The Pirate Bay trial may currently not be going alright, but Peter Sunde, Swedish co-founder of The Pirate Bay, is already working on his next project. Surely spurred by the recent seizures of domains by Big Content the US government, Sunde has unveiled he’s working on an open, distributed alternative to ICANN’s root server.
Sunde first mentioned his intent to create an alternative to ICANN’s root servers in a message on Twitter, but before that message, he was already not particularly happy with the way ICANN handles its business. One of his domains was seized earlier, after the International Federation of the Phonographic Industry filed a complaint which was handed to ICANN, who then handed it to a “resolution handler that was consisting of mostly Ifpi“, he claims.
The idea has since gained traction, and a temporary blog has been set up, and an IRC channel created. “We haven’t organized yet, but trying to,” Sunde writes, “The background for this project is that we want the internet to be uncensored! Having a centralised system that controls our information flow is not acceptable.”
The plan comes in two stages: first, they want to create an alternative DNS root server. This is nothing new, as several alternatives to ICANN’s already exist. The second stage of the plan, however, is indeed something I think we haven’t seen before: a distributed, P2P-like DNS system. Apparently, “it’s in the making (…). It’s not advanced, it’s p2p and more secure”.
“By using existing technology for de-centralisation together with already having a crew with skilled programmers, communicators and network specialists, an alternative system is not far away,” Sunde further details, “We’re not going to re-invent the wheel, we’re going to build on existing technology as much as possible.”
It’s a very intriguing idea, but major roadblocks – certainly in the adoption department – remain. Personally, I’d sign up right away for a distributed, de-centralised DNS system beyond any individual’s or government’s control, simply because while you may have some form of very limited influence over your own government, you don’t control foreign governments. I shiver at the idea of someone like Sarah Palin gaining influence over ICANN because she becomes the next president of the US.
Isn’t she pretty, though?
The only effect from this move is that a lookup of IP address’s will fail if you access one of their domain name servers. You will still be able to access the servers if you enter their IP address directly. Business as usual, I guess.
But then you have to update your own hosts file (unless you plan on memorising IP numbers) and that may prove to be a step too far for all but the nerds.
Plus once you start having everyone manage their own hosts file, you’re basically creating a distributed DNS network like the article is driving for, only minus the auto-management that a P2P system would offer.
So it would make sense just to go all-out and automate the whole lot (in my opinion at least)
I’m probably showing my ignorance here, but isn’t there already a tangled web of 3rd party DNS servers?
Is it a case that they just get their addresses from ICANN (et al) via automated updates (for example, cron jobs)?
So assuming I understand the above correctly (which admittedly is a huge assumption!), will this method mean that instead of each 3rd party DNS server being a slave for the root DNS server, the 3rd party servers will act in (roughly) equal unison like peers on a Linux ISO torrent (to use one example)?
If so, how would they decide between valid domain name changes (eg my buying http://www.verycooldomainname .com) and invalid changes (eg phising sites wanting to redirect people from a commercial banks web site)?
This does sound like a very interesting idea though. I’m looking forward to reading more about this.
DNS is hierarchic. At the top are the root servers and below them is a tree of caching proxies that serve other caching proxies and end-users.
The technical term is “zone transfer” and it’s kind of like a cron job only a little more complex.
No, it just mean the non-root servers start asking a different set of root servers for answers. As for the P2P part, I’m not sure how they intend for that to work but peer-to-peer name services is nothing new.
Edited 2010-11-30 13:00 UTC
Interesting. Thank you
You’ll have to settle for a imaginary +1 though as I’ve already commented in this thread
beats the -1 that I apparently got
Yes, it’s a tree. However, each domain owner can run their own name server for their domain and as such be the authoritative source for that domain. The root servers will direct you to the appropriate name server from which to get the authoritative response.
So, to look up http://www.google.com, the system first queries the root server to find the owner of the ‘com’ TLD (typically one of the root servers right now); it then queries the ‘com’ TLD for information on ‘google.com’, which then returns one of Google’s Name Servers, likely ‘ns.google.com’ though it could be anything – e.g. ns1.godaddy.com, etc. This new name server is then queried for ‘www.google.com’ to get the final answer.
Yes, this typically happens all without the request originator knowing about it – it asks the DNS cache which first checks if it already knows the answer, if it does it provides the answer, if not, it does the above to get the answer which it then returns. In the course, it may be querying other DNS caches that will do the same thing.
For instance, your home computer talks with a DNS cache at the ISP, that probably talks to a DNS cache from its provider, and on up the chain.
And while it is possible to configure your own computer to talk directly to the DNS Root Servers, it’s not recommended as that could overload the root servers. However, if you want to get around a crappy ISP’s DNS Cache you can do so that way.
Or, if you’re like me, and you run your own in-house DNS Server, and have moved several times it’s just easier to setup your own DNS Cache too and have it talk directly to the DNS Root Servers.
“For instance, your home computer talks with a DNS cache at the ISP, that probably talks to a DNS cache from its provider, and on up the chain.”
Normally every provider runs their own DNS-caching servers (they are called recursors by the way).
I was only talking about something similar being created the other day with a friend as a result of the US seizure, it is good to hear that it is actually being attempted
Nice piece of news/article, shame that its ruined at the end with the political jab at some politician.
If you knew what was going on over here politically. you wouldn’t consider the jab a ruining stroke. In fact, you should fear the thought that Sara Palin might run for the US presidency. Things would suck over here, but they would also suck for the rest of the world.
Can’t be any worse than the 2 most recent presidents.
A gun toting believer in creationism who doesn’t know the difference between north and south korea, I’m thinking ‘YES, it can be worse’.
Maybe shortly after she becomes president, her intent is that there won’t be any difference…
(Seriously, if one believes Wikileaks, it sounds like China might agree…)
As long as her goal isn’t to double the debt and triple the deficit in the first term like the current president. Yes, foreign relations matter, but to me money matters more.
Yeah, Thom’s falling into a well defined thought bucket. Its really a shame for me to see. Its one thing for there to be bucket thinkers as posters, but having one as the main poster/editor is annoying.
The politicisation of technology demeans it. I avoid politics for a reason, and unfortunately I think I’m going to have to start avoiding OSAlert for awhile until he calms down, or breaks out of his mental funk bucket.
p2p dns is nothing new:
http://www.perceptric.com/blog/_archives/2009/8/13/4287059.html
http://www.p2pns.org/
Yes, the hard part as always is commitment, dedication, follow-through.
Since most of the world isn’t motivated to make a change you’d have to build a system that seamlessly integrates with the existing DNS, offers some kind of advantage and is easy to “add on” by the average power user. Eventually you may get enough uptake to phase out the old system (but eventually here is in one or two decades).
Edited 2010-11-30 14:32 UTC
If my local hosts file lacks the IP, the computer checks the primary DNS entry. If it fails to return an IP then the computer checks the secondary DNS entry; then the third entry.
Put intimate IPs in hosts file
Make local LAN dns entry 1
Make p2p dns entry 2
Make ICANN dns entry 3
I’m not sure what further DNS integration would be required unless the P2PNS protocol is going to do the DNS lookup on failure instead of relying on the existing secondary/tertiary entries.
That’s a security nightmare, if someone malicious on the p2p side decides to install an entry for, say, “bankofamerica.com” requests.
Of course, if you do no online banking or other activities where security is important, then this is a non-issue.
All that said, if you use a different TLD, like .p2p, and you run some sort of split-horizon DNS, it’s not an insurmountable problem. It takes some admin skills to do that now, but I’m sure that at least on a local client level, some enterprising individual will write software that makes it easier.
True, I’m assuming the integrity of the three systems. Malicious data is a risk to them all already so a P2P DNS would have to address the risk of fraud separately from where the query agent sits in the resolution chain.
The proposal isn’t just “Let’s set up an alternate DNS root server and have everyone use that instead but keep everything else the same” – that would work the way you describe. The proposal is “Let’s introduce a new name-resolution protocol which is fundamentally different from DNS and works in a peer-to-peer fashion.”
Hosts and dns are two separate systems. Wouldn’t p2p just be another query client in the chain? If Netbios fails then my system rolls over to tcp/ip.
You have to ask yourself “How does it work?” Why is it that hosts is checked when a name resolution is attempted? What would you need to patch on Linux to change this? What on Windows? Mac OS X?
If there is overlap between the new and old system, which there probably will be unless you want the old one to stick around forever, who decides what takes precedence in case of a conflict? It’s easy to say “However the local system is configured,” but it would be nicer to have a more sophisticated answer.
yes.. that would do it. I won’t claim to know the specific details. My uneducated guess would be a simple update for resolveconf on Linux and equivalent resolution system in other platforms. But, the details.. It’s very possible there’s a tripwire I’m missing.
Actually would be an addition to nsswitch.conf on Linux. On Windows the ‘equivalent’ is non-trivial to change. On Mac OS X I cannot say.
That’s got to be one of the more unfortunate acronyms I’ve ever seen
OMG, LOL, facepalm…
I don’t get it? What am I missing here? Tell me tell me tell me! :p
“Big Content”? Really?
Trying to blame a crackdown on the sale of counterfeit scarves on a RIAA-MPAA coalition is not only provably false, but a damnable lie and pointless FUD…
The Pirate Bay has also made it easier for indy games like The World of Goo to be pirated but don’t expect Thom to mention that in one of his crusades.
Also don’t expect him to mention that the Pirate Bay made millions off content producers of all sizes. To him it is just “us vs big content” and damn all the indy devs who get ripped off.
It’s not about big content. It’s about how copyright law is stifling art, science, and culture.
Maybe something you ought to think about, because all you give a shit about is MONEY MONEY MONEY.
How much art are you producing and do you have a family to support?
Or, on another level, about one entity — the DHS — restricting access to a web site for reasons entirely outside its bailiwick, with no notice or due process whatsoever. Whether those reasons are copyright or counterfeiting are less important IMHO.
This incident illustrates a need to rethink name resolution. The DNS faces challenges likely never envisioned when it was designed, and some of the “fixes” (at least on the security side of things) are little better than the problems.
Edited 2010-11-30 21:28 UTC
It’s not about big content. It’s about how copyright law is stifling art, science, and culture.
Maybe something you ought to think about, because all you give a shit about is MONEY MONEY MONEY.
Patents are the thing that stifles innovation, even in areas such as arts and culture. Copyright laws not even nearly that much. The truth is that people need money to make a living and thus copyright laws serve as a means of making sure one can actually do that.
I atleast am against removing copyright laws completely, I just would want them to be tuned slightly; define clearly what constitutes a fair use – case — as it is, fair use is NOT defined even nearly clearly enough! –, and make it lenient enough for people to be able to use popular songs or such in home videos without having to be afraid of their video being taken down or getting sued. And, reduce the lifetime of a copyright to a work to max. 10 years, non-renewable or -extendable.
Oh lighten up. It was a joke .
You’ll know when I’m serious about this subject, trust me.
Edited 2010-11-30 17:01 UTC
Thom, I’ve been thinking about your position on copyright law a lot, and while I understand and to an extent even agree with what you’re saying, I’m just wondering about the metrics involved.
How do you measure culture and art? To answer that question, at some point you’re going to have to assume a certain kind of system that defines them. The debates on this site seem to revolve around the “production” and “reproduction” of culture and art, but is this the only way to measure their vitality? It’s a very capitalistic way of looking at the issue: the artistic/intellectual rights fights described on OSAlert are ultimately about who controls the capital necessary for art/culture-manufacture. What about art and culture that are not manufactured? What about art and culture outside of any economic (or political) system?
Whether there can be any art or culture outside of an economic or political system is a legitimate question. Given the fact that this site stands for systemic change, however, we shouldn’t think that it’s impossible to make them into something altogether different. Copyright reform won’t replace the system that led to this situation in the first place.
What I think might need to change is what we see as art and culture. Let Big Content have “Content” and let them stifle it all they want. But the real question is: are we actually debating about Art and Culture, or are we haggling over particular art and a particular culture? If we let Big Content have their way, then Daft Punk won’t be able to make any more Fiona Apple remixes. So is this really about the Daft Punks and Fiona Apples and how we want them but can’t have them (and the concomitant point: how we want to be them but can’t), or is this about the meaning of art and culture?
The hijacked domains were done not at the root server level, those remain decentralized and unblemished. The GTLD servers, run by Verisign, are the ones doing the redirecting.
p2pDNS is an interesting idea, but I would not trust them if they are allowed to be updated anonymously without verification. Do I have to use a bank domain as an example of something I would not trust from a DNS wiki?
Totally agree, it is Verisign that did it, which handles the GTLDs .com and .net which where involved.
I wonder if PIR, which runs the .org-GTLD would also have done so. I guess could they could also go to Afilias, which handles the technical operations, but I think they would just point to PIR.
Maybe people are worried about the US putting pressure on ICANN to tamper with threroot. But the longer I think about it, I doubt ICANN really has much power over the root operaters.
There are ways of trusting anonymous p2p name resolution. One example: How many peers agree on a particular answer? It’s difficult to be 100% but you could get to a pretty good place with some careful planning. Hijacking a DNS request to an uncompromised server and returning false data is certainly doable, too.
More ways to steal movies and music!
A peer to peer domain/ip relational table, in your mind, is nothing but an additional way to infring copyright? (“infringe”.. not “steal”.. to be correct about it)
You don’t think there are any benefits beyond enabling copyright infringement? It couldn’t possibly result in a better management if domain/ip mappings? It couldn’t possibly have humanitarian benefits in oppressed societies?
From the other side; how would it create a new way to “steal stuff”? What does this add that did not exist before? You mean criminals couldn’t remember IP addresses or use hosts files before? An IP address automatically becomes unusable when the domain name is unbound from it?
If it was really about “protecting the children” and stopping “thems eveeil p1rahax0rses” wouldn’t the proper approach be a real security mechanism like disabling there network feed (given valid court order) rather than an ultimately ineffective obscurity trick like hiding the Domain/IP DNS entry?
Think of it more like “Oh good, another way to be free of a central authority.” What you do with that freedom is up to you.
He wont have these great ideas after he comes out
Edited 2010-12-01 00:51 UTC
…even if something like this were possible, the communications companies who own the cable, wires, towers, etc. would still be influenced by gov’t’s and big business.
[edit]
In short… infrastructure… who controls it?
Edited 2010-12-01 05:01 UTC
Spoofing is why most core servers are now have signed internlinks.
Problem is if everyone is providing there own DNS entries how can you know who is above board and who is not.
P2P DNS has always failed here.
Its only a matter of time before goverments move the next step.
The effect is if copyright infringes win the internet will become less safe more likely to get your machine virus infected. Because you need bodys in countries to do the allocations to only above board people.
Sorry copy right infringement is not above board thing.
The only thing this is about is stealing stuff or trying to promote stolen stuff.
Why don’t you people get more honest?
I’ve lurked on this site for years. Have enjoyed much of the content, and the comments are usually great entertainment.
And I miss Eugenia.
But I have had enough of Thom and his trashing of the US. Sure, the US government does some pretty effed up things, but so do many other governments.
The site is supposed to be about OS News, not politics.
If Thom insists on injecting his political beliefs into every article, more and more users will punch out. Zealotry does nothing more than to discredit your platform.
I no longer see this site as a place to get unbiased computer news, and will move on.
Sure, I don’t pay for the content, so it’s no skin off their noses.
But I have to believe that I’m not the only one tired of having other’s beliefs force fed down my throat.
See ya!
Non-ICANN Domain names are already available at http://dashworlds.com
New DASHCOM domains can now be registered totally free (Includes option to create your own TLDs)
Examples of new domains:
business-com
travel-net
happy-birthday
thank-you
(DASHCOM domains also offers ISP link in options)