[CCWG-ACCT] DNS

[Andrew Sullivan]

Hi Kavouss,

I cut the cc: list down a little.  Hope that's ok.

On Sun, Apr 17, 2016 at 11:51:13PM +0200, Kavouss Arasteh wrote:
> If ICANN does not coordinate the allocation and assignments of names in the
> domain name system then who does that?
> What is the situations today, who perform that task?

I tried to answer this in the chat today, but I was apparently
unsuccessful.  Let me try again here.

The answer is, "Nobody does that."  There is no central co-ordination
of allocation and assignment of names in the DNS.  That is in fact the
genius of the design of the DNS.

The DNS is possibly the most successful distributed database ever.  It
is distributed in two ways, which might be called data maintenance and
data query operation.  The "data query operation" is caching, which
allows the DNS to perform very well; it's not relevant to our
discussion.  The "data maintenance", however, is fundamental to the
model of the operation of the system, and is how DNS has managed to
thrive.

At every dot in a domain name, it is possible to add a "zone cut": a
place where a new operator can take over a piece of the domain name
space.  The process of making a zone cut is called "delegation", and
it involved putting name server resource record(s) on the parent side
and "apex" records -- the same name server resource record(s) plus a
Start Of Authority (SOA) record -- on the child side.  So, for
instance, Afilias delegates yitter.info to me, so in my zone there is
an SOA record at yitter.info.  What that means is that Afilias is no
longer responsible for things that happen underneath yitter.info
(because I have the authority -- that's what the SOA means).

This means that wherever there is a zone cut, there's also an end of
the co-ordinator function (in a strict sense of controlling names).
Afilias is responsible to co-ordinate everything under info _except_
below the stuff they delegated away (like yitter.info).  Verisign is
responsible to co-ordinate everything under com except below that
which they delegated away (like anvilwalrusden.com).  CIRA is
responsible to co-ordinate everything under ca except below that which
they delegated away (like crankycanuck.ca).  And finally, ICANN is
responsible to co-ordinate everything under the root zone (which is
represented as ".") except below that which they delegated away (like
com, net, org, info, ca, and so on).

Now, operators who delegate away parts of the name space can make
rules about what conditions they impose for the delegation.  CIRA, for
instance, won't delegate anything in ca unless you're a Canadian
citizen or are in Canada.  (I happen to be a citizen, so I get to
register and maintain crankycanuck.ca.  I'm also cranky, but that was
not a condition for my registration.)  You might say that ICANN uses
its consensus policies as this sort of condition.

So why, you might ask, isn't this all centrally co-ordinated?  Well,
because it makes things work better.  The Internet is a massively
distributed thing.  It would be bureaucratic and inflexible if every
time I wanted to add a new computer in anvilwalrusden.com I had to
talk to ICANN or Verisign.  But I don't need to talk to anybody,
because the name space is delegated to me.  That means I can operate
my thing without anybody else being bothered.  This make operation of
the Internet simpler, cheaper, and faster than it otherwise would be.
And I can even give a chunk of my namespace to someone else -- I could
create shaveaukroasts.anvilwalrusden.com[1] and give it to a friend
and colleague, and I wouldn't need to tell anyone in particular
(though I'd still have to tell literally everyone, by putting it in
the DNS).

This lack of central co-ordination is one reason the DNS has been so
successful.  I hope that explanation helps.  If you have further
questions about this, feel free to ask me more.

Best regards,

A

[1] anvilwalrusden is an anagram of "Andrew Sullivan".  I will leave
as an exercise for the reader the anagram of "shaveaukroasts".

-- 
Andrew Sullivan
ajs at anvilwalrusden.com