“There is not anything in the Web design that inhibits the development of alternate ways to map identifiers into IP addresses. Alternative domain name origins produce a prima facie risk since identical names may map to various IP addresses and so distinct servers. …
A variation of the danger has appeared in a current job called YETI that intends strip the digital signature from the zone to import the root zone of the DNS that’s managed by ICANN and resign using a YETI key. It does, in effect, do just that, while its proponents claim it is not meant to supply an alternative origin. Although its ostensible goal will be to investigate limits to root server performance and functionality, it’s possible to introduce an alternative origin.”
Had this text appeared under a august letterhead, or signed by writers that are competent, there would not be any cause for alarm. As one of three coordinators for the Yeti DNS job, this feels a little like I am in big trouble now. Thus, let us discuss the issue. Note that I ‘m just one of several Yeti DNS coordinators, and I am speaking personally rather than formally here. I’m also a part of Cogent Communications’ Croot team, but it is safe to say that Cogent would disavow the following ravings as being not related to their corporate communications.
Yet, not all alternative origins are made equal. I ‘ve saw many efforts to fork the IANA name space and provide non-normal top level domains to changing, sometimes international, crowds. Every such effort has failed. Regularly public ridicule was followed by that failure by me. I believe alternative origins of the “name space branch” assortment are a horrible thought for the worldwide Internet, although I understand the demand for this particular type of name space augmentation inside many business networks.
So, yes, technically speaking, Yeti DNS not only has the capacity to introduce an “alternative root”, it’s, actually, an alternative origin. Nevertheless, it’s not a name space branch, and cannot become such. Yeti DNS isn’t the first experimental “alternate origin DNS” system I’ve proposed. In 2005, while I was an associate of the ISC F-Origin team, and following a decade plus a half of preserving BIND, which at the time was the most famous open source implementation of DNS, I proposed to ICANN that they create an alternative origin zone. My suggestion wasn’t uptaken, despite the fact that it called for the United States Department of Commerce, and the present root name server operators, and ICANN, to continue within their present jobs.
However, world-wide scale experimenting in root name server technology stays a valid issue for network science. The operators of the Yeti DNS root name servers all understand this. The experimenters and hobbyists who intentionally choose Yeti-DNS their origin DNS lookup to be handled by root name servers need to understand this. If our position shifted, the entire job would burst. We’re marching forward into this dangerous ground because there is things if root name service was only accessible by IPv6, we should understand, like what? Or, what if we rolled the origin zone signing key extremely regularly? Or, what if we rolled the origin key signing key? All these aren’t things you could learn in a test laboratory. And they’re not matters that we can manage to analyze utilizing the live creation DNS root name server system.
So, does this mean that Yeti DNS could, as the World Economic Forum white paper indicates, “introduce an alternative origin”? That depends on that which we mean by “alternative”. Yeti-DNS everybody is observing everybody else to see if name space piracy is in any heart, and works in a fish bowl surroundings where everything that occurs is clear.
Much more precariously in my opinion, Yeti DNS supplies a precise pattern for someone besides IANA would go about building an alternative origin. And in that sense, the reply is the fact that indirectly, Yeti DNS could create the introduction of alternative origins that do in fact mean name space piracy. There is a common and valid demand for this particular type of the instruction manual, as well as alternative root name service within big business and tools to support this do not actually exist yet, particularly in a DNSSEC surroundings.