Ad-hoc TLDs: Followup

by Rob Flickenger

I wrote a blog entry the other day about building a client-side DNS subversion tool. After poking around a bit more, I've found some relevant links. Here is a list of alternate TLD servers that follow various policies for establishing new TLDs.

Bucking the "one true root server" ethic certainly has a colorful history. The best known alternate root was probably AlterNIC, which had a flurry of activity back in 1997 (including the arrest in Toronto of Eugene Kashpureff, AlterNIC's founder.) Remember him? He hijacked InterNIC (remember them?) to protest the way that the root servers were administered. He also spent at least 55 days in jail, was extradited from Toronto, and eventually pled guilty to fraud charges, despite having earlier stated that he believed he committed no crime. All of that for temporarily rerouting InterNIC's traffic to AlterNIC for a couple of days in July of 1997. (Of course, he probably shouldn't have done it twice, and fleeing the country probably didn't go over too well...) I can find no record of his actual sentencing.

It appears that is now down, and has been reclaimed by a domain squatter.

While it is a very impressive feat to circumvent the DNS and expose the inherent weaknesses of those who would claim authority over the Internet, I propose a more grass roots solution. I want to see an "Advanced" tab on the DNS configuration page of every laptop and desktop on the planet. It should allow me to specify a many-to-many mapping of DNS servers to try for any number of arbitrary domains. This list should be tried first, overriding the default DNS servers specified elsewhere or by DHCP. And I want to see a "retrieve settings from web address" box that will automatically load these settings from a URL that the user specifies. It would be nice to see these settings in all of the home routers and wireless points on the planet, as well.

With that simple feature, the politically charged hierarchy of the current domain root system will neatly be sidestepped. And good heavens, there is certainly a business model in there somewhere. It's no use whining that the powerful ad-hoc nature of the Internet has been co-opted. It's time to take it back.

Should the DNS system be overhauled, or is the stability of the Internet something best left to the professionals?


2004-03-16 04:12:11
"retrieve settings from web address"

would make phishing so much easier..

2004-03-18 10:46:18
Windows DNS server
Here is an alternate DNS server for Windows that talks to alternate root servers:

It is apparently free for personal use. It was forwarded to me from someone on the auDA DNS mailing list.

2004-03-18 11:00:08
Not of it's properly engineered. I think it's unlikely that the same clueless users who open random attachments have the tenacity to actually go to a control panel, find their DNS settings, click Advanced, and then enter a URL.

Of course, I'd want to retrieve my settings from an address starting with https. That opens up a whole new broad vista of interesting business model issues: who will register trusted certs to arbitrary TLDs? Probably noone, until they get big and established.

Hang on. Could it be that people will once again be responsible for controlling their own security? Maybe by rolling their own CAs as well? Good heavens! It sounds like fiddling with the DNS will undermine a great number of self-described authorities on the Internet! ;)