Adding insult to injury... The new board members (the ones, such as myself, who were actually elected) will not be seated until the conclusion of the November/annual board meeting.
This is a change from ICANN's prior practice of seeting new board members at the start of the annual meeting.
As a result of this change, we elected board members will end up sitting out this upcoming board meeting in LA unable to participate, unable to vote, unable to do anything.
I suspect that these kinds of "quality guaranteed" TLDs are going to find themselves in a pretty messy situation pretty quickly.
As you say, what constitutes "children's content" varies not only from community to community but family to family. I personally would consider things like Pokemon cartoons to be mind-numbing pablum that isn't worthy of consumption by humans and hence unfit for.kids. Other people will, of course, find Pokemon to be the greatest thing for children since Wonder Bread(tm).
The implied impramateaur that the content is fit for children is likely to raise the ire of those who don't agree. What scares me, as a future director of ICANN, is whether that implied impramateaur will become an ICANN issue rather than one that lands squarely and properly in laps of those who decided to undertake (and presumably profit from) the.kids venture.
And I do wonder about those folks who go to.kids expecting to find stuff about immature goats.;-)
I've been using the ORSC root system for at least a year and as a consequence my machines can resolve names in IOD's.web. In fact I have cavebear.web registered. (Of course, you'll only be able to use that in a URL if you are also using a root that uses the ORSC root and aren't going through some ISP's not-very-transparent web cache that unnecessarily re-resolves DNS names.)
There were some initial technical problems at the IOD end getting the zone file updates to work smoothly, but everything seems fine now.
And I've never had any failures on the part of the ORSC root.
Yeah, I have Cisco stock - and Sun stock - and (please forgive me) Microsoft stock.
And yes, there will probably be some subliminal impact.
But I've tried to distance myself from Cisco and I think I'm being sucessful at that.
But as you say, you really have to trust me on this one. I'm going to try to be fairly open in my communications - my mistakes will be pretty public too - so that if I go astray folks can try to set me straight sooner rather than later.
Wow, this is great - I'm re-meeting a bunch of folks I haven't seen or heard from in years!
You are very right - it is absolutely critical for us to be active, to vote, to present lucid commentaries, and to otherwise rattle our representatives - at least within the the limits of law and etiquette.
The reason it is relevant to TLDs is that the trademark people are fighting new TLDs because they consider their names to be somehow sacrosanct and universal. To the extent that DNS names are becoming more flexible and subject to differing interpretations based on the geographic context in which they are uttered and the identity of the person uttering them (there are some ugly ghosts of Doubleclick and Aristotle here) - to that extent the trademark universalists need to modify their views.
I think what he's talking about is hacking the domain-name system so that, instead of pointing to that one machine is Finland, directs to a locally-administered mirror of that one machine in Finland. Hence the reference to Akamai (which performs essentially this function, IIRC).
Yes, I'm suggesting that DNS is a hook that folks can tie into to capture queries and either send the queries to a local DNS server (DNS traffic makes up a fair amount of the background traffic on the net) or that the responses are "adjusted" to point a user (I'm assuming web user here) to a topologically local server.
As for the person who mentioned that he misses local news - well, the problem is in the algorithm that decides what content to give him based on his locality - in particular not giving him an override - and not in the fact tht DNS is used to try to localize net traffic.
Overall, there's lots of alligators in the content management swamp - the IETF is thrashing around a bit with all the issues. But overall, the efficiencies gained turn into real money savings for ISPs - so they won't be ignorring this. And the retrieval speedup is potentially very noticable - to both users and things like Keynote.
First, it is possible to have multiple, competing root systems. I've been playing this this myself for a couple of years - For a while I ran my own servers as root servers and then later on I started using the ORSC roots - and I'm still using the ORSC root. So far I haven't had a single outage.
Yes, there are problems that can occur - in theory. In particular, there could be problems when NS and CNAME records are written by a person who assumes one root and are interpreted on a machine that uses another root. And there are problems with web caches that are stupid and re-interpret the URL, re-running the host name through DNS rather than snarfing the IP address from the TCP connection.
Personally I think that the DNS will soon have many well-established root systems - if only to remove the single point of failure (and point of attack) that the ICANN root represents. (Don't forget how NSI lost.com out of the ICANN root for several hours last month.) And the pressures of content management and internationalized domain names are also pushing folks to establish their own roots.
As for replacing DNS - Let's not go that way. Rather, let's use DNS as a stable name layer between IP addresses and any number of name or directory services. That way we can avoid those services thrashing their databases whenever an IP address is reallocated and, at the same time, we can eventually get DNS names out of the sight of users and marketeers so they won't fight over the ones that have some sort of pretty semantic.
Don't feel too sorry - I brought this onto myself.;-)
But yes, it is going to be very much an uphill effort to get ICANN to change. But I'm not willing to let ICANN go its merry way without at least trying to change it.
Sure I'll get outvoted a lot. But then again, a director has many powers beyond the mere vote - at least I'll be in a position to find out what is really behind the secrecy that seems to envelop ICANN.
But more to your point - It is critically important that the user community keep up the pressure on ICANN to change. Just because the "election" is over is no reason to forget that ICANN exists.
Re:No one seems opposed to TLD expansion
on
ICANN Elections
·
· Score: 1
(I'm using one posting to respond to you and to Steve Magruder.)
I'm curious - what legal issues do you perceive with regard to OpenNIC? I personally don't see any issues unless one tries to pass a competing root off as being the ICANN legacy root (or vice versa.;-) So, I'd really appreciate hearing more. (I'd probably ask to join your list but as you might guess, I'm up to my ears in e-mail right now - just as you probably are - with regard to the so called "member-endorsements".)
Anyway, as for the volume of TLDs - I personally don't care whether in practice there remain the current 250 TLDs or we add 2 million more - rather I just don't see that I'm the person to impose my decision. I'd rather throw the door open and let those who want to be a TLD have a chance to succeed or fail on their own. Thus to answer Steve Magruder's concerns - I'm happy to let economic forces have free reign to fight it out and come up with anywhere from a few (or zero) to a lot of new TLDs. I'd rather let Adam Smith's invisible hand do the regulating rather then ICANN's fist.
(From a technical point of view I am concerned that we don't flatten DNS so much that it loses the benefits of a well formed hierarchy - if the DNS became essentially a flat lookup with everything in the root we'd have a pretty horrible technical problem - but from my tests [both actual and mental] that problem doesn't happen until we are up into the several million TLD range. I got my 10,000 new TLD/year number by looking for picking a number that wouldn't result in one million TLDs until a hundred years had gone by. [I figure we might have good directories by then.])
With regard to chartered TLDs - I'm not against 'em if the charter and its enforcement is done by the operator of the TLD. I hardly think that we want ICANN to become even bigger and meaner by giving it the power to be a policeman over TLD charters. I figure that those who operate TLD's can enforce their own rules. I *do* have some uncertainty over the question of the degree to which TLD operators can change their rules/charters on their existing customers. (Perhaps I'm responding to how NSI has yanked around those of us who are trapped in.com.) And I do wonder what happens deep in the subdomains.
By-the-way, I like much of what I saw in OpenNIC - it took me a moment to realize that the way you are setting up the zone files turns many of our local servers into root servers that act as secondaries to your tier 2 servers. That seems sensible and I'm curious whether you have had any difficulty or tuning issues caused by record or zone time-to-live values?
Your usenet-like way of having "the community" chose which TLDs should come to pass is intriguing. I do remember when one of my favorite newsgroups (I'm a railroad fanatic, especially when steam is involved) was involved in a big fight over whether it ought to be broken into several groups or not. So I have some wounds that occassionally suggest to me that sometimes there ought to be room for the lone wolf to go out and give something a try even though "the community" (or as it was called when I was in school - "the establishment") isn't steadfast behind the idea.
Good luck in the this election! I wish ICANN's "nomination" committee hadn't pre-filled the ballot with so many of their own names - thus leaving those of us who are having this real election only a few leftover slots.
--karl--
Re:No one seems opposed to TLD expansion
on
ICANN Elections
·
· Score: 1
I'm curious what kind of huge mess you foresee?
Except for your comment, the opposition to an increase in the number of top level domains comes mainly from trademark folks who don't want to have to take the time and trouble to police their marks in multiple TLD name spaces. They clearly have a point. But I don't find it a sufficiently strong point to justify the draconian impositions that are being placed on the ability of those of us who don't have trademarks to create and use names.
As a technical matter, the DNS system can handle it - a million TLD root zone is really no different in terms of traffic flows or server burdens than a multi-million entry.com zone.
My personal hope is that in the longer term all this warring over DNS names will tend to diminish as real directory services come along. But that's merely a hope and perhaps not a very realistic one.
In addition to new TLD's I also believe in multiple, competing DNS root systems - like the OpenNIC. My own machines use the ORSC/Superroot root. See my comments on multiple roots at
http://www.cavebear.com/cavebear/growl/index.htm#m ultiple_roots
So far the only difficulty that I've encountered has been with a machine that was on a net where the ISP not-so-transparently proxied web queries and the not-very-transparent proxy was re-resolving the DNS names in the HTTP queries rather than using the destination IP address from the TCP connection it was intercepting.
With regard to the number of top-level-domains (TLDs) - you are assuming that they are limited to only threee characters. In reality, according to the DNS RFCs, a TLD (and any "label") in DNS can be up to 63 characters long. With the DNS character set currently being [a-z0-9/-] (case is folded and there are limitations on where the hyphen may appear) we have something between 36**63 and 37**63 possible TLD names.
And with the development of internationalized DNS, and hence an extended character set, the number of possiblities becomes even larger.
Peter Deutsch ran an experiment last year - he took a then recent.com zone file - containing several million names - and ran it through a sed script to create a root zone file in which the TLDs were all those names that are presently in.com. In other words, what is cavebear.com became the TLD "cavebear", and sun.com became the TLD "sun"..
Peter loaded this massive root zone file into BIND on a RH6.1 box and - after adding more memory to the box - spent a while playing with a root server that was serving up several million TLDs.
This is an existance proof that not only can DNS servers in serve up root zones with several million TLDs, but that they can do it in practice.
One might say that this was a contrived test. Sure - he didn't put it into production.
But if one examines how DNS works, one can see that a zone is a zone is a zone and that the database access methods that are used for the massive.com zone are also used for all other zones including the root zone. And we have a production proof that the access to.com, with its several million entries works - and it works day in and day out. By logical induction we can conclude that a root zone with millions of entries will perform equally well.
Thanks Tripp! (By-the-way you forgot to mention that I helped build the original Internet toasters - yes, real toasters that toasted real bread - way back in 1988.;-)
As for ICANN - I'm pretty much in ICANN's "loyal opposition" camp - although I suspect that several ICANN folks would drop the "loyal" part.
I'm not an anarchist - I think that in many regards we are going to end up with an Internet that is more regulated than some of us might want. But from what I've seen so far, the tendency is for an entity like ICANN to swing very far in favor of organized commercial interests and very far against individuals and small groups. I don't like that.
Another thing that bothers me about ICANN is that those who are making the decisions don't really know how things work. I doubt that many ICANN board members really understand how DNS works or why aggregation of IP address allocations is complicated.
I'm basically a techie who happens to have this peverse notion that policy and law are interesting. I would hope that I've had enough contact with actual networking and computers to avoid doing the equivalent of defining pi as 3.
Tripp - by the way, you missed the early Interop show nets where we arrived at midnight with spools of thicknet and several dozen routers and we had to have a running show net by 8am running IP, OSI, DECnet, and IPX. Now, that was seriously harrowing.
Anyway, back to ICANN - its so-called At-Large membership is really not particular powerful.
It doesn't even have the power to directly select board seats - rather it selects a council that, in turn selects a minority of all of ICANN's board seats.
This structure was established specifically to eliminate the powers that "members" are granted by California law - powers that were established to protect members and to place some minimal constraints over the board of directors.
There have been a couple of articles about this structural dismemberment of ICANN's "At-Large" membership. My own note is at: http://www.cavebear.com/cavebear/growl/issue_3.htm
What you are buying is a contractual right to have your domain name entered into a "zone file" for some TLD, "Top Level Domain", such as.com or.nu. As a contractual right you can do all the normal things one does with contractual rights - delegate them, use them as security, etc, subject to the limits in the registration contract.
Be forwarned: Virtually every registrar has in its registration contract a provision that allows them to take your domain name away from you pretty much at their whim.
As for DNS itself - there is a belief that there can only be a single DNS hierarchy. That is not the case. I have not used the ICANN root system for several years and am using several additional TLDs, such as.web. See my note on this at http://www.cavebear.com/cavebear/growl/issue_2.htm #multiple_roots
DNS is a hierarchially (sp) organized lookup system - it is used to map structured names into records of various types, IP address records being but one of those types. So please don't fall into the trap of equating domain names with WWW presence - DNS is used for many other thins from e-mail to voice-over-IP telephony to geographic lat/long coordinates to public key information.
Administration of DNS is organized along the lines of the hierarchy so the impact of updates is localized; there's no worldwide update protocol (although there is an update protocol between primary and secondary servers established by each administration in the hierarchy.)
As for your technical questions, you might want to check out the O'Reilly and Associates book on DNS (it may be more than you want to know.)
I also wrote up something a couple of years ago, before ICANNN, that might be helpful: http://www.cavebear.com/nsf-dns/background.htm
Slashdot Mirror
Adding insult to injury ... The new board members (the ones, such as myself, who were actually elected) will not be seated until the conclusion of the November/annual board meeting.
This is a change from ICANN's prior practice of seeting new board members at the start of the annual meeting.
As a result of this change, we elected board members will end up sitting out this upcoming board meeting in LA unable to participate, unable to vote, unable to do anything.
I suspect that these kinds of "quality guaranteed" TLDs are going to find themselves in a pretty messy situation pretty quickly.
As you say, what constitutes "children's content" varies not only from community to community but family to family. I personally would consider things like Pokemon cartoons to be mind-numbing pablum that isn't worthy of consumption by humans and hence unfit for .kids. Other people will, of course, find Pokemon to be the greatest thing for children since Wonder Bread(tm).
The implied impramateaur that the content is fit for children is likely to raise the ire of those who don't agree. What scares me, as a future director of ICANN, is whether that implied impramateaur will become an ICANN issue rather than one that lands squarely and properly in laps of those who decided to undertake (and presumably profit from) the .kids venture.
And I do wonder about those folks who go to .kids expecting to find stuff about immature goats. ;-)
I've been using the ORSC root system for at least a year and as a consequence my machines can resolve names in IOD's .web. In fact I have cavebear.web registered. (Of course, you'll only be able to use that in a URL if you are also using a root that uses the ORSC root and aren't going through some ISP's not-very-transparent web cache that unnecessarily re-resolves DNS names.)
There were some initial technical problems at the IOD end getting the zone file updates to work smoothly, but everything seems fine now.
And I've never had any failures on the part of the ORSC root.
Yeah, I have Cisco stock - and Sun stock - and (please forgive me) Microsoft stock.
And yes, there will probably be some subliminal impact.
But I've tried to distance myself from Cisco and I think I'm being sucessful at that. But as you say, you really have to trust me on this one. I'm going to try to be fairly open in my communications - my mistakes will be pretty public too - so that if I go astray folks can try to set me straight sooner rather than later.
Wow, this is great - I'm re-meeting a bunch of folks I haven't seen or heard from in years!
You are very right - it is absolutely critical for us to be active, to vote, to present lucid commentaries, and to otherwise rattle our representatives - at least within the the limits of law and etiquette.
The reason it is relevant to TLDs is that the trademark people are fighting new TLDs because they consider their names to be somehow sacrosanct and universal. To the extent that DNS names are becoming more flexible and subject to differing interpretations based on the geographic context in which they are uttered and the identity of the person uttering them (there are some ugly ghosts of Doubleclick and Aristotle here) - to that extent the trademark universalists need to modify their views.
I think what he's talking about is hacking the domain-name system so that, instead of pointing to that one machine is Finland, directs to a locally-administered mirror of that one machine in Finland. Hence the reference to Akamai (which performs essentially this function, IIRC).
Yes, I'm suggesting that DNS is a hook that folks can tie into to capture queries and either send the queries to a local DNS server (DNS traffic makes up a fair amount of the background traffic on the net) or that the responses are "adjusted" to point a user (I'm assuming web user here) to a topologically local server.
As for the person who mentioned that he misses local news - well, the problem is in the algorithm that decides what content to give him based on his locality - in particular not giving him an override - and not in the fact tht DNS is used to try to localize net traffic.
Overall, there's lots of alligators in the content management swamp - the IETF is thrashing around a bit with all the issues. But overall, the efficiencies gained turn into real money savings for ISPs - so they won't be ignorring this. And the retrieval speedup is potentially very noticable - to both users and things like Keynote.
Well there's two ways to answer your question:
First, it is possible to have multiple, competing root systems. I've been playing this this myself for a couple of years - For a while I ran my own servers as root servers and then later on I started using the ORSC roots - and I'm still using the ORSC root. So far I haven't had a single outage.
Yes, there are problems that can occur - in theory. In particular, there could be problems when NS and CNAME records are written by a person who assumes one root and are interpreted on a machine that uses another root. And there are problems with web caches that are stupid and re-interpret the URL, re-running the host name through DNS rather than snarfing the IP address from the TCP connection.
Personally I think that the DNS will soon have many well-established root systems - if only to remove the single point of failure (and point of attack) that the ICANN root represents. (Don't forget how NSI lost .com out of the ICANN root for several hours last month.) And the pressures of content management and internationalized domain names are also pushing folks to establish their own roots.
As for replacing DNS - Let's not go that way. Rather, let's use DNS as a stable name layer between IP addresses and any number of name or directory services. That way we can avoid those services thrashing their databases whenever an IP address is reallocated and, at the same time, we can eventually get DNS names out of the sight of users and marketeers so they won't fight over the ones that have some sort of pretty semantic.
Don't feel too sorry - I brought this onto myself. ;-)
But yes, it is going to be very much an uphill effort to get ICANN to change. But I'm not willing to let ICANN go its merry way without at least trying to change it.
Sure I'll get outvoted a lot. But then again, a director has many powers beyond the mere vote - at least I'll be in a position to find out what is really behind the secrecy that seems to envelop ICANN.
But more to your point - It is critically important that the user community keep up the pressure on ICANN to change. Just because the "election" is over is no reason to forget that ICANN exists.
(I'm using one posting to respond to you and to Steve Magruder.)
I'm curious - what legal issues do you perceive with regard to OpenNIC? I personally don't see any issues unless one tries to pass a competing root off as being the ICANN legacy root (or vice versa. ;-) So, I'd really appreciate hearing more. (I'd probably ask to join your list but as you might guess, I'm up to my ears in e-mail right now - just as you probably are - with regard to the so called "member-endorsements".)
Anyway, as for the volume of TLDs - I personally don't care whether in practice there remain the current 250 TLDs or we add 2 million more - rather I just don't see that I'm the person to impose my decision. I'd rather throw the door open and let those who want to be a TLD have a chance to succeed or fail on their own. Thus to answer Steve Magruder's concerns - I'm happy to let economic forces have free reign to fight it out and come up with anywhere from a few (or zero) to a lot of new TLDs. I'd rather let Adam Smith's invisible hand do the regulating rather then ICANN's fist.
(From a technical point of view I am concerned that we don't flatten DNS so much that it loses the benefits of a well formed hierarchy - if the DNS became essentially a flat lookup with everything in the root we'd have a pretty horrible technical problem - but from my tests [both actual and mental] that problem doesn't happen until we are up into the several million TLD range. I got my 10,000 new TLD/year number by looking for picking a number that wouldn't result in one million TLDs until a hundred years had gone by. [I figure we might have good directories by then.])
With regard to chartered TLDs - I'm not against 'em if the charter and its enforcement is done by the operator of the TLD. I hardly think that we want ICANN to become even bigger and meaner by giving it the power to be a policeman over TLD charters. I figure that those who operate TLD's can enforce their own rules. I *do* have some uncertainty over the question of the degree to which TLD operators can change their rules/charters on their existing customers. (Perhaps I'm responding to how NSI has yanked around those of us who are trapped in .com.) And I do wonder what happens deep in the subdomains.
By-the-way, I like much of what I saw in OpenNIC - it took me a moment to realize that the way you are setting up the zone files turns many of our local servers into root servers that act as secondaries to your tier 2 servers. That seems sensible and I'm curious whether you have had any difficulty or tuning issues caused by record or zone time-to-live values?
Your usenet-like way of having "the community" chose which TLDs should come to pass is intriguing. I do remember when one of my favorite newsgroups (I'm a railroad fanatic, especially when steam is involved) was involved in a big fight over whether it ought to be broken into several groups or not. So I have some wounds that occassionally suggest to me that sometimes there ought to be room for the lone wolf to go out and give something a try even though "the community" (or as it was called when I was in school - "the establishment") isn't steadfast behind the idea.
Good luck in the this election! I wish ICANN's "nomination" committee hadn't pre-filled the ballot with so many of their own names - thus leaving those of us who are having this real election only a few leftover slots.
--karl--
I'm curious what kind of huge mess you foresee?
Except for your comment, the opposition to an increase in the number of top level domains comes mainly from trademark folks who don't want to have to take the time and trouble to police their marks in multiple TLD name spaces. They clearly have a point. But I don't find it a sufficiently strong point to justify the draconian impositions that are being placed on the ability of those of us who don't have trademarks to create and use names.
As you may know, I'm a strong advocate of a massive - and I mean on the order of 10,000/year - new TLDs. See http://www.cavebear.com/ial c/platform.htm#dnspol-tldpol
As a technical matter, the DNS system can handle it - a million TLD root zone is really no different in terms of traffic flows or server burdens than a multi-million entry .com zone.
My personal hope is that in the longer term all this warring over DNS names will tend to diminish as real directory services come along. But that's merely a hope and perhaps not a very realistic one.
In addition to new TLD's I also believe in multiple, competing DNS root systems - like the OpenNIC. My own machines use the ORSC/Superroot root. See my comments on multiple roots at http://www.cavebear.com/cavebear/growl/index.htm#m ultiple_roots
So far the only difficulty that I've encountered has been with a machine that was on a net where the ISP not-so-transparently proxied web queries and the not-very-transparent proxy was re-resolving the DNS names in the HTTP queries rather than using the destination IP address from the TCP connection it was intercepting.
--karl--
With regard to the number of top-level-domains (TLDs) - you are assuming that they are limited to only threee characters. In reality, according to the DNS RFCs, a TLD (and any "label") in DNS can be up to 63 characters long. With the DNS character set currently being [a-z0-9/-] (case is folded and there are limitations on where the hyphen may appear) we have something between 36**63 and 37**63 possible TLD names.
And with the development of internationalized DNS, and hence an extended character set, the number of possiblities becomes even larger.
Peter Deutsch ran an experiment last year - he took a then recent .com zone file - containing several million names - and ran it through a sed script to create a root zone file in which the TLDs were all those names that are presently in .com. In other words, what is cavebear.com became the TLD "cavebear", and sun.com became the TLD "sun"..
Peter loaded this massive root zone file into BIND on a RH6.1 box and - after adding more memory to the box - spent a while playing with a root server that was serving up several million TLDs.
This is an existance proof that not only can DNS servers in serve up root zones with several million TLDs, but that they can do it in practice.
One might say that this was a contrived test. Sure - he didn't put it into production.
But if one examines how DNS works, one can see that a zone is a zone is a zone and that the database access methods that are used for the massive .com zone are also used for all other zones including the root zone. And we have a production proof that the access to .com, with its several million entries works - and it works day in and day out. By logical induction we can conclude that a root zone with millions of entries will perform equally well.
--karl--
Thanks Tripp! (By-the-way you forgot to mention that I helped build the original Internet toasters - yes, real toasters that toasted real bread - way back in 1988. ;-)
If anybody wants to take a look at my campaign materials, they are up on my server at http://www.cavebear.com/ialc/
(I suspect that many /.-ers might be more interested in my catalog of bogus network products:
http://www.cavebear.com/cavebear/catalog.html )
As for ICANN - I'm pretty much in ICANN's "loyal opposition" camp - although I suspect that several ICANN folks would drop the "loyal" part.
I'm not an anarchist - I think that in many regards we are going to end up with an Internet that is more regulated than some of us might want. But from what I've seen so far, the tendency is for an entity like ICANN to swing very far in favor of organized commercial interests and very far against individuals and small groups. I don't like that.
Another thing that bothers me about ICANN is that those who are making the decisions don't really know how things work. I doubt that many ICANN board members really understand how DNS works or why aggregation of IP address allocations is complicated.
I'm basically a techie who happens to have this peverse notion that policy and law are interesting. I would hope that I've had enough contact with actual networking and computers to avoid doing the equivalent of defining pi as 3.
Tripp - by the way, you missed the early Interop show nets where we arrived at midnight with spools of thicknet and several dozen routers and we had to have a running show net by 8am running IP, OSI, DECnet, and IPX. Now, that was seriously harrowing.
--karl--
Sorry for the blank posting (I hit the wrong key)
Anyway, back to ICANN - its so-called At-Large membership is really not particular powerful.
It doesn't even have the power to directly select board seats - rather it selects a council that, in turn selects a minority of all of ICANN's board seats.
This structure was established specifically to eliminate the powers that "members" are granted by California law - powers that were established to protect members and to place some minimal constraints over the board of directors.
There have been a couple of articles about this structural dismemberment of ICANN's "At-Large" membership. My own note is at: http://www.cavebear.com/cavebear/growl/issue_3.htm
--karl--
What you are buying is a contractual right to have your domain name entered into a "zone file" for some TLD, "Top Level Domain", such as .com or .nu. As a contractual right you can do all the normal things one does with contractual rights - delegate them, use them as security, etc, subject to the limits in the registration contract.
Be forwarned: Virtually every registrar has in its registration contract a provision that allows them to take your domain name away from you pretty much at their whim.
As for DNS itself - there is a belief that there can only be a single DNS hierarchy. That is not the case. I have not used the ICANN root system for several years and am using several additional TLDs, such as .web. See my note on this at http://www.cavebear.com/cavebear/growl/issue_2.htm #multiple_roots
DNS is a hierarchially (sp) organized lookup system - it is used to map structured names into records of various types, IP address records being but one of those types. So please don't fall into the trap of equating domain names with WWW presence - DNS is used for many other thins from e-mail to voice-over-IP telephony to geographic lat/long coordinates to public key information.
Administration of DNS is organized along the lines of the hierarchy so the impact of updates is localized; there's no worldwide update protocol (although there is an update protocol between primary and secondary servers established by each administration in the hierarchy.)
As for your technical questions, you might want to check out the O'Reilly and Associates book on DNS (it may be more than you want to know.)
I also wrote up something a couple of years ago, before ICANNN, that might be helpful: http://www.cavebear.com/nsf-dns/background.htm
--karl--