Slashdot Mirror
How Would You Redesign the TLD Hierarchy?
First time accepted submitter at.drinian writes "Last week, we heard about the many applications for new top-level domains that have been put forth by various businesses and organizations. ICANN, of course, has come under heavy criticism for its process. If you didn't have the accumulated baggage of 30 years of DNS, how would you redesign things? .public and .private TLDs only? No TLD control? Country-level domains?"
I wouldn't
AOL Keywords, obviously.
Get rid of .xxx.
"First they came for the slanderers and i said nothing."
Along the lines of the international card catalog library system with a maximum of three or four cross-references. This way a search could be something approximating exhaustive. Presently there are millions of hits on narrow searches and most of them reference JC Penneys.
I don't really care one way or another. Sure, if you make me live in a technological enclave of IT geniuses, we might discuss the intellectual beauty of different ways of classifying and sorting domains, but in the "real world"...just leave it alone and let people register achievify.app and successly.mobile if that's what they want to do.
One TLD for each country to do what they like with plus something like NameCoin but with way higher costs for registering domains under some anarchy TLD.
Throw in a TLD for companies over some big size and another for non-profits over a certain size.
The top level should be managed by some international body and be operationally independently of all governments.
Each country should run a DNS service for the top level which should be globally accessible.
I would drop the whole TLD concept in a heartbeat. It just adds one more thing to remember that means very little anymore, and opens people up to confusion (wait, Whitehouse.com is a porn site!?!).
Seriously, what does it accomplish? The categories are so broad that they're nearly useless as an organizing tool, especially since many companies buy up the "lesser" TLDs for their domain just to prevent confusion. People don't organize domain names in a hierarchy like they did with Usenet groups, so appending a category label to each seems rather silly.
Country code TLDs are a symptom, not a feature. They come about because local governments want to exert their own control over some aspect of the internet, but really the whole point of the internet is to transcend borders and unite people in a single global network, even if that is a threat to entrenched interests.
I read the internet for the articles.
My OCD says it should be http://org.slashdot.ask/story...
Or is that not what you meant?
How can I believe you when you tell me what I don't want to hear?
That is : the problem of finding a device (say: server, virtual server, coffee maker, whatever) without having to enter an arbitrary number of digits.
DNS is essentially context-free and centralized.
I would make an OS a lot less dependent on DNS actually functioning, require such a service to be secure (but oh, how to manage the keys?) and make it easier to plug in local address books of references, and easier to transfer such between computers. (perhaps something like zeroconf)
The counter trick is how to keep this from being hijacked to any great degree. Minimize harm.
Expunge all "field of interest" TLDs like .com, .gov, .net, .pr0n, and all the recent spammy TLDs
TLD by legal jurisdiction the domain is registered under. Country codes only, I suppose.
Underneath the country codes its fair game for each NIC.
I would "strongly encourage" the country NICs to not screw around with social engineering goals.
I would suspect you'd end up with multi-national corps registering a zillion domains in each country they buy or sell. So what. Cost of doing business.
I would only have a couple non-UN recognized as country domain names, for example, ".un" seems like a nice place to put the UN and maybe root DNS operators should have a .root TLD solely to host their own coordination related stuff.
"Science flies us to the moon. Religion flies us into buildings." - Victor Stenger
Get with the times. Facebook is the new AOL.
Democracy Now! - uncensored, anti-establishment news
But how things worked in the beginning worked very well, every country gets a TLD and multinational organizations (commercial, non-profit etc.) also get their TLD and it worked well because that were the capabilities of the day.
If you could completely overhaul it, I would keep the current TLD's for backwards compatibility and then add a range of local TLD's (.local, .lan, ...) and some simple "custom" TLD (.custom) which browsers could implement to auto-append on any non-TLD'ed and non-local domain. Let someone else worry about the .custom subdomains. This would clean things up on the root resolvers and move the problem to someone who is interested in expanding the TLD space.
On the other hand, I would also keep the servers free from outside influence by having a distributed root system and a requirement/mechanism for any resolver to regularly check whether your closest resolver is being truthful to you. If they're not being truthful (eg. ICE or DHS meddling with the records), that IP loses points on the distributed trust list and administrators could configure what trust level they will accept (larger ISP's may want a high threshold of trust while smaller systems that can't afford or don't have enough traffic to warrant the multiple checks keep it lower).
Custom electronics and digital signage for your business: www.evcircuits.com
I would have written the domain name the other way around.
In fact, this was done in the UK for a while.
I'd rather type in www.blah or ftp.blah instead of having to remember if it's blah.com, blah.co.uk etc. .net, .org or .com domains. .gov/.edu seem to still have integrity, yet it's generally obvious what such an institution is given its name.
The TLD indicating if the site is commercial, organization or a network stopped being accurate once they allowed anyone to get
Country-code TLDs have been subverted, with sites like bit.ly using other country's TLDs than the country they're based out of.
The main reason for TLDs to exist is so that different organizations around the world can manage their own little slice of the DNS system. Considering how much this is being abused (or about to be) with governments mandating DNS blocks, this suggests a peer-to-peer solution would be superior, or something managed by a central authority not beholden to any government which has the health of the internet as its primary concern (like the EFF).
Corruption is convincing someone that the selfless ideal is the same as their selfish ideal.
One of the best approaches was to create a TLD for each of the major categories one can get a trademark in. For example, airlines, shipping lines, etc. Then one could have Olympic.Airlines, Olympic.Shipping and so on, without the current problems of the Olympic Organizing Committee getting all the "Olympic"s in the world.
One of my papers on the subject was D. Collier-Brown, On Experimental Top Level Domains, Rev 0, Internet Draft, draft-collier-brown-itld-exper-00.txt, Sept 1996, which may still be findable. Much of the other work seems to have been expunged...
Numerous approaches were debated by the international ad-hoc committee on domain names, but the most profitable to the registrars "won", leading to the current mess. In retrospect, we needed a stringently fair, non-commercial process to make the decision.
--dave
davecb@spamcop.net
com.nytimes.woman.has.big.surprise.when.she.drives.home.in.wrong.car.but.finds.embarrassing.pictures.of.her.husband This of course would use the .husband TLD, parent to the .her subdomain.
Their they're doing there hair.
Some say appending ".com" denotes that it's a web address. Well, Twitter solved similar problems with just one character rather than four: @ for people, # for tags. If we could rewrite history and didn't need to distinguish between government and non-government sites (due to the Internet having grown out of the government), domain names should have adopted a similar magical special character.
Wipe em out. Everyone registers everything top level, boom, done.
How bout reverse-reverse DNS where you get no name at all just a ip address... the Mighty GOOG indexes, you bookmark, thats it.
"Science flies us to the moon. Religion flies us into buildings." - Victor Stenger
.mom What else do you need?
1. Make domain name registrations non-transferable. That would eliminate the parasites who squat on domains.
2. Make a rule that if you have a domain in one TLD, you can't have the same domain in another TLD. That would eliminate corporate squatting of every single variation of a common word or phrase that they want to own.
GCHQ Quantum Insert installed. If only our tongues were made of glass, how much more careful we would be when we speak
I would have a few "international" domains like the existing .int, .eu, and .un, and a country-like domains for organizations that already had country-codes issued to them by the U.N. or a similar organization.
I would then deprecate all other top-level domains like .com, .org, .mil, .edu, etc. and the like, with a decade-long timetable before they are removed. Current registrations would get a free ".com.us," ".org.us," etc. registration during the transition period. After the transition period, .org, .com, etc. would become invalid and the United States would be free to impose the same restrictions on "legacy" .com.us, .org.us, etc. domains as it imposes on "non-legacy" domains in the same namespace. For example, a year from now it might require that non-legacy domains in .us have a bona fide real-world presence in the United States or its possessions, but it could not impose this on "legacy" domains during the transition period.
It would be up to other countries as to how to govern their own namespaces.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
I've done a lot of DNS server work at the code/protocol level, and a lot of serious thinking about the DNS over the years. My take is basically this:
1) The traditional generic TLDs (com/net/org) make a certain amount of sense, especially in the modern world for multi-national interests. Arguably we should be more strict about policies for net (network operators and infrastructure, not random companies) and org (actual non-profit organizations).
2) The ccTLDs also make a ton of sense, keep those.
3) The DNS is meant to be hierarchical. Not just in terms of server lookup hierarchy, but in the sense of informational hierarchy for humans to understand. It's like Area Codes and Country Codes, it has to make sense. .pizza and .pepsi completely break the hierarchy, they're horrible sins committed in the name of the DNS cabal making a quick buck. A lot of people should be tossed in jail for this stupid idea.
4) The protocol and RFCs need serious re-work. I won't repeat all the analysis others have done over the years, except perhaps to point you at DJB's cr.yp.to DNS rants, most of which are valid. CNAMEs, the way PTR was handled, the ridiculously stupid compression scheme - all examples of shoddy design, at least in hindsight. All of the early RFCs and implementors also made the huge mistake of muddling up what should be very separate concepts: First there's the 3-way mixup of: DNS the conceptual distributed database, DNS the protocol, and DNS file formats that are private to server implementations. Then there's also the grand mixup of server roles: local non-recursive cache, recursive cache for a network of private clients, public recursive caches and forwarders, and finally true authoritative servers. It was the fact that BIND was the de-facto implementation and routinely mixed all of these roles by default that lead to the mess, and lead to tons of security problems over the years.
5) Security. DNSSEC, which sadly has a lot of traction now, is a complete joke. A proposal more akin to DJB's DNSCurve would be *much* better. The problem with DNSCurve was that it required really ugly NS-record hostnames in order to seamlessly integrate with the existing broken DNS design as smoothly as possible. A proposal combining DNSCurve's actual security mechanisms with simple KEY records would suffice, but needs backing form the DNS Cabal in the IETF, which are already deeply monetarily entrenched in selling DNSSEC to enterprises and governments.
It's really not hard at all to design a replacement for DNS that's better in every way. I've done it at least 20 times lying in bed dreaming, and a few times in practice with real code just for fun. The problem is that the current system is entrenched and nobody's willing to take on the job of getting everyone switched over to a new system, if it's even possible. You'd need to support both protocols in everything for a period of a decade or two, and nobody wants to because the current system just barely continues to function and offers some really clunky, faulty security in the latest update.
absolutely agree with this. And while they're at it, get rid of the "www" default nomenclature.
That has nothing to do with tld. As a website admin I can point you to _. or www. or ask.slashdot.org or whatever I want. You typed it in so you need to do the unlearning, not the root.
.com for .web?
And this proves the heart of the problem. Users, webmasters, designers, and even web architects can't convince themselves to get rid of www. so how can you expect the whole world to drop
When the foot seeks the place of the head, the line is crossed. Know your place. Keep your place. Be a shoe.
We only need 7 TLDs, we just need to reorganize the web into them accordingly.
One TLD for each of the 7 sins, Greed, Lust, Envy, Pride, etc. Everything fits so nicely.
I would change the order of domains and sub domains in the url.
protocol://tld.domain.subdomain:port/rootfolder/subfolder/document
It just makes more sense. every other part of the URL is in order order of greatest to least significance. If the url was written with an IP address, the entire thing would be in order of greatest to least significance.
Yes, I know that this is not the question asked. But its what I would do.
Agreed. Pretty much any site of any size registers .com, .org, and .net. There's no meaning to the hierarchy anymore, so just flatten it. Instead of registering slashdot.org, slashdot.net, and slashdot.com, just register slashdot.
Or you could open up the top level domain registry, and register '.slashdot' as a TLD. The end result is the same.
Give me Classic Slashdot or give me death!
There's no scalability in the current system. Any one entity can balkanize the internet by tampering with their root servers.
Here's what I suggest, it's expensive, and sounds looney, but it solves the problem:
1 . Put the "root" DNS server on the moon (and thus out of the reach of anyone going to tamper with it without anyone noticing.)
2. All the geosynchronous GPS/glasnost birds are capable of receiving payload data from the 'root' server as they pass by.
3. All devices capable of receiving GPS/glasnost signals recieve their regular GPS data plus a payload that gives them a list of authorative DNS and e911 servers for their timezone/state/country/city/whatever. Devices not capable of receiving GPS data will receive it from DHCP.
4. When a machine makes a request to a two-word domain, eg "official" and "microsoft", it will query the authorative DNS server to tell them the closest geographical server. When machines are registered with the authoriative DNS servers, they are registered with both their IPv4/IPv6 and their Geographic location (eg local, or remote)
5. If a machine is local, then the shortest geographical route is taken to establish a connection. If a machine is remote, then it's handed off to the authorative DNS server that 'is local' to get the shortest route.
So what you have here is similar to this .local is the same as .local if there are not two .'s) local to where you live. So if Microsoft has a CDN node in your local area, you get the content served from the CDN node, and not remote server.
official.microsoft.local (or omission of
official.microsoft.remote, is the non-CDN node.
This version of the DNS system is what I call three-word-system. The first two words are"subject-subject", the last word gets rid of the problem of TLDs, by eliminating all of them. You get stuff like this then:
dominos.pizza.local = your local dominos
dominos.pizza.remote = the main website with a list of all dominos.
Nobody "owns" the first two words, rather they are registered based on geographic locality. So nobody gets just "pizza". If you happen to type just one word, you'd get a disambiguation type of page where the local DNS operator lists the closest *.pizza.local domains. Local jurisdictions have jurisdiction over the .local that covers their area. If people want to not deal with their local DNS operator they're free to change their 'local' to another jurisdiction.
Pretty much the idea of reinventing the DNS requires making it more complicated and integrating Geographic location into it. Forget everything else I mentioned above. The grand failure of DNS right now is that CDN's send me to slow nodes because "Canada is Toronto" or "Google is California" when neither of these are particularly good choices. We can fix it, if we abstract DNS in a way that there are no 'root' nodes to deal with. Right now the DNS system just makes Verisign and registars money hand over fist for doing essentially nothing. This should be moved to the locality. If there is no .local then automatically hit the .remote which behaves like the existing DNS system.
- I would start by removing all country codes - it's the internet, nationality isn't hugely relevant.
- Then add TLDs for each LANGUAGE. Knowing which language a site is in is more useful than where it is, especially with the growing number of non-English websites.
- For each of these, have somewhere between 5 and 10 subdivisions by purpose - no ultra-generic ones. Perhaps .shop (sales websites), .info (tourist , .com (online communities), .news , .xxx, .util (search engines etc) and so on would be suitable. Better names/categories could be found. The categories should be the same for all languages, but named differently so they make sense for the langage in use.
- When someone obtains an address, they get it for all languages. (so if I had google.util.en, I'd also have google.[however .util translates].de, and all other languages]. They must prove that their site fits into the category(ies) in use, so no-one can use .util for a sales-only website.
- To avoid 'buy-every-category-in-case-someone-else-does', no more than one person/company can use the same address. If I have google.util.[lang], no-one else can have google.xxx.[lang], even if it's not in use.
I think that covers it.
As a description of the site type only. .org(anization), .bank, .museum, .store, .com, .mil, .web, . and so on.
No, there will be no country-code TLDs. At all. That is a subdomain use-case. Whoever decided on that should be actually shot. Now we will never recover.
Also, http://TLD.domain.subdomains. A TLD is the most important part for a reason. Small-endian can "&*@ right off.
If a site has a language-description for Nth level sub-domains, it can be applied automatically by detecting the browser settings.
So, you go to a website, http://store.domain/
Oh hey, what's that, you are English? Here you go, http://store.domain.en-en/ (or http://store.domain.tech.en-en/ and so on)
No more messing around with stupid directory nonsense trying to get to the English site, trying to figure out if they used capitals, mixed case or lower, if they used the standard 2-tier method or just lumping all the languages and dialects in to one parent group. Or trying to figure out where the hell the Language section is on the site, and annoyingly find a Flag page that just assumes you speak one of the languages of many that is almost certainly in MOST countries ever! Countries aren't stuck to one language damn it! Stop using flags!
ALL these TLD zones will be enforced! Enforce 1-domain only for 1 site. No multiple domains, even typos, pointing to your main site.
Stupid people shouldn't be the reason for allowing such nonsense. If you typo and end up losing your account, YOUR DAMN FAULT.
If you have separate parts in your company, such as a search side or store side (google), yes, that is enough to warrant multiple TLDs. (note the difference)
Also, add in a few things for personal use, such as home servers and the like.
It is unenforced. TLD could be www. . Ah, the delicious confusion. But it makes sense since www of now is horrible and a free-for-all.
And it would stand for Was Worst WorldWideWeb.
If that "runs out" of space? www1., etc.
IT IS AMILLION DOLLAR IDEA!
Never going to happen. Not until ICANN are dethroned.
Face it, the only way you will likely see this happen is the UN option. ICANN are corrupt now.
As many of you have already seen recently, there is a whole bunch of scare-tactics being used with the UN-controlled DNS.
Nobody will agree to any of those stupid censoring things even if they try to push them. The internet at large certainly won't!
.edu for educational organizations
.com for companies
.org for organizations
.gov for US Federal Gov't
.mil for US military
2-letter TLD using ISO country codes
A clone of Jon Postel to run it all.
Oh, and a firing squad for anyone who tries to add cruft like .info, .name, .pepsi, .microsoft, etc.
Unicode URLs + HTTP v1.2 + 10 year limitation on URL length (ascii URL length limits; allow for transition period.)
Each nation gets a full-name TLD and a long list of aliases in every language including short variations. I will not expect the world to type a nation TLD in a foreign language. Also, it is case insensitive.
Actually, since complications are being ignored, I'd make DNS use @TLD which just means that new URLs would stand out from old ones and email checks will have to grow up. If you want to own screw.canada you'll have to get Canadian approval while now you could do screw.canada.com. The USA would do something stupid (via ICANN) so we'd have domain.com.usa in the best case and domain.anything-for-10-grand.usa.
Nothing that works good can get around government control freaks so just give up on that ever being used by MOST people who are more concerned with performance. Covert systems are just off topic. Now, Iran could make .evil be .usa because they control their internet in their nation already.
Democracy Now! - uncensored, anti-establishment news
Just use the protocol and the path: www/google/adwords. With the right hinting and caching, it doesn't have to be any less efficient than the current system.
Bogtha Bogtha Bogtha
No matter you choose to organize the name space, it won't actually be organized that way unless you enforce the rules. If that means that it costs $1000 to register a new name then so be it. This isn't something that should happen very often. Domain registration should be done with care and thought not processed in bulk.
This didn't start out long. I apologize that it is. If you're easily bored by history I would recommend :)
reading the first and last paragraphs
History:
IP addresses being converted to names has existed for almost 40 years. It started as a file
(hosts.txt) that users all over the ARPANet could download nightly. Usually they all did so at
the same time (midnight, local time) and invariably DDN-NIC (the host with the FTP server
and the file) was overloaded.
In time, it became reasonable to decentralize it. DNS was formed. Paul Mockapetris and many
other intelligent people put great thought into it. DDN-NIC became NIC.DDN.MIL. BRL-AOS
becaome AOS.BRL.MIL and so on. DNS servers became ubiquitous, the DNS root servers
were great, and Rodney Mcdaniel (hostmaster@nic.ddn.mil) and SRI International did a great
job running things.
In time, it became reasonable to decentralize _that_. Many root servers run by many independent .ARPA...) and country-codes were adopted.
companies (like Paul Vixie's ISC) exist all over the world. The DNS hierarchy was detached from
the ARPAnet (except for pointer records... still all in
Now I say 'adopted' because the process of creating a new TLD or gTLD or ccTLD isn't complex.
It's a line in a file. However, the process of getting said line APPROVED by the powers that be
is more complicated.
The ICANN Age:
ICANN was created to [whatever the reason, Karl Auerbach has shown they have clearly gone
outside their mandate and powers] and now they want money. How do you make money when
you're clearly chartered to do ONE THING? You figure out how to create more Blue Sky.
So here we are. The final part of the decentralization. Why final? Because in the beginning
we started with a one-level name: DDN-NIC. Then we went to the hierarchy "tree" model:
nic.ddn.mil. And now, we are finally changing the hierarchy so the root of the tree is the
father to THOUSANDS of TLDs.
You can argue if it's good or bad. I just look at the history... and know the original problem...
and the reason for the solution... and the solution.
My Opinion:
A rooted tree with thousands of children each having thousands of children is an abomination.
I shudder to think that the DNS server (named or djdns or whatever you use) already use
a relatively "large" cache. The size of this cache at a minimum is a function of the structure
of the DNS tree. A 1000x1000 (TLD+SLD) tree already starts at a million entries. Each one
gets at least an SOA record, which is over half a kilobyte. Add in some NS records and maybe
some MXs and now you have 500MBytes+... just to initialize the cache. Icky poo.
I suppose the evil we know (ICANN) is better than the ITU running the Internet and adding
termination charges for packets. Settlement-free-peering, euro-jerks.
FYI I have sold domain names for profit. One previous poster suggests we "prevent" [prohibit?
criminalize?] domain name transfers. Please note that ARIN [another made up body but one
that adds a lot of value unlike ICANN] prohibits IP address transfers, loans, or sales, except
in specific cases of business mergers where the new entity can show it is worthy of the IP
address space. This has not IN ANY WAY diminished the sale, loan, or transfer of IP address
ranges. I regularly get offers for the space I'm responsible for. When there's a buyer and a
seller... there's a market. My point being -- to get back to domain names -- so long as there's
a buyer and a seller, domain names WILL transfer. The simplest example I can think of is to
register each domain name under a new LLC. Sure, it's $7 for the domain name and $20
for the LLC... but you can then sell the LLC to anyone without it being a domain name transfer.
There are other methods.
Conclusion:
ICANN is an abomination and they've done nothing to help the Internet. In every "decision"
they've mana
Simple: enforce it, ignore those who pout, 3 years later you're done. Kinda like nobody had problems from typing nothing whatsoever to typing "www" or "com" when that was required to visit a website.
But you're right when it comes to www, it is the responsibility of webmasters to get rid of it.
The latter interests me: I'd love to read clueful arguments *for* the www prefix. Never saw any so far, and plenty of sites seem to have no use for it. And I don't just meant URL shorteners*.
It's like an appendix, like dead code... sure, you can leave useless stuff there, and everything still works fine. But you can also *remove* that appendix, shave your eyebrows, cut off your ears and become the fastest swimmer the world has ever seen! Just saying.
* you know, the ones that are supposed to be "more readable" for everyone and their dog's grandma, where the www prefix never even was considered? Weird, huh.
Don't you just hate it when solutions are simple. Just get rid of all the root servers. Let anyone with enough DNS brains run their own root server. Let there be a free market for which root server is used. ISPs will provide a default root server to their customers, who can simply just change to another if they wish.
Oh, I hear a complaint already ... it will fragment the internet. But that's the whole idea. It keeps the UN and governments from taking over.
now we need to go OSS in diesel cars
I've always supported both. Easy to set up on the DNS server, as it is just a list there, and I believe different prefixes can be directed to different ports, as well (and you can redirect at the router, so it is a way to proxy).
I still don't really like TLDs... they should be optional and then ditch .com and make it the default, but that is what most browsers do already, so if you just type slashdot into your browser, you go to www.slashdot.com, which redirects to slashdot.org.
1 if you register %base%.com then you automatically get a "soft register" for .net and .org (and the same for every combo thereof with any adjustments needed for nonUS entities). If later on somebody wants a domain that is soft registered they can If they also setup someway to redirect traffic to the other(s) in the set.
2 When you create some sort of entity (business or social) if your entity name is NOT already registered then you get priority for that domain AND IF IT IS REGISTERED YOU CAN BUY THE DOMAIN AT THE REGISTRARS COST.
3 anyone found registering "spoof" domains or otherwise trying to do a domain attack should be banned from registering any domains (and lose any domains they currently have).
Any person using FTFY or editing my postings agrees to a US$50.00 charge
I think we fall into a design trap here, assuming that there is a fixed entity, called "Domain Name System," that must be preserved as a special entity, but can be modified.
Leave DNS as it is alone. Explore other services that may provide some or all of the utility that we now get from DNS.
DNS was designed to provide at least 2 different utilities:
The bundling of these two utilities in one system was controversial at the time, but it was easy to implement, and the problems with the bundling did not emerge until much later.
The first utility is important because IP numbers need to be assigned for efficient routing tables, and may be changed due to changes in network topology. Also, agents associated with particular names may need to move to different hosts. Domain names provide long-lived identifiers that can be reassigned to different IP numbers as needed. This use of DNS requires some global co-ordination, since the provider of the identifier->IP number binding is a different agent from the one who needs to look up the binding.
The second utility is important for efficient interaction with human users. It has lots of variations, some of which may be addressed on individual users' hosts, others of which are more global. The obvious use for a global co-ordination is to allow different agents to communicate the mnemonics. Bookmarks, local DNS servers, and search services (Google, Yahoo, ...) provide variations of this service.
A large part of the trouble with DNS today is a conflict between the two uses. Competition for global mnemonic names raises the cost of permanent identifiers, and degrades their permanence when different agents win the competition at different times.
So, without doing anything to dismantle the current DNS, we should experiment with separate services that might provide some or all of the utility of DNS in other ways: particularly with different bundling. For mnemonic reference in Web browsing, Google has already essentially replaced DNS for me (yes, I know that most Google searches resolve to domain names, but they can also resolve to IP numbers, and a few do so; and in any case I do not depend on the mnemonic quality of the domain name). For mnemonic reference in email, my private address book has essentially replaced DNS (again, it usually resolves to domain names, but it doesn't have to).
The obvious missing element is a service providing permanent identifiers without the competition for particular mnemonics. A natural thing to try (suggested in a previous post, and in other forums over the years) is hashed public keys, since they prevent fishing for mnemonic identifiers. A system of identifiers based on hashed public keys, resolving to IP numbers, could also be part of the infrastructure for public key cryptography, suggesting a different bundling from the one in current DNS. There could be a quick and relatively easy implementation resolving hashed public keys using the current DNS software (but separate servers), with some additional scripting to allow automated registration. The registrant/resolver would make no effort whatsoever to vet the identity of the registrant, leaving that service to others when it is desired.
Mike O'Donnell http://people.cs.uchicago.edu/~odonnell/
There's lots of stuff connected to the internet that isn't HTTP. The www nomenclature makes sense in that respect. And there's absolutely nothing stopping a system admin from also making domain.com point to a web server - in fact, doing so is pretty common these days.
If you want to own screw.canada you'll have to get Canadian approval while now you could do screw.canada.com.
I'd reverse the syntax order so that it makes more sense to the average joe. Most people will understand biggest -> smallest domain ordering much better, e.g. Canada.Org.Fuckem.
This might make it easier for the non-techie to spot spoofed emails which in turn vastly makes everyone's life better. Less $ return on Spam == less spam.
HA! I just wasted some of your bandwidth with a frivolous sig!
As a US citizen, it's easy to say "what's wrong with leaving them as they were before all the info biz and other crap?" .com .net .org .gov .edu .mil .CountryCode
but in reality, that is rather US-centric seeing as how .gov really means .gov.us
So, why not make .com into .co.us and .org into .org.us and so-on and remove all non country code TLDs.
If Tuvalu wants to be clever with ".tv" great! let them, but since so many countries want to exert local laws over interwebz, just say " this site is foo.us, so it's under US law, this one is foo.uk, so it's governed by UK law and so-on.
It seems to me this would clear up some of the jurisdiction wars between "so and so is registered in country x, but has servers in country y but is a business entity/citizen of Z"
It would really only work if IP addresses were allocated in blocks that matched the countries so geolocation would at least be accurate to that level.
I know it would probably impractical to implement... you can't really tell someone who has had foo.com for ages that they are now foo.co.us. However, I bet you could stop anyone new from getting .com addresses and even stop allowing renewals and transfers, thus emptying out .com, et al. by attrition.
Just speculating here.
The Digital Sorceress
Seeing how com, net and org all lost their meanings in the end, I think we'd be better off with just one general TLD and country specific TLDs to be run as each country wishes. Possible exception for some sort of "trusted" TLD as well, to be issued only to certified organizations.
Website Just Down For Me? Find out
The latter interests me: I'd love to read clueful arguments *for* the www prefix. Never saw any so far, and plenty of sites seem to have no use for it.
It's not a "prefix", it's a host name (essentially). If you grew up before HTTP became the transport and browsers did everything, you'd remember names like "ftp.foo.com" and using programs other than a web browser to get information.
Even now, you see things like "secure.foo.com", "store.foo.com", and "support.foo.com", so I think having "www" as a separate host name makes a lot of sense, even if an HTTP request for "foo.com" redirects there.
I'd suggest one for .antwerp and the rest is parking space ;)
--- I am known for the ones who want to find me on the net. Is that a privacy risk or a privilege? One might wonder..
1. Change the URL spec to something like "Protocol:(port)//Top.domain.subdomain....) so "http://shashdot.org" would be "http://org.slashdot" or if you used a nonstandard port it would be "http:8080//org.slashdot" and if you owned org.slashdot you would be free to make as many sub domains as would fit in a URL.
2. Make URL's Unicode strings so they are usable across as many languages as possible.
3. Fix the DNS protocol to include some way to validate that the information you get actually comes from the registered owner of the domain in question. Also provide a means to flush the domain table cache before the TTL expires, by making servers that cache register with the source.
4. Assign standard TLD's (say for each country) to local authorities. Additional top level domains (say "slashdot") are allowed as well, but in order to be available as a domain the local authority must allow it (and can possibly require local payment for local access.)
"File to fit, pound to insert, paint to match" - Aircraft Maintenance 101
Country code TLDs are a symptom, not a feature. They come about because local governments want to exert their own control over some aspect of the internet, but really the whole point of the internet is to transcend borders and unite people in a single global network, even if that is a threat to entrenched interests.
Excellent way of saying that ccTLDs are harmful to a philosophy of a global information-carrying network that should transcend national and cultural borders. Using ccTLDs geo-politically bias the domain name. And really, a "domain name" is just a name so you can find a number.
I know how it works. Thanks for not even trying, while lecturing me on some the utter basics just because I said "prefix". Gah.
Uhm what? secure.foo.com and store.foo.com also respond to HTTP(S) requests, right? So wouldn't www.store.foo.com make sense? You know, as opposed to the mail server living at mail.foo.com or whatever? And why do we see www.domain.com, and then forums.domain.com, and *not ever* www.forums.domain.com?
In practice, any hostname can be anything. We differentiate by the protocol and port, and http://mail.foo.com/ doesn't do mail stuff just because it has that hostname. So If you're going to said it makes a lot of sense, you'll have to offer at least one valid argument, instead of just patronizing a strawman. I think you're just flattering yourself -- it makes zero sense, but you agree with it, so you need to fix the problem the cheapest way you can.
whoops, fixed.
Slashdot requires you to wait between each successful posting of a comment to allow everyone a fair chance at posting a comment. It's been 1 minute since you last successfully posted a comment
I would limit the TLDs to .slash, .dot, .dotdot, .slashdot, .slashslash, and .dotslash.
__
Men with no respect for life must never be allowed to control the ultimate instruments of death.
GW Bu
If I could redesign the tld hierarchy, I'd put .yu and .me together.
And absolutely zero return visitors when you have to change ISPs or even servers w/ a different IP address!
Slashdot Valentines Beta Massacre: iT WORKED! The boycotts killed Beta!!
I would do a re-design by building a team that consists primarily not of geeks and tech people. They have a place, but there are psychological, political, economical, mathematical (game and decision theory) and linguistic issues here that are a lot more important than the implementation details.
We geeks have a sad tendency to ignore non-technical parts of a given problem. Our solutions are often brilliant, but lack acceptance because they are only brilliant in a technical sense.
Assorted stuff I do sometimes: Lemuria.org
I'd kick it old school, beyatches:
Limit the entire internet to: .soc, .rec, .comp, .humanities, .news, .sci, .talk, and .misc
If you can't fit the Internet into Usenet, you just trim off the edges and delete what hangs over the edge.
If this were Usenet, I'd killfile the lot of you.
Have .com and .org and one for each country on the planet.
Having more is not going to help any company, on the contrary, it just confuses people even more.
If Google really cared they would fix Android Chrome to reflow text, instead of discriminating
Number one thing I'd do, allow you to specify your own DNS root. You could start with a default system like now, but you could specify a system (by IP or hostname) as a different, independent root for small subdomains - maybe for testing, maybe because you don't want to shell out for hundreds of related domains, some which might have been taken already, maybe to get around censorship. I'll give examples.
Syntax option A: Bring back bang paths! "dns.antioppression.org!sheepstore.tibet" would indicate you want to use a DNS server at "dns.antioppression.org" to resolve "sheepstore.tibet". Note that ".tibet" isn't an official TLD - who cares? If you run "dns.antioppression.org" you can decide to use whatever you want for a domain. You could also chain DNSes, as well as using IP addresses: "12.34.56.78!our.dns!good.tokes.mj" would use a DNS that doesn't have a registered name to look up another, to look up a third host.
Syntax option B: "cloud.243(cloudproject)(technohost.com)" would indicate "technohost.com" is the DNS for the firm that you're buying server space on, "cloudproject" is your project DNS, and "cloud.243" is one of a thousand or so hosts that you want the world at large to be able to look up.
I like this idea because it gets rid of the single chokepoint being used these days for internet censorship, as well as excessive trademark enforcement. The downside is it opens up more opportunities for phishing or fraud. However, since the DNS lookup chain is visible, you can judge the reliability of the result based on how much you trust the intermediate systems.
After that, there's virtually no limit to how to name hosts, domains, subdomains, and whatever else you want to, since everyone can have their own DNS to play around with.
Agreed. Pretty much any site of any size registers .com, .org, and .net. There's no meaning to the hierarchy anymore, so just flatten it. Instead of registering slashdot.org, slashdot.net, and slashdot.com, just register slashdot.
I can't believe this is getting any traction. There is a hierarchy that makes sense, but people aren't using it right, so let's drop it? How about we use it to solve the problem?
In addition, all this stuff should be under .us and the only TLD's allowed should be the 2 letter ISO country codes. This would quickly kill all the international drama about ICANN and the TLD talks. /etc/resolv.conf).
Want to allow any TLD - do it UNDER a TLD. If you really want, you can have your local DNS server default to appending that TLD (or use
IMO, the "problem" with .com, .net, .org, .name, .biz, etc etc is that they're TLD's... so everyone wants in that game, and they've kept them open to all for the profits. Change the rule to only allow new registrations under the country code TLD, and make the .com.us and .org.us etc like every other country, or allow the us to pollute it with slashdot.us and such.... but leave the top alone.
I'm quite irritated they're selling out the TLD's. Doesn't the pricing alone raise some red flags for all those supporters? You're not going to get your own domain in there... it's too expensive. That expense is actually purposeful too... rather than a very small DB of TLD's under the root that point to other servers, it's going to bloat up with many more. That's not making the system better... there's still gotta be a root, and now it's growing substantially, and you're not invited unless you've got boatloads of cash.
There's no end user benefit to "https://coke" over "https://coke.com" either. The browsers solved that ages ago (automatically append .com and try it). ".com" should just be tightened down to be only commercial entities. If all the tld's were as strict as .org used to be, or as .xxx is now, we probably wouldn't be in this situation. (and yes, I'd still suggest those move to .com.us, .org.us, and .xxx.us, etc).
.notporn
It will be interesting to see which gets more traffic.
"Seven Deadly Sins? I thought it was a to-do list!"
Around the time they let commercial traffic on the Internet, they should have
1. Require a business license for a .com .org. .bank with SSL required to process financial transactions. .anon for anonymous speech
2. Requite a tax-exempt ID (501xxx) for
3. Had a tightly regulated
4. Have a
Competition Good, Monopoly Bad.
There are probably valid reasons for not doing this, but it always seemed to me that ip addresses should be defined by physical location. Obviously there is still a need for roaming ip addresses, but what if, under ip6, a block was defined that specified ip via gps coordinates to the best resolution possible with the numbers within the block.
DNS is just a 1 to 1 lookup between name and ip address, so I don't think that would change much except you could do things like Name->GPS->IP.
Comments welcome. Am I totally out to lunch with this idea?
Great, more lock-in! Now your hosting provider or ISP has got you by the balls, because if you move you lose all the links, bookmarks, etc that point to your website.
Dilbert RSS feed
One for every "official" service being offered through TCP. http://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers
Microsoft.ftp/
Microsoft.ssh/
Microsoft.http/
The last one will confuse you because you're used to identifying the http service with the www name.
NOTE: I would not replace the protocol requested nor the actual port used with this naming. So http://microsoft.ftp:22/ would still be valid. I'm simply suggesting that we pull the list of possible TLDs from the IANA.
Here are the benefits I see: .ly, etc .http presumably) .http (the way they assume www and com currently) .com in today's world)
- prevent overhead to the naming authority from having to identify if you're a non-com, pr0n, within the region of
- still allow the Marketing department to publish a sole destination for all things Microsoft (at
- allow web browsers to assist users by assuming
- allow small entities the ability to provide all services while only needing 1 domain (see my note above; if http is your machine, you could still provide SSH over port 22)
- allow international entities to provide region specific resources using subdomians while maintaining the implied authority of the common domain. (Example: UK.Microsoft.http - a user knows its the *real* MS site because they've been trained by Marketing that "http" makes you valid; think
Create a distributed hash database. It would be full of records. Each record is signed by a public key. Each record contains all the information currently distributed by DNS (e.g. mail aliases, machine names, ip addresses, etc.).
The records are indexed multiply by public key, key fingerprint, and arbitrary text (DNS names and search key phrases, up to some limit like 25 or 100).
Any improperly signed record is simply discarded.
Duplicate entries from different sources are the users problem to disambiguate. Normal users woudl see a "387 people claim to be McDonalds... Do you have a preference?" Real businesses would have QR codes etc on their stuff to give real people real seeds for communications. Businesses could offer real referrals by recommending keys for peers etc in their information blocks. Browsers etc. would collect up good keys as users used them so that the names would naturally disambiguate as you used them.
Real institutions wishing to do real business with "me" give me a key fingerprint or public key data on business cards and purchased materials. Sites wishing to be secure publish all their sites with signed data streams. For secure conversations both parties always start a conversation by sending their public keys for encryption as a matter of course.
Real embedded links would be by key fingerprint instead of name (or key fingerprint for accuracy and name added for legacy if they were careful).
Benefits: key space is infinitely large. Each spamming liar would need to generate a key for each lie or group their lies into easy to identify bundles. Nobody -could- "own" a search word or top-level domain. People would grow to consider names in information space to be just as vague as names in regular space (how many John(s) and Timmy(s) are there in real life?) so the problems of ambiguity would be severed by the same meat-space logic that lets us know "you're from texas! do you know Bob?" is a bad question.
Drawbacks: the internet is just as dangerous a place to place your trust in strangers as any streetcorner in the world, and people would have to "get that".
ASIDE: This system, or something like it, is inevetable. As dark-nets form and courts/governments try to exert top-down control someone somewhere will be forced to extend BitTorrent into this kind of thing. Might as well just jump in front of the train and implement it. No corporation or government is going to -like- and therefore pay for this effort, but it will happen at some level despite that.
Innocent people shouldn't be forced to pay for inferior software development.
--"Code Complete" Microsoft Press
If it weren't obvious, the limit on lying and spamming is imposed because a person claiming to be McDonalds would have to back up their lie with a site that initiated conversation by using the same key as the lie record in its very first response, and it would normally have to be decrypting the incomming data for the request using the correct key. Farming would therefore require non-trivial resources. It wouldn't stop it, but it would have limits.
Since any link from a legitimate site to another legitimate site would be by key fingerprint in the actual link that nobody normally inspects, once you were inside a web-of-trust the system is transparent. E.g. following from your bank to your bill payment system (etc) is natural and normally certian.
Regular text names would always be untrusted and big numbers would be trusted so the font tricks would never work as a misdirect.
Once you knew a key was bad you would know it was bad for all the sites it serves.
Communications would fail if someone tries man-in-the-middle if your first request is to send your public key to their site encrypted by the public key from the naming system cache record. So when Alice uses her phone app to scan Bob's QR code key/fingerprint she will only initiate conversation with Bob using that key. Eve would need Bob's secret key to decrypt Alice's initial request in order to be able to send back any response to Alice that is alegedly from Bob. Alice will always be able to detect Eve if she is pretending to be Bob without his key.
Only Bob can sign Bob's info block, so even though it contains his public key, it cannot be altered by Eve.
I know that digital signing is suseptable to arbitrary padding attacks where Eve could add information to Bob's record and potentially vouche for other keys etc, but limits on the size and structure of a record shoudl be able to make this practically impossible. That is, if the contents of the record can not be "Arbitrary" and the length is reasonably constrained, then for some record composition rule R, any valid record X there shoudl be no other valid record Y with the same signature. Better cryptologists than I would have to prove or disprove that the eventaully chosen rule R.
The system -assumes- poisioning and is therefore almost unblockable.
Public goods (for good or ill) could be offered in parallel without any need for collusion. (e.g. everybody could offer up a mirror of the U.S. Constitution, the Chineese News of the Day, or The Pirate Bay just by ammending their own record and repbulishing it.)
Most search terms woudln't need to go through a "search engine" at all.
Innocent people shouldn't be forced to pay for inferior software development.
--"Code Complete" Microsoft Press
In a perfect world, DNS would not have been setup in such a way that everyone would be using the same one. Here is my proposal to god so he can go back and change history.
ICANN makes one tld, I don't care the name, perhaps .icann. They become the dominant system and everyone has them setup as the default. They may have com.icann, net.icann, etc. However, this is not necessary.
I then decide ICANN is doing something stupid. They are handling it all wrong and I can do better. I decide to make .edu which will be so much better than .edu.icann. It is EASY and normal to install another TLD from another company.
ICANN is very US centric and follows US laws. China decides they want to control DNS... fine. All they need to do is make there own and then mandate that computers sold in the country use it. I disagree with this... but it would not affect the rest of the internet.
I use google very often. Google has a tld. I install it and I can now can go to maps.google instead of maps.google.icann.
US blocks the pirate bay dns. Good thing I have .pirate tld installed. And if I didn't, I could look up the dns info on some central hub.
What about conflicts? How do we handle ports? Name conflicts would happen occasionally, people would need to be smart enough to ignore them.
How can you trust tlds? You get them from official websites. You assign trust as necessary. People tend to trust a couple big ones because everyone uses them.
Smart people will add dns info to the links they post. For example dns-FFFFFFFF://http://google.icann. In this case, the dns master IP is included in the link (as a hex string). Because of fishing attempts, a browser will point out with a glaring error message (ssl like) that something is horribly wrong if one of your known TLDs has a different dns hex. People will use bookmarks or add the TLD if they so choose.
This is in my opinion of the perfect system. Decentralized and left in the user's hands. Some may think I give users too much credit, but the end result would be a couple big guys and a common idea that you only accept tlds from big companies. Centralization would naturally occur, but it would not be forced.
-- Stephen
There's a couple things I'd do. First, move gTLDs like .gov and .mil under .us. That's one. Then, .edu needs to be truly world-wide, or be moved under .us also. Same with the other gTLDs, as much of what's in them really shouldn't be. This should clean things up a wee bit. Not sure how I'd get the market to comply, but we'll figure something out.
Then, kill off ICANN, and move the remaining gTLDs and the ccTLD administration to a truly international and independent organisation, in fact so independent that it is its own sovereign country, albeit a virtual one. Then engage in "extradition treaties" with all the other countries for those gTLD domains that countries take an interest in.
This should limit travesties like kentucky or ohio judges snatching domains from owners that are outside of their jurisdiction and do business outside of their jurisdiction by simple dint of ICANN and verisign being american. Even FBI 'internet vigilance' is was only so-so on the funny scale the first time. When they got outright bought by corrupt industry organisations and swooped in on a German in New Zealand, making the despicable git an instant martyr, it should have become clear to everyone else that this isn't how justice should work. So checks and balances are called for. And in the international arena that sort of thing has to come with sovereignty, or it simply won't work.
The technical alternative would be to build something without one administrative root, but so far that's been a tad too problematic to be practical. And even if it would be practical, you'd have to watch for parties playing foul, like, oh, those behind stuxnet. See a pattern here? I do. So let's solve this on the administrative level, which in international waters means, again, be your own country.
It's only a hierarchy because a long time a ago when the hosts.txt file got too big Paul M figured out a way to slide it up to balance the storage and computational power. Brian R got Paul V to take the Berkely B-Tree code into a professional product. Jon P asked the same question on the MSGGROUP mailing list and there was no agreement so he made up the com/net/org convention.
We don't need the hierarchy any more...
There's no inherant reason bad.shit.com needs be any relation to good.shit.com. Arguably it's just not worked out that one guy gets shit.com and some guy gets com, if each name were discrete it reduces or elimiates a bunch of problems.
as for actual transport:
DHT - The Network is the Registry....with 480-bit Keys ....
PUT(KEY,DATA,TIME)
GET(KEY)
Simon Higgs made what I thought was the best first approximation of a sensible tld-space if you wanted to stay in that model. God knows why you'd want to though, it got us going but it's really been nothing but trouble.
http://tools.ietf.org/html/draft-higgs-tld-cat-02 He worked on this with Jon.
Need Mercedes parts ?
The old JANET acedemic not-quite-internet in the UK used to do exactly this. JANET was bridged to the public internet, so our domain at university was st-and.ac.uk on the public internet or uk.ac.st-and on JANET.
Unfortunately we had a subdomain for comp sci, cs.st-and.ac.uk. The heuristics that tried to decide whether a given domain was JANET or internet used to get horribly confused by this, and would frequently try to resolve against the Czechoslovakian DNS servers.
If I were emperor, I'd promote all second-level .com's to top level, except where there were clashes. So example.com becomes example. (But uk.com doesn't become uk, because that would clash with an existing top-level domain.) The existing .com domain would continue to exist, so typing "example.com" would still work.
But this scheme would, of course, not net ICANN millions of dollars.
Is who you are more important or is where you are?
From a routing perspective no, the domain matters more.
From a user perspective? most likely who they are matters more.
I am agnostic on the position of identity.
I just don't have a compelling argument either way at the moment.
Yup, same in Canada. I used them because they were such a bizarre case (:-))
--dave
davecb@spamcop.net
Because then the cookies for example.com wouldn't also be sent to www.example.com too, right? Thanks! I never thought of that.
Do you have an "international" phone number, a country-specific phone number, or multiple phone numbers, one in each country you do business in?
I suspect you have multiple phone numbers, each one issued under the laws in effect for the country that hosts the phone number.
Phone numbers in the United States start with the country code "1," why shouldn't domains end with ".us"?
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
The browsers solved that ages ago (automatically append .com and try it).
I was most relieved to find that my browser does not do that.
What moral right (beyond the moral right to assist in toppling governments that may exist in a given situation, e.g. a despotic regime) do I have to tell some other country's government that they have no legal right to control Internet usage of their citizens, and/or control the use of the country-code assigned to them?
Remember, under the scheme I envision, I'm basically reducing the United States from having many "country codes" to just one - ".us."
As long as a given top-level domain (.com, .org, etc.) is controlled by an entity subject to United States Law, it's customers are basically on a United States domain.
Limit each country to one and be done with it, with special exemptions for UN- domains like .int and technical domains like .arpa.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.