[CCWG-ACCT] DNS
Steve Crocker
steve at shinkuro.com
Sun Apr 17 22:39:50 UTC 2016
Andrew,
I suppose we’re splitting hairs, but I would say there is indeed coordination of the DNS. It’s simply distributed, as you said. But at each level — or precisely, at each zone cut, there is a well defined single entity that coordinates allocations and assignments of names within that part of the tree.
I think the statement “Nobody does that” is potentially misleading, particularly to those who don’t have a reasonably deep understanding the system.
Steve
On Apr 17, 2016, at 6:29 PM, Andrew Sullivan <ajs at anvilwalrusden.com> wrote:
> Hi Kavouss,
>
> I cut the cc: list down a little. Hope that's ok.
>
> On Sun, Apr 17, 2016 at 11:51:13PM +0200, Kavouss Arasteh wrote:
>> If ICANN does not coordinate the allocation and assignments of names in the
>> domain name system then who does that?
>> What is the situations today, who perform that task?
>
> I tried to answer this in the chat today, but I was apparently
> unsuccessful. Let me try again here.
>
> The answer is, "Nobody does that." There is no central co-ordination
> of allocation and assignment of names in the DNS. That is in fact the
> genius of the design of the DNS.
>
> The DNS is possibly the most successful distributed database ever. It
> is distributed in two ways, which might be called data maintenance and
> data query operation. The "data query operation" is caching, which
> allows the DNS to perform very well; it's not relevant to our
> discussion. The "data maintenance", however, is fundamental to the
> model of the operation of the system, and is how DNS has managed to
> thrive.
>
> At every dot in a domain name, it is possible to add a "zone cut": a
> place where a new operator can take over a piece of the domain name
> space. The process of making a zone cut is called "delegation", and
> it involved putting name server resource record(s) on the parent side
> and "apex" records -- the same name server resource record(s) plus a
> Start Of Authority (SOA) record -- on the child side. So, for
> instance, Afilias delegates yitter.info to me, so in my zone there is
> an SOA record at yitter.info. What that means is that Afilias is no
> longer responsible for things that happen underneath yitter.info
> (because I have the authority -- that's what the SOA means).
>
> This means that wherever there is a zone cut, there's also an end of
> the co-ordinator function (in a strict sense of controlling names).
> Afilias is responsible to co-ordinate everything under info _except_
> below the stuff they delegated away (like yitter.info). Verisign is
> responsible to co-ordinate everything under com except below that
> which they delegated away (like anvilwalrusden.com). CIRA is
> responsible to co-ordinate everything under ca except below that which
> they delegated away (like crankycanuck.ca). And finally, ICANN is
> responsible to co-ordinate everything under the root zone (which is
> represented as ".") except below that which they delegated away (like
> com, net, org, info, ca, and so on).
>
> Now, operators who delegate away parts of the name space can make
> rules about what conditions they impose for the delegation. CIRA, for
> instance, won't delegate anything in ca unless you're a Canadian
> citizen or are in Canada. (I happen to be a citizen, so I get to
> register and maintain crankycanuck.ca. I'm also cranky, but that was
> not a condition for my registration.) You might say that ICANN uses
> its consensus policies as this sort of condition.
>
> So why, you might ask, isn't this all centrally co-ordinated? Well,
> because it makes things work better. The Internet is a massively
> distributed thing. It would be bureaucratic and inflexible if every
> time I wanted to add a new computer in anvilwalrusden.com I had to
> talk to ICANN or Verisign. But I don't need to talk to anybody,
> because the name space is delegated to me. That means I can operate
> my thing without anybody else being bothered. This make operation of
> the Internet simpler, cheaper, and faster than it otherwise would be.
> And I can even give a chunk of my namespace to someone else -- I could
> create shaveaukroasts.anvilwalrusden.com[1] and give it to a friend
> and colleague, and I wouldn't need to tell anyone in particular
> (though I'd still have to tell literally everyone, by putting it in
> the DNS).
>
> This lack of central co-ordination is one reason the DNS has been so
> successful. I hope that explanation helps. If you have further
> questions about this, feel free to ask me more.
>
> Best regards,
>
> A
>
> [1] anvilwalrusden is an anagram of "Andrew Sullivan". I will leave
> as an exercise for the reader the anagram of "shaveaukroasts".
>
> --
> Andrew Sullivan
> ajs at anvilwalrusden.com
> _______________________________________________
> Accountability-Cross-Community mailing list
> Accountability-Cross-Community at icann.org
> https://mm.icann.org/mailman/listinfo/accountability-cross-community
More information about the Accountability-Cross-Community
mailing list