How Would You Redesign the TLD Hierarchy? 265
First time accepted submitter at.drinian writes "Last week, we heard about the many applications for new top-level domains that have been put forth by various businesses and organizations. ICANN, of course, has come under heavy criticism for its process. If you didn't have the accumulated baggage of 30 years of DNS, how would you redesign things? .public and .private TLDs only? No TLD control? Country-level domains?"
Country codes + Namecoin (Score:4, Interesting)
One TLD for each country to do what they like with plus something like NameCoin but with way higher costs for registering domains under some anarchy TLD.
Throw in a TLD for companies over some big size and another for non-profits over a certain size.
The top level should be managed by some international body and be operationally independently of all governments.
Each country should run a DNS service for the top level which should be globally accessible.
DNS exists to get around a problem (Score:5, Interesting)
DNS is essentially context-free and centralized.
I would make an OS a lot less dependent on DNS actually functioning, require such a service to be secure (but oh, how to manage the keys?) and make it easier to plug in local address books of references, and easier to transfer such between computers. (perhaps something like zeroconf)
The counter trick is how to keep this from being hijacked to any great degree. Minimize harm.
We debated this some years back (Score:5, Interesting)
One of the best approaches was to create a TLD for each of the major categories one can get a trademark in. For example, airlines, shipping lines, etc. Then one could have Olympic.Airlines, Olympic.Shipping and so on, without the current problems of the Olympic Organizing Committee getting all the "Olympic"s in the world.
One of my papers on the subject was D. Collier-Brown, On Experimental Top Level Domains, Rev 0, Internet Draft, draft-collier-brown-itld-exper-00.txt, Sept 1996, which may still be findable. Much of the other work seems to have been expunged...
Numerous approaches were debated by the international ad-hoc committee on domain names, but the most profitable to the registrars "won", leading to the current mess. In retrospect, we needed a stringently fair, non-commercial process to make the decision.
--dave
Same way Twitter did (Score:5, Interesting)
Some say appending ".com" denotes that it's a web address. Well, Twitter solved similar problems with just one character rather than four: @ for people, # for tags. If we could rewrite history and didn't need to distinguish between government and non-government sites (due to the Internet having grown out of the government), domain names should have adopted a similar magical special character.
My modest proposal (Score:4, Interesting)
1. Make domain name registrations non-transferable. That would eliminate the parasites who squat on domains.
2. Make a rule that if you have a domain in one TLD, you can't have the same domain in another TLD. That would eliminate corporate squatting of every single variation of a common word or phrase that they want to own.
From an implementor's point of view... (Score:5, Interesting)
I've done a lot of DNS server work at the code/protocol level, and a lot of serious thinking about the DNS over the years. My take is basically this:
1) The traditional generic TLDs (com/net/org) make a certain amount of sense, especially in the modern world for multi-national interests. Arguably we should be more strict about policies for net (network operators and infrastructure, not random companies) and org (actual non-profit organizations).
2) The ccTLDs also make a ton of sense, keep those.
3) The DNS is meant to be hierarchical. Not just in terms of server lookup hierarchy, but in the sense of informational hierarchy for humans to understand. It's like Area Codes and Country Codes, it has to make sense. .pizza and .pepsi completely break the hierarchy, they're horrible sins committed in the name of the DNS cabal making a quick buck. A lot of people should be tossed in jail for this stupid idea.
4) The protocol and RFCs need serious re-work. I won't repeat all the analysis others have done over the years, except perhaps to point you at DJB's cr.yp.to DNS rants, most of which are valid. CNAMEs, the way PTR was handled, the ridiculously stupid compression scheme - all examples of shoddy design, at least in hindsight. All of the early RFCs and implementors also made the huge mistake of muddling up what should be very separate concepts: First there's the 3-way mixup of: DNS the conceptual distributed database, DNS the protocol, and DNS file formats that are private to server implementations. Then there's also the grand mixup of server roles: local non-recursive cache, recursive cache for a network of private clients, public recursive caches and forwarders, and finally true authoritative servers. It was the fact that BIND was the de-facto implementation and routinely mixed all of these roles by default that lead to the mess, and lead to tons of security problems over the years.
5) Security. DNSSEC, which sadly has a lot of traction now, is a complete joke. A proposal more akin to DJB's DNSCurve would be *much* better. The problem with DNSCurve was that it required really ugly NS-record hostnames in order to seamlessly integrate with the existing broken DNS design as smoothly as possible. A proposal combining DNSCurve's actual security mechanisms with simple KEY records would suffice, but needs backing form the DNS Cabal in the IETF, which are already deeply monetarily entrenched in selling DNSSEC to enterprises and governments.
It's really not hard at all to design a replacement for DNS that's better in every way. I've done it at least 20 times lying in bed dreaming, and a few times in practice with real code just for fun. The problem is that the current system is entrenched and nobody's willing to take on the job of getting everyone switched over to a new system, if it's even possible. You'd need to support both protocols in everything for a period of a decade or two, and nobody wants to because the current system just barely continues to function and offers some really clunky, faulty security in the latest update.
I would change the order of domains and sub domain (Score:5, Interesting)
I would change the order of domains and sub domains in the url.
protocol://tld.domain.subdomain:port/rootfolder/subfolder/document
It just makes more sense. every other part of the URL is in order order of greatest to least significance. If the url was written with an IP address, the entire thing would be in order of greatest to least significance.
Yes, I know that this is not the question asked. But its what I would do.
Re:They're pointless anyway (Score:4, Interesting)
Doesn't map so well with massive multinational corp traffic to .com
And now we have the joy of 'the cloud', where that .co.uk site may be running on a server in Kazhakstan today and Canada tomorrow.
I don't even know where my own web site is. Last traceroute I tried it was somewhere in Europe even though I pay a US company for hosting.
Dump them (Score:2, Interesting)
Just use the protocol and the path: www/google/adwords. With the right hinting and caching, it doesn't have to be any less efficient than the current system.
To have a solution you must first define the prob (Score:5, Interesting)
This didn't start out long. I apologize that it is. If you're easily bored by history I would recommend :)
reading the first and last paragraphs
History:
IP addresses being converted to names has existed for almost 40 years. It started as a file
(hosts.txt) that users all over the ARPANet could download nightly. Usually they all did so at
the same time (midnight, local time) and invariably DDN-NIC (the host with the FTP server
and the file) was overloaded.
In time, it became reasonable to decentralize it. DNS was formed. Paul Mockapetris and many
other intelligent people put great thought into it. DDN-NIC became NIC.DDN.MIL. BRL-AOS
becaome AOS.BRL.MIL and so on. DNS servers became ubiquitous, the DNS root servers
were great, and Rodney Mcdaniel (hostmaster@nic.ddn.mil) and SRI International did a great
job running things.
In time, it became reasonable to decentralize _that_. Many root servers run by many independent .ARPA...) and country-codes were adopted.
companies (like Paul Vixie's ISC) exist all over the world. The DNS hierarchy was detached from
the ARPAnet (except for pointer records... still all in
Now I say 'adopted' because the process of creating a new TLD or gTLD or ccTLD isn't complex.
It's a line in a file. However, the process of getting said line APPROVED by the powers that be
is more complicated.
The ICANN Age:
ICANN was created to [whatever the reason, Karl Auerbach has shown they have clearly gone
outside their mandate and powers] and now they want money. How do you make money when
you're clearly chartered to do ONE THING? You figure out how to create more Blue Sky.
So here we are. The final part of the decentralization. Why final? Because in the beginning
we started with a one-level name: DDN-NIC. Then we went to the hierarchy "tree" model:
nic.ddn.mil. And now, we are finally changing the hierarchy so the root of the tree is the
father to THOUSANDS of TLDs.
You can argue if it's good or bad. I just look at the history... and know the original problem...
and the reason for the solution... and the solution.
My Opinion:
A rooted tree with thousands of children each having thousands of children is an abomination.
I shudder to think that the DNS server (named or djdns or whatever you use) already use
a relatively "large" cache. The size of this cache at a minimum is a function of the structure
of the DNS tree. A 1000x1000 (TLD+SLD) tree already starts at a million entries. Each one
gets at least an SOA record, which is over half a kilobyte. Add in some NS records and maybe
some MXs and now you have 500MBytes+... just to initialize the cache. Icky poo.
I suppose the evil we know (ICANN) is better than the ITU running the Internet and adding
termination charges for packets. Settlement-free-peering, euro-jerks.
FYI I have sold domain names for profit. One previous poster suggests we "prevent" [prohibit?
criminalize?] domain name transfers. Please note that ARIN [another made up body but one
that adds a lot of value unlike ICANN] prohibits IP address transfers, loans, or sales, except
in specific cases of business mergers where the new entity can show it is worthy of the IP
address space. This has not IN ANY WAY diminished the sale, loan, or transfer of IP address
ranges. I regularly get offers for the space I'm responsible for. When there's a buyer and a
seller... there's a market. My point being -- to get back to domain names -- so long as there's
a buyer and a seller, domain names WILL transfer. The simplest example I can think of is to
register each domain name under a new LLC. Sure, it's $7 for the domain name and $20
for the LLC... but you can then sell the LLC to anyone without it being a domain name transfer.
There are other methods.
Conclusion:
ICANN is an abomination and they've done nothing to help the Internet. In every "decision"
they've mana