Peter Sunde Wants To Create Alternative To ICANN

An anonymous reader writes "According to Peter Sunde's Twitter feed, he has been suspicious of ICANN for a long time. The non-profit corporation is tasked with managing both the IPv4 and IPv6 address spaces as well as handling the management of top-level domain name space including the operation of root nameservers. Sunde has lost a domain in the past because of the way ICANN acted. It was taken without any consultation on their part, instead the organization relied on information from recording industry group IFPI to change the domain ownership. But it seems for some reason his frustration has come to a head recently, and he has put a call out for help to create a competing root server."

Re:Static IPv6 addresses for everyone.

[0123456]

That's what address books are for, and DNS is a gigantic global address book.

Except other people keep coming in and changing your address book so you go to visit your mother and end up at some porn store or the DHS instead.

The centralised nature of DNS has been a huge flaw in the Internet for a long time, and it should really be replaced. The problem is coming up with a better solution.

Re:But...

[Josh Triplett]

Many secure peer-to-peer systems exist, generally based on cryptography; often they provide more security than centralized systems.

For instance, Tor [eff.org] uses secure cryptography to provide anonymity in a way that just wouldn't work in a centralized system. i2p [i2p2.de] uses cryptographic security as well.

Re:You can't compete with root.

[Glendale2x]

If redirecting NXDOMAIN to partnered search results pages

VeriSign != ICANN

Re:Do it! Do it now!

[wierd_w]

I suppose the first one could be overcome with some local CA blacklists. (why Mozilla accepts a chineese CA I dont know. Seems suicidal.)

The RST packet issue becomes difficult to address without implementing some kind of homebrew device to sit between your router and your private network, that does DPI to look for the RST signals and filter them, then do some creative ACK to make sure the sender didn't send a legitimate one. This would slow network access when ATT sends the abusive RST packets, but slow is better than unstable.

With modern linksys firmware hacks being available, such an approach could be implemented into the router itself. It would be an interesting thing for the router to automatically log and report on too.

Re:Do it! Do it now!

[LostCluster]

Yep, and that's the reason why we have ISP DNS, Google's 8.8.8.8 offering and OpenDNS all offering lower-tier servers so if you want to know where Google.com went, you can ask Google. Most of the DNS fouls such as taking all NXDOMAINs and returning a "search portal" are done by the low-level guys, not ICANN.

Re:You can't compete with root.

[Anonymous Coward]

Verisign should have lost their root server assignment 10 years ago. Between their wildcard allocation for *.com a few years back, their pitiful handling of IPv6, their pretense at innocence when they assign domain authorities to spam hosting domains, their support of "reserving" domains by abusive registrars who blackmail people who search domains to see if they're available, and their refusal too cooperate with domain owners who want to reliable provide reverse DNS, they're not competent and their effective monopoly should be transferred.

Re:Sour grapes?

[Rijnzael]

He's "crying" about them stealing a domain he legally paid for [slyck.com].

Re:You can't compete with root.

[mysidia]

And why didn't ICANN start the process of "firing" VeriSign immediately after the incident?

That was what was going to happen [icann.org]. Instead, something very strange happened. The final outcome was that ICANN SETTLED with VeriSign. But this was kind of like the Google books settlement, in that the settlement was EXTREMELY FAVORABLE to VeriSign.

Prior to this settlement, the .COM / .NET registry was a FOR BID contract that would come up for bidding and renewal every 6 years. The registry price was capped at $6 per domain per year under the contract at the time.

In the settlement ICANN agreed to guarantee to renew their contract at the end of the term, unless it is proven that VeriSign substantially breaches the new contract, they have the contract perpetually. [paraphrasing], "For the sake of Internet stability" (as ICANN people put it)

The settlement from the SECSAC process also Gave NSOL the right to raise prices. The settlement gave them the right to raise prices 7% 4 out of 6 years of every contract term after 2007, with no cost justification needed.

The VeriSign/Network Solutions Internic can raise prices all 6 years of the contract term, if they provide a cost justification for 2 of those years. In 2010 they raised prices for .COM and .NET domains, and publicly someone indicated a cost justification of "Increased number of DNS lookups being performed" (against .COM and .NET registry servers)

I think 5 years from now, .COM and .NET TLDs will be prices by the registry at approximately $12 instead of approximately $8. We can look forward to paying $100 per year to the cheapest registries to renew .COMs, within this decade or the next, just like it used to be before competitive registrars.

Oh right... "competitive registrars" doesn't matter much, when there is a for-profit global registry everyone has to pay who has a guaranteed right to raise prices, and a guaranteed right to not get fired, because a legal settlement means ICANN legally cannot bring the contract up for bid, unless NSol screws up.

Re:You can't compete with root.

[mysidia]

their refusal too cooperate with domain owners who want to reliable provide reverse DNS

What the heck are you talking about? What is your beef with their reverse DNS handling?

This is a IANA / RIR function, and I have never seen any issues or mishandling of RDNS by the registry.

Re:We have no other choice

[juliandemarchi]

This is already in the works at; http://dot-p2p.org/index.php?title=Main_Page [dot-p2p.org] .p2p will soon be incorporated into OpenNIC.

Re:There already is one

[juliandemarchi]

What does "democratically run" mean? Every single user gets one vote, and all decisions now matter how trivial are voted upon? Or your vote depends upon how much you pay? Or you've got a core group of board members who vote?

Democratically run in this instances, means that users who join the OpenNIC mailing list, have the power to vote if they wish on any issue. Anything done within OpenNIC, is first discussed with the members, then motioned for a vote. The down side is, things move slowly, but thats the price you pay to have such system. If a new user has an idea, they can start a discussion and have that diea voted on, then acted upon. Everyone has a voice.

Re:You can't compete with root.

[evanism]

I have seen this as absolutely inevitable for about 10 years now.

Admittedly, I am an old warhorse and remember registering domains for free with a guy who kept the whole root under his desk at Uni (Robert Ells, Uni Melbourne, Aust). Then the evil MelbourneIT took it over, screwed everyone and commercialised a public resource.

I used to, in 1996, use AltDNS which is sort of what is proposed now. It failed, but the actions of government have shown we need a better DNS that is not subject to the actions of a single government. (e.g. dot com is a very bad idea!... why isnt each countries own root dotcom dependant on geo!

An alternative DNS is definitely on the cards.