- I did not say the DNS is not useful. I said it has design flaws, and
I named some of them. These flaws are examples of what NOT to do
with IP.
DNS does have design flaws, but I don't think you've identified any of them.
- A service that maps names of local resources to distant addresses
is a local problem.
whatever. mapping local resources onto distant addresses is not a problem
that a lot of people are interested in solving. if DNS cannot do this
well, it's hardly DNS's fault - that's not the purpose for which it was
designed.
But the DNS is not a magic wand either, besides its design flaws.
I agree that DNS is not sutable for every conceivable purpose. For
example, DNS is not suitable as a means for mapping service names
to connection endpoints within distributed applications.
- I do not think the DNS can be phased out any time soon, or foreseeable.
- However, one must ask what comes after DNS -- because something will.
I fully expect this "something" to interoperate with DNS.
I think there might be multiple somethings - both successors to DNS
(that provide the same function, probably supporting the same query
protocol for backward compatibility) and other lookup services that
map names (say common names, as in CNRP) to service locations.
(in some of the early work I did on URN resolution systems I discovered
that the resolution system really needed to return the IP addresses
of the resource locations that it found, and not just the URLs of
those resources - otherwise the entire system slowed to a crawl.)
- The same arguments apply to IP -- what comes after IPv4, IPv6? Something
will, and I expect they all to interoperate. NATs help.
NATs (specifically NAT-PTs) do help interoperate between IPv4 and IPv6.
If one end only speaks IPv4 and the other end only speaks IPv6, NATs
are the only way to get them connected. However this approach still has
the problems common to all NATs. It's not a general solution, it's just
the best that can be doen.
- I think ICANN is a mistaken way to solve a non-existing problem. The
non-existing problem is how to govern the Internet. The mistaken way is
by central control.
You obviously don't understand ICANN's intent or function, but it's not
to govern the Internet. You also don't understand just how little power
ICANN has.
- The Internet depends on the DNS, it should be the other way around.
Further, this dependence creates an "ideal" control handle, which is
useful for some that do want to unduly control many aspects of the
Internet for their special interests -- and to their detriment,
paradoxically.
The URN group spent a lot of time thinking about how to administer
a centralized namespace with minimal potential for control. A
system like DNS which has multiple root servers, a federated name
space, with lookup also federated along delegation boundaries,
is nearly ideal - it gives the roots the minimum degree of control.
Other systems that relied on centralized lookup or which delegated
lookups via other means (say using a hash of the name) were much
more vulnerable to this kind of exploit. Which is not to say that
there's no risk, but that the DNS structure minimizes the risk
to the extent that we know how to do it.
Moreover, having a organization like ICANN - i.e. one which has no other
function besides administering top-level name and number assignments -
in charge of the roots, seems far preferable to having either
a government or a commercial organization in charge of the roots.
The latter two are far more of a threat to Internet users than ICANN.
The biggest danger associated with ICANN is mission creep - because
they are centralized people are constantly tempted to saddle them with
other aspects of "internet governance" that seem to demand centralization.
I hope that ICANN will discourage and be discouraged from taking on
such roles. Only time will tell.
If a technical system can be designed that would negate such a handle
to all, this would be intrinsically fair and defuse much of the "problems"
we have with DNS and its control (ICANN).
Perhaps. But nobody has found a way to do this that (a) prevents naming
conflicts and (b) makes lookups of those names visible to the entire
Internet. Both of these are desirable features of the current DNS system.
I agree that it should be possible to build other kinds of lookup systems,
but it's hard to solve the problem that DNS tries to solve without having
at least a minimal root.
- The IETF abhors liability. However, its actions have defined the DNS,
its flaws, helped shape ICANN, its flaws, and are now trying to shape IP,
and its flaws. It is time we all think a bit about the highly leveraged
game being played here, with near 800 million Internet users.
Be assured that it *is* being thought about and has been for several years.
ICANN is the best we could do under the circumstances, given the size of
some of the gorillas involved. If you want to get rid of ICANN, think
about who is likely to take its place if they go under, and see if you
really think the Internet would be better off.
As you realize, DNS is going to be around for a long time, it's going
to have a root, and someone is going to be controlling that root.
Who is most likely to do so fairly?
MIME's rule of
requiring the least and accepting the most is the best impedance matching
rule we can have, IMO, to allow different systems to interface.
Actually, that's a good analogy. DNS requires the least - a minimal root,
and delegates the vast majority of lookups and assignments to others.
Keith