. Knowing the IP of the server a website is hosted on it *not* even close to a guarantee that you'll be able to get to that website. This is especially true with CDNs like Akamai.

Re:DNS not inherent

[Mr.+McGibby]

"But the summary quotation seems to imply that DNS is somehow part of the Internet."

You are of course, missing the entire point. Just because you've defined the "Internet" as the global IP network doesn't mean that that is anything but a purely *technical* definition. No one else uses that technical definition. For most of us, DNS *is* an essential part of how the Internet works. A non-standard DNS system if widely successful (unlike existing alt DNSs) would be a serious problem in terms of people using the internet on a daily basis. If it happened years ago, we might be looking at a significantly different global network today. One that might very well be fractured.

When it comes the success of the Internet as a global network, DNS is much more than simple phone book. Yes, maybe that's what it is technically, but IP addresses are not phone numbers since no normal person on the internet knows or cares what that is. People memorize (or used to) phone numbers. They don't do that with IP addresses. Admins know this and use it to their advantage. Your cavalier dismissal of virtual hosts shows that you really don't know what you're talking about.

Re:DNS not inherent

[Pharmboy]

Actually, you make a very good point. One point though, for all intent and purposes, people bookmark the title of a page, not the domain name, so their bookmarks would be just as usable as they are now, including the ability to change the name of the bookmark. In that scenario, Yahoo and others might have had a stranglehold on search before Google was even started, and Microsoft *might* have gotten serious earlier in the game. Or not at all in time. We would be looking at a completely different scene in search, although there is no telling what it would have looked like. Too many variables.

Another point that just struck my mind is the fact that there would be no domain squatting. Spam would be likely be somewhat more difficult to do (for lots of not obvious reasons), and commercialization might have been a bit slower due to the "less usable" nature of the internet. The hosting business would look and be configured differently, but would be just as viable. No real limit to how many IPs you can run to one box via aliasing, after all. Prices would be a little higher as each host requires one IP address or more.

One other point: We would have run out of IPV4 space a long time ago, and been forced to move to IPV6, likely in the 2000-2003 range. Maybe earlier. This would have been easier because technically the internet was smaller at the time, if you consider the actual number of hosts facing outwards would have equaled the number of IP4 addresses, instead of being much higher as it is now.

In many ways, the internet might have been a better place, ironically.

Re:DNS not inherent

[slimjim8094]

I didn't dismiss virtual hosts, quite the contrary. My point was that you can serve websites without it (as the two comments mentioning /etc/hosts point out).

Perhaps you've missed the point, or perhaps I wasn't clear enough about the thrust of my post. I wasn't saying "we don't need the DNS", or that for all but the most technical of reasons it *is* part of the Internet. But breaking or otherwise fussing with the DNS is not a technical issue, and can't be fixed with a technical solution. It's, as I think we agree, a human matter of agreeing that these policies or features or whatever of these roots are more worthwhile than those roots.

You can't fix DNS broken in that way with a patch, or fancy routing tricks. TFA doesn't exactly make that claim, but it's an important distinction nonetheless. For example, the problem of spam: is it a technical one, a legal one, or a social one? There's a case to be made for any or all of them, but you can't "fix" it without figuring out from which angle to address it. So it goes for the altroots - you can't "fix" it by fiddling with some configurations, you fix it by removing the impetus for its creation or keep it a fringe effort by marginalizing its importance.

It's a question of nuance, like so many other important issues. Without understanding the real intricacies of a system, how can anybody hope to improve it? The distinction between the DNS and the Internet matters, whether you think it's relevant or not.

Re:DNS not inherent

[russ1337]

Building on that,...... search could actually resolve (in a DNS way) IVP6 when segments of the network dont support it. Think of google being the 'portal' that IPV4 users use to access the IPV6 internet.....

Re:DNS not inherent

[a+whoabot]

How would an alternative DNS becoming more commonplace necessarily, or likely, be a "serious problem"? I just do not see it. To note, I disagree with how the distribution of domain names is determined with regards to ICANN-linked registrars (it's not "first come, first served", by the way, or else PETA would not have peta.org*), so on that ground alone I support and use alternative DNS.**

I don't see this demand that one not use an alternative DNS much different from the demand that one use only a standards-compliant browser. No thanks -- I'll display the content the way I want it to display, not the way the content-maker wants. If you want me to read your page with red Comic sans faced text on a yellow background, I'm sorry, I'm going to have to disappoint you and display that as black Times New Roman on white. I know that breaks CSS standards and all, but I'd rather my browser break with standards and display things the way I want rather than the other way around..

*The courts ruled that the original peta.org was not a parody, because the address "peta.org" has only the pretense, and does not make it clear that it is a parody, while this does not occur "simultaneously" with the content, which makes it clear that it is a parody. By this reasoning A Modest Proposal is not parody, because the title has only the pretense.

**I guess you could say that the same courts could all the same take part in determining name distribution for an alternative DNS, but I at least hold hope they would see by then how ridiculous it is -- the system is just one of many and people can take it or leave it, or else you might as well take people to court for modifying their hosts files. Then again, why they can't see that for the case of ICANN-DNS makes that hope somewhat tenuous.

Re:DNS not inherent

[Kagetsuki]

You obviously didn't need to read the article because your statement is entirely accurate. May I also add that there have, and still are alternative name systems. I doubt any of them are going to become more popular than DNS, and most of them are against regulation in the first place (the name systems in darknets for example) so DNS is here to stay - but there could be, and in a way already is an internet without DNS.

Re:DNS not inherent

[JWSmythe]

    Well, it would fracture the "Internet" as we know it.

    If it were commonly accepted to decide that you wanted your own NIC, and could go make your own, that would make things very difficult for the common users.

    Consider this. I, owner of JWSmytheNIC, inc, llc, gmbh, ei, ei, o, would obviously use my own NIC, and ignore all those other silly ones, even that one that seems fairly popular, headed by some group known as ICANN. Users of AOL and CompuServe can only reach sites registered with AOLNIC. Users in Russia and China automatically have their DNS requests forced to CommunistNIC.

    Now, we're all sitting on the same numbered Internet, and sure you can reach me at 244.223.142.19. But what about the folks wanting to go to Slashdot.org? Which NIC did they register with? Or, did they pay for some, and someone got the same name on others. Things would devolve rapidly to the point where we were all using handmade hosts files. But that's ok, we can download our master hosts file from internic.net . oh.

Re:So then,

[idontgno]

Aaah, kids.

DNS was a convenience tacked onto the robust, distributed, multi-path peer-based nature of IP. If we were willing to fall back to hand-wrangling 4,000-line HOSTS files like I used to back in 1983, I'm sure we could all be the rugged individualists.

DNS is a trade-off: network-wide consistency for autonomy. With DNS, you have to ask somebody how to get to http://slashdot.org/. That somebody should be someone you trust. But for now, there's only one "someone". If there were multiple "someone"s, the net would fragment, and that's inconvenient. So there'd be a meta-somebody who can bring all the fragmented parts together, like a super-DNS that points to all the individual DNS roots. But that just recreates the "authoritarian DNS system" problem, one level higher.

The broader Internet became less about "distributed, peer-based", robust communication and more about convenient and seamless communication at just about the dawn of Eternal September, and we network old-timers have never forgiven you AOL'ers for ruining our network.

Summarizing the Internet communities' reaction

[RevWaldo]

"When all this is over, we want this guy to get a medal. Then we want him locked up."

.

Governments will cause the future split in DNS.

[2bfree]

With corporate interests pushing governments to use domain name forfeitures to punish people/groups it finds threatening to their interests, it will cause people to create new name services.

Re:no digital Wild West

[rufty_tufty]

If it were the ultimate tool for "freedom and anarchy" would that be a good thing for society?
Imagine if you couldn't trust the data on wikipedia
Or if your bank account access could be spoofed
Or your emails could be read by anyone
Or even a reputable site by a known firm with a reputation to protect would use online tools to deceive
What if lone individuals could topple governments and cause international diplomatic incidents?

How much worse a place would the world be then? I think you'd have serious problems in that scenario. No I think that for any one faction in this to win would be to the detriment of us all.

He hacked people's servers

[mbone]

He hacked people's servers (including some belonging to the DOD) and went to jail for it. When I pointed out that my non-hacked DNS servers couldn't see the Alternic domains, he hacked those too.

For some reason, top level domains have the ability to bring out the crazies. It happened in the late 1990's, and it's happening again (e.g., with .music).

Re:He hacked people's servers

[rs79]

"He hacked people's servers (including some belonging to the DOD) and went to jail for it. When I pointed out that my non-hacked DNS servers couldn't see the Alternic domains, he hacked those too."

Rubbish. He just exploited a bug in BIND where it believed anythng anyone told it. The trick was, he sent you mail. If you sent him mail back your system would do an mx record lookip for alternic.net, and his system would return not only the mx you asked for but an A record for internic.net (pointing to alternic.net) which bind cheerfully accepted. this is about the time Bernstein either began writing or released djbdns which DID'NT do this, it would only trust answers about internic.net from internic.net, not anybody that said they were or felt like it.

So he didn't hack any body's servers. you trusted information you got from the from the wrong place due to a well known bug in bind.

the great irony in all this is nobody will scream about kashpureff more than, say, vixie, but it was he that did the same thing when he convinced postel to tell the other roots to slave from IANA and not NSI (which magaziner ordered jon to undo real quick, and he did)

those were weird days but you have to keep in mind this never prevented anyone from say checking their mail on yahoo. the net is actually remarkably resiliant.

Re:So then,

[bjourne]

DNS is a trade-off: network-wide consistency for autonomy. With DNS, you have to ask somebody how to get to http://slashdot.org/ [slashdot.org]. That somebody should be someone you trust. But for now, there's only one "someone". If there were multiple "someone"s, the net would fragment, and that's inconvenient. So there'd be a meta-somebody who can bring all the fragmented parts together, like a super-DNS that points to all the individual DNS roots. But that just recreates the "authoritarian DNS system" problem, one level higher.

It is not either or. Theoretically you could resolve addresses by asking a number of different independent name servers and go with the majority opinion. Similar to how ntp works. It would make name resolving a much more complicated process, but is is a logical solution if (or rather when) governments starts interfering with the root dns server.

Re:So then,

Isn't jacking off one of the fundamentals of the internet?

Re:So then,

No, we don't. He's not a good or nice person. Quite the opposite, in fact.
I had the dubious honor of learning DNS from him many moons ago. He's an opportunist who doesn't care who he runs over in the pursuit of his own agenda.

Re:So then,

[Kwelstr]

"and we network old-timers have never forgiven you AOL'ers for ruining our network." Amen!

Re: 4,000-line HOSTS Mine is 19,046 long.

[idontgno]

I suspect it's 19,045 lines of random advertising domains pointed at 127.0.0.1, plus your own hostname pointing to 127.0.0.1 also. But yes, it's much longer. Much much longer. You win the HOSTS epeen contest, as long as "functional" isn't a criterion.

Re:no digital Wild West

[Mister+Whirly]

Strangely enough, things like communicating, banking, finding information, sending messages to others, etc. all used to happen before the internet, and if necessary, could continue happening without the internet.

Re:So then,

[VGPowerlord]

One of the fundamentals of the Internet is its distributed, peer-based nature. Merely a method of exchanging packets. Surely, having a centralized authoritarian DNS system falls afoul of this basic premise?

No offense, but you're wrong.

The Internet is a collection of smaller networks with addressing assigned from a central authority to prevent address conflicts.

Note, that was referring to IP address assignments, but DNS is a natural extension of that.

Re:So then,

[icebike]

From the article: "Splintering DNS forks the Internet so that Internet users might never know where to go to get domains, or what they might get. If they connected to some DNS directories, they might enter Coke.com and get Pepsi. Chaos could ensue. All for what Vixie sees as not a noble question to uphold the free spirit of the Internet but instead a self-serving marketing stunt intended to promote Kashpureff's own business. Some things, writes Vixie, should just work, and DNS is one of them."

I'm with Vixie on this one. You shouldn't jack with one of the fundamentals of the internet.

What you should or shouldn't do is all fine and dandy. Gentlemen do not read other Gentlemen's mail, and all that.

The fact that it could be done and was done so easily is something only a fool would ignore and hand waive away.
Self serving stunt? Was there any clear and viable intent to profit? No. He knew the powers that be would have
to act. His was an act of digital civil disobedience, which resulted (after far too long) in measures to prevent
the hijacking.

DNS is broken

[Colin+Smith]

We outgrew hosts files.

We've outgrown DNS as well.

Take a look at .COM for example. DNS is now basically flat, despite the original intent. .COM is a great big flat hosts table.

DNS is an attempt to categorise networks, companies, services etc. .COM for commercial, .US for American, .ORG for non profit organisations, .PRO for professionals (LOL). The problem is it's hierarchical, and categorising all the people, services, networks companies in the world doesn't work in a hierarchy. I need to be in .DE, .PRO, .NAME, .CO.UK etc. Duplication of information. People have just decided to use .COM instead and include some keywords in the name. It's simpler.

Naming, classification is relational rather than hierarchical. We need a replacement name resolution service. DNS will continue to creak under the inappropriate uses we put it to day.
 

Re:DNS is broken

[LWATCDR]

.mil .gov and .edu do still seem to work probably because they are controlled The .US .UK seem to be marginal. Here is a question are the national tags assumed? So that there can be a Yahoo.com in say the US and the UK? If you are in the US and type Yahoo.com it goes to Yahoo.com.US and if you are in the UK it goes to Yahoo.com.UK?
Just wondering because I take DNS for granted.

Re:DNS is broken

[hyfe]

Take a look at .COM for example. DNS is now basically flat, despite the original intent

Well, being Amercan you're missing half the web :)

All the different native language sites out there are hiding under .no, .sp, .de etc, and there really is quite a lot of them. About half the websites I visit are from .no, so I think it's more a matter of saying what language they use and where they do business. Basically, I think the American companies messed up, while the rest are behaving themselves... but given your view of the world that's hardly surprising (ever considered inviting other countries to the world series of baseball?)

Re:DNS is broken

[bill_mcgonigle]

Naming, classification is relational rather than hierarchical. We need a replacement name resolution service. DNS will continue to creak under the inappropriate uses we put it to day.

And, of course, DNS was never envisioned as something masses of end users would deal with. Something like Google is more in line with the original thinking.

Re:DNS is broken

[Colin+Smith]

I'm a Scot living in Germany.

And .DE is broken in exactly the same way as .COM for the same reason. .DE is simply the flat German national hosts file... Everything German.

 

Re:DNS is broken

[rs79]

"And, of course, DNS was never envisioned as something masses of end users would deal with. Something like Google is more in line with the original thinking."

Define "user".

BIND got its start when Brian Reid a the Digitial Western Research Center in Palo Alto (DECWRL) paid Paul Vixie to take the Berkely b-tree code and make it into a "professional product" which he did.

In 1997 Brian said to me "I feel like a dork paying for my domain names but I don't know what to do about it".

So, it sorta depends on the "user".

Re:DNS is broken

[snspdaarf]

(ever considered inviting other countries to the world series of baseball?)

No.

Canada occasionally crashes the party, but they bring Labatt's with them, so it's ok.

Re:DNS is broken

[socsoc]

Someone in the UK typing yahoo.com will get resolved to the IP they've designed for .com. Yahoo's webservers at that point may redirect based on a (fallible) geoip to .co.uk. It doesn't really have to do directly to DNS.

Re:DNS is broken

[phoenix_rizzen]

Yeah, it's really annoying when existing companies, with existing domains, register new domains for new products, instead of just creating sub-domains.

Do we really need a separate website for each movie that comes out? Why not just .movies.com?

Do we really need a new website each year for athletics? Why not just ..?

Sure, eventually, you could end up with super-long FQDNs, but it would certainly be nicer to work with on the back-end.

Re:DNS is broken

[phoenix_rizzen]

Grrr, stupid slashdot removing everything between angle brackets.

The should read (moviename).movies.com.

And (year).(event).(whatever).

Re:DNS is broken

[LWATCDR]

that was what I thought. Too bad really but you could have a huge mess otherwise.

Re:DNS is broken

[jawtheshark]

Which was the intended way? Are you suggesting, it should have .com.de, org.de, etc...? That's fine with me, but the County TLDs are exactly used as intended: to be a set of hosts associated with Germany, which is as you bluntly put it a "flat German national hosts file". However, Germany does have the power to say "enough is enough, companies go under .com.de, non-profits under .org.de, healthcare under .medizin.de, personal people under .person.de, etc, etc, etc..." Nobody stops them from doing such a thing.

There is a problem with this: DNS, as it is, has been conceived by people who would have been slashdot-dwellers. It's a hierarchical system and we do very well with hierarchical systems. A while ago, there was this poll here on slashdot about how people (here) organize their files. The good old directory structure was still the winner. Have you ever seen the home directory of normal users? They do not categorize much. It's all in one dump and if Microsoft (or someone else, I don't want to give them credit) hadn't split up the "Documents", "Photos", ... structure, it would all be one big mess.

Fact is: most non-nerds have a really hard time classifying and TLDs are nothing more that the first node of a hierarchical system. If you don't think in a hierarchical way, it's as far as you go.

I'll give you a example: Assume you need an manuals of echography instruments, made by General Electric Germany. I'd construct something like manuals.echografie.medizin.ge.com.de. Several things: I used the german spelling of echography and medical on purpose. After all we're in the "de" category, you'd expect german spelling. Technically, you should invert com/de, because it's a multinational corporation (.com) operating in Germany. I'm perhaps being too strict with manuals, perhaps it should be documents... As you see, starting to overdo it in hierarchy, makes it unusable, because the person doing the categorizing, will most certainly not "think" the same way as the end user. (Again, the end-user is already having a hard time with the concept of categorizing).

There is a reason we computer geeks think of trees as mathematical constructs, whereas normal people think of large plants. (Obligatory)

.

Re: 4,000-line HOSTS Mine is 19,046 long.

[icebike]

>>> 4,000-line HOSTS files like I used to back in 1983,

Size Matters

Mine is 19,046 long.

Right, and any reasonably useful hosts file would several orders of magnitude larger and take several seconds to parse on the fastest of machines.

The assumption that we could do without DNS is ludicrous in this day and age. That the GP would suggest this on the same site that has been singing the praises of IPV6 after the exhaustion of IPV4 is totally asinine.

Yes there can be (and there are) alternative DNS roots, you could choose to use. But the suggestion we revert to hosts files for anything but the tiny specialized networks is useful as suggesting we all direct dial the New York Times to have the news read to us each morning.

Re:So then,

[GaryOlson]

Yes, an authoritative central DNS is counter to the basic premise of the Internet. But, if a centralized naming source does not exist, in order to defend Trademarks, companies would need to spend more money finding all DNS names on all DNS registries to prove in court they were defending their trademark. Far cheaper to use political contributions and power to ensure only a single controllable Domain Name Service exists.

Thus we see the effect of the increasing implementation of business needs over community needs on the Internet.

A little perspective

[sjames]

It's important to remember that when he did this, he was essentially fighting against the mandated monopoly on domain registration held by Network Solutions. At that time, the domain registration process had all the speed efficiency, charm, and conscientiousness as the DMV on a bad day. Meanwhile, we had several prominant cases where exceptions were made to the first come first served policy to give privately held domain names to corporations that want them even when their trademark was newer than the original registration.

At the height of that Kashpureff partially hijacked DNS for a little bit to raise awareness of alternatives.

The issues from then were partially addressed by opening up competition in domain registration and further by regulating the dirtier practices of registrars.

Re:A little perspective

[tomhudson]

I remember sending Network Solutions $145 just to register ONE domain back in January of 1996. And it took weeks to process.

Contrast that to $8 today, and same-day propagation.

Demonstrating that an alternate DNS system was even possible was important. If NetSol had continued with their monopoly, we'd probably be paying $500 a domain today.

Re:A little perspective

[thomst]

At the height of that Kashpureff partially hijacked DNS for a little bit to raise awareness of alternatives.

The issues from then were partially addressed by opening up competition in domain registration and further by regulating the dirtier practices of registrars.

Kashpureff is an asshole. He didn't "partially hijack" DNS "for a little bit" to raise anything other than his bank balance.

I wrote about the transition to what eventually became ICANN in 1997 (see paragraph 6 for Kashpureff's "contribution" to this process). Charging a fee for registrations in the bogus TLDs he "owned" was not the act of a revolutionary - it is the scheme of a buccaneer, pure and simple.

Nor was he the only malefactor. Karl Denninger of MCSNet, who asserted ownership of .BIZ and Christopher Ambler of Image Online Design both attempted to start "alternative" registries, and Ambler tried to flim-flam IANA into legitimizing his attempted namespace land-grab by slipping an envelope containing a $1,000 check into a folder of documents he gave Bill Manning of IANA at the end of a meeting, and subsequently claiming that Manning accepted it as a deposit on his application to start an "experimental registry". (This is Manning's version of the incident - Ambler's, unsurprisingly, differs. I, personally, believe Manning, who had no personal financial stake in the proposal, one way or the other.)

I will also say that, as someone who closely monitored (and occasionally contributed to) the iahc-discuss list, Kashpureff was one of the most combative and least concilliatory members of that list - although there was plenty of flame to go around on all sides of every issue discussed.

Re:A little perspective

[metamatic]

It's important to remember that when he did this, he was essentially fighting against the mandated monopoly on domain registration held by Network Solutions. At that time, the domain registration process had all the speed efficiency, charm, and conscientiousness as the DMV on a bad day.

Still does, if you get your domains from Network Solutions.

Re:A little perspective

[sjames]

Nobody claims that he didn't hope to make some money, a lot of people do, that's no crime. If he wanted to charge money to register domains on his alternate DNS, that's no crime either. He didn't claim it was anything other than what it was. I'm pretty sure he's never been accused of being a diplomat.

Hacking the root servers WAS a crime and he paid for that. However, it wasn't JUST about making a profit, he was well justified in being upset with the way NetSol got the special treatment while doing such a miserable job of it. Practically everyone on the net that dealt with domain name registrations despised NetSol by that time. Most ranked it somewhere between dead skunk and plague carrier for desirability to spend time with. It was hard not to be at least a bit sympathetic to anyone who fired a shot across NetSol's bow.

Note how to this day there are still concerns that DNS is a bit too centralized for comfort. It was hardly a spurious opinion or a simple ploy to grab some cash. It was a real issue then and still hasn't been fully resolved today.

Re:A little perspective

[thomst]

Once again Tom Starck writes about something he was tangentially aware of and gets it wrong

Once again, "Dick" Sexton manages to spell my name wrong.

I think that's all that needs to be said about HIS attention to detail.

Re:no digital Wild West

[fmobus]

> If it were the ultimate tool for "freedom and anarchy" would that be a good thing for society?

In my opinion: fuck yeah.

> Imagine if you couldn't trust the data on wikipedia

Do you trust it right now? Would you use it for mission-critical tasks?

The very premise of wikipedia is write-openness. Everyone using it should have that in mind and exercise common sense when reading informations there. If anything, it should remind us that every piece of written information published in our society may have bias or may be factually wrong. Even the most respected houses of publishing have their agendas. In my opinion, Wikipedia is upfront about its "vulnerability" and, therefore, people read it more critically than traditional media.

> Or if your bank account access could be spoofed
> Or your emails could be read by anyone

These cases are solved by digital encryption, specifically, one that is not plagued with backdoors. In the "social control" version of the Internet, we'd either be denied the right to encrypt, or the encryption mechanisms would have backdoors mandated by the governments. It follows that in the "anarchy and freedom" version of the Internet, where there is non-backdoor encryption, spoofings and eavesdropping would not occur.

It is important to note that, right now, we are closer to social control extreme on this subject, seeing as our encryption models rely on authorities supposed honest (the certificate authorities). A sufficiently powerful government could influence CAs on collaborating in spoofings and eavesdropping activities. We cannot observe this signing process - right now, we simply assume CAs are to be trusted, because we feel that governments haven't sunk so low in the social control measure. Should social control show its ugly face in the future, the only way we could achieve real secrecy and authenticity of communications would be having the sender and the receiver directly exchange public keys - preferably in person. By any metric, this is impractical, and could seriously hamper commercial usage of the network.

> Or even a reputable site by a known firm with a reputation to protect would use online tools to deceive

Yes, that indeed is a problem on the "anarchy and freedom" version of Internet. But how, exactly, does the "social control" version address this problem?

> What if lone individuals could topple governments and cause international diplomatic incidents?

So, we should suppress any speech that rats out illegal or inhuman actions to avoid embarassing governments? If a lone individual is aware and has evidence a government is doing something wrong, it is his duty to expose it. It does not matter if there are multiple nations involved. A perfect example of this would be e
extraordinary renditions, waterboarding, Abu Grahib and yes, the cablegate. The more government critters are afraid of being exposed, the better they will behave, and the more the people have control over their leaders.

--
Human societies were built upon the trust of individuals between each other. Problem is, the larger a group of people gets, the less we appreciate the externalities that our actions inflict upon others. We trust governments, far away as they are from our daily reality, to care for problems we are not specialized enough nor able to care. This trust depends on there being good checks and balances; social control of Internet is a weapon too powerful to be satisfactorily checked.

Re:So then,

[toejam13]

One problem that a lot of people have is that "one somebody" is the same for the world. You don't have a root.hints file broken down per country TLD. And even then, somebody has to maintain the root.hints file.

The other major problem is with the use of the .com, .edu, .net and .org TLDs. The United States never transitioned away from those domains in favor of its own .us TLD. As a result, the majority of organizations in the United States continue to use them. It wouldn't really be an issue except that organizations from around the world like to use them, too. So, are they de-facto extensions of the .us TLD, or are they extensions of a .world TLD?

So, if a root.hints file was created with a hint for each TLD, who would control the big four? An entity of (or delegated by) the US government, or an international entity such as the ITU? If it was the latter, how many US companies would rush to move their primary domains under a .us TLD?

Re:no digital Wild West

[Literaphile]

I think you missed the joke.

Re:no digital Wild West

[fmobus]

Well, I've seen so many otherwise knowledgeable people endorse government control over the internet that is kinda hard to notice jokes on this subject.

TL;DR Generation

[xdroop]

I am astounded both that a three-page article is described as "lengthy", and that the first (and only comment displayed to me currently) starts out:

I must admit that I haven't RTFA.

I guess if it is longer than a tweet, it's too long.

Re:TL;DR Generation

[KingAlanI]

I'm also pissed off about that, when various forum people freak out about me posting a few hundred to a couple thousand words, about something remotely complex - it's not a doctoral dissertation, for Christ's sake!

Re:TL;DR Generation

[evilviper]

Blame /. Articles have become so prolific and quality so rare that it's no longer worthwhile to read most of it.

Re:TL;DR Generation

[identity0]

Heh, on a related note: I just picked up a book called "Cultures of War" by John Dower, a historian who's most famous for a book about the occupation of postwar Japan. Apparently all the comparisons people made to Japan and Germany during the start of the Iraq war made him look into the Iraq war and the planning that went into it.

"Researchers accustomed to sifting through the old-fashioned typescript and carbon-copy documents of World War II era encounter a conspicuous time warp when it comes to the fragmentary accessible documentation of planning "regime change" in Iraq. There are indeed cogent reports and papers. There is also an addiction to "bullet point" list making that reflects both the technical advances of a PowerPoint age and the scattershot thinking that too often accompanies this, confusing inventories of discrete "points" and queries with careful deliberation and clear conclusions. Lists, memos, working papers, and endless rounds of PowerPoint and slide presentations do not in themselves consititute coherent policy formulation."

I guess it's true even in the White House.

Re:TL;DR Generation

[KingAlanI]

yeah, some things can't and shouldn't be super-condensed; that sure seems like one of 'em.

Re:So then,

[TaoPhoenix]

"So there'd be a meta-somebody who can bring all the fragmented parts together, like a super-DNS that points to all the individual DNS roots. But that just recreates the "authoritarian DNS system" problem, one level higher."

It's just Turtles all the way up.

I wondered if this was going to be about AlterNic

[andrewagill]

And then it was. True story.

@xdroop

[EricWright]

tl;dr pls sum.<=140 char

Re:So then,

[chrisgeleven]

That would slow down DNS queries significantly having to run multiple checks against nameservers. That would be a great way to slow down the Internet.

Bullshit

[Lord+Bitman]

a "fractured internet" is bad for the network, so if it ever came to that it would just mean typing:
tech.slashdot.org.internic

if you wanted to ensure you were being unambiguous. It really would not have been the end of the world.

Re:Bullshit

[knorthern+knight]

> a "fractured internet" is bad for the network, so if it ever
> came to that it would just mean typing:
> tech.slashdot.org.internic

Not even that. Simply point /etc/resolv.conf at a DNS server you trust, which is part of a group you trust. That's already happening today. effing greedy big ISPs are hijacking NXDOMAIN results, and people are switching their DNS to OpenDNS or Google

Re:Bullshit

[lwsimon]

Yep - all of my devices use OpenDNS, after a local ISP hijacked both Google searches from browser toolbars and dead domains.

Re: 4,000-line HOSTS Mine is 19,046 long.

[HomelessInLaJolla]

Right, and any reasonably useful hosts file would several orders of magnitude larger and take several seconds to parse on the fastest of machines.

Has anyone else considered that to be the problem with ldd--the dynamically linked library index system?

Re:So then,

[blackdropbear]

and we network old-timers have never forgiven you AOL'ers for ruining our network.

Oh how I wish we could go back to the days where AOL'ers were subject to being banned for being to dumb to connect rather than thinking it is their right to have the internet.

I remember alternative dns roots!

[bitflusher]

i totally forgot! they were fun ... for two days. really it was supposed to be a revolution/ riot thing. but i think it was so little of a nucance ot had virtually no impact. nothink like cutting internet for an entire country(a nucance that luckyly backfired spectacularly).

Re:So then,

[rs79]

"and we network old-timers have never forgiven you AOL'ers for ruining our network."
Amen!

Feh. I still haven't forgiven the tcp/ip assholes from wrecking the nice uucp administration and routes we'd got. It just worked (really) and nobody had to pay $x/yr to so-and-so to make it work. We made it work please and thank you very much.

Also, " If there were multiple "someone"s, the net would fragment, and that's inconvenient." - Ah! Fear, uncertainty and doubt.

This is actually factually incorrect, in the day there were a dozen root server networks, not just the legacy US government one. Alternic was just the first. Point is though, if they're out of sync they're completely useless so saying "if could fragment" is like saying "that server could go down". Uh, yeah, that's a bad thing and needs to be fixed before it's usable.

And in fact the only time the net ever had a collision in TLD-space was when ICANN gave .biz to somebody else, despite it being run 6 years continually and promoted actively by somebody else giving us the irony that the organization charged with keeping the dns "stable" has been the only destabilizing force in the history of dns. You can make up all the reasons why the current .biz poeple should have it, but traditionally when you deploy something on the net it pretty much stays there, it's unusual to some have somebody come along and go "yeah, real nice all this you built here. we're giving it to somebody else" and any excuse the current owners have is imo just bullshit rationalization.

But then this is an industry based on theft, keep in mind Sun was started by the commission of a federal crime when a bunch of gear was pilfered from stanford, and there's always the "gosh what happened to the core servers" in the pre-icann days. So I'm not surprised, but it all does make me throw up in my mouth a little bit.

Disclaimer: i'm the blond in the pic in TFA.

Re:So then,

[rs79]

no, in an n-way mesh each node can verify against each other. in the degenerate case where they're all wrong, you'll know pretty fast, trust me. btdt. works fine.

Re:So then,

[KhabaLox]

Ahh... the dawn of Eternal September, when I lost my virginity, matriculated into college and used Mosaic for the first time. Life was certainly never the same afterwards.

Re:So then,

[rs79]

"No offense, but you're wrong.

The Internet is a collection of smaller networks with addressing assigned from a central authority to prevent address conflicts.

Note, that was referring to IP address assignments, but DNS is a natural extension of that."

Sure, lets bet the network and billions of dollars on this idea. What could possibly go wrong? Oh, what's that you say, an Iranian cleric doesn't like the domain name you picked? sorry, bzzzzzt. or what's that? A fijian company has a trademark on something and a company in san jose can't use that domain name even though it's free because of prior ip rights? bzzzzzzzt, you lose gain.

used to be, kids, before "they" were in charge, you'd publish the name and begin using it. look at uucp maps, or usenet newsgroup names or any of the other legacy network lists of names. there's nothing special about dns that needs a (purportedly) "open and transparent" organization using a "multi stakeholder model" (that the fcc recently flat out said just doesn't work and won't use it) to administer names of nodes on the work.

ending on a joke: what wold happen to the network if a nuke took out ICANN and all it's staffers?

nothing. seriously.

Re:So then,

[snspdaarf]

Yes, with Cheetos in one hand and Mountain Dew in the oth.. wait....

Re: 4,000-line HOSTS Mine is 19,046 long.

[Alrescha]

"Right, and any reasonably useful hosts file would several orders of magnitude larger and take several seconds to parse on the fastest of machines."

I dunno, once you remove the spam, the seo sites, the scraper farms, and the virus hosts, I bet there's only a few hundred sites that anyone would actually *want* to go to...

A.

Re:So then,

[socsoc]

It's become so muddled, does it even matter? As a yank I've seen a few recent commercials advertising .co (GoDaddy is one, did it in the SuperBowl) and .tv has always been popular too. Many (American) people don't understand and I had to explain .co wasn't a typo. In addition to your points about global companies, with all these attempts at being clever on country tlds, it's very blurred.

Re: 4,000-line HOSTS Mine is 19,046 long.

[jonbryce]

There is however almost certainly a lot more than 100 email domains that people want to send emails to. The internet is more than just the www.

Funny mods deserved, but...

[KingAlanI]

The funny mods seem deserved, but this seems like the little detail you'd look up specifically for purposes of giving it as an example.

ICANN power-grab caused lots of damage.

[billstewart]

As far as I could tell from the outside, the big objective of ICANN was to give the Trademark Gods more control over the domain-name process than they were going to get through the IAHC, and to prevent new top-level domains from happening, and I was already annoyed at the IAHC for being too subservient to the Trademark Gods. The big issues for me were getting more gTLDs created and making sure that the domain name process could preserve privacy, while the IAHC had pretty much agreed that you wouldn't be able to get a domain name without providing your True Name and ICBM\\\\Lawsuit Address.

Unlike some people, I didn't mind that the Ad-Hoc Committee's first seven domain names were pretty lame and boring - it's a process the world only gets to do once, so it's a lot better to practice it on namespaces nobody cares much about like .FIRM and .NOM, so they can do the job right for more valuable names like .INC, .GMBH, .LLC, .SA, etc. But the takeover by ICANN prevented even those from happening, so we end up with a flat cluttered .COM namespace instead of a more complex and meaningful one.

ICANN accomplished a few more things for its friends in power along the way - delaying DNSSEC and to some extent IPv6, and making it much harder to do experimentally-structured namespaces (with the exception of .museum, which was interesting.) Some things I'll ascribe mostly to incompetence rather than malice - because they really didn't want new TLDs, they didn't do any research into non-7-bit namespaces, so by the time the international-language crowd put enough pressure on them to Do Something, they adopted the appallingly-broken Punycode stuff (which I think came from NetSol, but I could easily be wrong about that.) I was especially annoyed that they asserted control over the IPv6 namespace, because fundamentally they care about Intellectual Property, not the Internet Protocol, and they made it hard for people to get official space for research purposes by charging a lot for it, as opposed to carving up 1/256th or 1/4096th of it and saying "it's experimental, go play with it, have fun!"

Re:ICANN power-grab caused lots of damage.

[sjames]

Some here today may not remember, but there are good reasons they are sometimes called ICAN'T. The one thing they DO seem good at is junkets to Geneva. If they would have held their meetings at the HoJo somewhere they wouldn't need to charge the fees they do.

What Fractured Really Meant

[billstewart]

There was a short period of time that almost 1% of the Internet's users could use Kashpureff's root in addition to the real one, but nobody serious was going to pay significant money to only be in Alter-space and not real space. Sure, you might pay $10 to register example.xxx, if example.com had already been bought, but it was obviously a losing deal.

Re: 4,000-line HOSTS Mine is 19,046 long.

[tsm_sf]

Yeah he's branching out with a few different socks... just can't get rid of his quoting style though.

Re:So then,

[RockDoctor]

That would be a great way to slow down the Internet.

I doubt that it would have a significant effect most of the time ; a higher priority would be assigned within browsers to pre-fetching DNS data as a page was being downloaded and rendered. The user would barely see anything. (Yes, I do know that the Internet =/= the WWW ; but for the large majority of users that false equation is believed true.)

Re:So then,

[Profane+MuthaFucka]

Yes, all of our modern heroes gained their importance through the liberal interpretation of regulations combined with a healthy disrespect for the existence of other people.

Re:This is a duplicate!

[mattdm]

Troll? C'mon, seriously. Slashdot was here when this story happened. It's interesting to look at the historical comments. Sorry I didn't spell that out.