MEDIA: ICANN rejects .xxx domain

Simon Waters simonw at
Mon May 15 07:51:27 UTC 2006

On Friday 12 May 2006 23:47, Barry Shein wrote:
>  > The namespace *was* flat, once.  That didn't scale, and not just
>  > because of technical limitations -- the fact that there are only so
>  > many useful combinations of 26 letters in a relatively short name had
>  > some weight in there too.  

Fortunately unicode has rather more than 26 letters, even the DNS allows 
rathers more than 26, except for the first character of a hostname.

>  > So hierarchical naming was standardized 
>  > (some forms of nonstandard hierarchy existed before then), and it's
>  > unlikely we're going back anytime in the foreseeable future.
> But there's no technical advantage of a hierarchical system over a
> simple hashing scheme, they're basically isomorphic other than a hash
> system can more easily be tuned to a particular distribution goal.

Amazing how many experienced people seem to be saying this isn't possible, 
given there are already schemes out there using flat namespaces for large 
problems (e.g. Skype, freenet, various file sharing systems). Most of these 
are also far more dynamic than the DNS in nature, and most have no management 
overhead with them, you run the software and the namespace "just works".

I looked at a couple of these, and sneezed out a new system for a friend in a 
couple of hours, when he needed one, without great effort, the main thing was 
to avoid known pitfalls. So far it seems to work.

However I think the pain in DNS for most people is the hierarchy, but the 
diverse  registration systems. i.e. It isn't that it is delegated, it is that 
delegates all "do their own thing".

I've always pondered doing a flat, simple part of the DNS, or even an overlay, 
but of course it needs a business model of sorts. The main motivation was 
security, as currently the DNS model lacks PKI, and it doesn't look as if any 
amount of reworking the existing protocols is going to provide a suitable 
security framework soon, unless you count HTTPS/SSL and that still doesn't 
handle virtual hosting, and adds yet more management overhead in a 
hierarchical trust model.

I wouldn't have fancied doing any of these things when the DNS was conceived, 
but both hardware and software have moved on enormously. Eventually these 
technologies will be replaced, and if it isn't done in an open and shared 
manner, the technologies will be replaced by proprietary systems.

More information about the NANOG mailing list