<<< Date Index >>>     <<< Thread Index >>>

[IP] more on Neustar to create their own DNS root and own universe to rule





Begin forwarded message:

From: "Strata R. Chalup" <strata@xxxxxxxxxxx>
Date: October 1, 2005 5:08:18 AM EDT
To: Bob Frankston <Bob2-19-0501@xxxxxxxxxxxxxxxxxx>
Cc: dave@xxxxxxxxxx, "Strata R. Chalup" <strata@xxxxxxxxxxx>
Subject: Re: [IP] more on Neustar to create their own DNS root and own universe to rule



Indeed, and I should hasten to add that many different pathing, decision, and trust systems can be encompassed in the simple phrase 'alternate root servers'. In any system you are dependent on what you can see, and it is simply the closed-system approach of one root zone that keeps the view uniform.

There are any number of approaches, some more feasible than others, that can be taken. However any that are desired to be repeatable are going to depend upon a monolithic context somewhere to supply that repeatability, whether it's the current root server setup, a mesh network of cryptographically-signed trusted peers, or embedded meta- lookup info prepended into a new URL/URI structure (said meta-lookup info depending again on a monolithic hierarchy somewhere, and being the equivalent of what was done with routing a decade or so ago).

"Mappings at the edge" seems somewhat vague, but doubtless depends on as much unwritten context as my conflation of the above paragraphs into 'alternate root servers'. Can you be more clear? Edge in respect to what-- the host doing the query? the recursive zone of the domain? other? I'm taking 'mapping' as 'FQDN to IPv4' but perhaps you had a different mapping in mind, such as zone to SOA to root- server-set, or ??

The cheerful curse of the net as we know it is that many, many things began as an expedient way to solve a local problem, and through a combination of applied effort and good intuition were nudged willy- nilly into a sort of scaleability. I remember the day that BUIT-A became kudzu in the /etc/hosts file, and in a previous life as 'eddie! mrose' I became all too familiar with certain sorts of ambiguity.[0] As the late and lamented Prof Michael Dertouzos said at a panel on the future of the net, (paraphrased) "we think we are inventing the bulldozer, when all we are really doing is inventing platinum- handled, diamond-plated carbon nanotube shovels".

Perhaps the possibility of disjoint FQDN-to-IP maps will push the semantic burden where it arguably belongs, on the data itself. Some of the early URI-related schemes allowed indicating that a lump of data was in fact the same lump of data as that at foo://bar.baz.waldo regardless of its differing URL. What people are interested in is tracking information, not tracking URLs or domain names. 'Smart information' could become a sort of reverse-aggregating feed, where the edge registers with as many middles as it likes, and accepts updates from various registered parties directly into a user- organized datastream. A fundamentally opt-in based system for subscribing to information, be it DNS-ish data, or the data that lives at the URLs that the DNS-ish data tells you how to translate, and your net stack tells you how to route to.

And it's much too early in the morning, or late at night, to expand too much on that idea. Ask me later, or just run with it-- the bones are there, reasonably jointed and waiting to be enfleshed.

cheers,
Strata

[0] Depending on where you were in the uucp world in 1981 - 82ish, eddie!mrose would either resolve to mit-eddie!mrose (myself) or uw- eddie!mrose, netwizard Marshall Rose. I can only wonder if Marshall got as many questions about gardening and people's personal lives as I got queries about the behavior of TCP windows under various kernel and driver conditions (which I would generally re-route appropriately).

Bob Frankston wrote:


Multiple roots won't help keep sites visible. If anything it's the opposite since you'll be dependent upon your local root benefactor rather than the current system where all the root operators must cooperate and then all
they can do is deny you a mapping entry.
The solution is to remove the dependence upon a central service and provide
mappings at the edge. This is not a simple problem to solve but it is
better to address the basic problem than piling more on top of what was simply an expedient way to scale /etc/hosts maintenance. Unfortunately it got tripped up in using local the semantic model of a small group in a huge
dynamic global namespace as if ambiguity didn't exist.
-----Original Message-----
From: David Farber [mailto:dave@xxxxxxxxxx]
Sent: Saturday, October 01, 2005 00:14
To: Ip Ip
Subject: [IP] more on Neustar to create their own DNS root and own universe
to rule
Begin forwarded message:
From: "Strata R. Chalup" <strata@xxxxxxxxxxx>
Date: September 30, 2005 6:47:22 PM EDT
To: dave@xxxxxxxxxx, vixie@xxxxxxxx
Subject: Re: [IP] more on Neustar to create their own DNS root and
own universe to rule
I'm quite curious to hear what Paul Vixie thinks of this.  Back in
the early 90's, and then again recently, I floated the idea that bind
should incorporate the idea of alternate root servers.   My
motivation was more political than technical-- currently it is
frighteningly easy to make an entire domain disappear, silencing
dissent and politically-incorrect points of view.  I pointed out that
with all of the joyful hype about the 'net bringing democracy to the
masses, it wasn't going to happen if there was a single hierarchy out
of which one could be plucked, redirected, etc etc.
Vixie's response, while eminiently polite, was very passionate:  his
vision of the Internet was that it was one space, and support for
alternate roots would destroy this.  He added that he would use his
considerable technical and personal resources to squash such a
concept if it were attempted.  Given his status as an inventor,
coder, and general formative net entity, I decided to let the matter
drop.
I think One Root Zone is still a bad idea for all the reasons I
brought up in 1994, 2001, and 2003, plus the additional incentive of
general censorship and net-nannyism at a carrier and national policy
level.  But 'One Root Zone plus N Portal Zones' is even *worse* than
One Root Zone, for all these *plus* the fiscal misbehavior incentives.
Paul, time to buckle on your armor, dude.   Somebody out there (not
me!) is pursuing this whole-hog, and has a lotta fiscal incentive,
and deep pockets, to push it through.
cheers,
Strata
David Farber wrote:

Begin forwarded message:
From: Bob Frankston <Bob2-19-0501@xxxxxxxxxxxxxxxxxx>
Date: September 30, 2005 1:55:17 PM EDT
To: dave@xxxxxxxxxx, 'Ip Ip' <ip@xxxxxxxxxxxxxx>
Cc: "Steven M. Bellovin" <smb@xxxxxxxxxxxxxxx>
Subject: RE: [IP] Neustar to create their own DNS root and own
universe to rule
Perhaps I'm misreading the release but ... Huh -- what's this nonsense about needing a special cellular DNS just to find my home machine? Are
these people fooling themselves or working hard to create an
alternative
reality in which they define a universe just so they can rule it?
I hesitate to raise the DNS issues again but I've been following
the  "IMS"
efforts to allow the carriers to bring apps back into their world of
billing for everything. I can't help but wonder if this is an
attempt to
revisit WAP -- the purposefully mislabeled "wireless Internet" and
to  make
it more difficult to simply access services without the carriers
having
gatekeeper control and billing.
This is a ROOT server and makes cellular users captive. The idea
that  the
current roots aren't carrier grade is strange -- they handle
traffic  loads
that would make a carrier wince. I can already access my home files
when
roaming anywhere in the world. Do these people think there's a
real  problem
or is it another convenient lie (stupid vs malevolent). Like the
one  that
said you need special WAP protocols even as I able to travel around
the
world using a GSM data connection at lower latencies and lower
prices on
their own networks than they said were possible. And that was just
using
the normal voice path at voice prices!
This is part of the revenge of the Telcos. They are perpetuating
the lie
that the carriers have a role in push to talk. It's a simple edge
application. I can write a small app to hook an SMS message and do
it  on a
PPC phone now (or Symbion, Linux etc).
If anything we need to get past the whole notion of hand-offs.
Remember how
any years it took the carriers to make it work at all? I won't do the
design here but it is fairly simple for devices at the edge to
maintain
their relationships as they travel. Taking the state information
out  of the
network scales far better. But it does the one thing that the
carriers fear
more than anything -- it takes their control away. I could then
roam  from
carrier to carrier transparently and to Wi-Fi. The current regimen
makes
Wi-Fi calls billable. With relationships maintained edge-to-edge
there is
no place for the billing troll to perch.
What's interesting is that it is so "obvious" we need handoffs in the
network but a few minutes of thinking demonstrate that not only is
that not
true but we can do far better without it. It's not (necessarily)
that  the
carriers are lying but they succumb to convenient fallacies and people accept the stories because they are so obviously true. If anything, my
claim that we can do the handoffs at the edge is greeted the
skepticism and
instead we get proposals for Mobile-IP which reintroduce hand-offs
into the
network itself.
The whole IMS effort to introduce a billable (the word is an
implicit  part
of any such proposal) control plane into the network makes the
whole  notion
carrier grade problematic in the sense that it becomes brittle and
unreliable. Instead of simply establishing connections between
devices and
letting the devices work out the protocols you now need every
element  to be
crafted to interrupt just right for each protocol and then resist any
innovation. It's X.400 vs SMTP all over again. It's classic
engineering in
which everything must work for anything to work rather than Internet
engineering in which anything that works works and the more the
better.
Carrier grade means spending 100x (or much more) to achieve brittle
(billable) reliability. Internet grade means you might get an
occasional
hiccup but it's worth it to reduce the costs and allow
experimentation. You
can then afford massive extra capacity which yields higher effective
reliability. When the #1 ESS was installed at MIT in 1970 it was
down  for
five hours the first night -- a century of projected downtime. Carrier
grade means failures don't count because they are catastrophic and
thus
outside the metrics.
Sorry about ranting but it leads me back to the DNS itself. In
this  case it
seems to be about using the DNS for control. But the DNS itself is
problematic as it leads to a false sense of authority. Attempts to
create a
separate DNS threaten this and force us to find alternative means of
establishing relationships.
If I get a different DNS using EV-DO than I get using IP, then we
might as
well forget the whole thing and go completely Edge to Edge (P2P)
and  create
better mechanisms. It's doable but requires giving up the illusion
that we
need to use the DNS because it's no longer a commons we think we
can  trust.
-----Original Message-----
From: David Farber [mailto:dave@xxxxxxxxxx]
Sent: Friday, September 30, 2005 09:48
To: Ip Ip
Subject: [IP] Neustar to create their own DNS root
Begin forwarded message:
From: "Steven M. Bellovin" <smb@xxxxxxxxxxxxxxx>
Date: September 30, 2005 12:15:11 AM EDT
To: dave@xxxxxxxxxx
Subject: Neustar to create their own DNS root
Neustar, a company that should certainly know better, has announced
that they're going to create a .gprs TLD to serve the mobile phone
industry (http://www.neustar.com/pressroom/files/announcements/
ns_pr_09282005.pdf)
This, of course, requires creation of a private root zone, against the
very strong warnings in RFC 2826.  This is not quite as bad as a
general-purpose alternate root, since it's restricted to use by mobile
operators, but it's bad enough.  Here's one possible complication:
suppose some operator decides that some other company is better
qualified than Neustar to operate yet another private TLD. Which root
should they then subscribe to?  (Yes, this would punish that company
more than Neustar.  It would also leave Neustar in the driver's seat
for any future such private TLDs.)
There may be even more to this situation.  ICANN recently approved
.mobi, which is aimed at consumers and "providers of those products,
services, content, and other items to ... other Providers".  Why
aren't
they using .grps.mobi for this?
(Beyond all that, a U.S. diplomat stated in Geneva that the U.S. would
not agree to turn over control of the Internet to the U.N.  "It's
not a
negotiating issue. This is a matter of national policy.")
        --Steven M. Bellovin, http://www.cs.columbia.edu/~smb
-------------------------------------
You are subscribed as BobIP@xxxxxxxxxxxxxxxxxx
To manage your subscription, go to
 http://v2.listbox.com/member/?listname=ip
Archives at: http://www.interesting-people.org/archives/
interesting- people/
-------------------------------------
You are subscribed as strata@xxxxxxxxxxx
To manage your subscription, go to
http://v2.listbox.com/member/?listname=ip
Archives at: http://www.interesting-people.org/archives/interesting-
people/


--
====================================================================== == Strata Rose Chalup [KF6NBZ] strata "@" virtual.net VirtualNet Consulting http:// www.virtual.net/
              ** Strategic IT for the Growing Enterprise **
====================================================================== ==
=
-------------------------------------
You are subscribed as BobIP@xxxxxxxxxxxxxxxxxx
To manage your subscription, go to
  http://v2.listbox.com/member/?listname=ip
Archives at: http://www.interesting-people.org/archives/interesting- people/


--
========================================================================
Strata R Chalup [KF6NBZ]                         strata "@" virtual.net
Virtual.Net Inc                                  http://www.virtual.net/
          ** Strategic IT for the Growing Enterprise **
======================================================================== =


-------------------------------------
You are subscribed as roessler@xxxxxxxxxxxxxxxxxx
To manage your subscription, go to
 http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/