The whole point of hijacking the root domain servers is that it turns DNS
from a centralised system into a more distributed system where
cooperation is essential.
I could be wrong because I don't fully understand BIND internals here,
but if anyone wanted to copy the root domain and add new toplevel domains
like .bork or .die on their own networks, they could just do it. Any
references to .bork or .die would be correctly resolved and any other
references would be delegated to the same .com and .org and .net servers
that are currently in use. If other networks felt there was value in
accessing the .bork and .die domains they would do similarily referencing
your nameserver to resolve such references.
Is there any technical reason this wouldn't work?
Michael Dillon Voice: +1-604-546-8022
Memra Software Inc. Fax: +1-604-542-4130
http://www.memra.com E-mail: firstname.lastname@example.org
The whole point of hijacking the root domain servers is that it
turns DNS from a centralised system into a more distributed
system where cooperation is essential.
Umm, let me see if I can phrase this gently....
This whole idea of hijacking the root domain must be one of the
ideas I've seen recently which is fully at odds with one of the
major points of what I perceive the Internet is all about.
If you decide to set up your own group of root name servers with
a different naming and registration policy than the current root,
you are of course free to do so (nothing will prevent you).
However, this will create a totally separate DNS name space from
the single name space we have today. If I am not much mistaken,
a given name server *cannot* look up names in more than a single
name space, so you end up creating two different "universes".
Depending on how you populate your local name server's cache with
root name server hint information, your name server will either
end up being able to look up names in one or the other of these
two separate name spaces but not both. (Yes, there are
"technical reasons" with the current DNS protocol that make this
so, if I've not totally misunderstood things.)
Aside from causing massive confusion (people really do have a
hard enough time figuring out how to configure DNS semi-
correctly with only a single name space at hand), this conflicts
with the goal of *connectivity*, i.e. that I am able to e.g. send
e-mail to anyone else who is connected. With two or more
(shudder) separate name spaces I will claim that this will not in
practice be possible.
The "distributed system where cooperation is essential" is what
we have today: you pick your name (which isn't already taken)
under a given other name, have it delegated to you and thereafter
you have full autonomy over your own name space. The
"cooperation (which) is essential" is what the current caretakers
of the root name servers are doing today. 1/2
Sorry, I do not see how you can both "hijack the root name
servers" and acheive full connectivity. If you want to sacrifice
full connectivity (or an approximation thereof), you are of
course free to go ahead and see how large a following you could