

The Pirate Bay co-founder to launch an open and distributed ICANN alternative - IgorPartola
http://www.osnews.com/story/24079/Sunde_To_Launch_Open_Distributed_Alternative_to_ICANN

======
trotsky
I really hope all of this dns dustup is really about showing ICANN and the
powers that be that they shouldn't risk fracturing the Internet by hijacking
domains the way they did.

The alternative - actually wanting to split a bunch of users onto a new set of
root servers and inventing a brand new method of peer to peer zone transfers
seems overly complex and filled with potential pitfalls.

While this may be a bit overstated, when arguing against COICA the IEEE had
this to say about fragmentation:

 _These problems will be enough to ensure that alternative name-lookup
infrastructures will come into widespread use, outside the control of US
service providers but easily used by American citizens. Errors and divergences
will appear between these new services and the current global DNS, and
contradictory addresses will confuse browsers and frustrate the people using
them. These problems will be widespread and will affect sites other than those
blacklisted by the American government._

Is there a need for all new roots? One option might be just to have various
recursive resolvers available for people to switch to aka opendns or google,
but these could be delegated as secondaries by worried domain holders and thus
return authoritative without consulting root servers. Signed zones could
prevent tampering. If they really want to run software on the client it could
be stuff that's already built - a small validating resolver that could send
most lookups to the user's isp but query the alternate provider for a specific
tld or when validation using DLV fails.

The spit-balling about the design of this thing has given me flashbacks to 25
years ago when manually replicated host files ruled the day (and it sucked). I
totally agree that not being able to trust the roots is a big problem, but
there must be a better way to go about this than having me run some custom
software on every one of my clients (and hope it's not a new attack vector)
just in case a site that I use might get hijacked by the feds in the future.

~~~
ra
End users wouldn't need any special client software.

There's no reason why a DNS server couldn't take care of the new protocol and
just present resolved IP addresses to the client as usual.

I don't imagine everyone would want this new DNS initially, but the key is
that it's there if you want it, and no-one can stop that.

------
m_eiman
"Plz stop saying I'm the guy behind the new DNS-system. I'm just one of lots
of people with interest in it. Everyone does their part!" - [TPB co-founder]

<http://twitter.com/brokep/status/9684729515220992>

------
pdx
Why not just a DNS Archive?

Instead of snapshots of how a domain's webpage looked throughout time, you
have snapshots of what ip address a domain mapped to, throughout time.

Make it opt-in. Hell, maybe even charge for it.

Make a REST interface that can be queried by browser plugins, other websites,
etc., that allows people to obtain the old IP address if it suddenly changes.

Now you haven't broken anything and have provided those who need it with a way
to find you, even after a government interference.

You could even make it retroactive. If somebody takes control of your domain,
and you didn't opt in to the service before hand, you then submit your actual
IP address to the service. The service only accepts requests for IP changes
that originate from that actual IP address to prevent unauthorized changes.

------
IgorPartola
Here's a list of what's already been done by others:
<http://en.wikipedia.org/wiki/Alternative_DNS_root>

------
huyegn
It seems like this could be a good opportunity for us to make good use of
newly available technologies. Not exactly sure how it would work yet but a
Distributed DNS system could be implemented using CouchDB.

Specifically, CouchDB's ability to distribute databases to clients seems like
the ideal feature for this technology.

"CouchDB is a peer based distributed database system. Any number of CouchDB
hosts (servers and offline-clients) can have independent “replica copies” of
the same database, where applications have full database interactivity (query,
add, edit, delete). When back online or on a schedule, database changes are
replicated bi-directionally."

~~~
ra
DNS is just a key value store at heart anyway.

The problem with couch is that it's designed for HTTP, and has lots of
features that would not be required for a DNS server.

DNS needs to be blindingly fast, and any new protocol would ideally need to be
added to existing DNS servers like Bind.

------
nitrogen
This whole story of COICA, domain seizures, and ad-hoc alternatives springing
up sounds like the beginning of a cyberpunk novel. Is the US government
actually bringing about the dystopian technological future envisioned in so
many short stories?

------
NHQ
I hope they provision some kind of non-TLD system as well.

