Technocrat

Here lies DNS, RIP.

GuyFawkes
Sun Aug 03 10:04:00 -0700 2008
Politics
manage

DNS is on the face of it a good idea, www.google.co.uk is easier to remember than 66.249.93.104

It's like phone numbers, it is easier to remember "Dan, home" and "Dan, mobile" than a string of apparently random numbers.

Where it breaks down is when the system itself gets subverted (for profit) by those who are supposed to be running it, and they are ALREADY charging you for running it, so my (telephone) country code is 44, my area code is 01392 and my number is (for example) 224466.

This telephone system would break, UTTERLY, if the phone company was allowed to charge me not just a line rental, but an annual fee for the number 224466, and it addition the phone book was chock full of "Dan, home", "dan, home", "Dan,home" and every single possible combination always connected me to a double glazing or life insurance or penis enlargement vendor.

Even worse, the system would allow penis enlargers to socially engineer or simply grab my phone book entry from me, so even "Dan, home" will route your call to someone else, and in reality there is bugger all I can do about it unless my phone book entry said "Ford, HQ" and I had a string of lawyers on retainer.

And yet this appalling state of affairs is actually an understatement of what we have with the DNS system.

Can you imagine a telephone system where several different companies all produced different phone books, each of which might list a different number for "Dan, home" and all of which would connect to some valid phone number selling penis enlargement?

But today I noticed something new, not just domain squatting / parking, but nested nameserver squatting / parking.

I will illustrate with actual examples and actual domain names.

The missus created the name "designxp", Google it, she was the only person on the planet using it.

I created the name "surfbaud", Google it, I was the only person on the planet using it, though for some years a guy in australia (waverider) has been using it too.

Both of us registered domains, at one point www.surfbaud.net was pointed at ns1.designxp.co.uk, since then it has to be said we have both allowed both domains to lapse, in my case this included surfbaud.com and ,co.uk and the only one I kept was www.surfbaud.org.

Imagine my surprise when today re-activating the .org to some server space that I find www.surfbaud.net pointing at ns1.designxp.org... I mean, what are the chances.... a-z + 0-1 = base 36, so designxp is a 8 digit base 36 number and surfbaud is an 8 digit base 36 number and lo and behold what a coincidence...

Except it isn't a coincidence, I look a little deeper and with no effort at all I find many other identical examples, there is no possibility of coincidence.

Let me be clear, this isn't simply a script that looks for expiring domains up for renewal which grabs them automatically like an ebay sniping programme.

This is copying domain names complete with nameserver structure for available top and second level domains.

Sure, I can go and register a company name with Companies House, and then spend more time and effort pursuing the various "surfbaud" domains, or I could have splashed the cash for the lot of them and simply maintained them myself, but this is not what the net was ever about.

I will go back to the telephone analogy, because it is relevant, if we had an analagous phone system it would simply cease to be any use, and that is what we are getting with the internet, and we are NOT getting this because speculators are gambling with domain registration fees on a level playing field with the rest of us.

My blog (at the risk of being seen to spam) is at 77.103.68.5 and thanks to the iniquities of ipv4 that IP address is subject to change. It is like saying my phone number is 682820 but next week it might be 682082, and looking for "John, home" in the phone book (which phone book, printed by whom) won't necessarily help you either, because that data is also variable and subject to change.

This is one of the reasons I hate virtualisation, DNS, like the phone system, only works if a given "human readable" name always maps to the same "phone number".

If DNS is down I can always reach www.google.co.uk by typing 66.249.93.104 but thanks to ipv4 and virtualisation I will not always be able to reach www.surfbaud.org by typing in the IP address, just as typing 208.122.3.70 gets me a 404 not found instead of giving me www.technocrat.net, it's just a canonical name, and that stuff only worked when the registrars and name servers didn't crap on their own doorsteps.

DNS is dead. Long live DNS.

Here lies DNS, RIP.
MegaZone
Sun Aug 03 12:51:41 -0700 2008
 manage

In reality the phone number is just another layer of abstraction too, at least in the US.  It used to be that a phone number tied to a physical circuit and location.  Each digital in the number moved a physical stepper switch to connect to the dedicated circuit.  But now it is all just data muxed onto the backbone.  And with number portability in the US, a phone number can move from place to place, device to device, etc.  There are underlying indentifiers that are the actual addresses the system uses.  There is effectively a DNS analog in the phone network, when you dial 5085551212 a 'look up' is done to determine where in the network that number really lives, and what identifier to route the call to.  And that can even change with the various call redirection and forwarding services.  Phone numbers are virtualized.

IP networking has several layers of abstraction.  IP addresses themselves are just abstractions which resolve to MAC addresses for the final routing to the correct device.  And even MAC addresses are quite often virtualized these days.  Even cheap home gateways offer MAC impersonalization.

I don't think this is a big deal.  You'd think 'Dan, home' was unique - but it isn't, there are millions of Dan's, each with their own home.  So why does it matter that surfbaud.org and surfbaud.net aren't the same?  I own megazone.org (amongst others), but someone else has .net, and yet another person has .com.  I missed .com by procrastinating years ago - I was going to register it, decided to think about it, and when I went to do it it had been taken two weeks earlier.  Ever since it has passed from squatter to squatter and I haven't been willing to pay what they're asking.  But I don't think that is a problem in the system, really.  I snoozed and I lost.

Companies and individuals don't have to buy up their name in all possible TLDs.  They can if they want to, but frankly most of the TLDs aren't well known.  Dot-com remains king if you're a commercial entity, but even that seems to be breaking down.  DNS and the domain structures will continue to evolve, and what we have in ten years may not be recognizable compared to today.

What is the point of your argument, or just a rant?  It sounds a bit like "When I was your age we had one server per IP and we LIKED it that way!  You whippersnapper!"  I don't see how registrars and name servers are 'crapping on their own doorsteps'.  So you can't enter an IP to get to most websites - so what?  That hasn't been possible since HTTP virtual servers came into use many years ago, relying on the Host: header.  That doesn't even directly relate directly to DNS, it just happens to use the same value as DNS uses for IP resolution.

The infrastructure we have today through virtualization is a hell of a lot more reliable than the days when each server had a dedicated IP and trying to do pooled resources was much harder, and virtualization services was almost impossible.  We had a lot of ugly hacks then to do what is pretty much par for the course today.  And today's services handle far higher load and do so far more reliably.  That's more than a far tradeoff for reliance on DNS as part of that infrastructure.

DNS works just fine with the 'human readable' name NOT always mapping to the same 'phone number'.  Even the phone system doesn't really always have the same human readable name mapping to the same phone number, that's just a convenient illusion carried over from earlier days.  You could dial the same number and one day reach someone's office phone, the next their cell, and next their home - or all three at once.  It is just another layer of abstraction and virtualization, quite similar to DNS and IP addressing in function.

Here lies DNS, RIP.
Charles E Hill
Sun Aug 03 12:57:14 -0700 2008
 manage

Actually, if you look, the registrar did something sneaky.

He owned, at one time, www.surfbaud.net.  It used another domain under his control for DNS: ns1.designxp.co.uk.

When it lapsed, the registrar created ns1.designxp.ORG and pointed the lapsed .net over there.  It took me 10 minutes of reading his explanation and digging thru DNS records to figure it out.  Very sneaky and VERY misleading.

In essence, they cloned his entire DNS config with a slight modification.  At first glance -- even second and third with me -- it looks like it should.

The worst part is the registrar left Guy as the main contact.  That is fraudulent and possibly criminal.

Here lies DNS, RIP.
MegaZone
Sun Aug 03 14:19:16 -0700 2008
 manage

OK, that last bit is important and not at all clear from the post.  Leaving him as the main contact is fraudulent.  Taking over the domain, even pseudo-cloning the DNS tree, while shifty, I don't really have an issue with.  It is a free market.  But making him the main contact of the 'cloned' tree can't have any legitimate use and could only be used to further some fraudulent intent in convincing others they were his domains.

If he'd just said that it'd be a lot clearer what he was on about.

Here lies DNS, RIP.
Charles E Hill
Sun Aug 03 14:32:41 -0700 2008
 manage

I know.  My first check on NetSol's WHOIS showed Guy still owning the active domain had me go "WTF is he talking about?  This isn't lapsed."

Not cool.

Here lies DNS, RIP.
Charles E Hill
Sun Aug 03 12:52:47 -0700 2008
 manage

The domain resolves to one of those parking ads. But the interesting part is the IP address of the .net domain is in the same block as the ns1.designxp.org -- owned by Enom, Inc.

Enom is the registrar who has the designxp.org and surfbaud.net.  They are scum.

Hmmm... Network Solutions lists the .net as valid thru 2010, to what I assume is you, J.B.  I don't see it as lapsed.  You're still listed as one contact and Ghoulet as the administrative and technical.  Did they register it for you and use Enom?

Get them to yank it back.

On the other note, about DNS in general, I think part of the problem is Virtual Web Hosting.  One IP for 100 domains, etc.  That is handled by the web server, not the Registrars.  It is a configuration in Apache, IIS, etc. What you need is an IP per domain.

To a certain extent you can cheat.  Create a HOSTS file that matches 208.122.3.70 with technocrat.net and it'll work.  Heavily load balanced sites like the BBC will cause issues, but things like your blog and Technocrat will work fine.

In theory, IPv6 will allow for an IP per domain.  When it gets here.  Eventually.  Of course, we will need DNS because technocrat.net is a lot easier to remember than https://[2001:0db8:85a3:08d3:1319:8a2e:0370:7344]:443/

(Note: Not the real IPv6 IP of technocrat.net.)

Here lies DNS, RIP.
John Dalton
Mon Aug 04 03:54:46 -0700 2008
 manage

As I understand the original intent of the web, we were never meant to be typing in URLs.  Humans were supposed to be following links and leaving it up to the machines to handle URLs.

Search engines convert the Internet from a network of URLs into a network of hyperlinks.  I often find myself typing URLs into google, instead of the address bar of my browser, and following the link that google provides to me.  That way if I make a typo google will (mostly) still connect me to the correct website.  If I couldn't be bothered to type the URL I just type a shorter keyword or two and follow the URL.

If it wasn't for the weighting Google's rankings give to domain names we could be living in a DNS free world.  Domain names can be viewed as a form of search engine optimisation.  Having a relevant domain boosts a site's pagerank, but If a website is well linked google will rank it highly without without a domain name.  Search engine ranking matters over DNS.  Some web browsers will automatically forward malformed URLs fom the address bar to google, blurring the distinction between search result and domain name even futher.

The point of the above is that if it wasn't for the pagerank algorithm giving weight to domain names we could safely retire DNS.

Here lies DNS, RIP.
David Leppik
Mon Aug 04 12:11:13 -0700 2008
 manage

Nah, one of the advantages of WWW over Gopher was the relatively terse URLs. HTML was originally designed to be hand-written, and so URLs were meant to be, too.

Google didn't appear until around 1998. Until then, search engines were pretty lousy. Yahoo's human-edited links were the best directory of the Web, because even though they didn't have 90% of what you wanted, the 10% they had was actually good. Alta Vista was the main search engine, and what you were looking for was usually not within the first 100 results. So for the first seven years, the URL was crucial.

Here lies DNS, RIP.
John Dalton
Mon Aug 04 20:50:44 -0700 2008
 manage

I agree that human-URL interaction was important before google.  In the olden days I used to have a notebook full of URLs.  I still contend that since the advent of the current generation of search engines there is no need to interact with URLs directly, and at least for WWW use we could probably retire DNS with minimal impact.  It would take people time to get used to the idea of no DNS but I don't think it would seriously impact the useability of the web.

Here lies DNS, RIP.
pyro9
Mon Aug 04 10:55:55 -0700 2008
 manage

In theory, IPv6 will allow for an IP per domain.  When it gets here.  Eventually.  Of course, we will need DNS because technocrat.net is a lot easier to remember than https://[2001:0db8:85a3:08d3:1319:8a2e:0370:7344]:443/

 

That's why we have to have virtual domains for now. If not for virtual web hosting, we would have run out of IPv4 addresses a few years ago.

However, even with IPv6 I suspect we will see virtual hosting. It just doesn't make much sense to run a seperate Apache for each of 100 websites that might see one hit per hour if they're lucky (naturally, I'm not talking about Technocrat here).

Here lies DNS, RIP.
Charles E Hill
Mon Aug 04 11:01:04 -0700 2008
 manage

Name based virtual hosting is one way.  You can do IP based virtual hosting with one instance of Apache and many IPs per machine.

Name based hosting uses the canonical name passed in the HTTP query header to determine where to go internally.  It is incompatible with SSL, which must have a unique IP.

I'm certain virtual hosting will survive, as it is the best way to utilize resources.  But I'd expect it to migrate to IP based as opposed to name based.

Here lies DNS, RIP.
pyro9
Mon Aug 04 11:48:09 -0700 2008
 manage

That is a good point. There may still be some due to the simplicity of v6 autoconf vs. assigning addresses, but not nearly as much (especially since https is broken by design for name based virtual hosting).

I just wish we were further along with v6. I've been using it for over a year, but there's MANY clients out there that aren't set up.

Here lies DNS, RIP.
mcrbids
Mon Aug 04 00:04:40 -0700 2008
 manage

So, somebody registers a DNS name similar to yours in a manner intended to be confusing to a domain you had, and you figure that DNS is dead?!?? It's like discovering that a hammer was used to bash in your front door, and proclaiming that hammers are dead. RIP hammers!

What would you replace it with - clickable pictures of mudkips and kittens?

DNS is by no means perfect, but if there's a problem, it's with the concept of a "root domain". There are technological reasons why it's easier to divide the Internet this way, but as I understand it, those reasons really don't matter much anymore.

Why have IBM.com and IBM.net and IBM.org and IBM.co.uk AND IBM.tv AND IBM.ca.us? Other than the country differentiations, I can think of none.And the country differentiations can be easily accomplished with "uk.ibm" or "outermongolia.ibm".

It's wasteful that a good 2/3 of the "legit" domains registered are simply to prevent squatting. If we were to reconceptualize DNS in such a way that there are no limits to the root domains, so that ".com" becomes more antiquated, and you'd simply go to "ibm" in your browser, it would be retro-compatible with the existing DNS infrastructure, and would all but eliminate the waste of registering 5 domains so that you can have the unchallenged right to use your company name in compliance with trademark law and its requirements.

But DNS is a long, long way from dead! Rumors of its death are in quite highly exaggerated. It's very light, it's very flexible, it's highly redundant, it's distrubuted, handles a mind-numbing amount of data every day with such ease that we think nothing of it.

If anything, I've been seeing a trend towards increased reliance on it. Technologies like DNSSEC extend DNS in much-needed ways. SPF is a viable technology for limiting the damage of a SPAM attack that is literally nothing more than a simple DNS record created in seconds in a text file when using BIND, and a tweak to a mail server. Don't forget things like DNS RBL, poor-man's load distribution with round-robin DNS, etc.

Lastly, you make the point of complaining about your inability to connect to a name hosted website using only the IP address. That's not true, you just aren't using the right tool for the job. When things get rough, try this:

$ telnet 208.122.3.70 80<enter>

GET / HTTP/1.0<enter>

Host: www.technocrat.net<enter twice>

Of course, you already know that. You are also fully aware of the utility of a hosts file. (including my favorite entry: 127.0.0.1 ads.doubleclick.net)

So why are we talking about this? Because there's a system that works rather reliably for billions of transactions per hour, has withstood untold numbers of DDOS and other attacks while sustaining way better than the 5 nines that I bitched about a few articles back, and you figure it's a system that should die because somebody scammed somebody else with information you initially provided? In a way that didn't even cost you anything that I can determine?

It's like saying that we should outlaw the idea of money because somebody tricked somebody else out of 50 quid by selling him a bootleg copy of a column you wrote once at a flea market last week! (Maybe we should outlaw flea markets while we're at it?)

Yes, DNS is a system that has a few, completely livable warts which exist because the original designers had no idea they were building the infrastructure for the world's largest  telecommunication system. But it works so well, and is so entrenched that it will be around long after you and I aren't...

/* Methinks GF has had a bad week */

Here lies DNS, RIP.
GuyFawkes
Mon Aug 04 03:13:30 -0700 2008
 manage

Not so much a bad week, a problem that has always been around, but is now spiralling out of control.

  • technocrat.net - bruce - 2001
  • technocrat.com - "network solutions" - 1996
  • technocrat.co.uk - giant games - 1999
  • technocrat.org.uk - technocrat records - 2004
  • technocrat.me.uk - parked - 2007
  • technocrat.eu - parked
  • technocrat.org - parked - 2001
  • technocrat.info - parked - 2007
  • tecnocrat.me - parked
  • technocrat.cn - parked
  • technocrat.es - parked
  • technocrat.cc - parked

Many of these parked on enom, who boast of having 11.5 million domains parked and 24.6 million hosts on THEIR DNS system and over 1 billion DNS queries per day.

Tell me how this isn't fucked up BAR?

Here lies DNS, RIP.
Richard Sexton
Mon Aug 04 07:41:26 -0700 2008
 manage

What did you expect would happen?

That DNS didn't evolve into the way you or I wanted it to means we had some sort of idea of a plan. But DNS grew up without a plan. There was no attempt at an address (name and/or ip) plan. So of course it didn't go according to your or my plan.

And I've come to believe that's a feature not a bug. I'm not sure I want to live in a world where there is any plan for dns names. You take the good with the bad and have complete freedom to make up names as you wish (modulo mark dilution/infringement).

Your comments though, while on-target, are 15 years to late, and so is (what little there is) public understanding of the mechanics and policy of the DNS world. Taken as a whole, domain policy of the last 20 years has been the bighest disaster of any part of the internet this side of pet shop sock puppets.

And this is just the start. Early next year any schmuck with a quarter million gets to run their own tld. This isn't a bad thing, but there's gonna be a bigger mess.

Expired domains make the baby Jesus cry. Anybody that thought domains were permanent after they started charging for them doesn't understand life on this planet!

In other words if you want your idea of a plan for those names to be permanent then you cannot let them expire.

Me and my ilk fought for years to keep domain names free (as in beer) but I no longer think that's a good idea. It was somebody from netsol (I think don telage, an utterly brilliant math wizard) who pointed out there should be a $5 fee or so to belong to one of the various icann membership organizations we were disscussing in Berlin in the late 90s. "without some skin in the game things gets to be a chaotic mess, it has to sting a little to join to weed out posers". And this made sense to me; and as soon as I realized that I gave up on the idea of free domain names.

There is no intellectual property category for your dns configuration and I doubt you're aksing for some sort of intellectual property law to be created, so, you didn't pay for the domains, lost them and I'm afraid you get what you get.

Actually there probably are free permanent domains: anybody with a grandfathered IP alocation has some .arpa name delegations that satisfy this criteria. I'm not sure how much this helps, but then I really don't see the problem in the first place. This kind of thing has happened to everybody I know. What's the big deal?

Here lies DNS, RIP.
mcrbids
Thu Aug 07 20:53:04 -0700 2008
 manage

These parked domains will lose all their value if there isn't all these other root domains. Get rid of them.

I mean, who's going to care about "technocrat.cn" if there is no limit to the root domains? Why is "*.cn" any more valuable than *.ix or *.ixu or *.sia or any other random two-letter combination?

This brings the naming of the Internet in line with naming that we have anyway.

Here lies DNS, RIP.
zotz
Mon Aug 04 05:51:27 -0700 2008
 manage

"Why have IBM.com and IBM.net and IBM.org and IBM.co.uk AND IBM.tv AND IBM.ca.us? Other than the country differentiations, I can think of none"

Here you go:

The Tribune

The Guardian

The Tribune and The Guardian are two large and long standing news papers here in this country. The Tribune has tribunemedia.net. Someone else has tribunemedia.com. Who should have what?

Who should have apple.com? People try and push the trademark <=> domain angle but trademark is business area sensitive. Do we want business areas added into the domain system?

all the best,

drew

 

Do you have questions about the site? Write to bruce at perens.com . List of all articles we've ever published. Source Code Developer's Documentation RSS XML Sitemap XML News Sitemap Valid XHTML 1.0 Strict Valid CSS! [Valid RSS]