On fixing DNS

Audrey Watters wrote an excellent piece about what WikiLeaks has taught us about the open Internet. In my opinion, she’s 100% right about the DNS issue. The thing is that EveryDNS did not boot WikiLeaks due to political pressure, in contrary to Amazon and Paypal. Because of the DDOS attacks, the service provider had to retain WikiLeaks in order to deliver service levels for its other customers. So the domain name service is really a weak link in the open Internet.

Just like in my previous post, she talks about the development of an alternative P2P DNS, lead by Pirate Bay co-founder Peter Sunde. According to Sunde, the core of the DNS problem is not ICANN. It’s that governments and companies can control ICANN (i.e. it’s centralised). So the solution would be a domain name service that would be a decentralized and distributed.

But what is DNS exactly? How does it exactly operate? Let’s be more specific.

As per the Dutch wikipedia, it is a system and protocol, situated at the application layer. Basically, a database containing all domain names and IP addresses. It is the DNS server that matches these data. However, it does not translate because there is no logic between domain names and IP addresses. Computers can then be accessed by both hostname and IP address.

It is important to note that the DNS system is an hierarchical-, distributed- and redundant database, which is maintainable and resistant to growth.

If one wants to implement the DNS protocol, one has to comply to a number of  Request for Comments. Obviously, it requires a lot of work to implement the 100+ RFCs. Let alone the drafts, which I even haven’t discussed.

Roughly, DNS exists of 3 parts: the stub resolver, the caching/recusing resolver and the authoritative nameserver.

Here’s how the protocol would work.

Once you enter a website, the web browser does a data lookup to the stub resolver. The stub resolver then composes a DNS package and sends this to the recursor. The recursor will query the DNS rootserver. In turn, this rootserver will refer to other servers, until an answer is given by one of the authorative servers. In case the name does not exist, or the server does nor react, the lookup will be impossible.

When looking up the domain, one starts from the highest level — called the root. Subsequently, the system searches much more specifically. Theoretically speaking, when one looks up en.wikipedia.org, the DNS rootserver will refer to the nameservers for org.  In turn, the org server will refer to the nameservers for wikipedia.org, which will finally find the answer in the case of en.wikipedia.org .

So now Peter Sunde from The Pirate Bay, has formed a group to work on a DNS system that would not utilize a centralized root but would instead take advantage of peer-to-peer technology. The interesting thing is that they are going to build on existing technology, namely based upon BitTorrent.

The wiki for Sundes proposed free, decentralized, and open DNS system discusses the still in-progress protocol. It is clearly stated that it is BitTorrent based, which again is pronounced on the goals page.

“By creating a .p2p TLD that is distributed and that does not rely on ICANN to issue domains, or any ISP’s DNS service to resolve the domains, and by having this application mimic force-encrypted bittorrent traffic, there will be a way to start combating DNS level based censoring like the new US proposals as well as those systems in use in countries around the world including China and Iran amongst others.”

Indeed, there will be a way to start combating the censoring. But is that enough? No. Comments on a blog pointed out that if authorities cannot grab your domain name, they will grab the IP address. As a commenter noted, “they will claim the right to send a SWAT team to seize a server through asset forfeiture, or even assassinate the distributor or author of the offending information by executive order”.  The P2P based alternative will only make it more difficult to stop the flow of information, since the cost of secrecy is increased. A P2P system should be proof-of-work , such as BitCoin and HashCash for instance. These can possibly prevent DDOS attacks, since these systems require a lot of work — processing time by a computer — from the service requester (the attacker) to prove that “work was done”.

A big challenge for a P2P alternative would not only be in terms of delivering speed and performance, but also widespread adoption. Consider this idea from the respective Distributed Replublic blogpost:

“Imagine a Firefox or Chrome plugin that could turn every willing browser into both a client and server for this service (a node within such a network). Sufficient adoption (if installed by default on these browsers) could go a long way to preventing corruption or control of something so vital. Perhaps it could exist alongside the existing DNS hierarchy, to “seed” it before it acquires the necessary critical mass.”

Another interesting P2P DNS goal:

“To be able to implement with ease and re-use existing torrent libraries and code, make the network layer look and feel as much like bittorrent as possible.”

That makes me really wonder of the motives of Peter Sundes and the likes. They seem to be a bit dubious. The thing is, BitTorrent is only established within the private spheres, not in the enterprise world. With the surroundings of colleteral damage from the Internet Censorship bill and WikiLeaks, it is the perfect opportunity for them to shifting Internet architecture and replacing the hierarchical DNS by BitTorrent technology. For Sunde, it would be the chance to capitalize on that, by making BitTorrent an Internet standard.

So fixing DNS is not enough. This idea is also implied by Clay Shirky, who characterizes the Internet as a corporate sphere that tolerates public speech. Very wisely, Doc searls  elaborates on that and talks about the submissive relationship between clients and servers:

“You don’t own domain names. You rent them. You do this through a domain name registrar. Most of these are commercial entities. These sit in a domain name space that is hierarchical in nature and structure.

The Web and the DNS are also organized on the client-server model. In addition to putting site owners at the mercy of greater powers in the hierarchy, this puts users — you and me — at the mercy of the site owners. […]  Such is the law of the Web’s jungle: a system in which site owners control the rules of engagement, and provide the means as well. This is why you have to carry around a janitor’s keyring of separate logins and passwords for every different site and service with which you do business. […]  Whatever status you experience is what’s granted by site owners. You are the client. Your position is submissive. The dominant party is in charge, and there are a billion-plus of those.”

So Searls does not propose to fix the technology behind the Internet: DNS or the client-server model. However, he wants us to work on new models that don’t put us in submissive roles.

That’s and entire different discussion.

This is what David Siegler calls the Open Web movement.

So putting the user in a less submissive position can be realized in many ways, but here are the two extremes: re-architecturing Internet architecture or by completely opening up the Web. Still, the Net and the Web remain two different ends.

The solution will probably be somewhere in between: extending DNS so that it could work alongside the existing DNS hierarchy and opening up the Web as much as possible.

Leave a Reply

Your email address will not be published. Required fields are marked *