[dns-operations] CoDoNS and the future of Internet governance (Was: DNS Ops Pre-NANOG Meeting

David Ulevitch davidu at everydns.net
Fri May 12 14:40:46 UTC 2006 

On May 12, 2006, at 12:53 AM, Stephane Bortzmeyer wrote:

> [I won't be in NANOG, which is purely North America so I discuss the
> case here.]

Please take up Paul's offer if timezone's and other elements permit.

> May be I did not understood CoDoNS enough but I believe it only
> addresses the *resolution* of domain names, not their
> *allocation*. The domain names resolved by CoDoNS are still
> hierarchical and therefore, while root nameservers will be impacted,
> ICANN and TLD registries will not.

Gün Sirer wrote on this list (to give some perspective in my answer  
to you):

>> CoDoNS embodies a groundbreaking way of caching in
>> geographically distributed systems, provides a scheme by which  
>> records
>> could be served securely by a giant cooperative cache regardless of
>> their origin or physical servers, and outlines a backwards-compatible
>> rollout path that preserves the investment in the current domain  
>> names.

I see the spirit of what CoDoNS represents is a much grander idea and  
possibly a good one. That said, it (and other DHT-based DNS systems  
like it) can not be evaluated on its technical merits alone.  The  
scientists behind OASIS, CoDoNS and countless other projects would no  
doubt certainly agree.  There is no question that the DNS has not  
changed significantly in the many years since its inception back and  
formalization.  That's good and bad -- it has scaled well technically  
but now we see areas where DNS implementations and the domain name  
system is falling short -- open recursive nameservers, lack of  
serious security in many implementations, failure of ICANN to do what  
many believe is its role, the "real estate" grab of domain names that  
cause like every domain I type in to be a parked page loading google  
ads, etc, etc.  There's no shortage of serious discussion topics,  
it's why we're talking in the first place.

Building on that... Gün also wrote:

>> Questions that start with the assumption "suppose we take a  
>> fraction of the huge amount of energy we pour into DNS, and put it  
>> into a DHT-based DNS, following a path similar to the
>> outline sketched in the CoDoNS paper, what fundamental problems  
>> would we face?" are likely to lead to a more fruitful discussion  
>> than "you implemented a cutoff of 30s for dynamically
>> generated DNS records in CoDoNS, justify yourself."

I can think of no better starting point for discussion of these  
issues.  They won't be exhaustive in the short discussion but they'll  
begin to uncover some of the non-technical issues that researchers,  
implementors and operators should be considering.  I know it's easier  
to ask questions than give answers so I'll try to provide some of my  
own research on the subject if we decide this is a good topic.

And finally...

On May 12, 2006, at 4:55 AM, Andrew Sullivan wrote:

> Having performed my duty to my employer, I'll also point out that I
> think M. Bortzmeyer is substantially right: the issues of contractual
> obligation and technical effects are probably not that tightly bound.
> I'd be interested in arguments to the contrary, though.

If one operator chooses to run a TLD or large zone using CoDoNS as a  
means of managing their namespace and operate all nodes of the system  
themselves then yes, contractual obligation and technical effects are  
not tightly bound.  I don't care what daemon serves my records but I  
do care how the records get into the system.  If you produce a more  
grand system (a replacement of DNS) to run cooperatively in a non- 
hierarchical fashion by multiple operators and implementors then you  
have created a far more egalitarian system than the current DNS  
provides.  Is that a step forwards or backwards?  It sounds pretty  
good and more "Internet-like" but being more "Internet-like" isn't  
all that important.

Nobody would point to BIND as the reason the DNS is so stable and so  
I look for other clues as to why this system still serves us so  
well.  I find is that it's more about how it's managed and organized  
than how
a protocol works.  I want a technical discussion about DHT-based DNS  
systems but not without concurrently talking about what greater  
implications it has.  Looking at how DNSSEC has changed over the many  
years gives me the feeling that what we have today is partially a  
result of realizing that the DNS needs evolutionary rather than  
revolutionary changes if one wants adoption and progress.  Don't  
forget how people wanted to toss out SMTP and replace it with  
something more "secure" when spam became a hot-button issue.

Best,
David Ulevitch

More information about the dns-operations mailing list