It's true that there were other protocols like TCP invented at around the same time. It's also true that TCP had flaws, some of which have been fixed, and some of which haven't.
To the extent that TCP violated "principles" those principles are debatable. TCP did make some design compromises - such as to use the same field for both an endpoint identifier and a locator - which seem shortsighted today but which also made TCP much eaiser to deploy at the time it was invented. In any engineering effort, it is rarely feasible to do everything "right". Compromise is nearly always necessary.
HTTP is another example of a protocol that is riddled with design flaws, but was close enough to "right" and easy enough to implement and deploy that it succeeded. Competing protocols did exist and they failed because they either weren't "right" enough or were too hard to deploy.
The reason you don't see IPv6 used these days has little to do with the design of TCP. You don't see IPv6 these days for two reasons: one is that there is a significant investment in IPv4, particularly for established services such as email and the web. These services work well enough on IPv4 (with or without NATs), and there's such a huge investment in IPv4 infrastructure for them, that they'll be the last services to migrate to IPv6. The other reason you don't see IPv6 used much these days is that the greatest markets for IPv6 are precisely in those areas where IPv4 is insufficient - because of a shortage of IPv4 address space, or because the need to use NATs has made the IPv4 network unable to efficiently support certain kinds of applications. IPv6 usage will at least initially be in different markets and for different applications than IPv4 usage - which means if you're looking for IPv6 to be used in the ways that IPv4 is used now, you won't see much of it for awhile. IPv6 is being used, but not in that way.
Now perhaps the flaw you were referring to is the lack of ID/locator separation and the implication is that IPv4 hosts cannot communicate with IPv6 hosts. I believe HIP will solve that problem. I also believe that by the time HIP does solve that problem, it will be largely a non-problem, as nearly everything will support IPv6 by then anyway. But HIP will be useful for other reasons.
Damn right; the people who do creative work have *no* right to the fruits of their labor. By god they *owe* it to the rest of us,/because/ we couldn't come up with the ideas on our own. Intellectual property, indeed. Hmph. Arrogant intellectual bastards.
Rarely does anyone come up with an idea or expression entirely on his own; everything is at least partially borrowed from somewhere else. Indeed it is the very recognition that such borrowing is essential to progress that justifies providing some kinds of incentive to those who create new works in exchange for the ability of others to embellish and extend those works. But this is very different from the notion of property that is applied to the tangible world. The notion of tangible property results from a natural need for some things to be used exclusively by one party, whereas the purpose of "intellectual property" should be to encourage creation of new works while still giving others the ability to benefit from and extend such works.
Intellectual property is an artificial creation, and one which in its current forms has done a great deal of harm to our society. Unlike tangible property which is a concept that has proven useful for millenia, the extension of the notion of property to intellectual works does not deserve the same degree of respect.
Violating copyright is not at all the same thing as theft - that's just a bit of propaganda repeated frequently by big media companies and their shills. For that matter, taking of such pictures might not even be an actionable violation of copyright. Fair use would allow photographs for certain limited purposes, and last time I looked there were limits to the amount of financial loss that is required before copyright is considered enforceable - presumably to eliminate nuisance suits against people who don't copy much of value.
Looking strictly at a single global namespace of all possible people, human-friendly globally unique identifiers cannot scale.
if they're not globally unique, they're ambiguous.
People who interact with me are not likely to be interested in the other people with "my" name.
It's happened to me, more than once. There used to be someone with the same name as me working for Microsoft. Due to blind trust in directories and address books, I used to get some mail intended for him, and he got some mail intended for me. There was another situation where someone at a different company had the same name as me, but because of the way their screwy email directory worked, any mail from anyone at that compnay to that person would get sent to me. The sender didn't even have an opportunity to double-check the address.
Yes, we can use additional information to disambiguate names, but if we want that additional information to also be human-friendly then it's going to need to be able to match against lots of different attributes (where you live, where you work, what you do, what organizations or communities you belong to, what you look like) and do some amount of fuzzy matching - and then you get into 'interesting' privacy issues.
not that people shouldn't try to work on it, but it's not a simple problem with an obvious solution.
yet another flat namespace that won't scale
on
i-Names Pick Up Steam
·
· Score: 5, Insightful
an unambiguous human-friendly name is an oxymoron.
The difference is that in case 3 the freedom fighters are Americans and in case 4 the terrorists (I assume) are foreigners. I don't think Bush supporters would do violence against their own country even if Bush lost, because (a) they wouldn't have popular support and (b) they wouldn't want to take the blame. Whereas if Bush imposed a police state I think there would be plenty of people willing to defend America by any means necessary.
Naturally, I hope neither of these scenarios happens. But they both seem plausible to me - #3 moreso than #4.
Bush wins, and progressives give up in disgust and frustration
Kerry wins, and progressives stop working for change
Bush wins (or is chosen) and in response to massive demonstrated opposition creates a police state, which in turn results in violent clashes between Bush's government and the resistance freedom fighters
Kerry wins, and pro-Bush factions attempt to aid terrorist efforts against the government to prove that Kerry is weak on terrorism
(yes, I really do believe that a sufficient number of people in this country are fanatical enough to do those things)
the point is this - no matter who wins (or appears to win, or is chosen), the country is still in a mess. our economy is a disaster with massive government deficits that drastically increase our effective tax rate (because so much of our taxes are spend on interest on the debt) and huge growing trade deficits. we're fighting an expensive, unwinnable war that has killed over a hundred thousand people so far, with no end in sight. by doing so we've turned most of the world against us, which will surely have repercussions in trade and other areas eventually. if we back out of this war the result could be a civil war in Iraq which might spread to other countries in the region.
during this election, a huge portion of our own citizens have demonstrated a startling inability to evaluate input and reason intelligently about it. we are a nation of addicts - to consumption of consumer goods, to petroleum, to carbohydrates, to meaningless stimulation of various kinds, to alcohol and drugs, to the idea that we're superior to other people. our mainstream press has become essentially useless at informing our choices as voters and citizens. our elected officials are almost universally corrupt - sacrificing our interests to those of wealthy benefactors, and our processes for electing them are highly vulnerable to manipulation through various means.
what, if anything, can we do about these problems?
Vendors are always issuing press releases that they're "submitting" or "resubmitting" something to IETF. As far as IETF is concerned, this means exactly nothing. Anybody can submit an internet-draft on any topic related to Internet protocols, and it has exactly the same effect as if Microsoft does so. Just because you submit a draft doesn't mean that anybody is going to look at it. In this case, there isn't even an open working group to consider the topic. So the significance of Microsoft resubmitting a SenderID draft to IETF is minimal at best.
the whole point of this system is to remedy sensory underload. when you've got good visibility, if the synthetic displays get in the way, you just turn them off.
But, this raises the point, IS it too late to do someting about it? I think not...But, to do nothing, is, I think, a cop out.
It's a judgement call. Sometimes even though the situation is bad, there is no course of action that will not make it worse. In those cases the only thing you can to do improve the situation is wait until a better opportunity appears. Insisting that something be done can be counterproductive.
I do think the alternate roots serve a valuable purpose. They demonstrate what will happen if ICANN fails. That in turn creates a strong incentive for ICANN to succeed -- for some meaning of "succeed", not necessarily one that satisfies everyone.
The fact that so little storage is needed means that cache misses will be rare.
nope. size and granularity are not the same thin g.
As you even mentioned yourself, the biggest cause of hammering root servers is when a client repeatedly asks for a TLD that doesn't exist at all.
yes, but that's a separate problem that requires a separate solution. it's not an license to further increase the load on the root servers.
There is no reason to equate reboots with cache flushes. There's this thing called a "hard disk"
It's an implementation issue. In practice, many cache servers do lose their memories when they are rebooted. The sheer number of cache servers means it's not easy to fix this problem.
and as I just explained, because the storage needs are so tiny, 10 megabytes of disk space will be more than enough for TLD needs.
maybe if the DNS protocol were designed differently, that would even be relevant.
I'll design a new kind of computer virus that infects Windows. Then I'll patent it. Then I'll license the technology to a single virus filter vendor. Sooner or later a virus will appear that violates the patent. When that happens I'll sue everyone whose computer gets infected with it, sue all of the virus filter vendors who didn't license the patent, and sue Microsoft for contributory infringement.
Why would 1,000 domains using 3 TLDs be easier to process than 1,000 domains with 1,000 TLDs?
TLD queries go to the root servers, which are few in number. Second-level queries go to whatever servers the NS records for the TLDs point to. 1000 TLDs means 1000 queries to a root server for every DNS cache that sees queries for those TLDs. Fewer TLDs means fewer queries to the root servers.
Cache servers don't keep track of all records in a zone, only the ones they've seen as the result of previous queries. So a cache won't keep track of all of the records in.COM, for example. Rather, the first time a cache sees a query for a domain ending in.COM, it forwards that query to the root. The root responds with an answer that says "the DNS server for.COM is at IP address x.x.x.x". The cache then forwards the query to that server, but it also remembers the mapping from.COM to x.x.x.x so it won't have to ask the root again. So for a TLD zone the cache only keeps track of mappings from TLDs to the IP addresses of the servers for those TLDs.
We're talking about different things now, and it's too much trouble to work out the differences. I'm certainly not defending ICANN, I just realize that it's very hard to replace it with something better - there's a good chance that either root anarchy or anything that is likely to replace ICANN in the current political climate would end up being much worse.
But we agree on one thing: "the grays screwed up". Though I'd say it slightly differently: We missed the opportunity to put the DNS root under sound management. Part of this happened when the InterNIC contract was awarded. Even then, it probably wasn't too late to fix things, but by the time Jon attempted to move the root there was far too much at stake.
Today there are only 6 TLDs that get substantial use (in the US): com net org edu gov mil. That's such a tiny number that keeping them cached is absolutely trivial. If there were 60 major TLDs instead of just 6, it would still require only 500 bytes to cache them all. And I've already used more than 500 bytes writing this message!
It's not the amount of storage that matters here, it's the number of hits on the root servers. Every time a cache server gets rebooted (i.e. has its cache flushed) it has to hit the root server for every new TLD that it sees until the next reboot (or cache flush). There are easily tens of thousands of cache servers out there. Note that DNS caching is essentially flat.
There are some problems with DNS scaling, but they have nothing to do with the number of TLDs.
Denial may be a fact of life, but it isn't pretty.
It's fairly easy to understand once you think about it. The point of my previous post was to give people an opportunity to think about it for themselves.
A local DNS server's cache is only effective if a significant portion of the queries handled by the server can be satisfied with information already present in it's cache. The more TLDs there are, the less likely it will be that the TLD in your query will be found in the local cache. Queries that aren't satisfied by a local cache have to be sent to a root server. With a few hundred million internet users, the overhead starts to add up...
Of course this hinges on how widely used a particular TLD is. An extremely popular TLD (like.COM) is likely to already be present in any given cache, while a TLD that isn't widely used (like many countries' TLDs) is not likely to be present. Bogus TLDs (like ".local") or unofficial TLDs are the worst of all - they hit a root server every time somebody tries to use one in a DNS query.
It's tempting to say "just add more root servers", but the more root servers there are, the harder it is to keep them consistent with one another. (for both technical and political reasons). Also due to DNS protocol limitations it has been difficult add more root server NS records to DNS, though this is being worked on.
Like most everything else in the Internet, DNS is exhibiting scaling limitations. Good engineering in the face of such limitations requires carefully chosen compromises that are well-informed by thorough understanding and accurate measurement - not off-the-cuff proposals from people who aren't even aware of the more obvious problems with DNS.
Sorry if this sounds unpleasant. Truth is that way sometimes.
people who don't understand the DNS have no business trying to make technical proposals for changing it. if for instance you don't understand how increasing the number of TLDs affects DNS cache locality, and how this affects root server bandwidth and availability, you don't have a leg to stand on.
We are all slaves to many things. But to some degree we get to choose our masters. We choose the "official" root servers because we believe that, no matter how corrupt they are, the masters of those servers actually value worldwide consistency and reliable operation, and we value those attributes in DNS. In general, consistency and minimization of disruption are among the primary reasons we choose government (in spite of its corruption) over anarchy.
That, and most of the alternative roots appear to be run by paranoid lunatics.
You're certainly right about Jon's legal liability. Of course that's one of the things that the DoC people kept pointing out to him in order to get him to go along. The USG wanted control and didn't mind being coercive to get it.
As for NSI, there's a difference between what NSI said in public and what they told their lobbyists to push for in private. Of course they weren't about to agree to a structure that would have allowed ICANN or whatever to take away their cash cow.
Well, the Internet is a tad larger now than it was when Jon Postel was doing the IANA job by himself. Jon had a rare talent for getting people who were disagreeing to understand it was in their mutual interests to work things out, but he mostly had the luxury of working with people who actually wanted the Internet to work well. Even if he were still living today and running IANA, I suspect he would have had to cede authority to some sort of oversight board that had international representation.
Realize that one of the reasons that we ended up with ICANN being so ineffective is that NSI/Verisign lobbied very hard to burden it with an unwieldy organizational structure. If you're NSI/VeriSign, the next best thing to having no oversight is to have your oversight so burdened that it can never be effective...
In other words, ICANN is on very shakey ground if it tries to claim that its power derives from the US Dept of Commerce.
In other words, the US government is on very shaky ground if it tries to claim that it has power over the international Internet. Note that the international community has at least tentatively been supportive of ICANN - because they realize that as bad as ICANN is, it's probably better than either having multiple roots (even assuming they all get along, which is unlikely) or having the US government try to run things directly (which could easily result in multiple roots).
Verisign's purported ownership of.COM and.NET is on even shakier ground than the USG's purported ownership of DNS.
Basically I don't think this will work because today the vast majority of spam is either (a) submitted from offshore where it's harder to trace who sent it (the senders may be subject to US law, but you have to find them in order to punish them) or (b) sent through a distributed network of relays deployed by viruses (and thus they are sent from innocent people's computers and the real source is very difficult to trace)
CAN-SPAM might have been a good idea when it was originally drafted (I give them the benefit of the doubt) but it's been overtaken by advances in spammer technology. meanwhile, can-spam has the potential to harm legitimate uses of email because (at least, as I understand the law) any business that sends out email could be liable for infringement if one of its employees happens to send out mail that is judged sexually explicit. My concern is that employers will either start monitoring outgoing email or that they'll impose filters on outgoing email in an attempt to block anything that might be sexually explicit. (and it doesn't have to be images - the rule makes it clear that mere words can be considered explicit).
FWIW, the comments I submitted to the FTC in response to their notice of proposed rulemaking on the "sexually explicit" content label and the "plain brown wrapper", and my reaction to the final rule, can be found at http://www.cs.utk.edu/~moore/opinions/can-spam.htm l
voters chose Gore. he won the popular vote. Gore would also have won the vote in Florida (and thus the presidency) had Jeb Bush not disqualified several tens of thousands of legal registered voters (the vast majority of them democrats) because their names happened to resemble those of convicted felons from other states.
it's certainly true that we can't expect the government to spend more money while collecting less taxes. but let's not pretend that the voters chose the government currently occupying the White House. because they didn't. (and let's not pretend either that the huge deficit that the Bush administration has built up is because of the tax cut. some rather expensive foreign adventures had something to do with it also)
(and yes, this is off topic. but it's correcting misinformation from another off topic post. if you mod this post down you should mod the one it's referring to down also.)
Slashdot Mirror
It's true that there were other protocols like TCP invented at around the same time. It's also true that TCP had flaws, some of which have been fixed, and some of which haven't.
To the extent that TCP violated "principles" those principles are debatable. TCP did make some design compromises - such as to use the same field for both an endpoint identifier and a locator - which seem shortsighted today but which also made TCP much eaiser to deploy at the time it was invented. In any engineering effort, it is rarely feasible to do everything "right". Compromise is nearly always necessary.
HTTP is another example of a protocol that is riddled with design flaws, but was close enough to "right" and easy enough to implement and deploy that it succeeded. Competing protocols did exist and they failed because they either weren't "right" enough or were too hard to deploy.
The reason you don't see IPv6 used these days has little to do with the design of TCP. You don't see IPv6 these days for two reasons: one is that there is a significant investment in IPv4, particularly for established services such as email and the web. These services work well enough on IPv4 (with or without NATs), and there's such a huge investment in IPv4 infrastructure for them, that they'll be the last services to migrate to IPv6. The other reason you don't see IPv6 used much these days is that the greatest markets for IPv6 are precisely in those areas where IPv4 is insufficient - because of a shortage of IPv4 address space, or because the need to use NATs has made the IPv4 network unable to efficiently support certain kinds of applications. IPv6 usage will at least initially be in different markets and for different applications than IPv4 usage - which means if you're looking for IPv6 to be used in the ways that IPv4 is used now, you won't see much of it for awhile. IPv6 is being used, but not in that way.
Now perhaps the flaw you were referring to is the lack of ID/locator separation and the implication is that IPv4 hosts cannot communicate with IPv6 hosts. I believe HIP will solve that problem. I also believe that by the time HIP does solve that problem, it will be largely a non-problem, as nearly everything will support IPv6 by then anyway. But HIP will be useful for other reasons.
Damn right; the people who do creative work have *no* right to the fruits of their labor. By god they *owe* it to the rest of us, /because/ we couldn't come up with the ideas on our own. Intellectual property, indeed. Hmph. Arrogant intellectual bastards.
Rarely does anyone come up with an idea or expression entirely on his own; everything is at least partially borrowed from somewhere else. Indeed it is the very recognition that such borrowing is essential to progress that justifies providing some kinds of incentive to those who create new works in exchange for the ability of others to embellish and extend those works. But this is very different from the notion of property that is applied to the tangible world. The notion of tangible property results from a natural need for some things to be used exclusively by one party, whereas the purpose of "intellectual property" should be to encourage creation of new works while still giving others the ability to benefit from and extend such works.
Intellectual property is an artificial creation, and one which in its current forms has done a great deal of harm to our society. Unlike tangible property which is a concept that has proven useful for millenia, the extension of the notion of property to intellectual works does not deserve the same degree of respect.
Violating copyright is not at all the same thing as theft - that's just a bit of propaganda repeated frequently by big media companies and their shills. For that matter, taking of such pictures might not even be an actionable violation of copyright. Fair use would allow photographs for certain limited purposes, and last time I looked there were limits to the amount of financial loss that is required before copyright is considered enforceable - presumably to eliminate nuisance suits against people who don't copy much of value.
Looking strictly at a single global namespace of all possible people, human-friendly globally unique identifiers cannot scale.
if they're not globally unique, they're ambiguous.
People who interact with me are not likely to be interested in the other people with "my" name.
It's happened to me, more than once. There used to be someone with the same name as me working for Microsoft. Due to blind trust in directories and address books, I used to get some mail intended for him, and he got some mail intended for me. There was another situation where someone at a different company had the same name as me, but because of the way their screwy email directory worked, any mail from anyone at that compnay to that person would get sent to me. The sender didn't even have an opportunity to double-check the address.
Yes, we can use additional information to disambiguate names, but if we want that additional information to also be human-friendly then it's going to need to be able to match against lots of different attributes (where you live, where you work, what you do, what organizations or communities you belong to, what you look like) and do some amount of fuzzy matching - and then you get into 'interesting' privacy issues.
not that people shouldn't try to work on it, but it's not a simple problem with an obvious solution.
an unambiguous human-friendly name is an oxymoron.
Saw an IMP at Carnegie-Mellon University on December 8, 1980 - the same day John Lennon was shot. (sigh)
The difference is that in case 3 the freedom fighters are Americans and in case 4 the terrorists (I assume) are foreigners.
I don't think Bush supporters would do violence against their own country even if Bush lost, because (a) they wouldn't have popular support and (b) they wouldn't want to take the blame. Whereas if Bush imposed a police state I think there would be plenty of people willing to defend America by any means necessary.
Naturally, I hope neither of these scenarios happens. But they both seem plausible to me - #3 moreso than #4.
(yes, I really do believe that a sufficient number of people in this country are fanatical enough to do those things)
the point is this - no matter who wins (or appears to win, or is chosen), the country is still in a mess. our economy is a disaster with massive government deficits that drastically increase our effective tax rate (because so much of our taxes are spend on interest on the debt) and huge growing trade deficits. we're fighting an expensive, unwinnable war that has killed over a hundred thousand people so far, with no end in sight. by doing so we've turned most of the world against us, which will surely have repercussions in trade and other areas eventually. if we back out of this war the result could be a civil war in Iraq which might spread to other countries in the region.
during this election, a huge portion of our own citizens have demonstrated a startling inability to evaluate input and reason intelligently about it. we are a nation of addicts - to consumption of consumer goods, to petroleum, to carbohydrates, to meaningless stimulation of various kinds, to alcohol and drugs, to the idea that we're superior to other people. our mainstream press has become essentially useless at informing our choices as voters and citizens. our elected officials are almost universally corrupt - sacrificing our interests to those of wealthy benefactors, and our processes for electing them are highly vulnerable to manipulation through various means.
what, if anything, can we do about these problems?
Vendors are always issuing press releases that they're "submitting" or "resubmitting" something to IETF. As far as IETF is concerned, this means exactly nothing. Anybody can submit an internet-draft on any topic related to Internet protocols, and it has exactly the same effect as if Microsoft does so. Just because you submit a draft doesn't mean that anybody is going to look at it. In this case, there isn't even an open working group to consider the topic. So the significance of Microsoft resubmitting a SenderID draft to IETF is minimal at best.
the whole point of this system is to remedy sensory underload. when you've got good visibility, if the synthetic displays get in the way, you just turn them off.
But, this raises the point, IS it too late to do someting about it? I think not...But, to do nothing, is, I think, a cop out.
It's a judgement call. Sometimes even though the situation is bad, there is no course of action that will not make it worse. In those cases the only thing you can to do improve the situation is wait until a better opportunity appears. Insisting that something be done can be counterproductive.
I do think the alternate roots serve a valuable purpose. They demonstrate what will happen if ICANN fails. That in turn creates a strong incentive for ICANN to succeed -- for some meaning of "succeed", not necessarily one that satisfies everyone.
The fact that so little storage is needed means that cache misses will be rare.
nope. size and granularity are not the same thin g.
As you even mentioned yourself, the biggest cause of hammering root servers is when a client repeatedly asks for a TLD that doesn't exist at all.
yes, but that's a separate problem that requires a separate solution. it's not an license to further increase the load on the root servers.
There is no reason to equate reboots with cache flushes. There's this thing called a "hard disk"
It's an implementation issue. In practice, many cache servers do lose their memories when they are rebooted. The sheer number of cache servers means it's not easy to fix this problem.
and as I just explained, because the storage needs are so tiny, 10 megabytes of disk space will be more than enough for TLD needs.
maybe if the DNS protocol were designed differently, that would even be relevant.
I'll design a new kind of computer virus that infects Windows.
Then I'll patent it.
Then I'll license the technology to a single virus filter vendor.
Sooner or later a virus will appear that violates the patent.
When that happens I'll sue everyone whose computer gets infected with it, sue all of the virus filter vendors who didn't license the patent, and sue Microsoft for contributory infringement.
Why would 1,000 domains using 3 TLDs be easier to process than 1,000 domains with 1,000 TLDs?
.COM, for example. Rather, the first time a cache sees a query for a domain ending in .COM, it forwards that query to the root. The root responds with an answer that says "the DNS server for .COM is at IP address x.x.x.x". The cache then forwards the query to that server, but it also remembers the mapping from .COM to x.x.x.x so it won't have to ask the root again. So for a TLD zone the cache only keeps track of mappings from TLDs to the IP addresses of the servers for those TLDs.
TLD queries go to the root servers, which are few in number. Second-level queries go to whatever servers the NS records for the TLDs point to. 1000 TLDs means 1000 queries to a root server for every DNS cache that sees queries for those TLDs. Fewer TLDs means fewer queries to the root servers.
Cache servers don't keep track of all records in a zone, only the ones they've seen as the result of previous queries. So a cache won't keep track of all of the records in
(this is of course slightly simplified)
We're talking about different things now, and it's too much trouble to work out the differences. I'm certainly not defending ICANN, I just realize that it's very hard to replace it with something better - there's a good chance that either root anarchy or anything that is likely to replace ICANN in the current political climate would end up being much worse.
But we agree on one thing: "the grays screwed up". Though I'd say it slightly differently: We missed the opportunity to put the DNS root under sound management. Part of this happened when the InterNIC contract was awarded. Even then, it probably wasn't too late to fix things, but by the time Jon attempted to move the root there was far too much at stake.
Today there are only 6 TLDs that get substantial use (in the US): com net org edu gov mil. That's such a tiny number that keeping them cached is absolutely trivial. If there were 60 major TLDs instead of just 6, it would still require only 500 bytes to cache them all. And I've already used more than 500 bytes writing this message!
It's not the amount of storage that matters here, it's the number of hits on the root servers. Every time a cache server gets rebooted (i.e. has its cache flushed) it has to hit the root server for every new TLD that it sees until the next reboot (or cache flush). There are easily tens of thousands of cache servers out there. Note that DNS caching is essentially flat.
There are some problems with DNS scaling, but they have nothing to do with the number of TLDs.
Denial may be a fact of life, but it isn't pretty.
You're slipping Keith, Randy Bush usualy refers to me as a "dangerous psychopath", Paul Vixie refers to me as a "misguided lunatic"
By "paranoid lunatics" I wasn't referring to anyone in particular. But if the shoe fits...
It's fairly easy to understand once you think about it. The point of my previous post was to give people an opportunity to think about it for themselves.
.COM) is likely to already be present in any given cache, while a TLD that isn't widely used (like many countries' TLDs) is not likely to be present. Bogus TLDs (like ".local") or unofficial TLDs are the worst of all - they hit a root server every time somebody tries to use one in a DNS query.
A local DNS server's cache is only effective if a significant portion of the queries handled by the server can be satisfied with information already present in it's cache. The more TLDs there are, the less likely it will be that the TLD in your query will be found in the local cache. Queries that aren't satisfied by a local cache have to be sent to a root server. With a few hundred million internet users, the overhead starts to add up...
Of course this hinges on how widely used a particular TLD is. An extremely popular TLD (like
It's tempting to say "just add more root servers", but the more root servers there are, the harder it is to keep them consistent with one another. (for both technical and political reasons). Also due to DNS protocol limitations it has been difficult add more root server NS records to DNS, though this is being worked on.
Like most everything else in the Internet, DNS is exhibiting scaling limitations. Good engineering in the face of such limitations requires carefully chosen compromises that are well-informed by thorough understanding and accurate measurement - not off-the-cuff proposals from people who aren't even aware of the more obvious problems with DNS.
Sorry if this sounds unpleasant. Truth is that way sometimes.
people who don't understand the DNS have no business trying to make technical proposals for changing it. if for instance you don't understand how increasing the number of TLDs affects DNS cache locality, and how this affects root server bandwidth and availability, you don't have a leg to stand on.
We are all slaves to many things. But to some degree we get to choose our masters. We choose the "official" root servers because we believe that, no matter how corrupt they are, the masters of those servers actually value worldwide consistency and reliable operation, and we value those attributes in DNS. In general, consistency and minimization of disruption are among the primary reasons we choose government (in spite of its corruption) over anarchy.
That, and most of the alternative roots appear to be run by paranoid lunatics.
You're certainly right about Jon's legal liability. Of course that's one of the things that the DoC people kept pointing out to him in order to get him to go along. The USG wanted control and didn't mind being coercive to get it.
As for NSI, there's a difference between what NSI said in public and what they told their lobbyists to push for in private. Of course they weren't about to agree to a structure that would have allowed ICANN or whatever to take away their cash cow.
Well, the Internet is a tad larger now than it was when Jon Postel was doing the IANA job by himself. Jon had a rare talent for getting people who were disagreeing to understand it was in their mutual interests to work things out, but he mostly had the luxury of working with people who actually wanted the Internet to work well. Even if he were still living today and running IANA, I suspect he would have had to cede authority to some sort of oversight board that had international representation.
Realize that one of the reasons that we ended up with ICANN being so ineffective is that NSI/Verisign lobbied very hard to burden it with an unwieldy organizational structure. If you're NSI/VeriSign, the next best thing to having no oversight is to have your oversight so burdened that it can never be effective...
In other words, ICANN is on very shakey ground if it tries to claim that its power derives from the US Dept of Commerce.
.COM and .NET is on even shakier ground than the USG's purported ownership of DNS.
In other words, the US government is on very shaky ground if it tries to claim that it has power over the international Internet. Note that the international community has at least tentatively been supportive of ICANN - because they realize that as bad as ICANN is, it's probably better than either having multiple roots (even assuming they all get along, which is unlikely) or having the US government try to run things directly (which could easily result in multiple roots).
Verisign's purported ownership of
Basically I don't think this will work because today the vast majority of spam is either (a) submitted from offshore where it's harder to trace who sent it (the senders may be subject to US law, but you have to find them in order to punish them) or (b) sent through a distributed network of relays deployed by viruses (and thus they are sent from innocent people's computers and the real source is very difficult to trace)
m l
CAN-SPAM might have been a good idea when it was originally drafted (I give them the benefit of the doubt) but it's been overtaken by advances in spammer technology. meanwhile, can-spam has the potential to harm legitimate uses of email because (at least, as I understand the law) any business that sends out email could be liable for infringement if one of its employees happens to send out mail that is judged sexually explicit.
My concern is that employers will either start monitoring outgoing email or that they'll impose filters on outgoing email in an attempt to block anything that might be sexually explicit. (and it doesn't have to be images - the rule makes it clear that mere words can be considered explicit).
FWIW, the comments I submitted to the FTC in response to their notice of proposed rulemaking on the "sexually explicit" content label and the "plain brown wrapper", and my reaction to the final rule, can be found at http://www.cs.utk.edu/~moore/opinions/can-spam.ht
voters chose Gore. he won the popular vote. Gore would also have won the vote in Florida (and thus the presidency) had Jeb Bush not disqualified several tens of thousands of legal registered voters (the vast majority of them democrats) because their names happened to resemble those of convicted felons from other states.
it's certainly true that we can't expect the government to spend more money while collecting less taxes. but let's not pretend that the voters chose the government currently occupying the White House. because they didn't. (and let's not pretend either that the huge deficit that the Bush administration has built up is because of the tax cut. some rather expensive foreign adventures had something to do with it also)
(and yes, this is off topic. but it's correcting misinformation from another off topic post. if you mod this post down you should mod the one it's referring to down also.)