[discuss] So-called alternate roots

Andrew Sullivan ajs at anvilwalrusden.com
Sat Jan 4 04:16:42 UTC 2014


This is my last message on the list about alternate roots, I promise.

On Fri, Jan 03, 2014 at 07:07:27PM -0800, nathalie coupet wrote:

> According to Vittorio Bertola, the “single root” is in fact a myth:
> a significant number of different root server systems have been in
> use for years and already coexist without problems.

What is true is that it is possible for different people to have
different name spaces locally configured.  And indeed, in many cases,
we do that: there are servers that you can see by name (for instance)
in the office that you can't reach when you're out of the office (or
off the VPN).  This is "split horizon" DNS, and the important thing is
that some of those named servers aren't really on the Internet.
They're a private name space.

The same thing is true of these "alternate roots".  They simply work
at a different scale.  As long as the alternate roots have only a
superset of the IANA root (i.e. there are more TLDs in the alternative
than in the IANA root, and the ones in the alternative are always
different ones), then this works.  But the only names that are really
"on the Internet" are the ones in the IANA root.  The others are on
some internet: a network of networks, yes, but not _the_ network of
networks.  This is version 1 of what I posted yesterday, and implicit in
Bertola's argument at the URI you posted: "The freedom of choice of
the end user is a key element for this mechanism to work. If the user
encounters a name that cannot be resolved and used through his own
root server system, he will simply try to gain access to another
system that works."  Notice what this does: it takes a working system
in which a name either works everywhere or something is broken, and
replaces it with a system where the user has to guess whether the
context was right.  

Anyway, the idea that users are going to be picking different root
name server systems at random in an effort to get to my web page is
complete fantasy.  In my day job, big companies pay us well in order
to keep the latency of their DNS queries down because those companies
know that a user who waits too long just goes away, period.  Moreover,
users can't even tell the difference between the search box and the
URL bar in their browser, mostly because there isn't a difference any
more; how are they going to know what failed?  And what about (for
example) mail servers, which don't have a user sitting there to choose
which root system to ask?

> 	1. All root server systems should agree to “carry” each other’s
> 	TLDs, and let their users access all TLDs from all different root
> 	systems;
[…]

As near as I can tell, this and the other conditions just boil down to
version 2 of what I posted yesterday.  What is the mechanism for this
agreement?  What if there's a dispute: how is it resolved?  What if
someone doesn't live up to their bargain?  And so on.  Every single
bit of the tussle that today has to go on inside ICANN over the
management of the single root would have to go on instead over this
agreement among the different parties.  Moreover, validation that the
root servers are all actually doing what they said they would is
possible today thanks to DNSSEC.  In this new system, we'd have to
invent a completely new protocol just to check for compliance.

Anyway, suppose we did it.  So what?  In Bertola's argument, the
supposed advantage is that it will prevent a damaging split.  But
there are in fact only two possibilities here.  The first is that
people work out a _modus vivendi_ by which there is no damaging split,
and everyone gets to the same names no matter who they ask.  This is
functionally equivalent to the existing single-root system, so I fail
to understand what advantage there is: we'd be paying a cost in
complexity and reliability for no functionality at all.  The second is
that people do not work that out, in which case we fragment the name
spaces.  This is either functionally equivalent to what we have today,
because there are alternative roots and they have insignificant
penetration (i.e. one of the root server systems "wins"); or it is a
catastrophe because the Internet fragments into disconnected
mutually-exclusive internets (approximately the worst parts of
scenario 1 and scenario 2 I posted yesterday).

If you have a single hierarchical name space, you have one root.  That
is, again, math, not politics.  What Bertola is arguing for is multiple
name spaces, which means not one Internet, but many internets.  This
idea that multiple DNS roots solves any problem about managing a
common Internet name space is mistaken and it should not be taken
seriously by anyone.

Best regards,

A

-- 
Andrew Sullivan
ajs at anvilwalrusden.com



More information about the discuss mailing list