Slashdot Mirror
How Would You Redesign the TLD Hierarchy?
First time accepted submitter at.drinian writes "Last week, we heard about the many applications for new top-level domains that have been put forth by various businesses and organizations. ICANN, of course, has come under heavy criticism for its process. If you didn't have the accumulated baggage of 30 years of DNS, how would you redesign things? .public and .private TLDs only? No TLD control? Country-level domains?"
I wouldn't
AOL Keywords, obviously.
One TLD for each country to do what they like with plus something like NameCoin but with way higher costs for registering domains under some anarchy TLD.
Throw in a TLD for companies over some big size and another for non-profits over a certain size.
The top level should be managed by some international body and be operationally independently of all governments.
Each country should run a DNS service for the top level which should be globally accessible.
I would drop the whole TLD concept in a heartbeat. It just adds one more thing to remember that means very little anymore, and opens people up to confusion (wait, Whitehouse.com is a porn site!?!).
Seriously, what does it accomplish? The categories are so broad that they're nearly useless as an organizing tool, especially since many companies buy up the "lesser" TLDs for their domain just to prevent confusion. People don't organize domain names in a hierarchy like they did with Usenet groups, so appending a category label to each seems rather silly.
Country code TLDs are a symptom, not a feature. They come about because local governments want to exert their own control over some aspect of the internet, but really the whole point of the internet is to transcend borders and unite people in a single global network, even if that is a threat to entrenched interests.
I read the internet for the articles.
My OCD says it should be http://org.slashdot.ask/story...
Or is that not what you meant?
How can I believe you when you tell me what I don't want to hear?
That is : the problem of finding a device (say: server, virtual server, coffee maker, whatever) without having to enter an arbitrary number of digits.
DNS is essentially context-free and centralized.
I would make an OS a lot less dependent on DNS actually functioning, require such a service to be secure (but oh, how to manage the keys?) and make it easier to plug in local address books of references, and easier to transfer such between computers. (perhaps something like zeroconf)
The counter trick is how to keep this from being hijacked to any great degree. Minimize harm.
Expunge all "field of interest" TLDs like .com, .gov, .net, .pr0n, and all the recent spammy TLDs
TLD by legal jurisdiction the domain is registered under. Country codes only, I suppose.
Underneath the country codes its fair game for each NIC.
I would "strongly encourage" the country NICs to not screw around with social engineering goals.
I would suspect you'd end up with multi-national corps registering a zillion domains in each country they buy or sell. So what. Cost of doing business.
I would only have a couple non-UN recognized as country domain names, for example, ".un" seems like a nice place to put the UN and maybe root DNS operators should have a .root TLD solely to host their own coordination related stuff.
"Science flies us to the moon. Religion flies us into buildings." - Victor Stenger
I'd rather type in www.blah or ftp.blah instead of having to remember if it's blah.com, blah.co.uk etc. .net, .org or .com domains. .gov/.edu seem to still have integrity, yet it's generally obvious what such an institution is given its name.
The TLD indicating if the site is commercial, organization or a network stopped being accurate once they allowed anyone to get
Country-code TLDs have been subverted, with sites like bit.ly using other country's TLDs than the country they're based out of.
The main reason for TLDs to exist is so that different organizations around the world can manage their own little slice of the DNS system. Considering how much this is being abused (or about to be) with governments mandating DNS blocks, this suggests a peer-to-peer solution would be superior, or something managed by a central authority not beholden to any government which has the health of the internet as its primary concern (like the EFF).
Corruption is convincing someone that the selfless ideal is the same as their selfish ideal.
One of the best approaches was to create a TLD for each of the major categories one can get a trademark in. For example, airlines, shipping lines, etc. Then one could have Olympic.Airlines, Olympic.Shipping and so on, without the current problems of the Olympic Organizing Committee getting all the "Olympic"s in the world.
One of my papers on the subject was D. Collier-Brown, On Experimental Top Level Domains, Rev 0, Internet Draft, draft-collier-brown-itld-exper-00.txt, Sept 1996, which may still be findable. Much of the other work seems to have been expunged...
Numerous approaches were debated by the international ad-hoc committee on domain names, but the most profitable to the registrars "won", leading to the current mess. In retrospect, we needed a stringently fair, non-commercial process to make the decision.
--dave
davecb@spamcop.net
Some say appending ".com" denotes that it's a web address. Well, Twitter solved similar problems with just one character rather than four: @ for people, # for tags. If we could rewrite history and didn't need to distinguish between government and non-government sites (due to the Internet having grown out of the government), domain names should have adopted a similar magical special character.
.mom What else do you need?
1. Make domain name registrations non-transferable. That would eliminate the parasites who squat on domains.
2. Make a rule that if you have a domain in one TLD, you can't have the same domain in another TLD. That would eliminate corporate squatting of every single variation of a common word or phrase that they want to own.
GCHQ Quantum Insert installed. If only our tongues were made of glass, how much more careful we would be when we speak
I would have a few "international" domains like the existing .int, .eu, and .un, and a country-like domains for organizations that already had country-codes issued to them by the U.N. or a similar organization.
I would then deprecate all other top-level domains like .com, .org, .mil, .edu, etc. and the like, with a decade-long timetable before they are removed. Current registrations would get a free ".com.us," ".org.us," etc. registration during the transition period. After the transition period, .org, .com, etc. would become invalid and the United States would be free to impose the same restrictions on "legacy" .com.us, .org.us, etc. domains as it imposes on "non-legacy" domains in the same namespace. For example, a year from now it might require that non-legacy domains in .us have a bona fide real-world presence in the United States or its possessions, but it could not impose this on "legacy" domains during the transition period.
It would be up to other countries as to how to govern their own namespaces.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
I've done a lot of DNS server work at the code/protocol level, and a lot of serious thinking about the DNS over the years. My take is basically this:
1) The traditional generic TLDs (com/net/org) make a certain amount of sense, especially in the modern world for multi-national interests. Arguably we should be more strict about policies for net (network operators and infrastructure, not random companies) and org (actual non-profit organizations).
2) The ccTLDs also make a ton of sense, keep those.
3) The DNS is meant to be hierarchical. Not just in terms of server lookup hierarchy, but in the sense of informational hierarchy for humans to understand. It's like Area Codes and Country Codes, it has to make sense. .pizza and .pepsi completely break the hierarchy, they're horrible sins committed in the name of the DNS cabal making a quick buck. A lot of people should be tossed in jail for this stupid idea.
4) The protocol and RFCs need serious re-work. I won't repeat all the analysis others have done over the years, except perhaps to point you at DJB's cr.yp.to DNS rants, most of which are valid. CNAMEs, the way PTR was handled, the ridiculously stupid compression scheme - all examples of shoddy design, at least in hindsight. All of the early RFCs and implementors also made the huge mistake of muddling up what should be very separate concepts: First there's the 3-way mixup of: DNS the conceptual distributed database, DNS the protocol, and DNS file formats that are private to server implementations. Then there's also the grand mixup of server roles: local non-recursive cache, recursive cache for a network of private clients, public recursive caches and forwarders, and finally true authoritative servers. It was the fact that BIND was the de-facto implementation and routinely mixed all of these roles by default that lead to the mess, and lead to tons of security problems over the years.
5) Security. DNSSEC, which sadly has a lot of traction now, is a complete joke. A proposal more akin to DJB's DNSCurve would be *much* better. The problem with DNSCurve was that it required really ugly NS-record hostnames in order to seamlessly integrate with the existing broken DNS design as smoothly as possible. A proposal combining DNSCurve's actual security mechanisms with simple KEY records would suffice, but needs backing form the DNS Cabal in the IETF, which are already deeply monetarily entrenched in selling DNSSEC to enterprises and governments.
It's really not hard at all to design a replacement for DNS that's better in every way. I've done it at least 20 times lying in bed dreaming, and a few times in practice with real code just for fun. The problem is that the current system is entrenched and nobody's willing to take on the job of getting everyone switched over to a new system, if it's even possible. You'd need to support both protocols in everything for a period of a decade or two, and nobody wants to because the current system just barely continues to function and offers some really clunky, faulty security in the latest update.
I would change the order of domains and sub domains in the url.
protocol://tld.domain.subdomain:port/rootfolder/subfolder/document
It just makes more sense. every other part of the URL is in order order of greatest to least significance. If the url was written with an IP address, the entire thing would be in order of greatest to least significance.
Yes, I know that this is not the question asked. But its what I would do.
.edu for educational organizations
.com for companies
.org for organizations
.gov for US Federal Gov't
.mil for US military
2-letter TLD using ISO country codes
A clone of Jon Postel to run it all.
Oh, and a firing squad for anyone who tries to add cruft like .info, .name, .pepsi, .microsoft, etc.
This didn't start out long. I apologize that it is. If you're easily bored by history I would recommend :)
reading the first and last paragraphs
History:
IP addresses being converted to names has existed for almost 40 years. It started as a file
(hosts.txt) that users all over the ARPANet could download nightly. Usually they all did so at
the same time (midnight, local time) and invariably DDN-NIC (the host with the FTP server
and the file) was overloaded.
In time, it became reasonable to decentralize it. DNS was formed. Paul Mockapetris and many
other intelligent people put great thought into it. DDN-NIC became NIC.DDN.MIL. BRL-AOS
becaome AOS.BRL.MIL and so on. DNS servers became ubiquitous, the DNS root servers
were great, and Rodney Mcdaniel (hostmaster@nic.ddn.mil) and SRI International did a great
job running things.
In time, it became reasonable to decentralize _that_. Many root servers run by many independent .ARPA...) and country-codes were adopted.
companies (like Paul Vixie's ISC) exist all over the world. The DNS hierarchy was detached from
the ARPAnet (except for pointer records... still all in
Now I say 'adopted' because the process of creating a new TLD or gTLD or ccTLD isn't complex.
It's a line in a file. However, the process of getting said line APPROVED by the powers that be
is more complicated.
The ICANN Age:
ICANN was created to [whatever the reason, Karl Auerbach has shown they have clearly gone
outside their mandate and powers] and now they want money. How do you make money when
you're clearly chartered to do ONE THING? You figure out how to create more Blue Sky.
So here we are. The final part of the decentralization. Why final? Because in the beginning
we started with a one-level name: DDN-NIC. Then we went to the hierarchy "tree" model:
nic.ddn.mil. And now, we are finally changing the hierarchy so the root of the tree is the
father to THOUSANDS of TLDs.
You can argue if it's good or bad. I just look at the history... and know the original problem...
and the reason for the solution... and the solution.
My Opinion:
A rooted tree with thousands of children each having thousands of children is an abomination.
I shudder to think that the DNS server (named or djdns or whatever you use) already use
a relatively "large" cache. The size of this cache at a minimum is a function of the structure
of the DNS tree. A 1000x1000 (TLD+SLD) tree already starts at a million entries. Each one
gets at least an SOA record, which is over half a kilobyte. Add in some NS records and maybe
some MXs and now you have 500MBytes+... just to initialize the cache. Icky poo.
I suppose the evil we know (ICANN) is better than the ITU running the Internet and adding
termination charges for packets. Settlement-free-peering, euro-jerks.
FYI I have sold domain names for profit. One previous poster suggests we "prevent" [prohibit?
criminalize?] domain name transfers. Please note that ARIN [another made up body but one
that adds a lot of value unlike ICANN] prohibits IP address transfers, loans, or sales, except
in specific cases of business mergers where the new entity can show it is worthy of the IP
address space. This has not IN ANY WAY diminished the sale, loan, or transfer of IP address
ranges. I regularly get offers for the space I'm responsible for. When there's a buyer and a
seller... there's a market. My point being -- to get back to domain names -- so long as there's
a buyer and a seller, domain names WILL transfer. The simplest example I can think of is to
register each domain name under a new LLC. Sure, it's $7 for the domain name and $20
for the LLC... but you can then sell the LLC to anyone without it being a domain name transfer.
There are other methods.
Conclusion:
ICANN is an abomination and they've done nothing to help the Internet. In every "decision"
they've mana
There's lots of stuff connected to the internet that isn't HTTP. The www nomenclature makes sense in that respect. And there's absolutely nothing stopping a system admin from also making domain.com point to a web server - in fact, doing so is pretty common these days.