acm-header
Sign In

Communications of the ACM

Communications of the ACM

Viewpoint: Fixing a Flawed Domain Name System


The way we use the domain name system today is fundamentally flawed. As a result, ICANN's primary mission is broken beyond redemption, and arguments about the details of its proposals amount to rearranging the deck chairs on the Titanic. We must not allow such quibbling to distract us from the more important goal of replacing an inequitable and dangerous system with one that will better serve us.

The domain name system was initially conceived as a tree-structured, hierarchical naming scheme primarily designed to map host names into IP addresses. At the time, it seemed a reasonably elegant solution to the problem of keeping a potentially large database of mappings up-to-date and robustly available worldwide, while allowing delegation of the authority for creating and maintaining these mappings to the individual entities responsible for the hosts being named.

This was a wonderful idea in a world of academia, nonprofits, and gentlemen's agreements. But it's becoming obvious that in the real world of money, greed, scoundrels, lawyers, and intellectual property land grabs, it really isn't a very good system at all. In fact, it's awful.

Back to Top

What's Broken?

Intellectual property. Companies struggle to establish branding in the real world and are loathe to give it up on the Web. This means they are highly motivated to grab, and hold, any domain name that seems related to them. As a result, many companies have grabbed every possible domain name (for example, coke.com, coke.net, coke.org) regardless of the original intent of the different top-level domains. They have also grabbed similar names in other countries' registration systems, and have often very aggressively prosecuted others who appear to have already grabbed names they desire. Many have also grabbed every possible permutation of every product they sell or might sell in the future; many large companies have hundreds of domain names, most completely inactive, just to keep someone else from acquiring them.

There are countless bad examples, most of which never make the press in the first place. Additionally, such land grabs lead to very rapid exhaustion of the DNS namespace. For example, the dominant registrar, NSI, encourages everyone to grab three domain names at once (.com, .net, .org), and why not? NSI will make three times as much money registering them. Finally, the land-grab mentality has led to preemptive grabs of just about every single word in the English language (see www.selfpromotion. com/domainfun.t), mostly by squatters hoping to sell those names to the highest bidder.

The current situation is encouraging land grabs for two reasons:

  • In the absence of a trademark dispute, the first-comer gets everything—regardless of whether that first-comer is buying one name or half of the English language.
  • In the presence of a trademark dispute, whoever isn't the large company loses instantly and with virtually no chance for a realistic appeal, regardless of how long the name has been held, whether the name was acquired in good faith or not, and so forth. ICANN's current dispute-resolution procedure, and WIPO's proposed rulemaking, similarly favor large corporate interests, understandable given that both have been subject to the sort of regulatory capture that has occurred in many other industries.

The land-grab mentality has lead to preemptive grabs of just about every single word in the English language, mostly by squatters hoping to sell those names to the highest bidder.


So we have a situation in which everyone is suing everyone else, the address space has been exhausted in a very short amount of time, and nobody is having any fun.

Political chokepoint. The DNS is currently serving as one of the most important political pinch-points on the Web because it gives those with an axe to grind a central place to exert political pressure. If what comes out of your domain is sufficiently unpopular with the local government, it can probably arrange to get your domain-name mapping yanked. Furthermore, it gives unwarranted authority to domain-name registrars to dictate what a name may be. For example, NSI has been historically arbitrary and capricious about whether or not to register "obscene" names, and whether to allow names longer than 25 characters (the DNS technically supports 256), among others.

Little guys. Despite all this, what happens when you're trying to find the Acme hardware store just down the street? Unless the store is affiliated with a national brand, and unless it has a store locator, you'll never figure out its domain name. There are just too many other Acmes, and no obvious way to pick out the one you want. If you actually want to use geographical information to help find a local entity, the situation can be grim, even if the site you're looking for mentions its location on its Web page. A few search engines can sometimes help, but for the average end user, the domain might as well not exist. Even search engines are limited; they can't cover the entire Web. They're months behind; most users cannot use them effectively, and often what's sought is an email address or some other service that is not a Web page and hence not indexed by a search engine.

Anonymity. Sometimes it's necessary to say things anonymously. The authors of the Federalist Papers, back around the time of the U.S. Revolution, published many of their political tracts anonymously. Yet domain names, by virtue of their hierarchical arrangement, are easily traceable back to someone higher in the tree who is, by definition, responsible for the delegation farther down the tree—and who can often be pressured to revoke the delegation, therefore effectively seizing control of the domain name and shutting it down. Thus, it's essentially impossible to protect a domain name from retribution while simultaneously advertising its existence to potential correspondents.

Hence, freedom of expression has been greatly compromised by the existing DNS. Being unable to publish anonymously online means the online world has deprived people of a right that has been repeatedly upheld by courts in the real world in the U.S. and elsewhere. The vulnerability of the DNS to political manipulation—plus the ease with which packet flows may be traced—is driving a number of technical attempts to publish anonymously (FreeNet et al.), and to distribute resources against attacks (Napster, Gnutella, et al.).

Back to Top

A Modest Proposal

So how do we fix these problems? Easy. Start over, gradually supplanting the existing DNS with an alternative system, and wait for the DNS to wither in importance. Okay, maybe not so easy.

The fundamentally anarchic polity that influenced the early design of the Internet is, alas, fundamentally incompatible with any global namespace. Why is this so? Because global namespaces require enforcement against duplication. So the first principle of a new naming system is to permit duplication of names. This is, after all, how names in the real world operate—very few people or businesses have globally unique names. Instead, they are disambiguated locally, using several methods (geography, profession [for people] or market segment [for businesses]), while remaining globally ambiguous.

If we do this, the hierarchy that is fundamental to the old DNS—established precisely so that searches were fast and duplication was impossible—is no longer strictly necessary. So get rid of it. Instead, design a name system that encourages this proliferation of names. Resolution of conflicts becomes important, as well as the principle that some names won't be resolvable. This principle of irresolution is in fact the main privacy protection in such a system. This kind of naming system must fundamentally support private name systems.

Such a system, inconceivable in the resource-limited world of mid-1980s computers, now seems achievable. The most important problems are unlikely to be technical, but rather sociological and political: how will people readapt to a world in which names on the network, just like names in real life, are no longer automatically guaranteed unique? The major stakeholders will fight to the death—the squatters who have invested in thousands of names, the major corporations, the registrars that expect an infinite stream of money from registrations. How may they be appeased or circumvented?

Back to Top

Going Forward

In April 2000, I chaired an all-day workshop—the first of its kind—at the Computers, Freedom, and Privacy conference that addressed this topic. Three-dozen influential systems designers, implementors, usability experts, and attorneys participated, amongst a standing-room audience of more than 120 people. You can help. Start with the results of the workshop (see www.cfp2000.org/workshop/materials), read the details of the proposal suggested and how the workshop participants handled it, and get involved.

Back to Top

Author

Lenny Foner ([email protected]) recently received his Ph.D from the Software Agents group of the MIT Media Lab.


©2001 ACM  0002-0782/01/0100  $5.00

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. To copy otherwise, to republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee.

The Digital Library is published by the Association for Computing Machinery. Copyright © 2001 ACM, Inc.


 

No entries found

Sign In for Full Access
» Forgot Password? » Create an ACM Web Account
Article Contents: