Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

When the Internet Nearly Fractured

Soulskill posted more than 3 years ago | from the you-broke-it-you-bought-it dept.

The Internet 119

An anonymous reader writes "The Atlantic has a fascinating, if lengthy, story about a man named Eugene Kashpureff who 'ignited a battle over the future of the global network' by launching a rogue DNS registry in the late '90s. Here's an excerpt: 'He opted to go a step beyond simply registering sites on alternative top-level domains, and hijacked traffic intended for InterNIC.net. He pointed the domain to his own site, where he lodged a note of protest over how the domain name space was being controlled, and then offered visitors the option of continuing on to Network Solution's site. This was, you'll recall, at about the same moment that the federal government was attempting to make the case to the business community, to the world, that this Internet thing was no digital Wild West.'"

Sorry! There are no comments related to the filter you selected.

So then, (0)

unity100 (970058) | more than 3 years ago | (#35314402)

Eugene Kashpureff was a man who not only saw future threats to the freedom of internet in 1990s, but also someone who had the guts to do something about it ?

we need more Kashpureffs on this planet. many, many more.

Re:So then, (1)

Anonymous Coward | more than 3 years ago | (#35314466)

Such a brave, heroic man, to drive his business by committing cache poisoning intercepts.

Re:So then, (4, Insightful)

Jordan (jman) (212384) | more than 3 years ago | (#35314536)

From the article: "Splintering DNS forks the Internet so that Internet users might never know where to go to get domains, or what they might get. If they connected to some DNS directories, they might enter Coke.com and get Pepsi. Chaos could ensue. All for what Vixie sees as not a noble question to uphold the free spirit of the Internet but instead a self-serving marketing stunt intended to promote Kashpureff's own business. Some things, writes Vixie, should just work, and DNS is one of them."

I'm with Vixie on this one. You shouldn't jack with one of the fundamentals of the internet.

Re:So then, (1)

Anonymous Coward | more than 3 years ago | (#35314620)

http://en.wikipedia.org/wiki/Alternative_DNS_root

Alternate DNS roots exist today.

Re:So then, (2, Interesting)

mcrbids (148650) | more than 3 years ago | (#35314632)

I'm with Vixie on this one. You shouldn't jack with one of the fundamentals of the internet.

One of the fundamentals of the Internet is its distributed, peer-based nature. Merely a method of exchanging packets. Surely, having a centralized authoritarian DNS system falls afoul of this basic premise?

Re:So then, (0)

Anonymous Coward | more than 3 years ago | (#35314764)

First off, I dispute the contention that that is one of the fundamental premises of the internet. But even if it is, some centralized authority is necessary, and DNS and IP addresses are areas where that is absolutely the case. Without reliable, consistent DNS and IP routing, the internet is just a huge pile of copper and fiber, and all those fundamental ideals aren't worth shit. You can't exchange ideas if you can't establish a fucking connection.

Re:So then, (4, Insightful)

idontgno (624372) | more than 3 years ago | (#35314834)

Aaah, kids.

DNS was a convenience tacked onto the robust, distributed, multi-path peer-based nature of IP. If we were willing to fall back to hand-wrangling 4,000-line HOSTS files like I used to back in 1983, I'm sure we could all be the rugged individualists.

DNS is a trade-off: network-wide consistency for autonomy. With DNS, you have to ask somebody how to get to http://slashdot.org/ [slashdot.org] . That somebody should be someone you trust. But for now, there's only one "someone". If there were multiple "someone"s, the net would fragment, and that's inconvenient. So there'd be a meta-somebody who can bring all the fragmented parts together, like a super-DNS that points to all the individual DNS roots. But that just recreates the "authoritarian DNS system" problem, one level higher.

The broader Internet became less about "distributed, peer-based", robust communication and more about convenient and seamless communication at just about the dawn of Eternal September [wikipedia.org] , and we network old-timers have never forgiven you AOL'ers for ruining our network.

Re:So then, (1)

bjourne (1034822) | more than 3 years ago | (#35315094)

DNS is a trade-off: network-wide consistency for autonomy. With DNS, you have to ask somebody how to get to http://slashdot.org/ [slashdot.org] [slashdot.org]. That somebody should be someone you trust. But for now, there's only one "someone". If there were multiple "someone"s, the net would fragment, and that's inconvenient. So there'd be a meta-somebody who can bring all the fragmented parts together, like a super-DNS that points to all the individual DNS roots. But that just recreates the "authoritarian DNS system" problem, one level higher.

It is not either or. Theoretically you could resolve addresses by asking a number of different independent name servers and go with the majority opinion. Similar to how ntp works. It would make name resolving a much more complicated process, but is is a logical solution if (or rather when) governments starts interfering with the root dns server.

Re:So then, (1)

chrisgeleven (514645) | more than 3 years ago | (#35316540)

That would slow down DNS queries significantly having to run multiple checks against nameservers. That would be a great way to slow down the Internet.

4,000-line HOSTS Mine is 19,046 long. (0)

Anonymous Coward | more than 3 years ago | (#35315290)

>>> 4,000-line HOSTS files like I used to back in 1983,

Size Matters

Mine is 19,046 long.

Re: 4,000-line HOSTS Mine is 19,046 long. (1)

idontgno (624372) | more than 3 years ago | (#35315402)

I suspect it's 19,045 lines of random advertising domains pointed at 127.0.0.1, plus your own hostname pointing to 127.0.0.1 also. But yes, it's much longer. Much much longer. You win the HOSTS epeen contest, as long as "functional" isn't a criterion.

Re: 4,000-line HOSTS Mine is 19,046 long. (2)

icebike (68054) | more than 3 years ago | (#35315626)

>>> 4,000-line HOSTS files like I used to back in 1983,

Size Matters

Mine is 19,046 long.

Right, and any reasonably useful hosts file would several orders of magnitude larger and take several seconds to parse on the fastest of machines.

The assumption that we could do without DNS is ludicrous in this day and age. That the GP would suggest this on the same site that has been singing the praises of IPV6 after the exhaustion of IPV4 is totally asinine.

Yes there can be (and there are) alternative DNS roots, you could choose to use. But the suggestion we revert to hosts files for anything but the tiny specialized networks is useful as suggesting we all direct dial the New York Times to have the news read to us each morning.

Re: 4,000-line HOSTS Mine is 19,046 long. (1)

HomelessInLaJolla (1026842) | more than 3 years ago | (#35316622)

Right, and any reasonably useful hosts file would several orders of magnitude larger and take several seconds to parse on the fastest of machines.

Has anyone else considered that to be the problem with ldd--the dynamically linked library index system?

Re: 4,000-line HOSTS Mine is 19,046 long. (1)

Alrescha (50745) | more than 3 years ago | (#35317296)

"Right, and any reasonably useful hosts file would several orders of magnitude larger and take several seconds to parse on the fastest of machines."

I dunno, once you remove the spam, the seo sites, the scraper farms, and the virus hosts, I bet there's only a few hundred sites that anyone would actually *want* to go to...

A.

Re: 4,000-line HOSTS Mine is 19,046 long. (1)

jonbryce (703250) | more than 3 years ago | (#35317390)

There is however almost certainly a lot more than 100 email domains that people want to send emails to. The internet is more than just the www.

Re: 4,000-line HOSTS Mine is 19,046 long. (0)

Anonymous Coward | more than 3 years ago | (#35317604)

Right, and any reasonably useful hosts file would several orders of magnitude larger and take several seconds to parse on the fastest of machines.

I'm not saying we don't need DNS, but the above is totally irrelevant. Who cares if it takes a few seconds to read it the first time you turn on your computer or restart some service? People routinely use large databases and nobody cares if an initial indexing takes a while, especially if "a while" is "several seconds."

You're talking about something that the cheapest Atom can do and the cheapest hard disk store, and do quite a bit faster than any DNS query over a WAN.

The problem with hosts files is maintaining it. DNS is a way to get other people to do the job for you. My computer can handle doing something that is, say, a hundred million lines long, but I sure can't handle keeping that data up-to-date. For that, I would probably want to automate it, by say, having it use some standard protocol to ask other machines what the latest scoop is. Let's call that protocol DNS.

Re: 4,000-line HOSTS Mine is 19,046 long. (0)

Anonymous Coward | more than 3 years ago | (#35316346)

commodore64_love is that you?

Re:So then, (1)

Kwelstr (114389) | more than 3 years ago | (#35315310)

"and we network old-timers have never forgiven you AOL'ers for ruining our network." Amen!

Re:So then, (1)

rs79 (71822) | more than 3 years ago | (#35317022)

"and we network old-timers have never forgiven you AOL'ers for ruining our network."
Amen!

Feh. I still haven't forgiven the tcp/ip assholes from wrecking the nice uucp administration and routes we'd got. It just worked (really) and nobody had to pay $x/yr to so-and-so to make it work. We made it work please and thank you very much.

Also, " If there were multiple "someone"s, the net would fragment, and that's inconvenient." - Ah! Fear, uncertainty and doubt.

This is actually factually incorrect, in the day there were a dozen root server networks, not just the legacy US government one. Alternic was just the first. Point is though, if they're out of sync they're completely useless so saying "if could fragment" is like saying "that server could go down". Uh, yeah, that's a bad thing and needs to be fixed before it's usable.

And in fact the only time the net ever had a collision in TLD-space was when ICANN gave .biz to somebody else, despite it being run 6 years continually and promoted actively by somebody else giving us the irony that the organization charged with keeping the dns "stable" has been the only destabilizing force in the history of dns. You can make up all the reasons why the current .biz poeple should have it, but traditionally when you deploy something on the net it pretty much stays there, it's unusual to some have somebody come along and go "yeah, real nice all this you built here. we're giving it to somebody else" and any excuse the current owners have is imo just bullshit rationalization.

But then this is an industry based on theft, keep in mind Sun was started by the commission of a federal crime when a bunch of gear was pilfered from stanford, and there's always the "gosh what happened to the core servers" in the pre-icann days. So I'm not surprised, but it all does make me throw up in my mouth a little bit.

Disclaimer: i'm the blond in the pic in TFA.

Re:So then, (1)

toejam13 (958243) | more than 3 years ago | (#35316112)

One problem that a lot of people have is that "one somebody" is the same for the world. You don't have a root.hints file broken down per country TLD. And even then, somebody has to maintain the root.hints file.

The other major problem is with the use of the .com, .edu, .net and .org TLDs. The United States never transitioned away from those domains in favor of its own .us TLD. As a result, the majority of organizations in the United States continue to use them. It wouldn't really be an issue except that organizations from around the world like to use them, too. So, are they de-facto extensions of the .us TLD, or are they extensions of a .world TLD?

So, if a root.hints file was created with a hint for each TLD, who would control the big four? An entity of (or delegated by) the US government, or an international entity such as the ITU? If it was the latter, how many US companies would rush to move their primary domains under a .us TLD?

Re:So then, (1)

socsoc (1116769) | more than 3 years ago | (#35317312)

It's become so muddled, does it even matter? As a yank I've seen a few recent commercials advertising .co (GoDaddy is one, did it in the SuperBowl) and .tv has always been popular too. Many (American) people don't understand and I had to explain .co wasn't a typo. In addition to your points about global companies, with all these attempts at being clever on country tlds, it's very blurred.

Re:So then, (1)

TaoPhoenix (980487) | more than 3 years ago | (#35316310)

"So there'd be a meta-somebody who can bring all the fragmented parts together, like a super-DNS that points to all the individual DNS roots. But that just recreates the "authoritarian DNS system" problem, one level higher."

It's just Turtles all the way up.

Re:So then, (1)

rs79 (71822) | more than 3 years ago | (#35317046)

no, in an n-way mesh each node can verify against each other. in the degenerate case where they're all wrong, you'll know pretty fast, trust me. btdt. works fine.

Re:So then, (1)

blackdropbear (554444) | more than 3 years ago | (#35316694)

and we network old-timers have never forgiven you AOL'ers for ruining our network.

Oh how I wish we could go back to the days where AOL'ers were subject to being banned for being to dumb to connect rather than thinking it is their right to have the internet.

Re:So then, (1)

KhabaLox (1906148) | more than 3 years ago | (#35317062)

Ahh... the dawn of Eternal September, when I lost my virginity, matriculated into college and used Mosaic for the first time. Life was certainly never the same afterwards.

Re:So then, (1)

VGPowerlord (621254) | more than 3 years ago | (#35315454)

One of the fundamentals of the Internet is its distributed, peer-based nature. Merely a method of exchanging packets. Surely, having a centralized authoritarian DNS system falls afoul of this basic premise?

No offense, but you're wrong.

The Internet is a collection of smaller networks with addressing assigned from a central authority to prevent address conflicts.

Note, that was referring to IP address assignments, but DNS is a natural extension of that.

Re:So then, (1)

rs79 (71822) | more than 3 years ago | (#35317110)

"No offense, but you're wrong.

The Internet is a collection of smaller networks with addressing assigned from a central authority to prevent address conflicts.

Note, that was referring to IP address assignments, but DNS is a natural extension of that."

Sure, lets bet the network and billions of dollars on this idea. What could possibly go wrong? Oh, what's that you say, an Iranian cleric doesn't like the domain name you picked? sorry, bzzzzzt. or what's that? A fijian company has a trademark on something and a company in san jose can't use that domain name even though it's free because of prior ip rights? bzzzzzzzt, you lose gain.

used to be, kids, before "they" were in charge, you'd publish the name and begin using it. look at uucp maps, or usenet newsgroup names or any of the other legacy network lists of names. there's nothing special about dns that needs a (purportedly) "open and transparent" organization using a "multi stakeholder model" (that the fcc recently flat out said just doesn't work and won't use it) to administer names of nodes on the work.

ending on a joke: what wold happen to the network if a nuke took out ICANN and all it's staffers?

nothing. seriously.

Re:So then, (1)

GaryOlson (737642) | more than 3 years ago | (#35315648)

Yes, an authoritative central DNS is counter to the basic premise of the Internet. But, if a centralized naming source does not exist, in order to defend Trademarks, companies would need to spend more money finding all DNS names on all DNS registries to prove in court they were defending their trademark. Far cheaper to use political contributions and power to ensure only a single controllable Domain Name Service exists.

Thus we see the effect of the increasing implementation of business needs over community needs on the Internet.

Re:So then, (0)

Anonymous Coward | more than 3 years ago | (#35314634)

True. However, what if the very people we have entrusted with this responsibility jack around with it? It has happened a few times. Currently it is happening in the legal realm thru domain seizures using ICE. It will fragment anyway if things like what china and the US are doing keep up.

Is there a better design maybe?

Re:So then, (1)

blair1q (305137) | more than 3 years ago | (#35314700)

You should be allowed to do it as long as you don't step on anyone else's TLDs.

The only problem it causes then is that DNS gets less efficient as servers below the TLDs now have to process a lot more information to find out where to send a request for "www.domain.h4xxx0rr3a1m" and the like.

But there's no way that's less efficient overall than the ridiculous bureaucratic and petty-political process needed to get a new tld erected.

And it would, indeed, free the network from the clutches of ICANN, where it should never have been placed following the death of IANA.

Re:So then, (3, Funny)

Anonymous Coward | more than 3 years ago | (#35315122)

Isn't jacking off one of the fundamentals of the internet?

Re:So then, (0)

Anonymous Coward | more than 3 years ago | (#35316102)

No, but it's one of the fundamentals that got it recognized by business as economically viable. Damn!

Re:So then, (1)

snspdaarf (1314399) | more than 3 years ago | (#35317206)

Yes, with Cheetos in one hand and Mountain Dew in the oth.. wait....

Re:So then, (2)

icebike (68054) | more than 3 years ago | (#35315486)

From the article: "Splintering DNS forks the Internet so that Internet users might never know where to go to get domains, or what they might get. If they connected to some DNS directories, they might enter Coke.com and get Pepsi. Chaos could ensue. All for what Vixie sees as not a noble question to uphold the free spirit of the Internet but instead a self-serving marketing stunt intended to promote Kashpureff's own business. Some things, writes Vixie, should just work, and DNS is one of them."

I'm with Vixie on this one. You shouldn't jack with one of the fundamentals of the internet.

What you should or shouldn't do is all fine and dandy. Gentlemen do not read other Gentlemen's mail, and all that.

The fact that it could be done and was done so easily is something only a fool would ignore and hand waive away.
Self serving stunt? Was there any clear and viable intent to profit? No. He knew the powers that be would have
to act. His was an act of digital civil disobedience, which resulted (after far too long) in measures to prevent
the hijacking.

Re:So then, (1)

gad_zuki! (70830) | more than 3 years ago | (#35314710)

Yeah we need more loud-mouth self serving businessmen doing asshole tactics to just make a buck. Oh, you thought he was trying to start a charity? How cute.

Summarizing the Internet communities' reaction (1)

RevWaldo (1186281) | more than 3 years ago | (#35314842)

"When all this is over, we want this guy to get a medal. Then we want him locked up."

.

Re:So then, (1)

Anonymous Coward | more than 3 years ago | (#35315154)

No, we don't. He's not a good or nice person. Quite the opposite, in fact.
I had the dubious honor of learning DNS from him many moons ago. He's an opportunist who doesn't care who he runs over in the pursuit of his own agenda.

Re:So then, (0)

Anonymous Coward | more than 3 years ago | (#35317386)

Thank you, very much.

I continue my work to make more Kashpureffs on this planet.

I have another son that's been born since then, making five.

I try to raise them all to be Kashpureff.

At your service,

Eugene Kashpureff

THERE'S A CRACK !! THERE'S A CRACK IN THE WORLD !! (0)

Anonymous Coward | more than 3 years ago | (#35314406)

Teh Google is to blame !!

Wat (0)

Anonymous Coward | more than 3 years ago | (#35314414)

I totally know this guy. He used to teach classes for the company I work for. Weird.

Re:Wat (1)

blair1q (305137) | more than 3 years ago | (#35314746)

And he totally knew you!

You would sit at the back, never raised your hand, and refused to sign the attendance sheet.

no digital Wild West (0)

Anonymous Coward | more than 3 years ago | (#35314436)

The internet poses two possibilities:
1. It is a haven of freedom and anarchy.
2. It is a tool for social control.

It is amazing that, for example, police are furious that people can encrypt their internet communication. Shouldn't police have a super-key to let them track down criminals? But it never occurs to them to ask for a super-key to let them spy on everyone's secret in-person conversations. Oh wait... yeah, they want that too.

The forces of institutionalized government tend to inherently become the forces for totalitarianism (unless there is some kind of complete direct democracy). So we are at a crucial juncture in history right now.

Do we let the internet become the ultimate tool for our suppression, or the ultimate tool for our liberation?

Re:no digital Wild West (2)

snookerhog (1835110) | more than 3 years ago | (#35314578)

the crucial juncture in history is always the juncture of the past and the future, because it is the only place where we can ever change history. personally, I think you missed option 3. All of the above. Right now both 1 and 2 are true and they will continue to battle for the foreseeable future.

Re:no digital Wild West (1)

blair1q (305137) | more than 3 years ago | (#35314768)

There's really no such thing as freedom or anarchy, but control is real and needs to be dealt with harshly when it becomes onerous.

Re:no digital Wild West (4, Funny)

rufty_tufty (888596) | more than 3 years ago | (#35314978)

If it were the ultimate tool for "freedom and anarchy" would that be a good thing for society?
Imagine if you couldn't trust the data on wikipedia
Or if your bank account access could be spoofed
Or your emails could be read by anyone
Or even a reputable site by a known firm with a reputation to protect would use online tools to deceive
What if lone individuals could topple governments and cause international diplomatic incidents?

How much worse a place would the world be then? I think you'd have serious problems in that scenario. No I think that for any one faction in this to win would be to the detriment of us all.

Re:no digital Wild West (1)

Mister Whirly (964219) | more than 3 years ago | (#35315412)

Strangely enough, things like communicating, banking, finding information, sending messages to others, etc. all used to happen before the internet, and if necessary, could continue happening without the internet.

Re:no digital Wild West (1)

fmobus (831767) | more than 3 years ago | (#35315880)

> If it were the ultimate tool for "freedom and anarchy" would that be a good thing for society?

In my opinion: fuck yeah.

> Imagine if you couldn't trust the data on wikipedia

Do you trust it right now? Would you use it for mission-critical tasks?

The very premise of wikipedia is write-openness. Everyone using it should have that in mind and exercise common sense when reading informations there. If anything, it should remind us that every piece of written information published in our society may have bias or may be factually wrong. Even the most respected houses of publishing have their agendas. In my opinion, Wikipedia is upfront about its "vulnerability" and, therefore, people read it more critically than traditional media.

> Or if your bank account access could be spoofed
> Or your emails could be read by anyone

These cases are solved by digital encryption, specifically, one that is not plagued with backdoors. In the "social control" version of the Internet, we'd either be denied the right to encrypt, or the encryption mechanisms would have backdoors mandated by the governments. It follows that in the "anarchy and freedom" version of the Internet, where there is non-backdoor encryption, spoofings and eavesdropping would not occur.

It is important to note that, right now, we are closer to social control extreme on this subject, seeing as our encryption models rely on authorities supposed honest (the certificate authorities). A sufficiently powerful government could influence CAs on collaborating in spoofings and eavesdropping activities. We cannot observe this signing process - right now, we simply assume CAs are to be trusted, because we feel that governments haven't sunk so low in the social control measure. Should social control show its ugly face in the future, the only way we could achieve real secrecy and authenticity of communications would be having the sender and the receiver directly exchange public keys - preferably in person. By any metric, this is impractical, and could seriously hamper commercial usage of the network.

> Or even a reputable site by a known firm with a reputation to protect would use online tools to deceive

Yes, that indeed is a problem on the "anarchy and freedom" version of Internet. But how, exactly, does the "social control" version address this problem?

> What if lone individuals could topple governments and cause international diplomatic incidents?

So, we should suppress any speech that rats out illegal or inhuman actions to avoid embarassing governments? If a lone individual is aware and has evidence a government is doing something wrong, it is his duty to expose it. It does not matter if there are multiple nations involved. A perfect example of this would be e
extraordinary renditions, waterboarding, Abu Grahib and yes, the cablegate. The more government critters are afraid of being exposed, the better they will behave, and the more the people have control over their leaders.

--
Human societies were built upon the trust of individuals between each other. Problem is, the larger a group of people gets, the less we appreciate the externalities that our actions inflict upon others. We trust governments, far away as they are from our daily reality, to care for problems we are not specialized enough nor able to care. This trust depends on there being good checks and balances; social control of Internet is a weapon too powerful to be satisfactorily checked.

Re:no digital Wild West (1)

Literaphile (927079) | more than 3 years ago | (#35316114)

I think you missed the joke.

Re:no digital Wild West (1)

fmobus (831767) | more than 3 years ago | (#35316186)

Well, I've seen so many otherwise knowledgeable people endorse government control over the internet that is kinda hard to notice jokes on this subject.

Re:no digital Wild West (0)

Anonymous Coward | more than 3 years ago | (#35316062)

You're my hero for that one... ;)

DNS not inherent (5, Informative)

slimjim8094 (941042) | more than 3 years ago | (#35314794)

I must admit that I haven't RTFA. But the summary quotation seems to imply that DNS is somehow part of the Internet.

Just to clarify, it's not. The internet sure would be hard to use without the DNS, absolutely. But it's not unthinkable - we'd just be stuck with IP addresses for everything, and there could be no virtual hosting (multiple domains per IP, disambiguated by the Host: field).

But the DNS is really more of a universal agreement. Everybody agrees on who the roots are, and that's that. But there's no technical reason that the roots have to be who they are - hence the altroots described.

But he didn't "fracture" the Internet. That's a stupid statement. The Internet doesn't concern itself with domain names, just routing IPs - the DNS is built on top of that and maps back down to IPs. Were he successful, he would've fractured the DNS. Pain in the ass? Sure. Coke.com could go to Pepsi's site, but http://216.64.210.28/ [216.64.210.28] would still get me to the Coca-Cola website.

The difference matters, because fracturing the Internet is technical (routing), while fracturing the DNS is more of an administrative-bureaucratic-sociopolitical type of thing. Peering disputes can of course be about non-technical things like money, but it breaks at a technical level.

Re:DNS not inherent (3, Interesting)

idontgno (624372) | more than 3 years ago | (#35315046)

+1 Right on the Money

I commented upthread, so my marvelous modpoints go unused here. Alas.

If you want to talk about fracturing teh intarwebs, these scenarios [networkworld.com] , and this incident [bgpmon.net] , and this routing-based DDOS [newscientist.com] , are the ones to discuss. Not multiple DNS roots.

Re:DNS not inherent (5, Funny)

zill (1690130) | more than 3 years ago | (#35315450)

You know you have a coke addiction when you've memorized coke.com's IP address in case of DNS failures.

Funny mods deserved, but... (1)

KingAlanI (1270538) | more than 3 years ago | (#35317888)

The funny mods seem deserved, but this seems like the little detail you'd look up specifically for purposes of giving it as an example.

Re:DNS not inherent (0)

Anonymous Coward | more than 3 years ago | (#35315624)

But the DNS is really more of a universal agreement. Everybody agrees on who the roots are, and that's that. But there's no technical reason that the roots have to be who they are - hence the altroots described.

But the Internet is really more of a universal agreement. Everybody agrees on who the routes are, and that's that. But there's no technical reason that the routes have to be who they are - hence the altroutes described.

Re:DNS not inherent (1)

slimjim8094 (941042) | more than 3 years ago | (#35316242)

The analogy would be the ability to run an arbitrary number of "Internets" over the same copper and fiber, just as you can run multiple DNS over an IP network. But that would require cooperation from everybody involved, whereas I can tell my laptop to be a root and convince people to point to it without any third-party involvement.

So they're not comparable.

Re:DNS not inherent (0)

Anonymous Coward | more than 3 years ago | (#35316080)

Now you are mixing up DNS and HTTP! Just because the hosts are defined per machine (in a hosts file) doesn't mean they won't pass along a Host header!

Re:DNS not inherent (1)

slimjim8094 (941042) | more than 3 years ago | (#35316204)

Well, the Host: HTTP header came long after the DNS. You can define per-machine, sure, and it'll probably work - but that's not the point. The point is that it's automatic. If I already know that these several names map to one IP, everybody might as well just use a subdirectory. It was for sake of argument, I didn't mix them up.

Re:DNS not inherent (1)

russ1337 (938915) | more than 3 years ago | (#35316642)

I think search (i.e google) would adapt. Everyone would just bookmark 66.102.7.99 (or whatevs) and use that... let google do the rest.

Re:DNS not inherent (1)

Pharmboy (216950) | more than 3 years ago | (#35317406)

Actually, you make a very good point. One point though, for all intent and purposes, people bookmark the title of a page, not the domain name, so their bookmarks would be just as usable as they are now, including the ability to change the name of the bookmark. In that scenario, Yahoo and others might have had a stranglehold on search before Google was even started, and Microsoft *might* have gotten serious earlier in the game. Or not at all in time. We would be looking at a completely different scene in search, although there is no telling what it would have looked like. Too many variables.

Another point that just struck my mind is the fact that there would be no domain squatting. Spam would be likely be somewhat more difficult to do (for lots of not obvious reasons), and commercialization might have been a bit slower due to the "less usable" nature of the internet. The hosting business would look and be configured differently, but would be just as viable. No real limit to how many IPs you can run to one box via aliasing, after all. Prices would be a little higher as each host requires one IP address or more.

One other point: We would have run out of IPV4 space a long time ago, and been forced to move to IPV6, likely in the 2000-2003 range. Maybe earlier. This would have been easier because technically the internet was smaller at the time, if you consider the actual number of hosts facing outwards would have equaled the number of IP4 addresses, instead of being much higher as it is now.

In many ways, the internet might have been a better place, ironically.

Re:DNS not inherent (1)

russ1337 (938915) | more than 3 years ago | (#35318774)

Building on that,...... search could actually resolve (in a DNS way) IVP6 when segments of the network dont support it. Think of google being the 'portal' that IPV4 users use to access the IPV6 internet.....

Re:DNS not inherent (1)

blincoln (592401) | more than 3 years ago | (#35316832)

I think you're forgetting things like browser hostname headers and so forth. Knowing the IP of the server a website is hosted on it *not* even close to a guarantee that you'll be able to get to that website. This is especially true with CDNs like Akamai.

Re:DNS not inherent (0)

Anonymous Coward | more than 3 years ago | (#35316918)

Yes but on the other hand, the OP is incorrect - virtual hosting is absolutely possible without DNS, precisely because it is done by the browser hostname header and not necessarily by DNS resolution (think /etc/hosts for a simple example)

Re:DNS not inherent (1)

Mr. McGibby (41471) | more than 3 years ago | (#35317028)

"But the summary quotation seems to imply that DNS is somehow part of the Internet."

You are of course, missing the entire point. Just because you've defined the "Internet" as the global IP network doesn't mean that that is anything but a purely *technical* definition. No one else uses that technical definition. For most of us, DNS *is* an essential part of how the Internet works. A non-standard DNS system if widely successful (unlike existing alt DNSs) would be a serious problem in terms of people using the internet on a daily basis. If it happened years ago, we might be looking at a significantly different global network today. One that might very well be fractured.

When it comes the success of the Internet as a global network, DNS is much more than simple phone book. Yes, maybe that's what it is technically, but IP addresses are not phone numbers since no normal person on the internet knows or cares what that is. People memorize (or used to) phone numbers. They don't do that with IP addresses. Admins know this and use it to their advantage. Your cavalier dismissal of virtual hosts shows that you really don't know what you're talking about.

Re:DNS not inherent (1)

slimjim8094 (941042) | more than 3 years ago | (#35317450)

I didn't dismiss virtual hosts, quite the contrary. My point was that you can serve websites without it (as the two comments mentioning /etc/hosts point out).

Perhaps you've missed the point, or perhaps I wasn't clear enough about the thrust of my post. I wasn't saying "we don't need the DNS", or that for all but the most technical of reasons it *is* part of the Internet. But breaking or otherwise fussing with the DNS is not a technical issue, and can't be fixed with a technical solution. It's, as I think we agree, a human matter of agreeing that these policies or features or whatever of these roots are more worthwhile than those roots.

You can't fix DNS broken in that way with a patch, or fancy routing tricks. TFA doesn't exactly make that claim, but it's an important distinction nonetheless. For example, the problem of spam: is it a technical one, a legal one, or a social one? There's a case to be made for any or all of them, but you can't "fix" it without figuring out from which angle to address it. So it goes for the altroots - you can't "fix" it by fiddling with some configurations, you fix it by removing the impetus for its creation or keep it a fringe effort by marginalizing its importance.

It's a question of nuance, like so many other important issues. Without understanding the real intricacies of a system, how can anybody hope to improve it? The distinction between the DNS and the Internet matters, whether you think it's relevant or not.

Re:DNS not inherent (1)

a whoabot (706122) | more than 3 years ago | (#35319510)

How would an alternative DNS becoming more commonplace necessarily, or likely, be a "serious problem"? I just do not see it. To note, I disagree with how the distribution of domain names is determined with regards to ICANN-linked registrars (it's not "first come, first served", by the way, or else PETA would not have peta.org*), so on that ground alone I support and use alternative DNS.**

I don't see this demand that one not use an alternative DNS much different from the demand that one use only a standards-compliant browser. No thanks -- I'll display the content the way I want it to display, not the way the content-maker wants. If you want me to read your page with red Comic sans faced text on a yellow background, I'm sorry, I'm going to have to disappoint you and display that as black Times New Roman on white. I know that breaks CSS standards and all, but I'd rather my browser break with standards and display things the way I want rather than the other way around..

*The courts ruled that the original peta.org was not a parody, because the address "peta.org" has only the pretense, and does not make it clear that it is a parody, while this does not occur "simultaneously" with the content, which makes it clear that it is a parody. By this reasoning A Modest Proposal is not parody, because the title has only the pretense.

**I guess you could say that the same courts could all the same take part in determining name distribution for an alternative DNS, but I at least hold hope they would see by then how ridiculous it is -- the system is just one of many and people can take it or leave it, or else you might as well take people to court for modifying their hosts files. Then again, why they can't see that for the case of ICANN-DNS makes that hope somewhat tenuous.

Which is worse? (0)

nuckfuts (690967) | more than 3 years ago | (#35314856)

Splintering DNS forks the Internet so that Internet users might never know where to go to get domains, or what they might get.

Which is worse: Injecting forged data into the DNS, or eliminating data that you don't like?

Kashpureff was guilty of the former. Now the US government is doing the latter - seizing domain names [arstechnica.com] on behalf of commercial interests.

Governments will cause the future split in DNS. (1)

2bfree (113445) | more than 3 years ago | (#35314948)

With corporate interests pushing governments to use domain name forfeitures to punish people/groups it finds threatening to their interests, it will cause people to create new name services.

He hacked people's servers (1)

mbone (558574) | more than 3 years ago | (#35315026)

He hacked people's servers (including some belonging to the DOD) and went to jail for it. When I pointed out that my non-hacked DNS servers couldn't see the Alternic domains, he hacked those too.

For some reason, top level domains have the ability to bring out the crazies. It happened in the late 1990's, and it's happening again (e.g., with .music).

Re:He hacked people's servers (1)

rs79 (71822) | more than 3 years ago | (#35317268)

"He hacked people's servers (including some belonging to the DOD) and went to jail for it. When I pointed out that my non-hacked DNS servers couldn't see the Alternic domains, he hacked those too."

Rubbish. He just exploited a bug in BIND where it believed anythng anyone told it. The trick was, he sent you mail. If you sent him mail back your system would do an mx record lookip for alternic.net, and his system would return not only the mx you asked for but an A record for internic.net (pointing to alternic.net) which bind cheerfully accepted. this is about the time Bernstein either began writing or released djbdns which DID'NT do this, it would only trust answers about internic.net from internic.net, not anybody that said they were or felt like it.

So he didn't hack any body's servers. you trusted information you got from the from the wrong place due to a well known bug in bind.

the great irony in all this is nobody will scream about kashpureff more than, say, vixie, but it was he that did the same thing when he convinced postel to tell the other roots to slave from IANA and not NSI (which magaziner ordered jon to undo real quick, and he did)

those were weird days but you have to keep in mind this never prevented anyone from say checking their mail on yahoo. the net is actually remarkably resiliant.

Design (0)

Anonymous Coward | more than 3 years ago | (#35315318)

Wow, don't think something like that would ever happen again

Hmm.. distributed name resolution? (0)

Anonymous Coward | more than 3 years ago | (#35315404)

Wonder when someone will come up with a distributed peer to peer type of setup as an alternative to a central authority.. Or is there something like that already?

DNS is broken (3, Interesting)

Colin Smith (2679) | more than 3 years ago | (#35315548)

We outgrew hosts files.

We've outgrown DNS as well.

Take a look at .COM for example. DNS is now basically flat, despite the original intent. .COM is a great big flat hosts table.

DNS is an attempt to categorise networks, companies, services etc. .COM for commercial, .US for American, .ORG for non profit organisations, .PRO for professionals (LOL). The problem is it's hierarchical, and categorising all the people, services, networks companies in the world doesn't work in a hierarchy. I need to be in .DE, .PRO, .NAME, .CO.UK etc. Duplication of information. People have just decided to use .COM instead and include some keywords in the name. It's simpler.

Naming, classification is relational rather than hierarchical. We need a replacement name resolution service. DNS will continue to creak under the inappropriate uses we put it to day.
 

Re:DNS is broken (1)

LWATCDR (28044) | more than 3 years ago | (#35316218)

.mil .gov and .edu do still seem to work probably because they are controlled The .US .UK seem to be marginal. Here is a question are the national tags assumed? So that there can be a Yahoo.com in say the US and the UK? If you are in the US and type Yahoo.com it goes to Yahoo.com.US and if you are in the UK it goes to Yahoo.com.UK?
Just wondering because I take DNS for granted.

Re:DNS is broken (1)

socsoc (1116769) | more than 3 years ago | (#35317466)

Someone in the UK typing yahoo.com will get resolved to the IP they've designed for .com. Yahoo's webservers at that point may redirect based on a (fallible) geoip to .co.uk. It doesn't really have to do directly to DNS.

Re:DNS is broken (2)

hyfe (641811) | more than 3 years ago | (#35316294)

Take a look at .COM for example. DNS is now basically flat, despite the original intent

Well, being Amercan you're missing half the web :)

All the different native language sites out there are hiding under .no, .sp, .de etc, and there really is quite a lot of them. About half the websites I visit are from .no, so I think it's more a matter of saying what language they use and where they do business. Basically, I think the American companies messed up, while the rest are behaving themselves... but given your view of the world that's hardly surprising (ever considered inviting other countries to the world series of baseball?)

Re:DNS is broken (1)

Colin Smith (2679) | more than 3 years ago | (#35317286)

I'm a Scot living in Germany.

And .DE is broken in exactly the same way as .COM for the same reason. .DE is simply the flat German national hosts file... Everything German.

 

Re:DNS is broken (1)

snspdaarf (1314399) | more than 3 years ago | (#35317320)

(ever considered inviting other countries to the world series of baseball?)

No.

Canada occasionally crashes the party, but they bring Labatt's with them, so it's ok.

Re:DNS is broken (1)

bill_mcgonigle (4333) | more than 3 years ago | (#35316782)

Naming, classification is relational rather than hierarchical. We need a replacement name resolution service. DNS will continue to creak under the inappropriate uses we put it to day.

And, of course, DNS was never envisioned as something masses of end users would deal with. Something like Google is more in line with the original thinking.

Re:DNS is broken (1)

rs79 (71822) | more than 3 years ago | (#35317308)

"And, of course, DNS was never envisioned as something masses of end users would deal with. Something like Google is more in line with the original thinking."

Define "user".

BIND got its start when Brian Reid a the Digitial Western Research Center in Palo Alto (DECWRL) paid Paul Vixie to take the Berkely b-tree code and make it into a "professional product" which he did.

In 1997 Brian said to me "I feel like a dork paying for my domain names but I don't know what to do about it".

So, it sorta depends on the "user".

Re:DNS is broken (1)

phoenix_rizzen (256998) | more than 3 years ago | (#35318900)

Yeah, it's really annoying when existing companies, with existing domains, register new domains for new products, instead of just creating sub-domains.

Do we really need a separate website for each movie that comes out? Why not just .movies.com?

Do we really need a new website each year for athletics? Why not just ..?

Sure, eventually, you could end up with super-long FQDNs, but it would certainly be nicer to work with on the back-end.

Re:DNS is broken (1)

phoenix_rizzen (256998) | more than 3 years ago | (#35318928)

Grrr, stupid slashdot removing everything between angle brackets.

The should read (moviename).movies.com.

And (year).(event).(whatever).

A little perspective (4, Informative)

sjames (1099) | more than 3 years ago | (#35315692)

It's important to remember that when he did this, he was essentially fighting against the mandated monopoly on domain registration held by Network Solutions. At that time, the domain registration process had all the speed efficiency, charm, and conscientiousness as the DMV on a bad day. Meanwhile, we had several prominant cases where exceptions were made to the first come first served policy to give privately held domain names to corporations that want them even when their trademark was newer than the original registration.

At the height of that Kashpureff partially hijacked DNS for a little bit to raise awareness of alternatives.

The issues from then were partially addressed by opening up competition in domain registration and further by regulating the dirtier practices of registrars.

Re:A little perspective (2)

tomhudson (43916) | more than 3 years ago | (#35316016)

I remember sending Network Solutions $145 just to register ONE domain back in January of 1996. And it took weeks to process.

Contrast that to $8 today, and same-day propagation.

Demonstrating that an alternate DNS system was even possible was important. If NetSol had continued with their monopoly, we'd probably be paying $500 a domain today.

Re:A little perspective (1)

thomst (1640045) | more than 3 years ago | (#35316884)

At the height of that Kashpureff partially hijacked DNS for a little bit to raise awareness of alternatives.

The issues from then were partially addressed by opening up competition in domain registration and further by regulating the dirtier practices of registrars.

Kashpureff is an asshole. He didn't "partially hijack" DNS "for a little bit" to raise anything other than his bank balance.

I wrote about the transition to what eventually became ICANN [starkrealities.com] in 1997 (see paragraph 6 for Kashpureff's "contribution" to this process). Charging a fee for registrations in the bogus TLDs he "owned" was not the act of a revolutionary - it is the scheme of a buccaneer, pure and simple.

Nor was he the only malefactor. Karl Denninger of MCSNet, who asserted ownership of .BIZ and Christopher Ambler of Image Online Design both attempted to start "alternative" registries, and Ambler tried to flim-flam IANA into legitimizing his attempted namespace land-grab by slipping an envelope containing a $1,000 check into a folder of documents he gave Bill Manning of IANA at the end of a meeting, and subsequently claiming that Manning accepted it as a deposit on his application to start an "experimental registry". (This is Manning's version of the incident - Ambler's, unsurprisingly, differs. I, personally, believe Manning, who had no personal financial stake in the proposal, one way or the other.)

I will also say that, as someone who closely monitored (and occasionally contributed to) the iahc-discuss list, Kashpureff was one of the most combative and least concilliatory members of that list - although there was plenty of flame to go around on all sides of every issue discussed.

Re:A little perspective (0)

rs79 (71822) | more than 3 years ago | (#35317398)

Once again Tom Starck writes about something he was tangentially aware of and gets it wrong. I could make a career of following you around and correcting you Thom and to one extent I have. We meet again.

The way the domain thing played out, Network Solutions was directed by the NSF to begin charging as the NSF was sick of subsidizing domain squatters who were registering gazillions of names after Josh Quittners article in Wired about the domain gold rush (that didn't really exist).

The discussion broke of on domain-policy@internic.net, was moved to matt marnel's newdom list, then wessons (I think) newdom list, then the list I ran at newdom.com at which point ISOC had glommed onto IANA and said "we're in charge now" and the thin line that separates icann today from isoc stems from this (which in turn stems from a chance meeting at an OECD workshop in Ottawa between Don Heath, ISOC, Bob Shaw, ITU and Albert Tramposch WIPO) crating an institutional legacy of I* orgnizations that make huge amounts of money (check the from 990's) and do exactly nothing.

But, back in the day Postel and Manning had already published their desire to create 300 new tlds with 150 right away, and encouraged people to deploy servers and code, which poeple did. There were emails, which IANA kept on file and are still around today and there were phone calls to Jon and meetings with Bill.

As you can probably tell from looking today there are no new tlds, the entire process got captured by trademark types and bureaucrats. big business wanted no new tlds and paid well to make sure that's what happened. Thom's spin is just that. Anybody who was involved knows this well, and checking your iahc mail every couple of days isn't quite the same thing. .

ICANN power-grab caused lots of damage. (1)

billstewart (78916) | more than 3 years ago | (#35318392)

As far as I could tell from the outside, the big objective of ICANN was to give the Trademark Gods more control over the domain-name process than they were going to get through the IAHC, and to prevent new top-level domains from happening, and I was already annoyed at the IAHC for being too subservient to the Trademark Gods. The big issues for me were getting more gTLDs created and making sure that the domain name process could preserve privacy, while the IAHC had pretty much agreed that you wouldn't be able to get a domain name without providing your True Name and ICBM\\\\Lawsuit Address.

Unlike some people, I didn't mind that the Ad-Hoc Committee's first seven domain names were pretty lame and boring - it's a process the world only gets to do once, so it's a lot better to practice it on namespaces nobody cares much about like .FIRM and .NOM, so they can do the job right for more valuable names like .INC, .GMBH, .LLC, .SA, etc. But the takeover by ICANN prevented even those from happening, so we end up with a flat cluttered .COM namespace instead of a more complex and meaningful one.

ICANN accomplished a few more things for its friends in power along the way - delaying DNSSEC and to some extent IPv6, and making it much harder to do experimentally-structured namespaces (with the exception of .museum, which was interesting.) Some things I'll ascribe mostly to incompetence rather than malice - because they really didn't want new TLDs, they didn't do any research into non-7-bit namespaces, so by the time the international-language crowd put enough pressure on them to Do Something, they adopted the appallingly-broken Punycode stuff (which I think came from NetSol, but I could easily be wrong about that.) I was especially annoyed that they asserted control over the IPv6 namespace, because fundamentally they care about Intellectual Property, not the Internet Protocol, and they made it hard for people to get official space for research purposes by charging a lot for it, as opposed to carving up 1/256th or 1/4096th of it and saying "it's experimental, go play with it, have fun!"

Re:ICANN power-grab caused lots of damage. (2)

sjames (1099) | more than 3 years ago | (#35318696)

Some here today may not remember, but there are good reasons they are sometimes called ICAN'T. The one thing they DO seem good at is junkets to Geneva. If they would have held their meetings at the HoJo somewhere they wouldn't need to charge the fees they do.

Re:A little perspective (1)

sjames (1099) | more than 3 years ago | (#35318572)

Nobody claims that he didn't hope to make some money, a lot of people do, that's no crime. If he wanted to charge money to register domains on his alternate DNS, that's no crime either. He didn't claim it was anything other than what it was. I'm pretty sure he's never been accused of being a diplomat.

Hacking the root servers WAS a crime and he paid for that. However, it wasn't JUST about making a profit, he was well justified in being upset with the way NetSol got the special treatment while doing such a miserable job of it. Practically everyone on the net that dealt with domain name registrations despised NetSol by that time. Most ranked it somewhere between dead skunk and plague carrier for desirability to spend time with. It was hard not to be at least a bit sympathetic to anyone who fired a shot across NetSol's bow.

Note how to this day there are still concerns that DNS is a bit too centralized for comfort. It was hardly a spurious opinion or a simple ploy to grab some cash. It was a real issue then and still hasn't been fully resolved today.

Re:A little perspective (1)

metamatic (202216) | more than 3 years ago | (#35318020)

It's important to remember that when he did this, he was essentially fighting against the mandated monopoly on domain registration held by Network Solutions. At that time, the domain registration process had all the speed efficiency, charm, and conscientiousness as the DMV on a bad day.

Still does, if you get your domains from Network Solutions.

TL;DR Generation (2)

xdroop (4039) | more than 3 years ago | (#35316268)

I am astounded both that a three-page article is described as "lengthy", and that the first (and only comment displayed to me currently) starts out:

I must admit that I haven't RTFA.

I guess if it is longer than a tweet, it's too long.

@xdroop (1)

EricWright (16803) | more than 3 years ago | (#35316410)

tl;dr pls sum.<=140 char

Re:TL;DR Generation (1)

KingAlanI (1270538) | more than 3 years ago | (#35318044)

I'm also pissed off about that, when various forum people freak out about me posting a few hundred to a couple thousand words, about something remotely complex - it's not a doctoral dissertation, for Christ's sake!

I wondered if this was going to be about AlterNic (1)

andrewagill (700624) | more than 3 years ago | (#35316350)

And then it was. True story.

This is a duplicate! (0)

mattdm (1931) | more than 3 years ago | (#35316382)

Old news, slashdot. Very old news! [slashdot.org]

Bullshit (1)

Lord Bitman (95493) | more than 3 years ago | (#35316560)

a "fractured internet" is bad for the network, so if it ever came to that it would just mean typing:
tech.slashdot.org.internic

if you wanted to ensure you were being unambiguous. It really would not have been the end of the world.

What Fractured Really Meant (1)

billstewart (78916) | more than 3 years ago | (#35318472)

There was a short period of time that almost 1% of the Internet's users could use Kashpureff's root in addition to the real one, but nobody serious was going to pay significant money to only be in Alter-space and not real space. Sure, you might pay $10 to register example.xxx, if example.com had already been bought, but it was obviously a losing deal.

I remember alternative dns roots! (1)

bitflusher (853768) | more than 3 years ago | (#35316912)

i totally forgot! they were fun ... for two days. really it was supposed to be a revolution/ riot thing. but i think it was so little of a nucance ot had virtually no impact. nothink like cutting internet for an entire country(a nucance that luckyly backfired spectacularly).
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?