
With Domain Name Seizures Increasing, It's Time For A Decentralized DNS System - chaostheory
http://www.techdirt.com/articles/20101129/01445312034/with-domain-name-seizures-increasing-its-time-decentralized-dns-system.shtml
======
wibblenut
Kneejerkitis.

1) ICANN has nothing to do with ICE seizing domains.

2) wikileaks.org was NOT seized by ICE, in case you didn't know (their
nameserver operator, everydns, terminated service due to alleged AUP breach).
They should probably just run their own nameservers if it's too much for a
free provider to handle.

3) DNS is hierarchical in structure, but very decentralised from a technical
point of view. In fact, you might call it "P2P", since anybody can join the
network and run their own resolver.

4) #dnsissexy - the average user doesn't even know it exists.

5) Not happy with something? ICANN is a community. (I'm not saying it's
perfect - nothing is!).

6) Really really pissed about something? Free speech, courts, democracy.

7) Really pissed AND lazy? Use a ccTLD. I hear .ly is cool.

What are people like Sunde proposing? The PR is sensationalist and
contradictory, with talk of an alternative root (where would it be located?
who would control it?), and a new bittorrent-like protocol (no idea how this
could even work).

Anyway, I'm standing up for the status quo. It works phenomenally well.

~~~
spinlocked
The goal is to build a naming system that is decentralized and therefore free
and hard to take down.

> You might call DNS "P2P", since anybody can join the network and run their
> own resolver.

Single point of attack. They shut down your custom resolver, and they shut
down your custom naming system. Also this proposal fails in terms of
availability and resilience.

Also it's hierarchical P2P, so if you control the root servers, you control
the naming system. It is decentralized only to aid availability and
resilience.

> the average user doesn't even know it exists.

Those who do, understand that it can be controlled.

> Not happy with something? ICANN is a community.

I want free names for 10 websites. ICANN't get that without paying $7 * 10 per
year. Some things are not worth lobbying for, because they are obviously not
going to happen.

> Really really pissed about something? Free speech, courts, democracy.

Such a naming system would be outside the immediate control of governments,
therefore democracy has nothing to do with it. Indeed, the idea is that you
could use this in China and Chechnya too.

> Use a ccTLD. I hear .ly is cool.

This still uses DNS, and does not solve anything.

~~~
tybris
> Single point of attack. They shut down your custom resolver, and they shut
> down your custom naming system. Also this proposal fails in terms of
> availability and resilience.

Peer-to-peer networks are easy to overthrow completely even with a relatively
small number of malicious nodes.

> Also it's hierarchical P2P, so if you control the root servers, you control
> the naming system. It is decentralized only to aid availability and
> resilience.

ICANN only controls delegation to TLDs.

> I want free names for 10 websites.

I want free beer.

> Such a naming system would be outside the immediate control of governments,
> therefore democracy has nothing to do with it.

In the real world people care about ownership disputes, protecting trademarks,
accountability and other legal matters.

> This still uses DNS, and does not solve anything.

Actually, it does. DNS solves everything just fine.

~~~
spinlocked
I think you're missing the point here. The goal is not to create a mainstream
replacement for DNS. Its to create an "alternative" naming system.

> I want free beer.

A p2p naming system would use free software and shared computing resources.
There are numerous examples of both (GNU and BOINC/Gnutella/Bittorrent
respectively.) So striving for a free naming system is not the same as
striving for free beer.

> Peer-to-peer networks are easy to overthrow completely even with a
> relatively small number of malicious nodes.

Not if your p2p model uses a web of trust model like PGP. This is what the
proposed model uses.

I don't agree with the proposed model, for what its worth. I think they should
be looking at leveraging the work done on semantic free referencing at MIT,
instead of the existing name to IP model.

(<http://nms.csail.mit.edu/projects/sfr/>)

------
andrewcooke
Here's a quick, dirty, temporary hack I threw together today. It's a script
that manages entries in your hosts file (it can do things like merge, pull
from web pages, etc).

<https://github.com/ghettonet/GhettoNet>

Feel free to fork and improve.

~~~
aw3c2
How does the system like it if you actually have ~200 million entries in that
file? Or make it just one million for a start.

~~~
andrewcooke
Sure, but sometimes worse is better - a small step in a pragmatic direction
can do some good now and be a stepping stone to something better in the
future.

------
corin_
Here's my problem. It's great that some censorship will be prevented, but what
about stuff like child pornography. I'm worried that, if successful, this will
turn into a "we don't like our government so let's go create our own country
where there are no laws", without thinking about the laws that we actually do
want enforced...

~~~
seldo
[Edit: I wish people would stop voting down the parent. It is a legitimate
point of view and down-voting is supposed to express a lack of value, not
disagreement with content]

Child pornography is basically the trump card of the pro-censorship argument.
Nobody is in favour of it, everybody thinks it's awful, even really passionate
freedom-of-speech types often think an "except for child pornography" clause
is an allowable compromise.

But the truth is that anybody who wants child pornography on the Internet can
already get it, if they try hard enough. Many of us who've worked for large
web companies are aware that one of the first forms of abuse that happens to
any service that allows image uploading is that it starts getting used to
distribute child porn. Shutting down domain names will do nothing because the
people who deal in this stuff have been having their shit seized and shut down
for years already.

By the same token, DNS is not essential to preventing censorship. We can send
each other IP addresses through social networks, distribute shortlinks to
servers that change every hour, or any one of a hundred other methods.

The balance to strike is: is censorship of material we think legitimate
happening often enough right now that we want to make it _easier_ to route
around, knowing that doing so will make it harder to censor stuff that we find
universally objectionable? A month ago I'd have said no, but today I'm not so
sure. And that's a dangerous consequence of the actions the US government is
taking in response to these leaks. By cracking down, they risk provoking a
revolution that will make it impossible to control these things in future.

~~~
rimantas
> down-voting is supposed to express a lack of value, not > disagreement with
> content

Let's face it: we mostly upvote posts we agree with. Then the trouble is, that
for the symmetrical acction we must have symmetrical meaning. If I press on
the gas and it makes a car to go faster I expect it to go slower when pressing
less. If I click up-arrow to express agreement, I expect that down-arrow will
express disagreemet.

I wish people will continue to vote down to express disagreement and use
"flag" to express lack of the value or inapropriate content.

~~~
radu_floricica
At the time of the edit, that post might have been in negative numbers. Voting
expresses agreement, yes, but any score below 1 should be reserved for
troll/frivolous/vulgar posts.

~~~
seldo
Precisely why I specified what "down-voting" is for. In my view, the correct
score for a valid opinion that nobody else agrees with is 1. I feel up-voting
can express both agreement and/or belief that something is valuable.

------
runjake
I can't wait for all the new logistical & security issues that come from a
decentralized system. It will make the old DNS system seem like Fort Meade.

------
Mithrandir
<http://dot-p2p.org>

~~~
haberman
"We currently believe the best way to create a stable environment for TLDs is
to enact a central authority. We know this will cause much argument within the
community, but we have made the decision that we believe will be best for the
continued development of this project."

That is the answer to the question I was going to ask, namely "what does
decentralized DNS even mean?" People throw around the word "decentralized" as
a presumed solution to centralized control, but at the end of the day
_someone_ has to decide who wins if two different people both claim that
microsoft.com points to their server.

Also, "visit mybiz.yo after adding altdns.com as a DNS authority" doesn't
exactly have the same ring to it as "visit mybiz.com". It also doesn't fit on
the side of a truck, nor is it something that you will ever convince 99.9% of
the population to do just to visit a website.

~~~
mike-cardwell
I envisage a system where a few dozen independent organisations around the
World run the root. They all have the same data. If any of them modify their
local copy of the data or try to poison the distributed data, their trusted
status is revoked. Child DNS resolvers should be able to detect new trusted
organisations and remove untrusted organisations quickly.

This could all be handled through public key encryption and automatic voting.
DNSSEC or similar should be complete and enforced for all zones and lookups.

You would need to compromise over half of the trusted organisations running
the root in order to break this system.

~~~
rmc
_I envisage a system where a few dozen independent organisations around the
World run the root. They all have the same data. If any of them modify their
local copy of the data or try to poison the distributed data, their trusted
status is revoked._

So what happens if someone attacks/compromises more than half of these trusted
nodes at once with bad data? Is the bad data then the good data

~~~
mike-cardwell
If there are 35 trusted organisations and governments around the World
colluded to take over the network by taking over 18 of these organisations and
getting them to "untrust" the other 17, then this would splinter the network,
and people around the World would need to manually repoint their resolvers at
the other group of 17.

This system relies on the fact that it is difficult to take down lots of
independent organisations that are spread around the World at the same time
easily.

------
mike-cardwell
A distributed DNS platform wont stop censorship. Governments will just find a
different method of censorship.

Null routing IPs would cause collateral damage, but to block illegal content
that the hosts refuse to take down? They might go ahead and do it anyway...

I would still love to see a distributed DNS platform. The issue that needs
resolving for a distributed platform is trust. We will always need a trusted
authority. That could be split over 50 hosts over 50 countries, but we still
need one.

~~~
16s
Verizon and AT&T will do what they are told as will other large ISPs, if they
want to keep doing business as usual.

------
NHQ
I think another big problem with ICAAN and our DNS is the TLD. The fact that
somebody who wants to represent their self on the internet might not be able
to do so in a manner of their choosing because the domain they want is "owned"
across all major and minor TLDs is very anti-internet-philosophy.

Top-Level is anti-web, because the web is not meant to be a top-down system.
To me, this is a fundamentally flawed implementation. And why not? In terms of
mass web, it was the first. When are first iterations ever correct?

Destinations are IP addresses. We all have em. What you want to call yours
should be up to you. Ever since there was a postal service, people could be
reached at the address they had. Even phone numbers weren't top-down (area
codes), so that you could reach a local address, even it was the same as one
in another county, without pre-(or post-) fix. I don't have the solution, but
it wouldn't hurt for the public to learn and understand their IP address same
as they do their home one.

Google alone, or with the help of other major "linkers", could go a long way
in changing our DNS structure, by indexing different systems.

Decentralization is every nerd's dream, aint it? Eventually the serving
capacity of consumer devices should be adequate to resolve standardized
requests.

I think this holds promise: telehash.org

~~~
pak
IP address blocks are allocated by IANA, which is managed by, you guessed it,
ICANN. Just sayin'.

[http://en.wikipedia.org/wiki/Internet_Assigned_Numbers_Autho...](http://en.wikipedia.org/wiki/Internet_Assigned_Numbers_Authority#Oversight)

It all is top-down at the core. (And it kind of has to be, because as much as
we think of the Internet as "decentralized", it is a communication network,
and so centralized administration is often the most efficient and sane way of
doing things.)

------
watt
Please do not propose technological solutions to political problem, one that
needs political solution.

Meaning, centralized DNS system will work just fine, we only need a law
prohibiting government blocking or removing domain entries. That is, we need
similar prohibition that limits government actions like first amendment.

------
antimatter15
I'm still not sure how a decentralized DNS would handle registration, if
domains were free-for-all, what's to prevent squatters from ruining
everything. What if someone's domain is totally abandoned? Is there any way
for someone else to take it?

From what I understand from the dotp2p wiki, there's still going to be a
registration party, OpenNIC (which is an existing alternative DNS root that
runs .geek, .free, etc. I'm guessing it's a DHT but it would use some public
key crypto so that each entry needs to be signed by OpenNIC.

But this still leaves OpenNIC as a central point. It wouldn't be a point of
failure, but it would prevent scaling if it was taken over.

~~~
Kadin
I'm not sure what they're up to these days, but I remember when they got
started (by some guys from K5, IIRC). It was an alternative root, and not any
more decentralized in the technical sense than "regular" DNS. More responsive
to users and democratic, but the structure was exactly the same.

There were a bunch of other alternative roots that have taken on ICANN at one
point or another, although it's been a long time since I've tried any of them.

It strikes me as a doomed effort unless you can get some ISPs somewhere to buy
in and point users towards your root rather than ICANN's. Most users aren't
going to change their DNS settings (most probably don't know how), so it seems
difficult to achieve any sort of critical mass of users.

------
cosmicray
A decentralized DNS has nothing to do with solving the (presumed) problem. The
solution is a registrar (and DNS) that is not answerable to any nation state.

The corollary to this demands an answer: are nation states that afraid of
information (and the truth that may lurk within) ?

------
jimmyjazz14
I'm not sure if a decentralized DNS system could ever be secure, instead the
current management of the top level domain space should be taken out of the
hands of ICANN and placed under the control of a internationally governed
body.

------
treitnauer
Why the P2P DNS project will not work:

<http://news.ycombinator.com/item?id=1972834>

------
swixmix
It's time for IPV6.

