[dns-operations] conspiracy theories?

Edward Lewis Ed.Lewis at neustar.biz
Tue Apr 22 14:29:58 UTC 2008

At 10:57 +0200 4/22/08, Olivier Guillard / AFNIC wrote:

>IMHO 3: this is a collective problem when a branch is broken, since
>         the whole DNS tree is weaker in that situation: we are all
>         sharing the same ressource (have a look in your zones).

I've never fully bought into that opinion.  If a domain name is 
broken, it and all the descendents suffer.  Resolvers that need to 
make use of that subtree will expend more work to find out the answer 
isn't there, that's true.

>IMHO 4 :  we share the opinion that "it is very hard to determine the
>           rationale behind any situation from just looking at
>           what is in DNS". That's why an error spotted by a specific
>           monitoring is not irrespectfull to the professionalism of
>           anyone : this is just an "indication", it reports about a
>           "perception from somewhere" (that can always be discussed
>           BTW).

Spotting an error is not disrespectful, broadcasting the find is. 
It's one thing to ask "can anyone reach XYZ" it's another to say "XYZ 
is broken."  Public accusations of any kind should not be made 
without following a due process, including trying to talk directly to 
the responsible party.


The "conspiracy theory" I refer to are the stories I hear that IANA 
is somehow secretly managing and "controlling" the DNS.  Over time I 
see reports that IANA/ICANN/US Gov't/etc. are consorting to do bad 
things to the Internet.  Small, insignificant misconfigurations that 
surface seem to launch these reports.

About misconfigurations - it's because these can exist and not melt 
down the DNS that the DNS scales so well.  A system that can 
withstand "illness" is much more resilient than one that requires 
good health at all times.  "Loose is fast" is a saying in some racing 
circles, if a boat is rigged too tightly it won't sail as fast - 
because waves and wind variations have to be accounted for.

I'm trying to make a few points.  One, for all the complaints about 
IANA's interface I have to say that I find them to be unfounded.  We 
(as ccTLD, gTLD, and sTLD operator) have no problem with what 
"happens at IANA."  Two, if anyone sees things in the DNS that seem 
to be broken, instead of running to the list first, try asking 
whoever's listed as being responsible.  If for no other reason, it 
makes sure the responsible parties are accurately listed.  And three, 
the DNS is supposed to have misconfigurations - it's a healthy part 
of the process - especially if they are fixed (as a result of someone 
noticing a real problem).

Edward Lewis                                                +1-571-434-5468

Never confuse activity with progress.  Activity pays more.

More information about the dns-operations mailing list