Inside the Rise of the Domain Name System 74
Greg Huang writes "Looking back, it's almost impossible to believe that for most of the 1990s, a single company, Network Solutions, had a government-issued monopoly on registering domain names on the Internet. And considering how central the company was to the growth of the Web, it's surprising how little of the company's back story — how it got into the domain name business, or who owned it — has been told. Xconomy has an in-depth interview with two former executives from SAIC, the secretive San Diego defense contractor that bought Network Solutions in 1995 for $5 million and sold off the domain registration business in 2000 for billions of dollars."
Single entity (Score:5, Informative)
It's interesting that Network Solution was the only handler for domain registration back in 90's and while there are lots of registrars now, they still work under ICANN. Yeah the usual argument in slashdot is that you could always start your own tld, but nobody is going to support it unless you're high in chain, aka ICANN.
Interesting aspect was a few months ago when EU wanted more freedom from ICANN [slashdot.org] and its association with US. Currently the internet domain name system is pretty much controlled by one entity, which isn't really the purpose of internet, and its also why Network Solution was taken off the domain registration game as the single player. Monopoly is never good.
Fact is, currently DNS still relies entirely on *one entity*. It goes completely against the distributed structure of the internet.
Re:Single entity (Score:5, Informative)
Fact is, currently DNS still relies entirely on *one entity*. It goes completely against the distributed structure of the internet.
So do IP address assignments. So do AS number assignments. Why does nobody ever complain about them? If you want something to be uniquely assigned (domain names, IP addresses, AS numbers) then it seems to me that it's going to have to be centrally managed by someone.
Re:Single entity (Score:3, Informative)
I could be wrong but I was under the impression that, actually, IP address blocks and Autonomous System numbers are managed by LIRs which get their blocks from RIRs (like RIPE, APNIC, ARIN, etc..) (except Europe which has no LIR) which in turn get their blocks from ....
The IANA (Internet Assigned Number Authority)
And ICANN also gets its authority from IANA.
So it's not centralized per-se, but it's highly hierarchical
--Ivan
Re:Single entity (Score:3, Informative)
Fact is, currently DNS still relies entirely on *one entity*. It goes completely against the distributed structure of the internet.
Fact is, there needs to be cooperation if there is going to be ONE internet. Your argument only stands if there were two entirely distinct distribution mechanisms (physical networks) controlled by one entity. Given that there is only ONE network, it makes sense that at some point there needs to be a top level of control. Without it, you get wrestling for control, dirty tricks, etc. which is just as much a bad thing as is a (transparent) monopoly.
BIND security hole - are you patched? (Score:3, Informative)
Slightly off-topic, but just a reminder: have you patched the BIND security hole [slashdot.org] yet? If you're running BIND 9 and your server is the master for any domains (including localhost), and you haven't patched this week, one malicious packet can crash your server.
If you have a master nameserver on a private network or behind a firewall, and your public-facing nameservers are all slaves with no master zones at all, you're safe. If your infrastructure is set up like that, except you use rsync over ssh to send updated zone files to your "slaves" but they're actually configured as masters, you're vulnerable. Contrary to what you may have heard, it does not matter whether you use dynamic updates (e.g. from dhcpd) or not.
This firewall rule blocks all dynamic update requests, including the exploit, on recent versions of Linux (but didn't work on any of my DNS servers, because they're all running older distros):
iptables -A INPUT -p udp --dport 53 -j DROP -m u32 --u32 '30>>27&0xF=5'
Of course if you're running djbdns or something else, you can continue to be gleefully smug.
Network Solutions == policy corruption (Score:4, Informative)
I've been on the Internet a long time, so I remember sri-nic.arpa, nic.ddn.mil, rs.internic.net, and even downloading the Internet host address file, with about 8000+ IPs in it. The early organization was very clear about preserving the namespace of domain names for future generations, with base policies (I believe these are all correct, but it might just be 3 out of 4) of:
* The domain name must relate to the purpose of your organization.
* .net is reserved for network infrastructure, .org for only non-profits, .com for commercial (.mil and .edu are still fairly pristine), etc.
* You must establish two nameservers, that must not be on the same subnet, and must already be providing DNS for the requested domain.
* Each requester gets a single domain, the idea being that the requester's entire organization would then be fully served.
Although they weren't really thinking about the upcoming explosion in web use, their thinking certainly allowed for an explosion in *sub* domain names. So instead of lots of ridiculous domains like www.iatemygrandmamovie.com, we might have later seen something like iatemygrandma.movie.com, with some group running a movie.com site, and an easy way to find a bunch of them, instead of the crapshoot we have now.
So where did the corruption set in? Once the idea of charging for a domain name popped up, some bright boy got a gleam in his eye when a company - I think it might have been Proctor and Gamble - violated registration policy by requesting scores of domain names based on ailments (and possibly some body parts). There was a similar polydomain request by some other group around the same time. Both generated a flurry of controversy. And our illustrious registrar suddenly demonstrated its modern, capitalist colors, dumping the past, conservative policies and making its new mission one of simply selling off every possible domain name, in every possible TLD, as fast as possible.
Effectively, they sold out on future generations' needs in an exercise of total, corrupt greed. The registrar flipped on every policy, encouraging multiple registration of domains, flagrantly pushing registration in every possible TLD, dropping the domain server requirement, dropping the relevancy concept, and now even pushing for more TLDs, in order to sell even more completely unnecessary extra domains.
The idea of allowing some company to register thousands of obviously unrelated domains for cybersquatting would have been anathema in the pre-profit days, but Network Solutions just doesn't care. And that ridiculous article completely misses *all* of this.