IP: Proposal for a DNS market infrastructure

[Dave Farber <farber () central cis upenn edu>]

To: farber () central cis upenn edu (David Farber)
Cc: interesting-people () eff org (interesting-people mailing list) and many others
Date: Tue, 19 Sep 1995 05:01:36 -0700
From: John Gilmore <gnu () toad com>


The only real problem with the DNS fee imposition is the lack of a market.


I propose that ISOC grant, to anyone who will run a publicly
accessible top-level domain server meeting particular criteria,
the right to merge domain entries into a shared top-level database.
And to charge their users whatever the traffic will bear for the
domain entries that they insert.  And that ISOC urge its members and
all Internet users to switch to using these root DNS servers.


I believe that the technical problems of such a change are easily
handled.  And the resulting market system, in both technical and
nontechnical aspects, is much more robust and cost-effective than a
monopoly provider.


Coordinating updates to the .com domain should be relatively
straightforward.  Each company's public server would serve the entire
.com domain.  They would also operate a private registration database
which would hold the subset of the domain that they are sponsoring.
Periodically, the private registration information is made accessible
to all the other root servers, these databases are merged, and the
result becomes the new entire .com domain which each company serves.


If a root DNS update occurs every three days, each of the ten
companies can avoid 99.8% of name conflicts by simply checking
potential new registrations against their own root DNS server.  Only
if the same name gets registered by two different folks into two
different DNS companies in the same three-day period, will there be a
problem -- and it's detected at the next three-day merge.  Then a
simple first-one-gets-it algorithm, based on exactly when each DNS
company issued the name, will resolve the conflict.  It just has to be
clear that a domain registration isn't over until the fat lady merges,
so the later registrants won't be misled into thinking that getting
into their vendor's private database gives them any right to the name.
(This will encourage people to register names with particularly speedy
and responsive DNS vendors!  I also guess that once the market gets to
work on DNS service, the three-day lag can also be shrunk to a day or
less.)


The DNS companies would each make their own company's data accessible
to each other (and the public) via FTP, in a documented format.  Each
root DNS server can then do an independent merge of the databases,
using copylefted free software available to all vendors (and the
public).  Different DNS companies could then checksum their merged
databases against each other, and give themselves an hour or two to
manually resolve any discrepancies, before posting them simultaneously
as the new three-day root domains.  Short-term failures would be
handled by having the merge process simply use yesterday's database
from a DNS company if it is impossible to fetch today's.  This design
would result in no dependence on a single physical or organizational
point of failure.


If the ISOC would adopt such a scheme, I would personally finance the
building of the free software required for the merging.  Further
maintenance of the software would be done, or paid for, by its users
(the DNS vendors).  Though the software itself is a potential point
of failure, it is available for public scrutiny, and can be maintained
independently by many different parties if they desire to do so.


Legal liability for any DNS action would logically reside with the
entity that originally provided the DNS record.  Of course there's no
guarantee that a judge would agree, but by making the rules
sufficiently simple and unbiased we can make it more likely, reducing
the risks to ISOC and to all other DNS companies.  Companies can judge
the risk themselves, and adjust their fees to match (initially, and
after some case law develops).  It shouldn't take 30% of revenues to
feed the lawyers!


ISOC could define and periodically update the criteria for being a
root domain server (responsiveness, uptime, bandwidth, etc), and sign
a short contract with each such server.  The rules would be enforced
in practice by peer pressure from the other root domain servers; the
contract would require that every other root server delete a failing
vendor's NS records for poor performance, e.g. if Microsoft's DNS
service refused to merge in domain registrations from Novell's DNS
service, or if EFF's DNS server dropped too many queries for an
extended period.  If the whole lot of DNS companies colludes to change
the rules, and the users don't like the result, we the users would
have to rise up again (like we're doing now) and take matters into our
own hands again.  Viva la revolucion!


Technically it's not a hard problem to provide a plurality of domain
name issuers.  The problem is that the current monopoly provider is
trying to consolidate their monopoly before we get around to it.
Shall we do it anyway?


        John Gilmore


PS: Even if Network Solutions won't go along with this, and won't
provide updates of their database, they will have to continue
answering DNS queries, until their contract with NSF runs out.  We can
always have our new 'root-servers' forward queries for any unknown
names to Network Solutions, for the two or three years that they still
exist.  As they cut off existing domain name users for non-payment and
drop them from their server, those users will have to pay a
non-monopoly price to a non-monopoly vendor in order to be in the new
"real" root DNS system.  Of course, if NS will provide their database
in a mergeable form, then the other vendors can merge it into the new
root servers and avoid forwarding DNS queries, even if NS won't take
changes *back*.


PPS: The ultimate power here is in the hands of the individual
sysadmins who determine what root server(s) their DNS server trusts.
However, intermediate power is owned by the operators of the existing
root DNS servers, who are already trusted by many DNS users.  I note
that NS has renamed these servers with anonymous names
(I.ROOT-SERVERS.NET) rather than their original names, which
identified the organizations who provide them (NIC.NORDU.NET).  If any
of these server operators were to endorse and then implement a market
scheme, such as this one, a significant part of the net would
automatically come with them.