Comments on: gmail down; p2p dns

By: Gurudatt

Gurudatt — Tue, 14 Oct 2008 09:06:50 +0000

I work with NetAlter which is developing such a system. It is called NetAlter Service Browser. We have also applied for a patent on our technology.

By: Lee Maguire

Lee Maguire — Thu, 14 Aug 2008 00:07:16 +0000

A good reason for not putting autonomous addresses in the DNS proper, is that the server operators immediately become available for the legal DoS technique seen used against the registrar (as opposed to the registrant) of wikileaks.org in February.

It’s no longer the case for the domain I’m thinking of, but there was an .org.uk domain that (for a while) had its registrar Tag set to null by Nominet. The website was served from the US and the DNS was served from the US. A particular UK litigant suggested legal approaches to the (UK based) Tag holder in complaint to the contents of the website – this despite the fact that the only technical control they had was to re-delegate the authoritative nameservers for the domain.

Just imagine being held responsible for the content available via TOR, or Freenet, etc.

By: Lee Maguire

Lee Maguire — Wed, 13 Aug 2008 23:10:43 +0000

By globally available, I mean theoretically globally unique and theoretically addressable, as apposed to use of, say, .local in bonjour/zeroconf configurations, or some internal use of RFC2606 reserved TLDs. And yes, it is a walled garden available to those using alternate resolver mechanisms. That’s the idea here.

The motivation for blessing a TLD like this would be to prevent autonomous namespaces from clashing with the DNS namespace; to prevent requests for multiple TLDs from hitting the DNS root servers; to provide a simple configuration point for redirecting alternate resolution without requiring servers get reconfigured every time a new TLD comes along; to provide a single point where software can chose to reject autonomous names.

The idea is that you would have resolvers that act as gateway systems to a non-DNS namespace and as such each resolver is authoritative (to DNS-land) for every result.

This can happen at a app plugin-level (a la new.net), at a system resolver library level, or at an external resolver level. Or external resolvers can chose to delegate the TLD to a service that will provide the gateway resolving.

(Does the existence of a .onion pseudo-TLD right now mean that .onion is unable to be registered as a proper DNS TLD? No, but engineers do usually make an effort to avoid actions with known problems if possible.)

By: Gavin Brown

Gavin Brown — Wed, 13 Aug 2008 17:35:13 +0000

Lee: it would not be possible to make subdomains of your special TLD “globally available” without using the existing DNS resolution chain. Without a delegation from the root zone or from the .taz zone, each resolver would need special configuration to know where to go to resolve a given subdomain. That contradicts the idea that the domain would be “globally available” – what you’re effectively doing is creating a walled garden that only those people who have configured their systems can access. In that case, why do you need a TLD? Just create your own clone of the old new.net system.

By: Danny O'Brien

Danny O'Brien — Tue, 12 Aug 2008 16:09:41 +0000

Yes, I agree that’s a more straightforward approach.

By: Lee Maguire

Lee Maguire — Tue, 12 Aug 2008 13:08:37 +0000

Much as I hate the flattening of the DNS namespace, I don’t think pushing everything down one level is really going to work. You might as well propose switching everything to X.208 OIDs.

What might be useful is if IANA registered a TLD (I’d pitch .taz) which had the property that all sub-domains are intended to be globally available but that delegation authority is not derived from the DNS resolution chain. At that point it should be slightly easier to hook in special rules into parts of your DNS resolution chain without querying pure DNS servers. (Similar, in theory to how BIND ships with self-delegation for various special-use in-addr.arpa domains.)