Jump to content

Alternative Roots

From ICANNWiki
Revision as of 20:20, 9 December 2021 by Jessica (talk | contribs)

Alternative Roots are separate root systems in that the contents of their root zone files deviate from the IANA promulgated authoritative root zone file.[1] Alternative Root Servers, or Alternative Domain Servers, provide users with alternative TLDs not currently available via mainstream browsers. The control of the official Internet is in the hands of the Internet Corporation for Assigned Names and Numbers (ICANN). IANA, a department of ICANN, has full control over the root server, which is a file on a computer that is kept at Herndon, Virginia. This file works as the official list of domain names on the Internet.[2]

The DNS is a hierarchical system designed to allow humans to use text strings to access content or services in place of IP addresses on a global information network. Operating systems have been distributed for decades with the listing of default DNS servers to use as the authoritative place to obtain an answer when searching for a TLD. There are 13 Root Server Operators in that file, and they comprise the Internet's DNS root.[3] In addition to the Internet's DNS root working in agreement with ICANN, several organizations operate Alternative Root Servers (often referred to as "altroots"). Each alternative root has its own set of root nameservers and its own set of TLDs.

Alternative Root Projects edit

Alternative Root Servers have been in existence since 1995 when several groups of Internet users found out that they didn’t have choices other than .com, .org], and so on. Historically, altroots could be divided into two groups: those run for idealistic or ideological reasons and those run as profit-making enterprises. The latest wave of altroots can be differentiated based on the technology on which they rely: blockchain. A blockchain domain name system is a decentralized directory for registering, managing, and resolving domain names. The nodes are equal in power and authority; all owners must contribute or delegate their votes to specific nodes to make decisions or changes to the blockchain DNS.[4]

  • BORN (aka Business Oriented Root Network)[6]
  • CINICS (aka Common Interest Network Information Center Society)[7]
  • eDNS: an organization that promoted alternative DNS root services established by Karl Denninger; it opened and closed in 1997 as it did not achieve commercial success.[8][9]
  • Ethereum: an alternative protocol for building decentralized applications, providing a different set of tradeoffs for a large class of decentralized applications, that focuses on situations involving rapid development time, requiring security for small and rarely used applications, and offering wide-ranging, agile interaction. It has an abstract foundational layer: a blockchain with a built-in Turing-complete programming language so that anyone can write smart contracts and decentralized applications with their own arbitrary rules for ownership, transaction formats, and state transition functions.[10]
  • Handshake: A DNS-backwards compatible naming protocol. It adds a distributed, decentralized blockchain-based system to the root zone file where TLD ownership information is stored. No one controls it and anyone can use it, allowing for a root zone that is uncensorable, permissionless, and free of gatekeepers. Every peer in the Handshake network cryptographically validates and manages the root zone, eliminating the need for the Certificate Authority system.[11]
  • iDNS: Beginning as a research project at the University of Singapore, this DNS ran under the auspices of the Asia-Pacific Networking Group in 1998 and was incorporated in 1999. i-DNS successfully test-bedded IDNs over a 6-month period, in collaboration with CNNIC, and the NICs of Japan, Korea, Hong Kong, Taiwan, Malaysia, Thailand, and Singapore.[12]
  • Namecoin: created in 2010, the first decentralized name registration database to use the first-to-file paradigm (where the first registerer succeeds and the second fails); this implementation requires bootstrapping an independent blockchain and building and testing all the necessary state transition and networking code.[13]
  • name.space
  • NBA
  • New.Net/VendareMedia/Connexus: a commercial alternative root that sought to compete with .com, .net, and other TLDs. that attempted to work directly with internet service providers to activate their domain names automatically at the network level. The founders developed proprietary technology to allow their domain-naming system to exist alongside ICANN.[14]
  • OpenNIC: a user-owned and -controlled top-level Network Information Center offering a non-national alternative to traditional Top-Level Domain (TLD) registries.[15]
  • Open Root Server Confederation (ORSC)[16]
  • Open Root Server Network (ORSN): A network of root servers in Europe (other than the one run by Paul Vixie in the U.S.) that operated from February 2002 to December 2008. ORSN had 2 operating modes: ICANN-based and the default, independent. The former involved daily synchronization but did not remove TLDs that ICANN; the latter was not automatically synchronized.[17]
Letter Operator Location
A Celox GmbH Frankfurt, Germany
B Funkfeuer Vienna, Austria
C KEVAG Telekom GmbH Koblenz, Germany
D Cyberlink Internet Services AG Zurich, Switzerland
E TRIERA Broadband Maribor, Slovenia
F Zen Systems ApS Lyngby, Denmark
G NFSi - Soluções Internet, Lda Leiria, Portugal
H Init Seven AG Zurich, Switzerland
I ALET.IT Pisa, Italy
J ASDA Athens, Greece
K Titan Networks Netherlands BV Amsterdam, Netherlands
L Paul Vixie San Jose, California, United States
M Home of the Brave GmbH Frankfurt, Germany
  • Russian National Domain Name System: a project started in 2019 by Roskomnadzor, (Federal Service for Supervision of Communications, Information Technology and Mass Media), that may gradually become mandatory for all ISPs in Russia. Its servers are located on the Moscow Internet Exchange. The mission is to provide an alternative root for all users within Russia and continue functioning in case of its disconnection from the rest of the Internet.[18]
  • UCDA
  • UNIDT
  • UnifiedRoot: River Book Investment Company bought this alternative root based in Amsterdam, The Netherlands, in 2005. It operates an independent infrastructure to enable the creation and usage of TLDs and IDNs registered on its system. The Unifiedroot root server platform is IPv6 and IDN ready and operates parallel to ICANN. Individuals cannot apply for a TLD or IDN with Unifiedroot. Only companies, organizations, and institutions can register a TLD or IDN.[19]
  • Yeti-DNS: Supported by Japan’s WIDE Project, Paul Vixie’s engineering and security project TISF, and the Beijing Internet Institute, this project explores IPv6-only operation, DNSSEC key rollover, renumbering and scaling issues, and multiple zone file signers.[22] Phase 2 of the project is decentralized (there no central node, so each node needs to reach a consensus when performing operations; the primary node is the executor but has no special authority); it is scalable; it uses threshold signature technology to reduce the number of DNSKEY; and it uses DM Management Committee (DMMC) for transactions.[23]

Reasons Alternative Root Projects Have Developed edit

For IDNs edit

  • In the first decade of the 2000s, individuals, organizations, and nation-states grew inpatient at ICANN's slow advancement of supporting international languages and scripts in gTLDs and ccTLDs, leading SSAC to release "SAC009: Alternative TLD Name Systems and Roots: Conflict, Control and Consequences," to encourage ICANN to move more quickly and to warn parties interested in operating alternative root name services or managing alternative TLDs that such activities would not be likely to succeed financially or logistically.[24]

To Limit the Flow of Information edit

  • Russia and China are working on alternative root projects to have more control over their citizens' use of and exposure to the internet.[25][26]

Against Inefficiency and Abuses of Power edit

  • In September 2001, Milton Mueller concluded that "competition among DNS roots should be permitted and is a healthy outlet for inefficiency or abuses of power by the dominant root administrator."[27]
  • There was a bottleneck in the domain name industry due to ICANN's glacial pace of delegating new TLDs especially in its early years.[28]
  • Alternative DNS roots can allow for more democratic control of the Internet.[29]

Against Governmental/Intergovernmental Control of the Internet edit

  • ORSN was founded out of concern over the U.S. government's control of ICANN.[30]
  • ORSC's founders wanted the evolution of the Internet's Domain Name System to be organic, from the bottom up, and free of intergovernmental agencies.[31]

Experimentation edit

  • In 2005, Paul Vixie, a member of the ISC F-Root team and involved in maintaining BIND, a popular open-source implementation of DNS, suggested to RSSAC that ICANN create an alternate root zone so that the technical community could add features like internationalized domain names, IPv6, and DNSSEC without disrupting older DNS behavior.[32]
  • Advances in authentication: Blockchain relies on a new security model of validation, reducing individual credential management.

Data Privacy edit

  • Individual chooses relationships and connections via blockchain domain names, offering privacy and data protection, as all data and personal information are stored by the individual making the connections.[33]
  • Blockchain registrations contain unique encrypted hashes instead of individual names and addresses.[34]

Peer-to-Peer Transactions edit

Individuals can make transactions with each other directly; they do not need intermediary companies.

Uncensored Activities edit

Security edit

In Blockchain-based DNS alternates,

  • information is encrypted and stored in blocks immutable and timestamped (easier to audit, harder to tamper with and delete)[35];

Theories on Why Alternative Root Projects Fail edit

  • Paul Vixie explains that “any set of DNS root name servers that serves any DNS root zone that did not come from IANA is an ‘alternate root’...[M]any attempts to fork the IANA name space and offer non-standard top level domains...has failed. Often that failure followed public ridicule by me. I think alternate roots of the ‘name space fork’ variety are a terrible idea for the global Internet, although I recognize the need for this kind of name space augmentation inside many enterprise networks...Vibrant competition among Internet name spaces is bad for all of us—bad for business, bad for freedom of expression, bad for national and personal security."[36]
  • DNS governance should be completely detached from governments and sovereignty concerns.[37]
  • The strong network effects associated with the IANA root zone create powerful disincentives to violate the global uniqueness of domain names.[38]
  • Countries’ economies and security are intimately tied to communications facilitated by the DNS root zone.[39]

On-Going Issues edit

Fragmentation edit

Concerns have been raised over how alternative roots could lead to the technical, governmental, and commercial splintering of the Internet.[40]

Name Collision edit

Conflicts can occur in user experience and functionality when there are identical TLDs that do not match in their delegation, which is why some form of centralized coordination is important in adding names to roots, such as we see with ICANN. The .biz TLD created by Pacific Root was in operation before ICANN proposed running .biz, and at least one of the alternative root servers resolves .biz to the PacificRoot's. There are .biz domain names that exist in different roots and point to different IP addresses. The possibility of such conflicts, and their potential for destabilizing the Internet, is the main source of controversy surrounding alt roots.

Governance edit

For better or worse, there is a lack of governance in decentralized systems such as that making use of Blockchain.[41] However, the coordination required to encompass many voices and views and build consensus is glacial in contrast to the pace of pioneering and innovation in unregulated spaces.

Security edit

DNS edit

  • The DNS was not made with security in mind; thus, DNS Abuse has grown up along with the expansion of the Internet.

Blockchain models edit

  • Easy to copy and paste[42]
  • could use QR codes but only works with smartphones

Functionality edit

  • Limited audience: few people can view sites or send emails and only to those also using domains in the alternative TLDs. This could be improved through the use of special helper applications, or if a custom configuration was made to their computer, or to their nameservers, or a custom configuration at an ISP upstream in the DNS hierarchy. None of these solutions were as comprehensive as being listed in the default nameservers that are seen when an operating system starts. Whilst technically trivial to set up, actually running a reliable root server network, in the long run, is a serious undertaking, requiring multiple servers to be kept running 24/7 in geographically diverse locations. During the dot-com boom, some alt-root providers believed that there were substantial profits to be made from providing alternative top-level domains. Only a small proportion of ISPs actually use any of the zones served by alt-root operators, generally sticking to the ICANN-specified root servers. This in turn led to the commercial failure of several alternative DNS root providers.
  • Alternative name systems today are clunky, hard to reach, and expensive; they put the onus on browsers, which do not want to govern.[43]

Costs edit

Brand Protection edit

History of Opposition edit

In May 2000, the IAB concluded "There is no getting away from the unique root of the public DNS" and called attempts at replacing it a "family of recurring technically naive proposals.[44]

In July 2001, ICANN released its Internet Coordination Policy (ICP-3): A Unique, Authoritative Root for the DNS," declaring the necessity of a single, central authority to coordinate the assignment of unique parameter values and to maintain the public's trust in the Internet, which alternative roots could disrupt.[45]

In January 2016, Bill Drake, Vinton Cerf, and Wolfgang Kleinwächter published a paper on Internet fragmentation that chastised the Yeti-DNS project for threatening to splinter the DNS.[46]

In November 2021, ICANN published a blog post reiterating buyer beware when it comes to alternative root servers.

References edit

  1. Will China Form an Alternate DNS Root?, IGP
  2. About IANA
  3. History of the Root Server System, RSSAC023, ICANN
  4. Top 13 BEST Blockchain DNS Software, Software Testing Help, November 29, 2021
  5. AlterNIC Founder Arrested, CNet
  6. Root Support, Forum, ICANN
  7. Root Support, Forum, ICANN
  8. eDNS, Academic.com
  9. eDNS Press Release, Iperdome
  10. Alternative Blockchain Applications, Ethereum.org
  11. About Handshake, Namebase
  12. Our History, i-DNS
  13. Ethereum Whitepaper
  14. Mission, About Us, New.Net, Web Archives
  15. Wiki, OpenNIC
  16. ORSC Proposal, NTIA
  17. FAQs, ORSN.net, Web Archives Nov. 24, 2005
  18. Russia's Sovereign Internet Law, CNBC
  19. About Us, UnifiedRoot
  20. Original .Web Applicant Sues ICANN, Domain Incite
  21. IOD vs ICANN, Resources, ICANN
  22. [Alternate DNS Roots and the Abominable Snowman of Sovereignty, IGP]
  23. Phase 2, Yeti-DNS
  24. SAC009, SSAC, 03/31/2006
  25. Russia Moves Toward Creation of an Independent Internet, DW
  26. Robert Knake, The Beginning of the End of the Open Internet Era, Council on Foreign Relations Blog
  27. Competing DNS Roots: Creative Destruction or Just Plain Destruction?, Computers and Society
  28. Alternate DNS Roots and the Abominable Snowman of Sovereignty, IGP
  29. [Bastick, Zach (2012). "Our Internet and Freedom of Speech 'Hobbled by History': Introducing Plural Control Structures Needed to Redress a Decade of Linear Policy". European Commission: European Journal of EPractice (15): 97–111]
  30. ORSN, Academic.com
  31. About, ORSC
  32. Vixie, Let Me Make Yeti-DNS Perfectly Clear, CircleID
  33. Tyler Mason, GoDaddy Blockchain Domain Names Webinar, 12/1/2021
  34. Top 13 BEST Blockchain DNS Software, Software Testing Help, November 29, 2021
  35. Top 13 BEST Blockchain DNS Software, Software Testing Help, November 29, 2021
  36. Vixie, Let Me Make Yeti-DNS Perfectly Clear, CircleID
  37. Alternate DNS Roots and the Abominable Snowman of Sovereignty, IGP
  38. Alternate DNS Roots and the Abominable Snowman of Sovereignty, IGP
  39. Alternate DNS Roots and the Abominable Snowman of Sovereignty, IGP
  40. William J. Drake, Vinton G. Cerf, Wolfgang Kleinwächter, Internet Fragmentation, World Economic Forum 2016
  41. Tyler Mason, GoDaddy Blockchain Domain Names Webinar, 12/1/2021
  42. Tyler Mason, GoDaddy Blockchain Domain Names Webinar, 12/1/2021
  43. Tyler Mason, GoDaddy Blockchain Domain Names Webinar, 12/1/2021
  44. RFC 2826, IETF
  45. ICP-3, Resources, ICANN
  46. Internet Fragmentation, WEF 2016