what problem are we solving? (was Re: ICANN opens up Pandora'sBox of

> Yes. It completely marginalizes the remaining positive qualities of the
> Domain Name System as a way to find things, in the name of giving people
> "more options."

That never existed and never made any sense. DNS is a naming scheme.
Entities choose names that are expressive, not informative.

You may have a hard time remembering the name of the Chinese restaurant
around the corner from you because it's not named "The Chinese Restaurant
Around the Corner from Joe Greco", but naming businesses for your
convenience is just not reasonable. What's convenient for you is not what's
convenient for me.

I never said it was. I'm not arguing for me to be able to rename someone
else's business.

You should name the restaurant, for your purposes, with a name that is
convenient for you. I'll do the same. If you and I have to exchange the name
of a place, we need to map our convenient names to a proper name. But we
don't normally have to use proper names, they're inconvenient.

These type of mappings have to be competitive because different people have
different requirements. If you want an easy way for you to find a company
based on what you consider its name to be, find one that works for you.

I do not "consider its name to be" some random thing. I consider it to be
what it calls itself. There are already rules for that sort of thing
outside of the Internet, for example, I am not allowed to create a company
name that duplicates a company name that already exists. The problem is
that while I can go and register a "Mycompany LLC" in Wisconsin and a
"Mycompany LLC" in Illinois, there is only one "mycompany.com" available,
though "mycompany.wi.us" and "mycompany.il.us" are both available and do
not collide.

But DNS works differently, it maps *authoritative* names to businesses. It's
more like how you map a business name to the responsible entity when you
file a lawsuit. It has no business trying to be easy for humans to use and
understand if that compromises its use for its actual purpose.

That's one hell of an if, and it doesn't seem to even be true. If you read
805 and other foundation documents, it seems clear that the goal was to
*replace* a difficult-to-use mail relaying and routing scheme for mail
addresses with something that was easier for ... ah, yes, users to use.

> Let me start by saying that I believe that the trends in the DNS have been
> going the wrong way for well over a decade. The insistence on the part of
> many that the namespace be flattened is just a poor choice.
> People are now
> used to trying "<foo>.com" to reach a company. In some cases, this makes
> fair sense; I can see why "ibm.com" or "seagate.com" are that way, even
> though in some cases there are namespace collisions with other trademarks.
> In others, it's ridiculous - why the heck do I get someplace in California
> when I go to "martyspizza.com", rather than our local very excellent pizza
> place? (sadly this example is less effective now, they managed to get
> "martyspizza.net" a few years back).

I agree. People should not do that. They should use some kind of mapping
service that works for the kinds of mappings they expect. DNS is not that
service, cannot be that service, and never will be that service.

That's not true. Perhaps you should go read RFC1480. (Before you make any
comments, you should be aware that I *have* read 1480, and that one of the
hosts used as an example in that document is currently running 50 feet away
from me).

For example, I *ought* to be able to find the Police Department for the City
of Milwaukee at something reasonable, such as "police.ci.milwaukee.wi.us".
If I then needed the police for Wauwatosa, "police.ci.wauwatosa.wi.us", or
for Waukesha, "police.ci.waukesha.wi.us".

1480 is about trying to provide localization services that could ultimately
result in a namespace containing vastly fewer collision issues. But to
understand what I'm talking about, you really have to get rid of the ".com"
mentality first.

To extend that principle, companies that have an exclusively local presence
probably don't need to be occupying space in a TLD. That's the Marty's
Pizza example.

DNS is a technical service to map slow-changing authoritative names to their
current numbers.

Which are also generally slow-changing.

> We never had any business allowing small, local businesses to register in
> .com, or non-networking companies to register in .net, or
> non-organizations
> in .org... but a whole generation of Internet "professionals"
> "knew better"
> and the end result at the end of the road is that DNS will end up being
> almost as useless as IPv4 numbers for identifying the more obscure bits of
> the Internet.

Which is fine since that's not what DNS is for.

DNS maps slow-changing authoritative names to fast-changing numbers.

No, DNS is intended to map logical names, which are, among other things,
supposed to be usable and useful to humans. "[W]e wish to create
consistent methods for referencing particular resources that are similar
but scattered throughout the environment." That 25-year old statement
is still a nice summary of the purpose of DNS.

The idea is that you can try for consistency, and where consistency is
reasonable and possible, some of us still believe that it could exist.

I do agree that people do in practice use DNS this way. And I do agree that
making it work worse for them is not the best thing in the world. But making
a bad solution a bit worse is not a particularly big deal. People have
almost completely stopped even exchanging URLs with each other manually. The
exchange links specifically mapped through URL mapping services so that
they're easier to communicate, or they put a link on a web page or in an
email.

I don't see what you're saying as supporting ICANN's actions. If DNS is
irrelevant for these purposes, then why bother "making a bad solution a bit
worse." Just let it become, over the next 25 years, some mid-level
directory resource that users see less and less of, until it's almost as
irrelevant as IP address.

(*I* don't buy that, but then again, I'm making the argument that we've
really screwed up with DNS)

... JG

martyspizza.brookfield.wi.us works great. At what point in Marty's
  expansion does Marty's Pizza get to move to a TLD? The RFC leaves
  management decisions to an alluded to but unnamed group.

  Plus, WTF: John-Muir.Middle.Santa-Monica.K12.CA.US
  Cut and Paste or die trying. I doubt parents will remember or type that.
  Besides, sophisticated search engines are making Domain Names less
  relevant anyway. I can find Marty's Pizza in Brookfield via Google or
  Yahoo in a matter of seconds. Let the search engines organize the web,
  not DNS.

  Schools are going short and sweet, just like businesses, using the
  existing TLDs. martyspizza.net is fine. So is johnmuirsl.org. No need
  for 30 more or 3000 more TLDs.

Beckman

About as much as I ought to be able to reach the Canadian army at army.mil, or the Canadian Citizenship and Immigration department at cic.gov.

There is no single namespace that makes sense for everybody. For every single person who says "I ought to be able to do X to find Y" there will be someone else for whom Y would be a surprising result for X.

The boat sailed on enforcing regulations for appropriate registrations under particular TLDs long ago. I remember when registering a .NET name for a small, south-western Ontario ISP in about 1995 being told "sorry, that TLD is for ISPs only" and having to prove that I was, in fact, working for an ISP before I could get the delegation. Imagine that happening now?

The DNS had its origins in a desire to use names instead of addresses, because names are easier to remember. But really, the fact that naive users type raw URLs into browsers is an indication that we have more work to do, not that naive users will always need to be exposed to raw URLs. We are already at the point where a significant proportion of the Internet population types names into Google or Yahoo! or Microsoft Live Search, and never reference URLs in the raw unless they are accessed through bookmarks. An increasing number of people use Facebook more for e-mail than they use e-mail for e-mail. If this is a trend, then perhaps we can imagine the day where the average Internet user pays about as much attention to domain names as they do to IP addresses today.

All these conversations about what should or should not be possible in the namespace are pointless. The degrees of freedom are too enormous for any single person or organisation to be able to make even a vaguely accurate guess at what the stable state should be.

The only decision that is required is whether new generic top-level domains are desired. If not, do nothing. Otherwise, shake as much energy into the system as possible and sit back and let it find its own steady state.

Joe

OK, (assuming you believe that), why keep dns around. Why not go back
to just IP addrs and hosts files for those that need them.

-Jim P.

Let the search engines organize the web, not DNS.

OK, (assuming you believe that), why keep dns around. Why not go back
to just IP addrs and hosts files for those that need them.

Because the Internet is not governemned, common misbelief aside. It's a mess of capitalism and anarchism. In fact, The Internet is the only functioning anarchu.

I see no reason why search engines won't, they already do, whether we want to admit it or not, for the home user they ARE the Internet.

   Gadi.

DNS is useful in masking IP address changes, and for humans navigating the
  Internet.

  DNS is not useful for organizing the web. Additional TLDs isn't going to
  help organize the web. Search engines and portals organize the web. DNS
  will be increasingly less useful as the Internet continues to expand and
  grow, and normal non-geek non-nanog humans will increasingly rely on
  search engines and portals to find what they need, not domain names.

Beckman

possession and use of classV explosives is regulated in
  most jurisdictions.

  but if you think that if we pack enough C4 into the DNS
  and set it off, that we might find equalibrium, you might
  be right. the result will still be a flat namespace,
  (perhaps a crater where the namespace was).

  one might legitimately argue that ICANN is in need of
  some serious regulation....

  that can happen at that national level or on the international
  level.

--bill

It is very likely that "serious regulation" particularly at an "international level" would have a way more degenerate effect on DNS operations than adding a bunch of new entries into the root.

Be careful about what you legitimately argue for...

I'm still having a hard time seeing what everyone is getting worked up about.

Can anyone point to an example of a reasonably plausible bad thing, that could happen as a result of doubling, tripling, or even increasing by an order of magnitude the size of the root zone.

Sure, nefarious use of say .local could cause a few problems but this is pretty inconceivable given that:
1) most estimates I've seen of the cost of setting up a TLD start at around $500,000 (probably a bit over the credit limit on a stolen credit card #).
2) These are easily fixed by adding known large uses like to this to the formal reserved list.
3) I'm sure that these will in any case be caught well before deployment under the proposed filtering process.

So, other than a change in the number of various DNS related money chutes and their net recipients, what are the actual operational issues here?

Gadi,

I tried to find even the smallest token of operational relevance on
your postings on this thread, and I'm coming up short.

Could you please do us a favor and stop posting until such a time when
you're able to comply with the list's AUP?

Paul (not a member of MLC, my opinions only)

Paul Wall wrote:
[bagged and tagged]

P,K,B.

Doesn't ICANN already work like an international regulator?

Tony.

No one does either. They search for it, or pick it out of an email.

But *I can read that domain name and know what it points to*.

More importantly, it is possible for me to learn that k12.ca.us is
picky about whom it hands it's subdomains to, and therefore I can have
a reasonable guess that (DNS spoofing aside) that domain actually
belongs to a school.

Cheers,
-- jra

Doesn't ICANN already work like an international regulator?

No. They are more like the IETF than the ITU, but not quite the IETF. It's hard to describe. The origins are Berkman Center for Internet and Soceity at Harvard, and what is in existence today is a far cry from the original social desire of folks that are still there today who, based on my knowledge and perception, have been mostly disenfranchised.

But not quite a regulator.

-M<

I'm still having a hard time seeing what everyone is getting worked up about.

Maybe it's not that bad. The eventual result is instead of having a
billion .COM SLDs, there are a billion TLDs: all eggs in one basket,
the root zone -- there will be so many gTLD servers, no DNS resolver
can cache the gTLD server lookups, so almost every DNS query will now
involve an additional request to the root, instead of (usually) a
request to a TLD server (where in the past the TLD servers' IP would
still be cached for most lookups).

Ultimately that is a 1/3 increase in number of DNS requests, say to
lookup www.example.com
if there wasn't a cache hit. In that case, I would expect the
increase in traffic seen by root servers to be massive.

Possible technical ramifications that haven't been considered with
the proper weight,
and ICANN rushing ahead towards implementation in 2009 without having provided
opportunity for internet & ops community input before developing such
drastic plans?

Massive further sell-out of the root zone (a public resource) for
profit? Further
commercialization of the DNS? Potentially giving some registrants
advantageous treatment at the TLD level, which has usually been
available to registrants on more equal terms??
[access to TLDs merely first-come, first-served]

Vanity TLD space may make ".COM" seem boring. Visitors will expect
names like
"MYSITE.SHOES", and consider other sites like myshoestore1234.com
"not-legitimate"
or "not secure"

The lucky organization who won the ICANN auction and got to run the
SHOES TLD may price subdomains at $10000 minimum for a 1-year
registration (annual auction-based renewal/registration in case of
requests to register X.TLD by multiple entities) and registrants under
vanity TLD to sign non-compete agreements and other pernicious
EULAs and contracts of adhesion merely to be able to put up their web
site,

As a subdomain of what _LOOKS_ like a generic name.

And, of course, http://shoes/ reserved for the TLD registrant's
billion-$ shoe store,
with DNS registration a side-business (outsourced to some DNS
registrar using some "domain SLD resale" service).

The possibilities that vanity TLD registry opens are more insidious
than it was for someone to bag a good second-level domain.

Sure, nefarious use of say .local could cause a few problems but this is

I'd be more concerned about nefarious use of a TLD like ".DLL", ".EXE", ".TXT"
Or other domains that look like filenames.

Seeing as a certain popular operating system confounds local file access via
Explorer with internet access...

You may think "abcd.png" is an image on your computer... but if you
type that into your
address, er, location bar, it may be a website too!

".local" seems like a pretty good TLD name to be registered,
compared to others,
even many that have been established or proposed in the past, more general
than ".city" (unincorporated areas with some sort of name also can use .local)

short, general and simple (just like a gTLD should be),

not highly-specific and elaborate like ".museum"

Yes they do. And out of the other side of their mouth, they
  deny they are a regulator.

--bill

Sure, nefarious use of say .local could cause a few problems but this is

I'd be more concerned about nefarious use of a TLD like ".DLL", ".EXE", ".TXT"
Or other domains that look like filenames.

Like .INFO, .PL, .SH, and, of course, .COM?

People keep making the assertion that top-level domains that have the same strings as popular file extensions will be a 'security disaster', but I've yet to see an explanation of the potential exploits. I could maybe see a problem with ".LOCAL" due to mdns or llmnr or ".1" due to the risk of someone registering "127.0.0.1", but I've yet to see any significant risk increase if (say) the .EXE TLD were created. Can someone explain (this is a serious question)?

Seeing as a certain popular operating system confounds local file access via
Explorer with internet access...

I gather you're implying MS Windows does this?

You may think "abcd.png" is an image on your computer... but if you
type that into your address, er, location bar, it may be a website too!

Is there a browser (Internet Explorer? I don't run Windows) that looks on the local file system if you don't specify 'file://'? Wouldn't that sort of annoy the folks who run (say) help.com?

Regards,
-drc

I'm still having a hard time seeing what everyone is getting worked up about.

Maybe it's not that bad. The eventual result is instead of having a
billion .COM SLDs, there are a billion TLDs: all eggs in one basket,

There is the question of the fee structure. If the fee is really > $ 100,000 USD, then
this will damp down the numbers considerably.

Here is a way to estimate this - by my estimate, there are something like 1 million worldwide companies with
revenues > $ 5 million USD / yr. The companies I have dealt with making ~ $ 5 million / year are hesitant to spend $ 100 K on _anything_, but maybe TLDs will be seen as the thing to have. So, I could imagine 1 million TLDs at this price level, maybe, but not many more, and maybe substantially less.

How many .com domains are there ? I have a _2001_ report of 19 million. I would guess maybe 50 million by now.

Would adding 1 million TLDs really be worse for the DNS system than 50 or 100 million dot com domains ?

Of course, this depends on the crucial question of the fee. If it drops to $ 100 USD, then I could certainly imagine a similar number to the number of dot com domains, i.e., many millions.

This seems like a good place to ask if any of that ICANN money is going to the root domains...

the root zone -- there will be so many gTLD servers, no DNS resolver
can cache the gTLD server lookups, so almost every DNS query will now
involve an additional request to the root, instead of (usually) a
request to a TLD server (where in the past the TLD servers' IP would
still be cached for most lookups).

Ultimately that is a 1/3 increase in number of DNS requests, say to
lookup www.example.com
if there wasn't a cache hit. In that case, I would expect the
increase in traffic seen by root servers to be massive.

Possible technical ramifications that haven't been considered with
the proper weight,
and ICANN rushing ahead towards implementation in 2009 without having provided
opportunity for internet & ops community input before developing such
drastic plans?

Massive further sell-out of the root zone (a public resource) for
profit? Further
commercialization of the DNS? Potentially giving some registrants
advantageous treatment at the TLD level, which has usually been
available to registrants on more equal terms??
[access to TLDs merely first-come, first-served]

Vanity TLD space may make ".COM" seem boring. Visitors will expect
names like
"MYSITE.SHOES", and consider other sites like myshoestore1234.com
"not-legitimate"
or "not secure"

I personally doubt it, for the same reason that there is shoes.com but not
nike.shoes.com.

To me, the notion that people will find the shoes they want on the web by starting at http://www.shoes seems
archaic, very 1995.

What there may be is a raft of trademark lawsuits - for example,

Shoes.com, Inc. a subsidiary of Brown Shoe Company (NYSE:BWS)

presumably has some sort of trademark rights to "shoes.com". Nobody has rights
to "shoes," so expect some fights here (as a potential example, between the future owners of "shoes" and companies like Nike, and maybe also shoes.com. IANAL, but I suspect that Brown Show might be able to claim that ".Shoes" might infringe on the "shoes.com" mark).

Regards
Marshall

They're sort of like Telcordia, formerly Bellcore, in my perception:
they promulgate standards that everyone follows... because everyone
needs some standards to follow.

Clearly, they do not have the force of regulations, or we wouldn't have
people operating root zones with things in them which aren't sanctioned
by ICANN ('sanctioned'. Another one of those auto-antonymic words I
love, like 'academic'... :-)[1].

Cheers,
-- jra
[1] Don't assume from that that I'm anti-expanded-root[2]
[2] Please don't start this R-war on this list again.

People keep making the assertion that top-level domains that
have the same strings as popular file extensions will be a
'security disaster', but I've yet to see an explanation of
the potential exploits. I could maybe see a problem with
".LOCAL" due to mdns or llmnr or ".1" due to the risk of
someone registering "127.0.0.1", but I've yet to see any
significant risk increase if (say) the .EXE TLD were created.
Can someone explain (this is a serious question)?

Many years ago there was a wonderful web browser named Lynx.
It could do all kinds of nifty things and you could build an
entire information systems interface with it, including things
like a menu that allowed you to select an executable program
that would be run on the same remote system that was running
Lynx.

People who lived through this era have a vague memory that
executables and URLs are in sort of the same namespace. Of course
that's not true because executable files are referred to as
lynxexec:script.pl instead of http://script.pl

> Seeing as a certain popular operating system confounds local file
> access via Explorer with internet access...

I gather you're implying MS Windows does this?

Not mine.

--Michael Dillon

So you say the solution for bad regulation is more regulation.

Tony.