With Domain Name Seizures Increasing, It's Time For A Decentralized DNS System
from the bye-bye-icann dept
We've already written about the latest legal loss for The Pirate Bay, as well as Homeland Security's new domain seizure campaign. With the former, the entertainment industry has already declared that it hopes this ruling will lead ISPs in various countries to start blocking The Pirate Bay entirely. It may also seek to use other tools -- like the pending COICA bill -- to see if it can seize the domain name. This presents all sorts of troubling questions concerning free speech and prior restraint. However, as is often the case when the law does a weak job trying to respond to a changing technological world, technology figures out a way to leap ahead.Case in point, fresh off the legal loss, Peter Sunde, who has been focused on Flattr rather than The Pirate Bay, for quite some time anyway, has noted that he's working with some folks to set up a competing root server system that avoids ICANN. ICANN, of course, has been instrumental in helping Homeland Security with its domain seizures (and has apparently handed over Sunde's domain names to the recording industry in the past). The idea, apparently, is to set up a truly distributed and more secure DNS system that does not rely on a single party, like ICANN.
This certainly seems like a big challenge, and one that has a high likelihood of failure. But it does appear that we're seeing more and more problems with the way ICANN operates (though, it's been trouble since it first came into being). An alternative system, actually set up by folks who understand the technology could actually catch on, and could present a serious challenge for those who think they can censor the web in any manner -- whether for political or corporate purposes.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: distributed, dns, domain names, peter sunde
Companies: icann
Reader Comments
Subscribe: RSS
View by: Time | Thread
[ link to this | view in chronology ]
With that in mind, making a decentralized system that cannot fall under one single countrys control seems to be the right cure.
Then again, all ICANN had to do was to refuse to be a tool to be used by politicians and it would never have been a problem to start with.
[ link to this | view in chronology ]
Can't see how this is supposed to work
"whateverdomain.com my.ip.address". And this record is authoritative, i.e. there's only 1 (and only) place which determine IP address for whateverdomain.com.
What does it mean "distributed" here? Not shadow of root DNS (because this already exists). Do you mean there will be 2 (or more) places determining where whateverdomain.com go? Like one will say "my.ip" and another one "riaa.ip"? And how client will know which one is true? Right, you have no idea.
Broken law should be fixed by politics; corruption - by law enforcement (and politics).
[ link to this | view in chronology ]
Re: Can't see how this is supposed to work
Distributed means that it will not be in one single location, and thus will never fall under one single countrys influence.
[ link to this | view in chronology ]
Re: Re: Can't see how this is supposed to work
Yeah, ICANN needs to be replaced but whatever the solution is it does not need to be of a distributed nature. DNS needs to be authoritative even if you don't care for how the current authority does things.
[ link to this | view in chronology ]
Re: Re: Re: Can't see how this is supposed to work
[ link to this | view in chronology ]
Re: Re: Re: Re: Can't see how this is supposed to work
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Can't see how this is supposed to work
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re: Can't see how this is supposed to work
It's quite easy to block alternate DNS resolvers -- see for example the current flap between Verizon Wireless and OpenDNS. It's also nearly as easy to return bogus DNS results, given the (current) low adoption rate of DNSSEC.
One of the inevitable (and positive) results of this little adventure, as well as the tactics of the MAFIAA, as well as the those of cockroaches like Phorm, is that encryption will become increasingly utilized. That alone is not enough to evade all the countermeasures -- since it doesn't address routing -- but it's a good start.
[ link to this | view in chronology ]
Re: Re: Re: Can't see how this is supposed to work
Why?
Most if not all the functions of an authoritative authority can be automated, why do we need people in the mix?
Even next features can be added in a true democratic way, with a system that can vote things requiring super-majorities, like banning certain websites or restoring domains.
Besides this would be a overlay and would function in parallel to the old system.
[ link to this | view in chronology ]
Re: Re: Can't see how this is supposed to work
If you're worried about COICA fragmenting the web, just wait and see what will happen when everybody turns on a "distributed DNS" system.
[ link to this | view in chronology ]
Re: Can't see how this is supposed to work
A DNS can be issued to somebody, the DNS system creates a key for it and check a distribute database that is maintained in the cloud only then it gives the domain to the person making the request if there is no one else requiring it.
Squatters would be a problem though :)
[ link to this | view in chronology ]
Re: Re: Can't see how this is supposed to work
[ link to this | view in chronology ]
Re: Can't see how this is supposed to work
[ link to this | view in chronology ]
Re: Can't see how this is supposed to work
People don't care, they want options. Some people want the ability to switch over to an alternative DNS to get the content they desire. While you may find it inconvenient, others easily work around.
[ link to this | view in chronology ]
Re: Can't see how this is supposed to work
http://dns.telecomix.org/
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Who is shadowserver.org?
All these sites now seem to lead to 74-208-15-160.sinkhole.shadowserver.org and thus to shadowserver.org. Now I cannot help but wonder who or what this shadowserver.org organisation is. Who are they? Why are they apparently hosting this page? What is their part in this whole case?
I also think they only seized domain names that were registered with an US registrar, not any foreign registrars.
It is however an interesting list of sites to see. They all seem to be related to sites supporting copyright violations in some way...
[ link to this | view in chronology ]
Re: Who is shadowserver.org?
[ link to this | view in chronology ]
There are multiple problems here
ICANN's an obvious problem: it's become an example of regulatory capture, which is why its policies are designed to maximize registrar profits -- no matter what the damage to the Internet. (That's why we got several years of "domain tasting", even though everyone with the slightest clue knew that there is absolutely no legitimate use for such a thing.) This latest move is merely more ICANN pandering -- it has nothing to do with the merits of the case or the purported principles behind it.
The US-centric control of DNS is another problem. It's been obvious for some time (and this latest example just reinforces this) that this control will be exerted with it's politically expedient.
Allocation policies (especially now that we are approaching the exhaustion of IPv4 space) are yet another issue: it's far easier for spammers and other abusers to get a /16 than it is for legitimate operations. Network hijacking has become an epidemic problem and no effective response exists.
Toss into the mix the problem of multiple roots (which has technical issues as well as political ones) and I think it'd just get worse. But frankly, it already has gotten worse, so perhaps it's just a matter of which swamp we'd like to wade through.
[ link to this | view in chronology ]
AlterNIC? (defunct)
http://en.wikipedia.org/wiki/AlterNIC
[ link to this | view in chronology ]
Freenet
Freenet has been in beta for a long time, but even back in 0.1, it was semi-usable. It consumes a decent amount more bandwidth than BT because of the way it's setup and you can't help but host parts of other people's files, but it's currently the only secure P2P client that won't get you sued by **AA and the government can't touch.
Short of making Freenet illegal, it may take off with the way all these crackdowns have been happening.
[ link to this | view in chronology ]
Re: Freenet
I haven't used it in over 8 years now, but I would assume it's better than it use to be.
[ link to this | view in chronology ]
Re: Re: Freenet
[ link to this | view in chronology ]
Re: Freenet
That is why I don't use the others like oneswarm and I2P(Italian).
But Netsukuku(Italian), Osiris Serverless Portal System(Italian) and GNUNet(Probably USA) are all good.
[ link to this | view in chronology ]
Was it really ICANN or was it Verisign?
Either way I still think there should be an alternate DNS method.
http://nenolod.net/did-icann-really-seize-torrent-finder-com-or-was-it-verisign/
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Not a Problem
[ link to this | view in chronology ]
Re: Not a Problem
[ link to this | view in chronology ]
Re: Re: Not a Problem
It's like encryption. They can't control encryption, so eventually they'll just outlaw its use. It won't matter if they can break it or not. Just using it will be the crime.
[ link to this | view in chronology ]
DNS
[ link to this | view in chronology ]
What's new about this?
I would be shocked if there aren't already a number of pirate/file share networks out there using the same process.
For security purposes to help me protect some of my servers I setup my own DNS Servers with zone files for non-existant domains that allow me to have customers simply add my DNS Server on their machines, use their systems like normal for accessing everything. My DNS forwards their normal requests to them, and when they hit one of my non existing domains it sends them my zone file.
As for making this distributed, still not too hard to do. MY DNS Server relies on my ISP's DNS Servers to get all domain information other than it's local Zone Files... Wouldn't be hard to configure a distributed DNS system that doesn't NEED iCANN't at all, just uses them for traditional stuff when needed.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
hmmm .... what can I say ....
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Errors.
1. "ICANN, of course, has been instrumental in helping Homeland Security with its domain seizures"
Incorrect. VeriSign handed over the domains after receiving a court order. ICANN knew nothing about it.
2. ICANN "apparently handed over Sunde's domain names to the recording industry".
Incorrect. Sunde lost a UDRP case to the International Federation of the Phonographic Industry over the domain ifpi.com. The case was decided by the World Intellectual Property Organization, not ICANN.
You can read the decision here. http://www.udrpsearch.com/wipo/d2007-1328
[ link to this | view in chronology ]
While this is probably true, I don't see decentralized DNS as that strong step in the right direction. Governments can force ISP's to block IP addresses or to disconnect the servers from their ISP's.
The closest next step that I could see would have to be something like creating a wireless internet. Wireless routing technology is improving and, if it weren't for FCC regulations, it can probably already reach distances sufficient (though slow and inefficient) to create a big decentralized P2P wireless net if enough people get routers (broadcasting signals can travel miles if you set directional antennas to the right frequencies with a decent amount of intensity). Sure, the technology is still somewhat expensive, but it'll come down in price even if it has to be sold via the black market. and people will pay for the technology, many people used to pay for those huge directional antennas that you put in your back yard, or place in a high location, and connect them to receivers to watch satellite T.V. stations from other countries (though, due to technological improvements, no one really uses those huge directional antennas anymore). Many of those directional antennas even had the ability to automatically change their own direction to point to the appropriate satellite that was broadcasting the station you were watching (they had a motor that could move it around). The ability to transmit signals for miles, even with obstacles in the way, is hardly an issue, corporations even know that a determined wardriver can pick up corporate WiFi from a good distance with the right equipment. If people want they can get a hold of the equipment necessary to transmit signals across long distances, even if expensive, buying huge directional antennas was done by many people in the past to receive signals from satellites.
Of course, the biggest obstacle is to avoid getting detected by the government for breaking FCC laws. People might find ways around that too, if they can figure out ways to point directional antennas at each other and better focus the beam (like a laser pointer sorta) so that it doesn't give out much detectable ambient light to non intended targets. I don't really see a widescale wireless internet of such being undetectable by the government though, at least not with today's technology.
Who knows what future advancements might be made within the next couple hundred years though. Maybe quantum non local communication. Technology has gone an incredibly far way within the last 20 years alone, and some new technology might come out that could negate all of the governments current efforts. But this decentralized DNS thing alone isn't it, at least not its use with currently existing Internet technology. We have to lose our dependency on centralized ISP's that are subject to government law before we can really avoid being blocked by any government mandates. and don't think encryption (like TOR) can save you, the government can simply decide (as they do in some countries) that no encrypted messages from unauthorized sources are allowable and that transceiving such messages is punishable by law. The solution is to route around the current information gatekeepers and we currently do not have the technology for that.
[ link to this | view in chronology ]
It will basically be an application that updates an url list on your computer (think hosts or lmhosts) specifically for the new TLD .p2p.
No mucking about with paralell DNS systems, just a new TLD outside of government control.
[ link to this | view in chronology ]
The Shadowserver Foundation
Created On:29-Mar-2004 04:50:33 UTC
Last Updated On:28-Jan-2010 08:51:47 UTC
Expiration Date:29-Mar-2011 04:50:33 UTC
Sponsoring Registrar:Network Solutions LLC (R63-LROR)
Status:CLIENT TRANSFER PROHIBITED
Registrant ID:40855724-NSI
Registrant Name:The Shadowserver Foundation
Registrant Organization:The Shadowserver Foundation
Registrant Street1:700-76 Broadway
Registrant Street2:Suite 236
Registrant Street3:
Registrant City:Westwood
Registrant State/Province:NJ
Registrant Postal Code:07675
Registrant Country:US
Registrant Phone:+1.9144106480
Registrant Phone Ext.:
Registrant FAX:
Registrant FAX Ext.:
Registrant Email:
[ link to this | view in chronology ]
SHADOWSERVER FOUNDATION
[ link to this | view in chronology ]
determining the contents of a domain name registration record in the Public Interest Registry
registry database. The data in this record is provided by Public Interest Registry
for informational purposes only, and Public Interest Registry does not guarantee its
accuracy. This service is intended only for query-based access. You agree
that you will use this data only for lawful purposes and that, under no
circumstances will you use this data to: (a) allow, enable, or otherwise
support the transmission by e-mail, telephone, or facsimile of mass
unsolicited, commercial advertising or solicitations to entities other than
the data recipient's own existing customers; or (b) enable high volume,
automated, electronic processes that send queries or data to the systems of
Registry Operator or any ICANN-Accredited Registrar, except as reasonably
necessary to register domain names or modify existing registrations. All
rights reserved. Public Interest Registry reserves the right to modify these terms at any
time. By submitting this query, you agree to abide by this policy.
Domain ID:D104165407-LROR
Domain Name:SHADOWSERVER.ORG
Created On:29-Mar-2004 04:50:33 UTC
Last Updated On:28-Jan-2010 08:51:47 UTC
Expiration Date:29-Mar-2011 04:50:33 UTC
Sponsoring Registrar:Network Solutions LLC (R63-LROR)
Status:CLIENT TRANSFER PROHIBITED
Registrant ID:40855724-NSI
Registrant Name:The Shadowserver Foundation
Registrant Organization:The Shadowserver Foundation
Registrant Street1:700-76 Broadway
Registrant Street2:Suite 236
Registrant Street3:
Registrant City:Westwood
Registrant State/Province:NJ
Registrant Postal Code:07675
Registrant Country:US
Registrant Phone:+1.9144106480
Registrant Phone Ext.:
Registrant FAX:
Registrant FAX Ext.:
Registrant Email:
Admin ID:40855725-NSI
Admin Name:Shadowserver Foundation
Admin Organization:The Shadowserver Foundation
Admin Street1:700-76 Broadway - Suite 236
Admin Street2:
Admin Street3:
Admin City:Westwood
Admin State/Province:NJ
Admin Postal Code:07675
Admin Country:US
Admin Phone:+1.9144106480
Admin Phone Ext.:
Admin FAX:
Admin FAX Ext.:
Admin Email:
Tech ID:40855725-NSI
Tech Name:Shadowserver Foundation
Tech Organization:The Shadowserver Foundation
Tech Street1:700-76 Broadway - Suite 236
Tech Street2:
Tech Street3:
Tech City:Westwood
Tech State/Province:NJ
Tech Postal Code:07675
Tech Country:US
Tech Phone:+1.9144106480
Tech Phone Ext.:
Tech FAX:
Tech FAX Ext.:
Tech Email:
Name Server:NS1.SHADOWSERVER.ORG
Name Server:NS2.SHADOWSERVER.ORG
Name Server:NS3.SHADOWSERVER.ORG
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
DNSSEC:Unsigned
[ link to this | view in chronology ]
The DNS system is allready decentralized.
I dont know about today, but about 10 years ago there was at least 10 DNS server farms, in different places around the globe.
As well as that, you can create your very own DNS server, its very easy with a linux system, and probably with windows as well.
You can make a PC on your network the DNS server, and that can speed up your web searching, especially with DNS caching enabled.
There is nothing stopping you from building your own DNS server and placing it on the internet. If you have the bandwidth, and you can get people to set your IP as the DNS address for their web surfing..
Could even be a techdirt server,
[ link to this | view in chronology ]
Re: The DNS system is allready decentralized.
So DNS is already decentralized, yes, but ultimately it's centralized, in the same way torrents that require trackers are ultimately centralized
[ link to this | view in chronology ]
ONLY if you try to access a site ending in ".P2P" would the program instead check a file on your own computer for the IP number of that address.
That file is in turn kept up to date by being connected to a special bittorrent swarm coded for that specific purpose.
At no point is there any conflict between P2PDNS and ICANN, other than castrating ICANNs ability to censor the web.
[ link to this | view in chronology ]
Alternative DNS already here (DASHCOMs)
New DASHCOM domains can now be registered totally free (Includes option to create your own TLDs)
Examples of new domains:
business-com
travel-net
happy-birthday
thank-you
(DASHCOM domains also offers ISP link in options)
[ link to this | view in chronology ]
A simple hack for now
[ link to this | view in chronology ]
Re: A simple hack for now
[ link to this | view in chronology ]
tinkle
[ link to this | view in chronology ]