[CCWG-ACCT] DNS

Steve Crocker steve at shinkuro.com
Sun Apr 17 22:39:50 UTC 2016 

Andrew,

I suppose we’re splitting hairs, but I would say there is indeed coordination of the DNS.  It’s simply distributed, as you said.  But at each level — or precisely, at each zone cut, there is a well defined single entity that coordinates allocations and assignments of names within that part of the tree.

I think the statement “Nobody does that” is potentially misleading, particularly to those who don’t have a reasonably deep understanding the system.

Steve



On Apr 17, 2016, at 6:29 PM, Andrew Sullivan <ajs at anvilwalrusden.com> wrote:

> Hi Kavouss,
> 
> I cut the cc: list down a little.  Hope that's ok.
> 
> On Sun, Apr 17, 2016 at 11:51:13PM +0200, Kavouss Arasteh wrote:
>> If ICANN does not coordinate the allocation and assignments of names in the
>> domain name system then who does that?
>> What is the situations today, who perform that task?
> 
> I tried to answer this in the chat today, but I was apparently
> unsuccessful.  Let me try again here.
> 
> The answer is, "Nobody does that."  There is no central co-ordination
> of allocation and assignment of names in the DNS.  That is in fact the
> genius of the design of the DNS.
> 
> The DNS is possibly the most successful distributed database ever.  It
> is distributed in two ways, which might be called data maintenance and
> data query operation.  The "data query operation" is caching, which
> allows the DNS to perform very well; it's not relevant to our
> discussion.  The "data maintenance", however, is fundamental to the
> model of the operation of the system, and is how DNS has managed to
> thrive.
> 
> At every dot in a domain name, it is possible to add a "zone cut": a
> place where a new operator can take over a piece of the domain name
> space.  The process of making a zone cut is called "delegation", and
> it involved putting name server resource record(s) on the parent side
> and "apex" records -- the same name server resource record(s) plus a
> Start Of Authority (SOA) record -- on the child side.  So, for
> instance, Afilias delegates yitter.info to me, so in my zone there is
> an SOA record at yitter.info.  What that means is that Afilias is no
> longer responsible for things that happen underneath yitter.info
> (because I have the authority -- that's what the SOA means).
> 
> This means that wherever there is a zone cut, there's also an end of
> the co-ordinator function (in a strict sense of controlling names).
> Afilias is responsible to co-ordinate everything under info _except_
> below the stuff they delegated away (like yitter.info).  Verisign is
> responsible to co-ordinate everything under com except below that
> which they delegated away (like anvilwalrusden.com).  CIRA is
> responsible to co-ordinate everything under ca except below that which
> they delegated away (like crankycanuck.ca).  And finally, ICANN is
> responsible to co-ordinate everything under the root zone (which is
> represented as ".") except below that which they delegated away (like
> com, net, org, info, ca, and so on).
> 
> Now, operators who delegate away parts of the name space can make
> rules about what conditions they impose for the delegation.  CIRA, for
> instance, won't delegate anything in ca unless you're a Canadian
> citizen or are in Canada.  (I happen to be a citizen, so I get to
> register and maintain crankycanuck.ca.  I'm also cranky, but that was
> not a condition for my registration.)  You might say that ICANN uses
> its consensus policies as this sort of condition.
> 
> So why, you might ask, isn't this all centrally co-ordinated?  Well,
> because it makes things work better.  The Internet is a massively
> distributed thing.  It would be bureaucratic and inflexible if every
> time I wanted to add a new computer in anvilwalrusden.com I had to
> talk to ICANN or Verisign.  But I don't need to talk to anybody,
> because the name space is delegated to me.  That means I can operate
> my thing without anybody else being bothered.  This make operation of
> the Internet simpler, cheaper, and faster than it otherwise would be.
> And I can even give a chunk of my namespace to someone else -- I could
> create shaveaukroasts.anvilwalrusden.com[1] and give it to a friend
> and colleague, and I wouldn't need to tell anyone in particular
> (though I'd still have to tell literally everyone, by putting it in
> the DNS).
> 
> This lack of central co-ordination is one reason the DNS has been so
> successful.  I hope that explanation helps.  If you have further
> questions about this, feel free to ask me more.
> 
> Best regards,
> 
> A
> 
> [1] anvilwalrusden is an anagram of "Andrew Sullivan".  I will leave
> as an exercise for the reader the anagram of "shaveaukroasts".
> 
> -- 
> Andrew Sullivan
> ajs at anvilwalrusden.com
> _______________________________________________
> Accountability-Cross-Community mailing list
> Accountability-Cross-Community at icann.org
> https://mm.icann.org/mailman/listinfo/accountability-cross-community

More information about the Accountability-Cross-Community mailing list