Multiple Roots are "a good thing" - Karl Auerbach

Patrick Corliss patrick at quad.net.au
Sun Mar 18 16:38:54 UTC 2001


On Fri Mar 16 08:48:04 2001,
Miles Fidelman <mfidelman at civicnet.org> wrote:

> For the Internet to work, at least with currently accepted DNS standards,
> everyone has to use the same root servers.  Otherwise things can rapidly
> degenerate into chaos.  The whole point of law and due process is that
> a duly authorized somebody has to have the authority to insist that
> everyone use the same root servers.

Sorry, Miles, it's not true.  It's just ICANN FUD.

Andrew McLaughlin, ICANN's chief policy officer, has said that potential
problems exist for users with any of the several alternative root or domain
systems on the market.  He argues:

"The Internet works because of common protocols.  The DNS protocol depends for
its reliability and trustworthiness on the principle of authoritative
uniqueness, which requires the use of a single root."

He added "Anything else creates the potential for conflicts."

Read carefully, Andrew McLaughlin is saying there's a need for uniqueness as
otherwise the same name will resolve in different ways.  He is arguing, like
you, that the *only* way to resolve the problem is with a unique (read "ICANN")
root.

Of course, ICANN's claim to be the one and only authority over the internet
allows them to get away with introducing a new dot BIZ knowing it is causing a
collision.  But, in answer to your point, Karl Auerbach has described how
multiple roots work as follows:

"What I would say to the House Commerce Committee were I invited to testify"
by Karl Auerbach.

<snip>

2.  Multiple Roots are "a good thing"

http://www.cavebear.com/cavebear/growl/issue_2.htm#multiple_roots

It wasn't that many years ago in the United States when there was one big,
monolithic telephone company.

It was taken as gospel by many that the stability of the telephone network
depended on there being one unified, monolithic telephone company.

We've seen through that.  Today we have a flourishing competitive telephone
system filled with all kinds of commercial and technical offerings that were
inconceivable during the days of "Ma Bell".

We routinely use directory services in a multiplicity of forms -- telephone
books published by local telephone companies or entrepreneurs, 411 services in
various shapes and forms,  web pages, or even on CD-ROMs (indeed a well known
Supreme Court case involved a telephone directory published on CD-ROM).

These telephone directories are not published by any unified authority, there is
no regulatory body sitting over them.  And we as consumers are not damaged or
harmed by this.  And the telephone system continues to work just fine.

Yet, on the Internet there are those who wail and gnash their teeth at the
thought that the Domain Name System, the Internet's "white pages" might have
multiple points of entry.

Indeed, the whole series of documents from NTIA -- including the Green and White
Papers -- and the existence of ICANN is founded on the notion that there is but
one root system for the Domain Name System.

I assert that those nay-sayers are wrong.

I assert that just like the telephone system can have multiple publishers of
telephone directory services, the Internet can have multiple roots to the Domain
Name System.

There is no doubt that as a purely technical matter, the Internet can have
multiple root systems for the DNS.  It has had these for years.

The question is whether to recognize the value and use of multiple root systems
and not foreclose them.

Let's get a bit more specific.

When I say "multiple root systems", I mean a regime in which you, or I, or
anybody can set up a set of computers to serve as a suite of root servers for
the DNS.

In other words, you, or I, or anybody could establish a group of computers to
operate in parallel with, and not necessarily in administrative coordination
with, the legacy A-L.root-servers.net computers now operated by NSI, IANA, ICANN
and others.

>From a technical point of view all that a root server group does is to give its
users a way to find the DNS servers that handle the various Top Level Domains
(TLDs).  The root servers do not themselves answer queries about what names are
inside the various TLDs.  Those questions are passed on to the TLD servers
themselves.

That is a subtle point and a point that is often lost when discussing the DNS.

It bears repeating -- all that a root server does is to answer queries about how
to find a server handling a TLD named in the query.  In other words, a root
server only answers queries such as "Where do I find a server that contains the
list of names in .com?".

Now that we know that root servers and root server systems are nothing more than
the doorway through which one enters the Domain System, we can ask this
question:

What happens when we begin to think of the Domain Name System not as an
intrinsic core service of the Internet, but rather as an elective service that
can be offered by many providers and among which customers and user select based
on the packages offered by the providers?

I'll give you a preview of the answer: We end up with a stable Internet with no
loss of reachability.  We get a system of competitive root operators who make
business decisions about what TLDs they want to incorporate into their
"inventory".  We get rid of questions about "how many TLDs should be created?".
We don't need complicated ICANN-like quasi-governmental agencies overseeing the
DNS and the Internet.  And we end up with a means for communities of users to
fine tune the view of the Internet Landscape that they want to allow into their
communities.

So, you should be asking yourselves, how does this Nirvana come about?

Imagine each operator of a root server system as a store.  The shelves contain
the store's inventory.  In this case the inventory consists of TLDs that the
root server system knows about.

Thus, a user of a root server system will perceive a Domain Name name space
composed of the TLDs in the store (the root server system) that that user has
elected to use.

Now, I should mention, that when I say "user has elected to use", I don't really
usually mean the end-user directly.  In most cases, the end-user will have
delegated the choice to that user's ISP or to his or her organizational
information manager.  Of course, the technically inclined, such as myself, will
tend to make the choice for ourselves.

How does a root server operator select the inventory of TLDs that it wishes to
offer?  The answer is "whatever satisfies the needs and demands of the
operator's customer base."

If we look at this through the eyes of a businessman operating a root server
system, we realize that there are two elements that the customers will care
about: TLD coverage and value added services.

As a general rule, customers of a root server system will act much like
subscribers to a cable TV system -- they will want as many TLDs (or as many
channels) as they can get.  This will drive the root server system operators to
include as many viable TLDs as they can into their inventory.

The net result of all the root system operators following this strategy will be
that they all attempt to trump one another by each including more TLDs.  The end
of this is that all root server operators will incorporate all viable TLDs.  The
benefit of this is that the domain names of all people and organizations who
have registrations in these TLDs will be essentially universally resolvable no
matter which root server system us being used.

I've used the phrase "viable TLDs" to describe those which are of a character
that most reasonable root system operators would feel that they could
incorporate that TLD into their inventory without undue risk of problems.  It is
easiest to define "viable TLDs" by listing what kind of TLDs would be
non-viable.  TLDs that are being contested are not very viable.  Thus, if two or
more claimants were offering different versions of a TLD named ".foo", it would
be unlikely that any root system operator would add any version of ".foo" to the
inventory.

This tends to remove the issue of TLD ownership from the current ICANN
regulatory framework and place it where it belongs -- in the traditional give
and take world of business and open market economics.

Since all root server systems will tend to eventually incorporate all viable
TLDs into their inventory, value added services will tend to become the
differentiating factor between root server systems.  One might well ask how a
root server system can offer value added services?  It does seem an odd concept
at first, but then again, a few years ago, the notion of value added long
distance telephone services was an odd concept.

An example of a value added service would be that of filtration -- A root server
system operator may offer a service in which customers who use that root will be
able to have the responses cleaned of any answers that are sources of
pornographic material.  This could be a valuable tool for communities that wish
to tailor their view of the Internet Landscape according to their own community
standards.  And it is a mechanism which allows any member to opt out of the
community, and its restrictions, simply by selecting another root server
operator.

Yes, there are other ways to achieve the same kind of filtering, but who are we
to say which methods are the most viable?  Indeed, we should be careful not to
dismiss, or worse to foreclose, an area of Internet entrepreneurship simply
because we don't see the immediate value.

I'd like to finish this discussion about multiple roots with a few observations.

Multiple root systems add to the stability of the internet by removing a
dependence on a single root system for the Domain Name System.

Multiple root systems eliminate the need to face questions such as "what new
gTLDs should be added" - multiple root systems permit the marketplace to provide
the answer.

Multiple root systems provide means for inventors and entrepreneurs to create
new ways of packaging DNS servers.  And I've suggested one such extension that
could add a new means for individuals or communities to shield themselves from
the tidal wave of questionable material on the Internet.

So, why have multiple root systems not evolved?

One of the reasons is that the existing system has so far worked reasonably
well, so there has been little pressure.  But there is a very strong secondary
reason -- those who have advocated or established a multiple root system have
been shunned by the technical community.

But the biggest reason why it hasn't happened is that ever since the NTIA
process started, the idea that there could be multiple roots has been swept
aside with an administrative flick of the wrist and an offhand repetition of the
stale legend: "oh that would never comport with network stability".

<snip>






More information about the NANOG mailing list