What DNS is.
A response to Paul Vixie in ACM
(http://queue.acm.org/detail.cfm?id=1647302).


Authors background
The author is well known in Internet and DNS circles for the creation, deployment and maintenance of alternative root servers and alternative top level domains in the mid 1990s.

Saint Paul of Killjoy

Paul Vixie and I have in common, very good and old friend, Brian K. Reid.Paul and I have been exchanging friendly barbs on the net since the mid 1980s when Brian handed the keys to DECVAX one day so that Paul could take over administration of Usenet.

Paul's attitiude was that is he could get rid of the talk.* hierarchy he would, it was a waste, an introduction to me of what would become a career for Paul as my patron saint of killing joy on the Internet. Keep in mind though that Brian wrote the check from Digital that paid Paul to take the Berkeley B code tree and make it into a professional product - BIND around 1986 or 7. We've all grown old arguing about this crap.

On the other hand Paul is an honorable man even if we don't share the same idea of fun. ISC is also the repository of the official list of newsgroup names, many of those I had something to do with the creation of, even at the top level. So it's always felt odd to me that some name-spaces I've had a hand in (Usenet) can be so very different from others (DNS).

But is it glorious?

DNS (Domain Name System) is a hierarchical, distributed, autonomous, reliable database. The first and only of its kind, it offers realtime performance levels to a global audience with global contributors. Every TCP/IP traffic flow including every World Wide Web page view begins with at least one DNS transaction. DNS is, in a word, glorious.

Paul, you're demented. It's not "glorious" DNS is "a convenience". Life as we know it would not end if 199.166.24.1 was the base of all my URLs and not something else.

We both just look a little foolish if after working on this crap for decades an address such as "http://199.166.24.1/images/aquatic/borneo/sarawak/cryptocoryne/fusca/serang-river begins with some incomprehensible-to-many-people number.

Glorious value-add or essential service? This is how we find each others computers on this network of networks and apparently it's the only one and apparently after 23 years there are still "issues".

Selling Lies? Which Ones?

To underline our understanding of what DNS is, we must differentiate it from what it is not. The Internet economy rewards unlimited creativity in the monetization of human action, and fairly often this takes the form of some kind of intermediation. For DNS, monetized intermediation means lying. The innovators who bring us such monetized intermediation do not call what they sell "lies," but in this case it walks like a duck and quacks like one, too.

What the hell kid of weasel words are these? Are you attacking ICANN for taking tens of millions of dollars a year to administer the list of top level domains, a part time task the IANA, AKA Jon Postel did for 15K as a "part time task"?

Are you taking ICANN to task for spending a decade and probably close to a billion dollars by now not to mention how much of peoples time has been wasted. An entire generation of net users have sprung up waiting for "a process" to be figured out how to create a tld.

Or are you still railing at .COM oversight, if so, why, you get what you negotiate and you of all people should know that. Or are you commenting on the "registry registrar" industry that could be replaced by google as an app overnight. Of course if I sat in the hotspot of having my software ship and by virtue of the numbers it ships with in one file, made certain other numbers valuable as sold by another of my organizations I'd be cautious too.

DNS Tricks. Stupid and Otherwise

Not all misuses of DNS take the form of lying. Another frequently seen abuse is to treat DNS as a directory system, which it is not. In a directory system one can ask approximate questions and get approximate answers. Think of a printed telephone white pages directory here: users often find what they want in the printed directory not by knowing exactly what the listing is but by starting with a guess or a general idea. DNS has nothing like that: all questions and all answers are exact. But DNS has at least two mechanisms that can be misused to support approximate matching at some considerable cost to everybody else, and a lot of that goes on.

1987 called and wants its argument back.

When looked as a while, then absolutely, the DNS is not a directory system. It's an ad hoc collection of distributed database records with the most loose of order at one level, the top level.

But, while it is not a directory system does not mean it cannot be used as one, for at least one instantiation without that implying all of DNS is a directory system.

That is, it isn't, but it can be, without bothering anybody else. You don't have to use it, but other people might. I'm quick to question any opinion that prevents somebody from innovating something in the DNS especially in light of the NSF's original interest directory systems during their tenure of aegis over the DNS.

As for DNSSEC and NXDOMAIN. Yeah, good luck with that.