Slashdot Mirror
How Would You Redesign the TLD Hierarchy?
First time accepted submitter at.drinian writes "Last week, we heard about the many applications for new top-level domains that have been put forth by various businesses and organizations. ICANN, of course, has come under heavy criticism for its process. If you didn't have the accumulated baggage of 30 years of DNS, how would you redesign things? .public and .private TLDs only? No TLD control? Country-level domains?"
I wouldn't
Very Carefully.
AOL Keywords, obviously.
Get rid of .xxx.
"First they came for the slanderers and i said nothing."
Along the lines of the international card catalog library system with a maximum of three or four cross-references. This way a search could be something approximating exhaustive. Presently there are millions of hits on narrow searches and most of them reference JC Penneys.
Wipe em out. Everyone registers everything top level, boom, done.
I don't really care one way or another. Sure, if you make me live in a technological enclave of IT geniuses, we might discuss the intellectual beauty of different ways of classifying and sorting domains, but in the "real world"...just leave it alone and let people register achievify.app and successly.mobile if that's what they want to do.
One TLD for each country to do what they like with plus something like NameCoin but with way higher costs for registering domains under some anarchy TLD.
Throw in a TLD for companies over some big size and another for non-profits over a certain size.
The top level should be managed by some international body and be operationally independently of all governments.
Each country should run a DNS service for the top level which should be globally accessible.
I would drop the whole TLD concept in a heartbeat. It just adds one more thing to remember that means very little anymore, and opens people up to confusion (wait, Whitehouse.com is a porn site!?!).
Seriously, what does it accomplish? The categories are so broad that they're nearly useless as an organizing tool, especially since many companies buy up the "lesser" TLDs for their domain just to prevent confusion. People don't organize domain names in a hierarchy like they did with Usenet groups, so appending a category label to each seems rather silly.
Country code TLDs are a symptom, not a feature. They come about because local governments want to exert their own control over some aspect of the internet, but really the whole point of the internet is to transcend borders and unite people in a single global network, even if that is a threat to entrenched interests.
I read the internet for the articles.
My OCD says it should be http://org.slashdot.ask/story...
Or is that not what you meant?
How can I believe you when you tell me what I don't want to hear?
cc's are for restrictions inside countries. Eveything else should get there own without any silly .com ending.
Also no cost other than upkeep.
That is : the problem of finding a device (say: server, virtual server, coffee maker, whatever) without having to enter an arbitrary number of digits.
DNS is essentially context-free and centralized.
I would make an OS a lot less dependent on DNS actually functioning, require such a service to be secure (but oh, how to manage the keys?) and make it easier to plug in local address books of references, and easier to transfer such between computers. (perhaps something like zeroconf)
The counter trick is how to keep this from being hijacked to any great degree. Minimize harm.
Expunge all "field of interest" TLDs like .com, .gov, .net, .pr0n, and all the recent spammy TLDs
TLD by legal jurisdiction the domain is registered under. Country codes only, I suppose.
Underneath the country codes its fair game for each NIC.
I would "strongly encourage" the country NICs to not screw around with social engineering goals.
I would suspect you'd end up with multi-national corps registering a zillion domains in each country they buy or sell. So what. Cost of doing business.
I would only have a couple non-UN recognized as country domain names, for example, ".un" seems like a nice place to put the UN and maybe root DNS operators should have a .root TLD solely to host their own coordination related stuff.
"Science flies us to the moon. Religion flies us into buildings." - Victor Stenger
Get with the times. Facebook is the new AOL.
Democracy Now! - uncensored, anti-establishment news
More possibilities just makes it harder to remember, and makes it easier to do phishing attacks. I'd go for country codes + one international TLD (.int). No .com, .org, .net, .info, ... - those are just confusing. Country codes make sense for local organizations and businesses, but the other ones just add confusion and make it easier for phishers.
But how things worked in the beginning worked very well, every country gets a TLD and multinational organizations (commercial, non-profit etc.) also get their TLD and it worked well because that were the capabilities of the day.
If you could completely overhaul it, I would keep the current TLD's for backwards compatibility and then add a range of local TLD's (.local, .lan, ...) and some simple "custom" TLD (.custom) which browsers could implement to auto-append on any non-TLD'ed and non-local domain. Let someone else worry about the .custom subdomains. This would clean things up on the root resolvers and move the problem to someone who is interested in expanding the TLD space.
On the other hand, I would also keep the servers free from outside influence by having a distributed root system and a requirement/mechanism for any resolver to regularly check whether your closest resolver is being truthful to you. If they're not being truthful (eg. ICE or DHS meddling with the records), that IP loses points on the distributed trust list and administrators could configure what trust level they will accept (larger ISP's may want a high threshold of trust while smaller systems that can't afford or don't have enough traffic to warrant the multiple checks keep it lower).
Custom electronics and digital signage for your business: www.evcircuits.com
except for current ccTLDs, not allow any new TLDs, and let each country sort out their own domains
I would have written the domain name the other way around.
In fact, this was done in the UK for a while.
I'd rather type in www.blah or ftp.blah instead of having to remember if it's blah.com, blah.co.uk etc. .net, .org or .com domains. .gov/.edu seem to still have integrity, yet it's generally obvious what such an institution is given its name.
The TLD indicating if the site is commercial, organization or a network stopped being accurate once they allowed anyone to get
Country-code TLDs have been subverted, with sites like bit.ly using other country's TLDs than the country they're based out of.
The main reason for TLDs to exist is so that different organizations around the world can manage their own little slice of the DNS system. Considering how much this is being abused (or about to be) with governments mandating DNS blocks, this suggests a peer-to-peer solution would be superior, or something managed by a central authority not beholden to any government which has the health of the internet as its primary concern (like the EFF).
Corruption is convincing someone that the selfless ideal is the same as their selfish ideal.
One of the best approaches was to create a TLD for each of the major categories one can get a trademark in. For example, airlines, shipping lines, etc. Then one could have Olympic.Airlines, Olympic.Shipping and so on, without the current problems of the Olympic Organizing Committee getting all the "Olympic"s in the world.
One of my papers on the subject was D. Collier-Brown, On Experimental Top Level Domains, Rev 0, Internet Draft, draft-collier-brown-itld-exper-00.txt, Sept 1996, which may still be findable. Much of the other work seems to have been expunged...
Numerous approaches were debated by the international ad-hoc committee on domain names, but the most profitable to the registrars "won", leading to the current mess. In retrospect, we needed a stringently fair, non-commercial process to make the decision.
--dave
davecb@spamcop.net
com.nytimes.woman.has.big.surprise.when.she.drives.home.in.wrong.car.but.finds.embarrassing.pictures.of.her.husband This of course would use the .husband TLD, parent to the .her subdomain.
Their they're doing there hair.
Some say appending ".com" denotes that it's a web address. Well, Twitter solved similar problems with just one character rather than four: @ for people, # for tags. If we could rewrite history and didn't need to distinguish between government and non-government sites (due to the Internet having grown out of the government), domain names should have adopted a similar magical special character.
.mom What else do you need?
Major tier domains (expensive, requiring proof of organization/trademark):
<name>.global
<name>.<country>
<name>.<culture> (in cases where one country coudl have more than one culture with specific languages, etc)
(certain names mult be disallowed when they collide with lower-tier codes and reserved words)
Middle tier domains (affordable, requiring proof of organization existence and that it's valid for the class):
<name>.<class>.global
<name>.<class>.<country>
(where <class> could be 'co', 'org', etc.)
Personal domains (cheaper, requiring valid ID):
<name>.people.global
<name>.people.<country>
Sub-domains of those could be sold by their owners, and certain major domains should be banned. the global namespace should be managed by a non-profit international organization, country namespaces shoudl be managed by the respective governments.
Don't see a problem with DNS as it is.
What the fuck happened to slashdot? Half the comments here don't seem to understand how DNS works.
1. Make domain name registrations non-transferable. That would eliminate the parasites who squat on domains.
2. Make a rule that if you have a domain in one TLD, you can't have the same domain in another TLD. That would eliminate corporate squatting of every single variation of a common word or phrase that they want to own.
GCHQ Quantum Insert installed. If only our tongues were made of glass, how much more careful we would be when we speak
I would make it by country code only. And, reverse the order:
us.google.mail/inbox
us.slashdot.ask/story/12/06/19/1336210/how-would-you-redesign-the-tld-hierarchy
I would have a few "international" domains like the existing .int, .eu, and .un, and a country-like domains for organizations that already had country-codes issued to them by the U.N. or a similar organization.
I would then deprecate all other top-level domains like .com, .org, .mil, .edu, etc. and the like, with a decade-long timetable before they are removed. Current registrations would get a free ".com.us," ".org.us," etc. registration during the transition period. After the transition period, .org, .com, etc. would become invalid and the United States would be free to impose the same restrictions on "legacy" .com.us, .org.us, etc. domains as it imposes on "non-legacy" domains in the same namespace. For example, a year from now it might require that non-legacy domains in .us have a bona fide real-world presence in the United States or its possessions, but it could not impose this on "legacy" domains during the transition period.
It would be up to other countries as to how to govern their own namespaces.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
I've done a lot of DNS server work at the code/protocol level, and a lot of serious thinking about the DNS over the years. My take is basically this:
1) The traditional generic TLDs (com/net/org) make a certain amount of sense, especially in the modern world for multi-national interests. Arguably we should be more strict about policies for net (network operators and infrastructure, not random companies) and org (actual non-profit organizations).
2) The ccTLDs also make a ton of sense, keep those.
3) The DNS is meant to be hierarchical. Not just in terms of server lookup hierarchy, but in the sense of informational hierarchy for humans to understand. It's like Area Codes and Country Codes, it has to make sense. .pizza and .pepsi completely break the hierarchy, they're horrible sins committed in the name of the DNS cabal making a quick buck. A lot of people should be tossed in jail for this stupid idea.
4) The protocol and RFCs need serious re-work. I won't repeat all the analysis others have done over the years, except perhaps to point you at DJB's cr.yp.to DNS rants, most of which are valid. CNAMEs, the way PTR was handled, the ridiculously stupid compression scheme - all examples of shoddy design, at least in hindsight. All of the early RFCs and implementors also made the huge mistake of muddling up what should be very separate concepts: First there's the 3-way mixup of: DNS the conceptual distributed database, DNS the protocol, and DNS file formats that are private to server implementations. Then there's also the grand mixup of server roles: local non-recursive cache, recursive cache for a network of private clients, public recursive caches and forwarders, and finally true authoritative servers. It was the fact that BIND was the de-facto implementation and routinely mixed all of these roles by default that lead to the mess, and lead to tons of security problems over the years.
5) Security. DNSSEC, which sadly has a lot of traction now, is a complete joke. A proposal more akin to DJB's DNSCurve would be *much* better. The problem with DNSCurve was that it required really ugly NS-record hostnames in order to seamlessly integrate with the existing broken DNS design as smoothly as possible. A proposal combining DNSCurve's actual security mechanisms with simple KEY records would suffice, but needs backing form the DNS Cabal in the IETF, which are already deeply monetarily entrenched in selling DNSSEC to enterprises and governments.
It's really not hard at all to design a replacement for DNS that's better in every way. I've done it at least 20 times lying in bed dreaming, and a few times in practice with real code just for fun. The problem is that the current system is entrenched and nobody's willing to take on the job of getting everyone switched over to a new system, if it's even possible. You'd need to support both protocols in everything for a period of a decade or two, and nobody wants to because the current system just barely continues to function and offers some really clunky, faulty security in the latest update.
TLDs have failed. I'm AC now, but have voiced this opinion for quite some time on slashdot with mixed response. "Normal" people do not know what they are. TLDs basically don't exist. Try: http://slashdot.com or http://craigslist.com or http://wikipedia.com to go to slashdot.org, craigslist.org, or wikipedia.org. .com means nothing, but most people think that is the internet thing at the end of the 1st or 2nd part of whatever a URL is. I work with computers at a .org and other computer people here think that wikipedia.com is the same as wikipedia.org.
The new TLDs add nothing to the mix. Most are discredited by users and/or completely unknown. . museum, .name, .biz, .mobi, and .info are simply cheap domains that people buy, but then ditch because nobody knows how to use them. In fact, I did not even know .mobi went live until reading this post. .mobi was under scrutiny of the W3 because it was the first TLD to specifically try to break device independence on the web and at the same time muddy the water with TLDs into another new and failed direction.
Now that the .ly, .fm, .tf, .to, .me and similar former country TLDs are in the mix now, what do the country TLDs even mean anymore? I used to contend that those were the only meaningful TLDs, but now they mean nothing as well now.
I respect the geeky namespace hierarchy that TLDs were intended to originally create. But they are not a hierarchy and have just become something after a . that is randomly applied like a gmail email account can arbitrarily add or remove .'s to their email addresses.
We only need 7 TLDs, we just need to reorganize the web into them accordingly.
One TLD for each of the 7 sins, Greed, Lust, Envy, Pride, etc. Everything fits so nicely.
A redesigned DNS protocol. The current DNS protocol is a clunky POS that is showing its age.
I would change the order of domains and sub domains in the url.
protocol://tld.domain.subdomain:port/rootfolder/subfolder/document
It just makes more sense. every other part of the URL is in order order of greatest to least significance. If the url was written with an IP address, the entire thing would be in order of greatest to least significance.
Yes, I know that this is not the question asked. But its what I would do.
The problem isn't the domain name system itself but rather how do go from the name of a particular entity to its domain name.
In the fullness of time, the domain name should go the way of the IP address and be a detail that becomes important only to geeks.
There's no scalability in the current system. Any one entity can balkanize the internet by tampering with their root servers.
Here's what I suggest, it's expensive, and sounds looney, but it solves the problem:
1 . Put the "root" DNS server on the moon (and thus out of the reach of anyone going to tamper with it without anyone noticing.)
2. All the geosynchronous GPS/glasnost birds are capable of receiving payload data from the 'root' server as they pass by.
3. All devices capable of receiving GPS/glasnost signals recieve their regular GPS data plus a payload that gives them a list of authorative DNS and e911 servers for their timezone/state/country/city/whatever. Devices not capable of receiving GPS data will receive it from DHCP.
4. When a machine makes a request to a two-word domain, eg "official" and "microsoft", it will query the authorative DNS server to tell them the closest geographical server. When machines are registered with the authoriative DNS servers, they are registered with both their IPv4/IPv6 and their Geographic location (eg local, or remote)
5. If a machine is local, then the shortest geographical route is taken to establish a connection. If a machine is remote, then it's handed off to the authorative DNS server that 'is local' to get the shortest route.
So what you have here is similar to this .local is the same as .local if there are not two .'s) local to where you live. So if Microsoft has a CDN node in your local area, you get the content served from the CDN node, and not remote server.
official.microsoft.local (or omission of
official.microsoft.remote, is the non-CDN node.
This version of the DNS system is what I call three-word-system. The first two words are"subject-subject", the last word gets rid of the problem of TLDs, by eliminating all of them. You get stuff like this then:
dominos.pizza.local = your local dominos
dominos.pizza.remote = the main website with a list of all dominos.
Nobody "owns" the first two words, rather they are registered based on geographic locality. So nobody gets just "pizza". If you happen to type just one word, you'd get a disambiguation type of page where the local DNS operator lists the closest *.pizza.local domains. Local jurisdictions have jurisdiction over the .local that covers their area. If people want to not deal with their local DNS operator they're free to change their 'local' to another jurisdiction.
Pretty much the idea of reinventing the DNS requires making it more complicated and integrating Geographic location into it. Forget everything else I mentioned above. The grand failure of DNS right now is that CDN's send me to slow nodes because "Canada is Toronto" or "Google is California" when neither of these are particularly good choices. We can fix it, if we abstract DNS in a way that there are no 'root' nodes to deal with. Right now the DNS system just makes Verisign and registars money hand over fist for doing essentially nothing. This should be moved to the locality. If there is no .local then automatically hit the .remote which behaves like the existing DNS system.
- I would start by removing all country codes - it's the internet, nationality isn't hugely relevant.
- Then add TLDs for each LANGUAGE. Knowing which language a site is in is more useful than where it is, especially with the growing number of non-English websites.
- For each of these, have somewhere between 5 and 10 subdivisions by purpose - no ultra-generic ones. Perhaps .shop (sales websites), .info (tourist , .com (online communities), .news , .xxx, .util (search engines etc) and so on would be suitable. Better names/categories could be found. The categories should be the same for all languages, but named differently so they make sense for the langage in use.
- When someone obtains an address, they get it for all languages. (so if I had google.util.en, I'd also have google.[however .util translates].de, and all other languages]. They must prove that their site fits into the category(ies) in use, so no-one can use .util for a sales-only website.
- To avoid 'buy-every-category-in-case-someone-else-does', no more than one person/company can use the same address. If I have google.util.[lang], no-one else can have google.xxx.[lang], even if it's not in use.
I think that covers it.
As a description of the site type only. .org(anization), .bank, .museum, .store, .com, .mil, .web, . and so on.
No, there will be no country-code TLDs. At all. That is a subdomain use-case. Whoever decided on that should be actually shot. Now we will never recover.
Also, http://TLD.domain.subdomains. A TLD is the most important part for a reason. Small-endian can "&*@ right off.
If a site has a language-description for Nth level sub-domains, it can be applied automatically by detecting the browser settings.
So, you go to a website, http://store.domain/
Oh hey, what's that, you are English? Here you go, http://store.domain.en-en/ (or http://store.domain.tech.en-en/ and so on)
No more messing around with stupid directory nonsense trying to get to the English site, trying to figure out if they used capitals, mixed case or lower, if they used the standard 2-tier method or just lumping all the languages and dialects in to one parent group. Or trying to figure out where the hell the Language section is on the site, and annoyingly find a Flag page that just assumes you speak one of the languages of many that is almost certainly in MOST countries ever! Countries aren't stuck to one language damn it! Stop using flags!
ALL these TLD zones will be enforced! Enforce 1-domain only for 1 site. No multiple domains, even typos, pointing to your main site.
Stupid people shouldn't be the reason for allowing such nonsense. If you typo and end up losing your account, YOUR DAMN FAULT.
If you have separate parts in your company, such as a search side or store side (google), yes, that is enough to warrant multiple TLDs. (note the difference)
Also, add in a few things for personal use, such as home servers and the like.
It is unenforced. TLD could be www. . Ah, the delicious confusion. But it makes sense since www of now is horrible and a free-for-all.
And it would stand for Was Worst WorldWideWeb.
If that "runs out" of space? www1., etc.
IT IS AMILLION DOLLAR IDEA!
Never going to happen. Not until ICANN are dethroned.
Face it, the only way you will likely see this happen is the UN option. ICANN are corrupt now.
As many of you have already seen recently, there is a whole bunch of scare-tactics being used with the UN-controlled DNS.
Nobody will agree to any of those stupid censoring things even if they try to push them. The internet at large certainly won't!
Shouldn't the protocol be after port for that to be true, i.e. tld.domain.subdomain:port//protocol://rootfolder/subfolder/document ?
.edu for educational organizations
.com for companies
.org for organizations
.gov for US Federal Gov't
.mil for US military
2-letter TLD using ISO country codes
A clone of Jon Postel to run it all.
Oh, and a firing squad for anyone who tries to add cruft like .info, .name, .pepsi, .microsoft, etc.
http://en.m.wikipedia.org/wiki/File:Autistic-sweetiepie-boy-with-ducksinarow.jpg
Once upon a time they were useful for determining whether the site you were contacting was an educational organization, a military site, or just a commercial entity. These days TLDs are just around for forcing companies to buy domains like Pepsi.zzz for $100,000, lest someone less morally inclined grab the domain and start selling Fifty Shades diarrhea bags to besmirch the name Pepsi. It no longer makes sense to have Pepsi.io or Pepsi.zzz when it is all going to the same entity. Now that this has become a disgrace, it seems AOL had it right with keywords.
I say no TLDs at all, or give up the pretense of controlling this and just make it a free-for-all so people can get their .penis or .vag TLDs.
Unicode URLs + HTTP v1.2 + 10 year limitation on URL length (ascii URL length limits; allow for transition period.)
Each nation gets a full-name TLD and a long list of aliases in every language including short variations. I will not expect the world to type a nation TLD in a foreign language. Also, it is case insensitive.
Actually, since complications are being ignored, I'd make DNS use @TLD which just means that new URLs would stand out from old ones and email checks will have to grow up. If you want to own screw.canada you'll have to get Canadian approval while now you could do screw.canada.com. The USA would do something stupid (via ICANN) so we'd have domain.com.usa in the best case and domain.anything-for-10-grand.usa.
Nothing that works good can get around government control freaks so just give up on that ever being used by MOST people who are more concerned with performance. Covert systems are just off topic. Now, Iran could make .evil be .usa because they control their internet in their nation already.
Democracy Now! - uncensored, anti-establishment news
I'd keep it roughly the same. .com, .net, and .org would be freely registered as they are now.
Countries could still do what they want with their ccTLDs, although 3- second level TLDs would be reserved.
Newer gTLDs would have unremovable restrictions.
I'd allow regional TLDs such as .newyorkcity, .newyork, .seattle, .texas, etc., provided they are at least 4+ characters in length. .ny is taken (as in for New York state), but no, that wouldn't be allowed. All two character TLDs would still be county-restricted.
I don't know if
The second level would have 3- characters reserved. For example, gov.seattle, edu.seattle, meh.seattle, cat.seattle, i.seattle, hi.seattle, would all be reserved.
I'd keep control in the hands of the US Government. I think that's the closest country we get in terms of true freedom of speech, even if it has its problems.
The DNS server is the lookup table. It'd be fun to toy around with it a bit. If I look up google.com, it points me to an IP address. I'd like to see a "dark net" for thirteen character TLDs. So google.justanexample would point to an IP address provided in a private DNS server table. microsoft.qwertyuiopasd would point to an IP address provided in a private DNS server table. That private DNS server would be something totally separate entered in to one's computer, and it would be an understanding that any thirteen character TLD length would use this private DNS server as opposed to the regular one. This way, if the main Internet is ever threatened, there'd be a decentralized one to fall back on without having to toggle back and forth in one's computer's settings and without worry that going to hotmail.com goes to a rogue one instead.
Like...
If TLD length is 13 characters, use dark DNS server.
If TLD length is NOT 13 characters, use regular DNS servers.
13 chracters should be long enough to avoid potential issues. I'd say six or seven, but then that'd be a problem with my regional TLD idea. The number 13 has a stigma with it, so hence that choice.
(Also: The whole IPv4 vs. IPv6 issue. I like IPv4 for the simplicity of being able to remember the number. IPv6 is what, 65536^8 ? Eight groups of very large numbers. It has no quick and easy way to say it out loud. I'd think there should have been a better way from the beginning without going overboard. Maybe 256^5 or 1024^4.)
Just use the protocol and the path: www/google/adwords. With the right hinting and caching, it doesn't have to be any less efficient than the current system.
Bogtha Bogtha Bogtha
No matter you choose to organize the name space, it won't actually be organized that way unless you enforce the rules. If that means that it costs $1000 to register a new name then so be it. This isn't something that should happen very often. Domain registration should be done with care and thought not processed in bulk.
This didn't start out long. I apologize that it is. If you're easily bored by history I would recommend :)
reading the first and last paragraphs
History:
IP addresses being converted to names has existed for almost 40 years. It started as a file
(hosts.txt) that users all over the ARPANet could download nightly. Usually they all did so at
the same time (midnight, local time) and invariably DDN-NIC (the host with the FTP server
and the file) was overloaded.
In time, it became reasonable to decentralize it. DNS was formed. Paul Mockapetris and many
other intelligent people put great thought into it. DDN-NIC became NIC.DDN.MIL. BRL-AOS
becaome AOS.BRL.MIL and so on. DNS servers became ubiquitous, the DNS root servers
were great, and Rodney Mcdaniel (hostmaster@nic.ddn.mil) and SRI International did a great
job running things.
In time, it became reasonable to decentralize _that_. Many root servers run by many independent .ARPA...) and country-codes were adopted.
companies (like Paul Vixie's ISC) exist all over the world. The DNS hierarchy was detached from
the ARPAnet (except for pointer records... still all in
Now I say 'adopted' because the process of creating a new TLD or gTLD or ccTLD isn't complex.
It's a line in a file. However, the process of getting said line APPROVED by the powers that be
is more complicated.
The ICANN Age:
ICANN was created to [whatever the reason, Karl Auerbach has shown they have clearly gone
outside their mandate and powers] and now they want money. How do you make money when
you're clearly chartered to do ONE THING? You figure out how to create more Blue Sky.
So here we are. The final part of the decentralization. Why final? Because in the beginning
we started with a one-level name: DDN-NIC. Then we went to the hierarchy "tree" model:
nic.ddn.mil. And now, we are finally changing the hierarchy so the root of the tree is the
father to THOUSANDS of TLDs.
You can argue if it's good or bad. I just look at the history... and know the original problem...
and the reason for the solution... and the solution.
My Opinion:
A rooted tree with thousands of children each having thousands of children is an abomination.
I shudder to think that the DNS server (named or djdns or whatever you use) already use
a relatively "large" cache. The size of this cache at a minimum is a function of the structure
of the DNS tree. A 1000x1000 (TLD+SLD) tree already starts at a million entries. Each one
gets at least an SOA record, which is over half a kilobyte. Add in some NS records and maybe
some MXs and now you have 500MBytes+... just to initialize the cache. Icky poo.
I suppose the evil we know (ICANN) is better than the ITU running the Internet and adding
termination charges for packets. Settlement-free-peering, euro-jerks.
FYI I have sold domain names for profit. One previous poster suggests we "prevent" [prohibit?
criminalize?] domain name transfers. Please note that ARIN [another made up body but one
that adds a lot of value unlike ICANN] prohibits IP address transfers, loans, or sales, except
in specific cases of business mergers where the new entity can show it is worthy of the IP
address space. This has not IN ANY WAY diminished the sale, loan, or transfer of IP address
ranges. I regularly get offers for the space I'm responsible for. When there's a buyer and a
seller... there's a market. My point being -- to get back to domain names -- so long as there's
a buyer and a seller, domain names WILL transfer. The simplest example I can think of is to
register each domain name under a new LLC. Sure, it's $7 for the domain name and $20
for the LLC... but you can then sell the LLC to anyone without it being a domain name transfer.
There are other methods.
Conclusion:
ICANN is an abomination and they've done nothing to help the Internet. In every "decision"
they've mana
is to have top-level domains that match to jurisdictions, i.e. countries. A country can set its own rules over who is eligible for whatever.co., set its own arbitration procedures (e.g. two companies in different fields, with the same or similar names), and so on. This allows countries to to establish some trust -- backed by the courts, if they wish -- in web addresses. Or, if they wish, make it a free-for-all (e.g. Tuvalu, as far as I can tell).
If I visit sony.co.jp, I am quite confident I will get a (the) company called Sony in Japan, because the Japanese government makes it so. This makes it a valuable 'street address'. I have no idea whether sony.absurd is owned by Sony, or someone absurd; it is value-less.
Don't you just hate it when solutions are simple. Just get rid of all the root servers. Let anyone with enough DNS brains run their own root server. Let there be a free market for which root server is used. ISPs will provide a default root server to their customers, who can simply just change to another if they wish.
Oh, I hear a complaint already ... it will fragment the internet. But that's the whole idea. It keeps the UN and governments from taking over.
now we need to go OSS in diesel cars
I'd put U and I together
1 if you register %base%.com then you automatically get a "soft register" for .net and .org (and the same for every combo thereof with any adjustments needed for nonUS entities). If later on somebody wants a domain that is soft registered they can If they also setup someway to redirect traffic to the other(s) in the set.
2 When you create some sort of entity (business or social) if your entity name is NOT already registered then you get priority for that domain AND IF IT IS REGISTERED YOU CAN BUY THE DOMAIN AT THE REGISTRARS COST.
3 anyone found registering "spoof" domains or otherwise trying to do a domain attack should be banned from registering any domains (and lose any domains they currently have).
Any person using FTFY or editing my postings agrees to a US$50.00 charge
First type the tld country code when you want to access another country, then use their system, whatever it is. Now all your local own domains don't require any dot in the name at all by default.
nl
apple
pear
resolves to apple.nl and pear.nl
Browsers decide when to clear the tld, for example only when you open a new empty window but not when you open a tab, so you have one window that resolves everything to .nl without typing .nl and a new window that resolves to your native country tld .us by default so you can use apple which would resolve to apple.us or you could type apple.com if you want that if icann redirects com.us to .com.
I think we fall into a design trap here, assuming that there is a fixed entity, called "Domain Name System," that must be preserved as a special entity, but can be modified.
Leave DNS as it is alone. Explore other services that may provide some or all of the utility that we now get from DNS.
DNS was designed to provide at least 2 different utilities:
The bundling of these two utilities in one system was controversial at the time, but it was easy to implement, and the problems with the bundling did not emerge until much later.
The first utility is important because IP numbers need to be assigned for efficient routing tables, and may be changed due to changes in network topology. Also, agents associated with particular names may need to move to different hosts. Domain names provide long-lived identifiers that can be reassigned to different IP numbers as needed. This use of DNS requires some global co-ordination, since the provider of the identifier->IP number binding is a different agent from the one who needs to look up the binding.
The second utility is important for efficient interaction with human users. It has lots of variations, some of which may be addressed on individual users' hosts, others of which are more global. The obvious use for a global co-ordination is to allow different agents to communicate the mnemonics. Bookmarks, local DNS servers, and search services (Google, Yahoo, ...) provide variations of this service.
A large part of the trouble with DNS today is a conflict between the two uses. Competition for global mnemonic names raises the cost of permanent identifiers, and degrades their permanence when different agents win the competition at different times.
So, without doing anything to dismantle the current DNS, we should experiment with separate services that might provide some or all of the utility of DNS in other ways: particularly with different bundling. For mnemonic reference in Web browsing, Google has already essentially replaced DNS for me (yes, I know that most Google searches resolve to domain names, but they can also resolve to IP numbers, and a few do so; and in any case I do not depend on the mnemonic quality of the domain name). For mnemonic reference in email, my private address book has essentially replaced DNS (again, it usually resolves to domain names, but it doesn't have to).
The obvious missing element is a service providing permanent identifiers without the competition for particular mnemonics. A natural thing to try (suggested in a previous post, and in other forums over the years) is hashed public keys, since they prevent fishing for mnemonic identifiers. A system of identifiers based on hashed public keys, resolving to IP numbers, could also be part of the infrastructure for public key cryptography, suggesting a different bundling from the one in current DNS. There could be a quick and relatively easy implementation resolving hashed public keys using the current DNS software (but separate servers), with some additional scripting to allow automated registration. The registrant/resolver would make no effort whatsoever to vet the identity of the registrant, leaving that service to others when it is desired.
Mike O'Donnell http://people.cs.uchicago.edu/~odonnell/
If you want to own screw.canada you'll have to get Canadian approval while now you could do screw.canada.com.
I'd reverse the syntax order so that it makes more sense to the average joe. Most people will understand biggest -> smallest domain ordering much better, e.g. Canada.Org.Fuckem.
This might make it easier for the non-techie to spot spoofed emails which in turn vastly makes everyone's life better. Less $ return on Spam == less spam.
HA! I just wasted some of your bandwidth with a frivolous sig!
As a US citizen, it's easy to say "what's wrong with leaving them as they were before all the info biz and other crap?" .com .net .org .gov .edu .mil .CountryCode
but in reality, that is rather US-centric seeing as how .gov really means .gov.us
So, why not make .com into .co.us and .org into .org.us and so-on and remove all non country code TLDs.
If Tuvalu wants to be clever with ".tv" great! let them, but since so many countries want to exert local laws over interwebz, just say " this site is foo.us, so it's under US law, this one is foo.uk, so it's governed by UK law and so-on.
It seems to me this would clear up some of the jurisdiction wars between "so and so is registered in country x, but has servers in country y but is a business entity/citizen of Z"
It would really only work if IP addresses were allocated in blocks that matched the countries so geolocation would at least be accurate to that level.
I know it would probably impractical to implement... you can't really tell someone who has had foo.com for ages that they are now foo.co.us. However, I bet you could stop anyone new from getting .com addresses and even stop allowing renewals and transfers, thus emptying out .com, et al. by attrition.
Just speculating here.
The Digital Sorceress
Seeing how com, net and org all lost their meanings in the end, I think we'd be better off with just one general TLD and country specific TLDs to be run as each country wishes. Possible exception for some sort of "trusted" TLD as well, to be issued only to certified organizations.
Website Just Down For Me? Find out
I'd suggest one for .antwerp and the rest is parking space ;)
--- I am known for the ones who want to find me on the net. Is that a privacy risk or a privilege? One might wonder..
obviously i cannot tell you. ...well ...controls everything.
but to get an idea, think about which internet services connected to the old-skool domain-name-system.
pretty soon you will see that it's pretty much everything, and whoever controls everything
it's time to put the power back into every users computer.
for example: it's freaking nuts, that not every (home(*)) computer sends and receive electron mails directly (to and from
other home computers), but has to go thru "centralized" systems.
time to wake up. power to the people!
(*)compared to the computers and networks used when the internet went public, some 20 years ago,
we're all rocking super computers with at least T1 lines! 0_o
1. Change the URL spec to something like "Protocol:(port)//Top.domain.subdomain....) so "http://shashdot.org" would be "http://org.slashdot" or if you used a nonstandard port it would be "http:8080//org.slashdot" and if you owned org.slashdot you would be free to make as many sub domains as would fit in a URL.
2. Make URL's Unicode strings so they are usable across as many languages as possible.
3. Fix the DNS protocol to include some way to validate that the information you get actually comes from the registered owner of the domain in question. Also provide a means to flush the domain table cache before the TTL expires, by making servers that cache register with the source.
4. Assign standard TLD's (say for each country) to local authorities. Additional top level domains (say "slashdot") are allowed as well, but in order to be available as a domain the local authority must allow it (and can possibly require local payment for local access.)
"File to fit, pound to insert, paint to match" - Aircraft Maintenance 101
Country code TLDs are a symptom, not a feature. They come about because local governments want to exert their own control over some aspect of the internet, but really the whole point of the internet is to transcend borders and unite people in a single global network, even if that is a threat to entrenched interests.
Excellent way of saying that ccTLDs are harmful to a philosophy of a global information-carrying network that should transcend national and cultural borders. Using ccTLDs geo-politically bias the domain name. And really, a "domain name" is just a name so you can find a number.
I would limit the TLDs to .slash, .dot, .dotdot, .slashdot, .slashslash, and .dotslash.
__
Men with no respect for life must never be allowed to control the ultimate instruments of death.
GW Bu
If I could redesign the tld hierarchy, I'd put .yu and .me together.
Your ideas intrigue me and I wish to subscribe to your newsletter.
I would do a re-design by building a team that consists primarily not of geeks and tech people. They have a place, but there are psychological, political, economical, mathematical (game and decision theory) and linguistic issues here that are a lot more important than the implementation details.
We geeks have a sad tendency to ignore non-technical parts of a given problem. Our solutions are often brilliant, but lack acceptance because they are only brilliant in a technical sense.
Assorted stuff I do sometimes: Lemuria.org
There would be only one tld: .penis. All domains would be a subdomain from .penis. slashdot.org.penis has a nice ring to it.
I'd kick it old school, beyatches:
Limit the entire internet to: .soc, .rec, .comp, .humanities, .news, .sci, .talk, and .misc
If you can't fit the Internet into Usenet, you just trim off the edges and delete what hangs over the edge.
If this were Usenet, I'd killfile the lot of you.
Expand the size of the address to 2048 bits (bandwidth is cheap and will only get cheaper; compress the address also), and have 32 bits per character; now when you type the address into the browser, it does not resolve to DNS, it is the actual raw address of the website.
If the size of the websites address exceeds 64 characters, >then do a DNS lookup.
Have .com and .org and one for each country on the planet.
Having more is not going to help any company, on the contrary, it just confuses people even more.
If Google really cared they would fix Android Chrome to reflow text, instead of discriminating
Number one thing I'd do, allow you to specify your own DNS root. You could start with a default system like now, but you could specify a system (by IP or hostname) as a different, independent root for small subdomains - maybe for testing, maybe because you don't want to shell out for hundreds of related domains, some which might have been taken already, maybe to get around censorship. I'll give examples.
Syntax option A: Bring back bang paths! "dns.antioppression.org!sheepstore.tibet" would indicate you want to use a DNS server at "dns.antioppression.org" to resolve "sheepstore.tibet". Note that ".tibet" isn't an official TLD - who cares? If you run "dns.antioppression.org" you can decide to use whatever you want for a domain. You could also chain DNSes, as well as using IP addresses: "12.34.56.78!our.dns!good.tokes.mj" would use a DNS that doesn't have a registered name to look up another, to look up a third host.
Syntax option B: "cloud.243(cloudproject)(technohost.com)" would indicate "technohost.com" is the DNS for the firm that you're buying server space on, "cloudproject" is your project DNS, and "cloud.243" is one of a thousand or so hosts that you want the world at large to be able to look up.
I like this idea because it gets rid of the single chokepoint being used these days for internet censorship, as well as excessive trademark enforcement. The downside is it opens up more opportunities for phishing or fraud. However, since the DNS lookup chain is visible, you can judge the reliability of the result based on how much you trust the intermediate systems.
After that, there's virtually no limit to how to name hosts, domains, subdomains, and whatever else you want to, since everyone can have their own DNS to play around with.
.notporn
It will be interesting to see which gets more traffic.
"Seven Deadly Sins? I thought it was a to-do list!"
Around the time they let commercial traffic on the Internet, they should have
1. Require a business license for a .com .org. .bank with SSL required to process financial transactions. .anon for anonymous speech
2. Requite a tax-exempt ID (501xxx) for
3. Had a tightly regulated
4. Have a
Competition Good, Monopoly Bad.
There are probably valid reasons for not doing this, but it always seemed to me that ip addresses should be defined by physical location. Obviously there is still a need for roaming ip addresses, but what if, under ip6, a block was defined that specified ip via gps coordinates to the best resolution possible with the numbers within the block.
DNS is just a 1 to 1 lookup between name and ip address, so I don't think that would change much except you could do things like Name->GPS->IP.
Comments welcome. Am I totally out to lunch with this idea?
That sucks for everyone who has to type them, and the whole point of domain names rather than IP-addresses is for human understanding and interaction. You're gaining some technical consistency but massively losing out on usability.
When it comes to my browser intelligently auto-completing URLs, it's useless, because I've got a few kerjillion results that start with "org". Starting at the other end, the specific end, gives a much better filtering/searching experience... And rewiring the human brain to type backwards isn't very practical.
I would have had country codes as the only top level domains. I would have made these intrinsic defaults, such that users would need to specify when they access something outside their country. Thus going to ".com" will be something in your country only. I would have handled zone transfers as TCP-only on a different port with optional symmetric-key encrypted connections. I would have included specific direction for handling multi-homed computers so clients get the best address (read sortlist and its prehistory). I would have included a mechanism to mark addresses or names or aliases as organizationally private (currently solved with views). I would have some kind of "typical" entry where a host would be added with one IP address and its reverse entry as a single atomic operation. I would have made the "serial" field an intrinsic hash of the file and its last modification time. I would have selected a broader initial character encoding (more than 8 characters, allowing underscores and a few other punctuation marks).
One for every "official" service being offered through TCP. http://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers
Microsoft.ftp/
Microsoft.ssh/
Microsoft.http/
The last one will confuse you because you're used to identifying the http service with the www name.
NOTE: I would not replace the protocol requested nor the actual port used with this naming. So http://microsoft.ftp:22/ would still be valid. I'm simply suggesting that we pull the list of possible TLDs from the IANA.
Here are the benefits I see: .ly, etc .http presumably) .http (the way they assume www and com currently) .com in today's world)
- prevent overhead to the naming authority from having to identify if you're a non-com, pr0n, within the region of
- still allow the Marketing department to publish a sole destination for all things Microsoft (at
- allow web browsers to assist users by assuming
- allow small entities the ability to provide all services while only needing 1 domain (see my note above; if http is your machine, you could still provide SSH over port 22)
- allow international entities to provide region specific resources using subdomians while maintaining the implied authority of the common domain. (Example: UK.Microsoft.http - a user knows its the *real* MS site because they've been trained by Marketing that "http" makes you valid; think
What would you find on http://com/? Just asking.
Create a distributed hash database. It would be full of records. Each record is signed by a public key. Each record contains all the information currently distributed by DNS (e.g. mail aliases, machine names, ip addresses, etc.).
The records are indexed multiply by public key, key fingerprint, and arbitrary text (DNS names and search key phrases, up to some limit like 25 or 100).
Any improperly signed record is simply discarded.
Duplicate entries from different sources are the users problem to disambiguate. Normal users woudl see a "387 people claim to be McDonalds... Do you have a preference?" Real businesses would have QR codes etc on their stuff to give real people real seeds for communications. Businesses could offer real referrals by recommending keys for peers etc in their information blocks. Browsers etc. would collect up good keys as users used them so that the names would naturally disambiguate as you used them.
Real institutions wishing to do real business with "me" give me a key fingerprint or public key data on business cards and purchased materials. Sites wishing to be secure publish all their sites with signed data streams. For secure conversations both parties always start a conversation by sending their public keys for encryption as a matter of course.
Real embedded links would be by key fingerprint instead of name (or key fingerprint for accuracy and name added for legacy if they were careful).
Benefits: key space is infinitely large. Each spamming liar would need to generate a key for each lie or group their lies into easy to identify bundles. Nobody -could- "own" a search word or top-level domain. People would grow to consider names in information space to be just as vague as names in regular space (how many John(s) and Timmy(s) are there in real life?) so the problems of ambiguity would be severed by the same meat-space logic that lets us know "you're from texas! do you know Bob?" is a bad question.
Drawbacks: the internet is just as dangerous a place to place your trust in strangers as any streetcorner in the world, and people would have to "get that".
ASIDE: This system, or something like it, is inevetable. As dark-nets form and courts/governments try to exert top-down control someone somewhere will be forced to extend BitTorrent into this kind of thing. Might as well just jump in front of the train and implement it. No corporation or government is going to -like- and therefore pay for this effort, but it will happen at some level despite that.
Innocent people shouldn't be forced to pay for inferior software development.
--"Code Complete" Microsoft Press
If it weren't obvious, the limit on lying and spamming is imposed because a person claiming to be McDonalds would have to back up their lie with a site that initiated conversation by using the same key as the lie record in its very first response, and it would normally have to be decrypting the incomming data for the request using the correct key. Farming would therefore require non-trivial resources. It wouldn't stop it, but it would have limits.
Since any link from a legitimate site to another legitimate site would be by key fingerprint in the actual link that nobody normally inspects, once you were inside a web-of-trust the system is transparent. E.g. following from your bank to your bill payment system (etc) is natural and normally certian.
Regular text names would always be untrusted and big numbers would be trusted so the font tricks would never work as a misdirect.
Once you knew a key was bad you would know it was bad for all the sites it serves.
Communications would fail if someone tries man-in-the-middle if your first request is to send your public key to their site encrypted by the public key from the naming system cache record. So when Alice uses her phone app to scan Bob's QR code key/fingerprint she will only initiate conversation with Bob using that key. Eve would need Bob's secret key to decrypt Alice's initial request in order to be able to send back any response to Alice that is alegedly from Bob. Alice will always be able to detect Eve if she is pretending to be Bob without his key.
Only Bob can sign Bob's info block, so even though it contains his public key, it cannot be altered by Eve.
I know that digital signing is suseptable to arbitrary padding attacks where Eve could add information to Bob's record and potentially vouche for other keys etc, but limits on the size and structure of a record shoudl be able to make this practically impossible. That is, if the contents of the record can not be "Arbitrary" and the length is reasonably constrained, then for some record composition rule R, any valid record X there shoudl be no other valid record Y with the same signature. Better cryptologists than I would have to prove or disprove that the eventaully chosen rule R.
The system -assumes- poisioning and is therefore almost unblockable.
Public goods (for good or ill) could be offered in parallel without any need for collusion. (e.g. everybody could offer up a mirror of the U.S. Constitution, the Chineese News of the Day, or The Pirate Bay just by ammending their own record and repbulishing it.)
Most search terms woudln't need to go through a "search engine" at all.
Innocent people shouldn't be forced to pay for inferior software development.
--"Code Complete" Microsoft Press
In a perfect world, DNS would not have been setup in such a way that everyone would be using the same one. Here is my proposal to god so he can go back and change history.
ICANN makes one tld, I don't care the name, perhaps .icann. They become the dominant system and everyone has them setup as the default. They may have com.icann, net.icann, etc. However, this is not necessary.
I then decide ICANN is doing something stupid. They are handling it all wrong and I can do better. I decide to make .edu which will be so much better than .edu.icann. It is EASY and normal to install another TLD from another company.
ICANN is very US centric and follows US laws. China decides they want to control DNS... fine. All they need to do is make there own and then mandate that computers sold in the country use it. I disagree with this... but it would not affect the rest of the internet.
I use google very often. Google has a tld. I install it and I can now can go to maps.google instead of maps.google.icann.
US blocks the pirate bay dns. Good thing I have .pirate tld installed. And if I didn't, I could look up the dns info on some central hub.
What about conflicts? How do we handle ports? Name conflicts would happen occasionally, people would need to be smart enough to ignore them.
How can you trust tlds? You get them from official websites. You assign trust as necessary. People tend to trust a couple big ones because everyone uses them.
Smart people will add dns info to the links they post. For example dns-FFFFFFFF://http://google.icann. In this case, the dns master IP is included in the link (as a hex string). Because of fishing attempts, a browser will point out with a glaring error message (ssl like) that something is horribly wrong if one of your known TLDs has a different dns hex. People will use bookmarks or add the TLD if they so choose.
This is in my opinion of the perfect system. Decentralized and left in the user's hands. Some may think I give users too much credit, but the end result would be a couple big guys and a common idea that you only accept tlds from big companies. Centralization would naturally occur, but it would not be forced.
-- Stephen
protocol://tld.domain.subdomain:port/rootfolder/subfolder/document#anchor
FTFY
mod +1 if I had the points. This story and its discussions is a diamond in the rough on slashdot these days. I knew I'd see a few good ideas, this is definitely one of them.
We struggle with this order in our company when it comes to various naming conventions, like email addresses, service and machine names, and iChat/AIM user names. The ':' and '@' present interesting conundrums; Am I 'surname.firstName@domain.tld' or 'firstName.surname@domain.tld'? do I reverse the hierarchy at the '@' or start it over?
Would you propose email addresses were tld.domain@surname.firstName? Maybe not, since the arobase has an understood lingual meaning... dunno, interesting topic though!
Force the United States to use their TLD properly.
There's a couple things I'd do. First, move gTLDs like .gov and .mil under .us. That's one. Then, .edu needs to be truly world-wide, or be moved under .us also. Same with the other gTLDs, as much of what's in them really shouldn't be. This should clean things up a wee bit. Not sure how I'd get the market to comply, but we'll figure something out.
Then, kill off ICANN, and move the remaining gTLDs and the ccTLD administration to a truly international and independent organisation, in fact so independent that it is its own sovereign country, albeit a virtual one. Then engage in "extradition treaties" with all the other countries for those gTLD domains that countries take an interest in.
This should limit travesties like kentucky or ohio judges snatching domains from owners that are outside of their jurisdiction and do business outside of their jurisdiction by simple dint of ICANN and verisign being american. Even FBI 'internet vigilance' is was only so-so on the funny scale the first time. When they got outright bought by corrupt industry organisations and swooped in on a German in New Zealand, making the despicable git an instant martyr, it should have become clear to everyone else that this isn't how justice should work. So checks and balances are called for. And in the international arena that sort of thing has to come with sovereignty, or it simply won't work.
The technical alternative would be to build something without one administrative root, but so far that's been a tad too problematic to be practical. And even if it would be practical, you'd have to watch for parties playing foul, like, oh, those behind stuxnet. See a pattern here? I do. So let's solve this on the administrative level, which in international waters means, again, be your own country.
It's only a hierarchy because a long time a ago when the hosts.txt file got too big Paul M figured out a way to slide it up to balance the storage and computational power. Brian R got Paul V to take the Berkely B-Tree code into a professional product. Jon P asked the same question on the MSGGROUP mailing list and there was no agreement so he made up the com/net/org convention.
We don't need the hierarchy any more...
There's no inherant reason bad.shit.com needs be any relation to good.shit.com. Arguably it's just not worked out that one guy gets shit.com and some guy gets com, if each name were discrete it reduces or elimiates a bunch of problems.
as for actual transport:
DHT - The Network is the Registry....with 480-bit Keys ....
PUT(KEY,DATA,TIME)
GET(KEY)
Simon Higgs made what I thought was the best first approximation of a sensible tld-space if you wanted to stay in that model. God knows why you'd want to though, it got us going but it's really been nothing but trouble.
http://tools.ietf.org/html/draft-higgs-tld-cat-02 He worked on this with Jon.
Need Mercedes parts ?
The old JANET acedemic not-quite-internet in the UK used to do exactly this. JANET was bridged to the public internet, so our domain at university was st-and.ac.uk on the public internet or uk.ac.st-and on JANET.
Unfortunately we had a subdomain for comp sci, cs.st-and.ac.uk. The heuristics that tried to decide whether a given domain was JANET or internet used to get horribly confused by this, and would frequently try to resolve against the Czechoslovakian DNS servers.
"Remind me again what is "broken"? If you can't name what's broken, then you're just coming up with solutions looking for a problem. DNS works, and works very well." - by unrtst (777550) on Tuesday June 19, @02:04PM (#40372977)
Upon request - see the list below then from over time up to recently...
---
DNS flaw reanimates slain evil sites as ghost domains:
http://www.theregister.co.uk/2012/02/16/ghost_domains_dns_vuln/
---
BIND vs. what the Chinese are doing to DNS lately? See here:
http://yro.slashdot.org/story/10/11/29/1755230/Chinese-DNS-Tampering-a-Real-Threat-To-Outsiders
---
SECUNIA HIT BY DNS REDIRECTION HACK THIS WEEK:
http://www.theregister.co.uk/2010/11/26/secunia_back_from_dns_hack/
(Yes, even "security pros" are helpless vs. DNS problems in code bugs OR redirect DNS poisoning issues, & they can only try to "set the DNS record straight" & then, they still have to wait for corrected DNS info. to propogate across all subordinate DNS servers too - lagtime in which folks DO get "abused" in mind you!)
---
DNS vs. the "Kaminsky DNS flaw", here (and even MORE problems in DNS than just that):
http://www.scmagazineus.com/new-bind-9-dns-flaw-is-worse-than-kaminskys/article/140872/
(Seems others are saying that some NEW "Bind9 flaw" is worse than the Kaminsky flaw ALONE, up there, mind you... probably corrected (hopefully), but it shows yet again, DNS hassles (DNS redirect/DNS poisoning) being exploited!)
---
Moxie Marlinspike's found others (0 hack) as well...
Nope... "layered security" truly IS the "way to go" - hacker/cracker types know it, & they do NOT want the rest of us knowing it too!...
(So until DNSSEC takes "widespread adoption"? HOSTS are your answer vs. such types of attack, because the 1st thing your system refers to, by default, IS your HOSTS file (over say, DNS server usage). There are decent DNS servers though, such as OpenDNS, ScrubIT, or even NORTON DNS (more on each specifically below), & because I cannot "cache the entire internet" in a HOSTS file? I opt to use those, because I have to (& OpenDNS has been noted to "fix immediately", per the Kaminsky flaw, in fact... just as a sort of reference to how WELL they are maintained really!)
---
DNS Hijacks Now Being Used to Serve Black Hole Exploit Kit:
https://threatpost.com/en_us/blogs/dns-hijacks-now-being-used-serve-black-hole-exploit-kit-121211
---
DNS experts admit some of the underlying foundations of the DNS protocol are inherently weak:
http://it.slashdot.org/story/11/12/08/1353203/opendns-releases-dns-encryption-tool
---
Potential 0-Day Vulnerability For BIND 9:
http://it.slashdot.org/story/11/11/17/1429259/potential-0-day-vulnerability-for-bind-9
---
Five DNS Threats You Should Protect Against:
http://www.securityweek.com/five-dns-threats-you-should-protect-against
---
DNS provider decked by DDoS dastards:
http://www.theregister.co.uk/2010/11/16/ddos_on_dns_firm/
---
Ten Pe
If I were emperor, I'd promote all second-level .com's to top level, except where there were clashes. So example.com becomes example. (But uk.com doesn't become uk, because that would clash with an existing top-level domain.) The existing .com domain would continue to exist, so typing "example.com" would still work.
But this scheme would, of course, not net ICANN millions of dollars.
Is who you are more important or is where you are?
From a routing perspective no, the domain matters more.
From a user perspective? most likely who they are matters more.
I am agnostic on the position of identity.
I just don't have a compelling argument either way at the moment.
I, Goldor .HISTORYXXXXXXXX .REALIDXXXXXXXX .DNAXXXXXXXX
the enslaver of humanity have a solution for your TLDilemma.
You will each have the following personal domain names:
Thankyou.
Jusy by the by, most countries have separate legislation granting the sports folks exclusive use of OLYMPIC. Unless you're in western Washington or used it before 1950, in the US you're out of luck.
http://www.law.cornell.edu/uscode/text/36/220506
Yup, same in Canada. I used them because they were such a bizarre case (:-))
--dave
davecb@spamcop.net
Do you have an "international" phone number, a country-specific phone number, or multiple phone numbers, one in each country you do business in?
I suspect you have multiple phone numbers, each one issued under the laws in effect for the country that hosts the phone number.
Phone numbers in the United States start with the country code "1," why shouldn't domains end with ".us"?
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
Agree with most of what you say, except
I suppose the evil we know (ICANN) is better than the ITU running the Internet and adding
termination charges for packets. Settlement-free-peering, euro-jerks.
If this WERE managed by a global governmental entity (BTW, ITU is global, not European), the chances that new TLDs wold be created just as a cashcow to justify the existence of said entity, would be close to zero - it's because it is a "free market" that we are going to have the mess ICANN is proposing and no-one will be able to put the genie back in the bottle.
No-one NEEDS what ICANN is proposing and the only people likely to benefit from it is crooks, speculators (yourself included, indeed), lawyers and "brand consultants"
The real question is why are we allowing Verisign to retain its government sanctioned monopoly. Go over to the company parking lot, watch the secretaries and assistants get into their Mercedes coupes and BMW M3s. Yes, this is clearly a system that works - not.
What moral right (beyond the moral right to assist in toppling governments that may exist in a given situation, e.g. a despotic regime) do I have to tell some other country's government that they have no legal right to control Internet usage of their citizens, and/or control the use of the country-code assigned to them?
Remember, under the scheme I envision, I'm basically reducing the United States from having many "country codes" to just one - ".us."
As long as a given top-level domain (.com, .org, etc.) is controlled by an entity subject to United States Law, it's customers are basically on a United States domain.
Limit each country to one and be done with it, with special exemptions for UN- domains like .int and technical domains like .arpa.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.