[dns-operations] CoDoNS and the future of Internet governance (Was: DNS Ops Pre-NANOG Meeting
David Ulevitch
davidu at everydns.net
Fri May 12 14:40:46 UTC 2006
On May 12, 2006, at 12:53 AM, Stephane Bortzmeyer wrote:
> [I won't be in NANOG, which is purely North America so I discuss the
> case here.]
Please take up Paul's offer if timezone's and other elements permit.
> May be I did not understood CoDoNS enough but I believe it only
> addresses the *resolution* of domain names, not their
> *allocation*. The domain names resolved by CoDoNS are still
> hierarchical and therefore, while root nameservers will be impacted,
> ICANN and TLD registries will not.
Gün Sirer wrote on this list (to give some perspective in my answer
to you):
>> CoDoNS embodies a groundbreaking way of caching in
>> geographically distributed systems, provides a scheme by which
>> records
>> could be served securely by a giant cooperative cache regardless of
>> their origin or physical servers, and outlines a backwards-compatible
>> rollout path that preserves the investment in the current domain
>> names.
I see the spirit of what CoDoNS represents is a much grander idea and
possibly a good one. That said, it (and other DHT-based DNS systems
like it) can not be evaluated on its technical merits alone. The
scientists behind OASIS, CoDoNS and countless other projects would no
doubt certainly agree. There is no question that the DNS has not
changed significantly in the many years since its inception back and
formalization. That's good and bad -- it has scaled well technically
but now we see areas where DNS implementations and the domain name
system is falling short -- open recursive nameservers, lack of
serious security in many implementations, failure of ICANN to do what
many believe is its role, the "real estate" grab of domain names that
cause like every domain I type in to be a parked page loading google
ads, etc, etc. There's no shortage of serious discussion topics,
it's why we're talking in the first place.
Building on that... Gün also wrote:
>> Questions that start with the assumption "suppose we take a
>> fraction of the huge amount of energy we pour into DNS, and put it
>> into a DHT-based DNS, following a path similar to the
>> outline sketched in the CoDoNS paper, what fundamental problems
>> would we face?" are likely to lead to a more fruitful discussion
>> than "you implemented a cutoff of 30s for dynamically
>> generated DNS records in CoDoNS, justify yourself."
I can think of no better starting point for discussion of these
issues. They won't be exhaustive in the short discussion but they'll
begin to uncover some of the non-technical issues that researchers,
implementors and operators should be considering. I know it's easier
to ask questions than give answers so I'll try to provide some of my
own research on the subject if we decide this is a good topic.
And finally...
On May 12, 2006, at 4:55 AM, Andrew Sullivan wrote:
> Having performed my duty to my employer, I'll also point out that I
> think M. Bortzmeyer is substantially right: the issues of contractual
> obligation and technical effects are probably not that tightly bound.
> I'd be interested in arguments to the contrary, though.
If one operator chooses to run a TLD or large zone using CoDoNS as a
means of managing their namespace and operate all nodes of the system
themselves then yes, contractual obligation and technical effects are
not tightly bound. I don't care what daemon serves my records but I
do care how the records get into the system. If you produce a more
grand system (a replacement of DNS) to run cooperatively in a non-
hierarchical fashion by multiple operators and implementors then you
have created a far more egalitarian system than the current DNS
provides. Is that a step forwards or backwards? It sounds pretty
good and more "Internet-like" but being more "Internet-like" isn't
all that important.
Nobody would point to BIND as the reason the DNS is so stable and so
I look for other clues as to why this system still serves us so
well. I find is that it's more about how it's managed and organized
than how
a protocol works. I want a technical discussion about DHT-based DNS
systems but not without concurrently talking about what greater
implications it has. Looking at how DNSSEC has changed over the many
years gives me the feeling that what we have today is partially a
result of realizing that the DNS needs evolutionary rather than
revolutionary changes if one wants adoption and progress. Don't
forget how people wanted to toss out SMTP and replace it with
something more "secure" when spam became a hot-button issue.
Best,
David Ulevitch
More information about the dns-operations
mailing list