Dispute over DNS Grows into Standoff Pitting US Gov't. & Part of Commercial Industry Against Internet Society Sponsored IAHC Plan, IANA, and Network Solutions
Part I Internet Governance Has Not Matured at Same Pace as Infrastructure
A year ago the DNS debate was beginning to turn into warfare. The International Internet Ad Hoc Committee on DNS was about to be launched. The various other folk whom some were beginning to call the DNS "pirates" had put their operations into high gear. These developments carried on through January of this year when IAHC finalized its plans and a coalition of various interests emerged determined to derail IAHC by whatever means necessary.
Once the White House became involved in February with the creation of the InterAgency Task Force on DNS, things got very messy very fast. The National Science Foundation has been well aware for more than a year that the parallel structure for the allocation of IP numbers in the Americas had to be disconnected from Network Solutions handling of DNS before the end of government involvement with the NSF - NSI Cooperative Agreement. IP number allocation issues in the rest of the world were handled by membership based organizations. It seemed reasonable to NSF that the Americas catch up to the rest of the world in this respect.
Through out the winter the NSF worked diligently towards this end only to have the White House intercede and overturn all it plans on March 3. Unfortunately the White House action meant that federal bureaucrats who, more often than not, had only a limited knowledge of the Internet were now making policy that would determine the fate of some key elements of Internet governance.The formation of the American Registry for Internet Numbers was an inadvertent casualty of the White House action. Unfortunately it was only a couple of weeks before the "feds" decided that they would "fix" IP as well as DNS. As a result the announcement of ARIN, instead of happening on March 18, occurred only on June 24.
In the meantime nothing was being done about the institutionalization of the authority functions of the Internet Assigned Numbers Authority. From a governance point of view IANA is the single most critical piece of Internet Infrastructure. Unfortunately the federal agencies involved were far more interested in pursuing their own agendas than in trying to understand why those who really new the workings of the net have talked for more than a year about the need to institutionalize the IANA. These people saw the need to shift the burdens of sole control from the shoulders of Jon Postel, who, as a single widely-trusted person was ill equipped to deal with the economic and legal pressures of a commercialized network that was in the midst of becoming a critical piece of communications infrastructure for governments and global corporations.
Without understanding a complicated nexus of relationships, American policy makers were refashioning the DNS "piston" of the Internet engine with no awareness of its linkage to IP and the linkage of both to the IANA. The situation is messy because, while the IANA was the implementor of the IAHC process that threatens the livelihood of Network Solution's control of the .com top level domain name, IANA also depends on NSI to run the key data bases that feed the DNS root servers and to fund the start up expenses for ARIN. Operationally Network Solutions is subordinate to IANA, which, at the same time, found itself loosing its operational funding and becoming the subject of legal attacks. To complicate things further IANA, through the IAHC process, is firmly allied with ISOC and some believe with ITU - an alliance that is generally unpopular within the commercial Internet community and one of the major reasons why the majority of that community is believed to favor the US government intervention. Although Glen Schlarmann and Brian Kahin are the titular co chairs of the Federal review effort, Ira Magaziner calls the ultimate shots from the White House and on June 18th, having come up to speed on the issues interceded with the Inter Agency DNS Task Force and ordered the formation of ARIN. However, the forces at play now go well beyond ARIN.
The foundation of Internet governance has become a very rickety pedestal on which are balanced the conflicting interests of IANA, the Registries, the US government, Network Solutions, IAHC, the ITU and others. Regrettably Postel and the US government may be on that collision course over the issue of putting new top level domains in the root servers. Even more regrettable is as the struggle over DNS continues, no one is addressing immediate shortcomings in the IANA procedures. The Federal Interagency Task Force has an IANA task force. While we have not been able to ascertain what the IANA task force is doing, we have been told that there is very close to a total dearth of sound technical knowledge at work
The continuing DNS disputes would seem to be intractable. Certainly NSI and IANA/IAHC have few common interests. The US government has not yet figured out a course of action. Whatever the "feds" do, it will likely be opposed to the interests of both IANA/IAHC and NSI. Some people believe the U.S. government will simply try to buy time by extending the life of the cooperative agreement so that it can at least continue to control NSI. The problem is that such a course of action may not have any affect on whether Jon Postel moves root to Europe. It is very difficult for us to see how the "feds" could do anything to prevent this from happening. If so control of NSI will be worth very little.
Not fully certain of the range of tools at the command of the White House, we concluded that one outcome might be that pressures would rapidly grow on the feds to try to regulate the Internet. Of course the idea that any nation can regulate the international entity that is the internet seems quite strange for the issue of porous national borders seems far more real for the internet than for the telephony industry.
When we asked Tony Rutkowski whether he thought any of the current pressures would lead to any regulatory attempt. He replied that if we meant by regulation, increased government involvement in the net, that such increased involvement would likely come in the critical infrastructures area. There is a critical infrastructures group under the White House that is looking at the reliability and robustness and security of the internet. In effect the NSTAC (National security Telecommunications Advisory Committee) is being extended to into the internet area. NSTAC is basically made up of representatives of all the telcos meeting under a federal government aegis to deal with issues of robustness and security and what happens in times of national emergency. The purpose is to focus on what it takes to maintain the functions of the network under various fault conditions. It often involves contingency planning.
He foresees the most likely denouement of the current governance issues as being actions taken by the private sector companies to keep DNS working and IP numbers allocated. The operators of the interconnected telephony networks keep those functioning with very little government assistance of any kind. He says that the role of government is to provide the parties with an appellate route in case things go very wrong and with antitrust protection - two very important considerations. [Editor: We are not sure that we are comfortable with these ideas.]
Few people would claim to know exactly what might happen in the event of a decision to move management of the root zone or "dot" domain from Network Solutions to some other location in this country or Europe. We want very carefully to state that we are not advocating such a move.
We also want to outline the various components of the DNS root server infrastructure and assess which people control them in an effort, not to make such a move more or less likely, but to help those involved in making the policy decisions become better aware of the range of results their policies could trigger. Certainly, from what we have been able to ascertain, the Federal Interagency Task Force is operating without any adequate understanding of the operation and technical impact of its decisions and therefore needs what help it can get.
Network Solutions runs A.ROOT-SERVERS.NET with an IP Address: 198.41.0.4 and J.ROOT-SERVERS.NET with the IP Address: 198.41.0.10. It also runs the 'dot' machine known as ROOT-SERVERS.NET (198.41.0.5). This is the machine responsible for the root zone that is also known as "dot". "Dot" is the ultimate master index for DNS (meaning that all root machines take their lead from it as to what the TLDs are and where the master zone file is for each TLD). Currently IANA is the Administrative Contact for the machine and Mark Kosters of Network Solutions the Technical Contact. According to standard operating procedure, the technical contact is obligated to follow the orders of the Administrative contact. In imagining an order to move the root zone, what could be significant here is that such an order would be detrimental to the interests of Network Solutions, the employer of Mark Kosters, the Technical Contact. Nevertheless, we are told that IANA (Jon Postel) has the ability to use the network to make software changes on this machine regardless of what Mark Kosters does or doesn't do. Let's assume then that IANA makes the move.
In such a case, in order for the root servers to be able to find the new root zone, changes would have to be made at the top level of .net. Now "dot" net takes its authority from the a.root-server at NSI. Mark Kosters is the Technical and Administrative Contact for this machine. To make a change in the location of the root zone take operational effect, Mark would have to make appropriate changes to entries in the a.root-server. If this did not happen the other .net root servers wouldn't know how to find the location of the new root zone machine.
At this point in our hypothetical scenario Kosters and his management would have to make some major decisions. A changed root zone location would ensure that IANA and IAHC could enter their seven new gTLDs into the root servers with ease. All the root servers would presumably continue pick up NSI's gTLDs, while NSI would have to voluntarily accept the loss of one of its major assets.
Let's ask what could happen if NSI declined to make the changes in .net? At that point IANA would either have to back down, or go to war against NSI. If IANA did not back down, its only choice would be to go public and explaining the situation in a post to the Internet, give the location information for the new root zone and ask all DNS operators to update the root.cache files on their machines immediately. We are talking well over a million DNS machines for the Internet. Therefore this is not a small task. We have however spoken to several people and all agree that a "herd" mentality could be counted on that would result in the change of root.cache files for the root servers immediately, for the major backbones over night, for 90% of the net within 48 hours and for the remaining 10% in the next two weeks.
Such an action on NSI's part however would be regarded as "treason" against the best interests of the Internet as a whole. It would confirm in everyone's mind the mistrust that already exists - rendering NSI as a rogue and outcast. It would likely justify, in the minds of many, NSI's servers as a 'legitimate' objects for physical attacks by means of the network. Because of the overwhelming importance of .com to the rest of the commercial Internet, it is not likely that serious commercial service providers would attempt to ever think of any boycott of .com. But such NSI action would increase the pressure to find a way to divest NSI of control of .com. Thus, although NSI would have to cooperate for a move of the root zone to be easily brought about, the consequences of its failing to cooperate would impact NSI so negatively that it is hard to imagine that NSI would resist.
Resistance by the US government to a change of the root zone would be equally problematic. A "whois" on root-servers.net shows four machines: RS0.INTERNIC.NET (198.41.0.5), GW.HOME.VIX.COM (192.5.5.1), NS.RIPE.NET (193.0.0.193) NS.ISI.EDU (128.9.128.127). These four machines keep uniform copies of the root zone on them at all times. Moving root zone would mean, we believe, moving the administration of the root zone files from NSI in Virginia to one of the other three locations. NS.ISI.EDU is a machine at IANA headquarters. GW.HOME.VIX.COM belongs to Vixie Enterprises which is run by Paul Vixie, the author of the BIND software that implements DNS. Vixie is an out-spokenly loyal follower of IANA. NS.RIPE.NET is at RIPE headquarters in Europe. Readers will remember that it was at the recent RIPE meeting where RIPE and APNIC, in the absence of continued US funds for IANA, pledged money to support IANA. Our conclusion from the questions that we have asked is that IANA could move root zone administration to any other these other machines, which are themselves not root server machines, and in so doing further decentralize the DNS system - rendering changes instituted by a single party far more difficult.
We can imagine the US government, by means of the National Science Foundation, ordering NSI not to permit new gTLDs in the root servers. But in such a case, if the administration of the root zone is no longer in NSI's hands, such a move is rendered effectively moot. (Ironically the June 97 order from NSF to NSI not to add new gTLDs, could become the primary cause for a shift by IANA of root zone administration away from NSI.)
Now it has also been suggested that the US government could forbid US root server operators to point to a new root zone machine in Europe. Let's suppose this happened. In the initial look ups, DNS queries to government restricted root servers not finding, say a few months from now, a new IAHC top level domain, would automatically bounce to the other root servers until they wound up hitting a root server loyal to Postel's administration and containing the new gTLD. Unless the US government tried to physically cut of the United States from the rest of the world wide Internet - something impossible to imagine - the survivability design for the Internet has indeed created something that the US government can cajole but not control. This is an outcome that we find to be exceptionally welcome.
In very recent discussions with a number of individuals we came upon a new way of looking at the DNS problem.. The DNS wars can be seen not so much as wars over Domain Names but as wars over the power that comes from control of the internet. The IAHC process could be looked at as a way to preserve power at a global level for the buggy whip makers - those entities like WIPO and ITU whose interests are threatened by and antithetical to the interests of the Internet. Telephone companies in the case of the ITU, which for the last century have used the ITU to get into bed with national governments creating the national PTTs whose monopolies are only now going beginning to fall. Then there follow intellectual property and trademark entities. The unfettered functioning of the internet will make it much harder to protect their standard sources of income. Now if you ask what reason the IAHC has for bringing these international regulatory bodies into play in the field of internet governance, it is the because existence of top level domain names that transcend national boundaries. Get rid of top level domains including .com by placing .com under.us and you take away the international aspect of the crisis that allows ISOC, inadvertently or not, to bring the nose of the ITU, INTA, and WIPO camels under the internet tent.
Now what if we make another assumption that it takes time for communities to coalesce and to understand their common interests? If you are going to hold forth the North American Numbering Plan as the very model of industry self-regulation, you must realize that it came from a telephone industry that had roughly three quarters of a century to mature. On the other hand we have the internet where 98% of the users today were not users two years ago. They don't think of themselves as members of a community yet and indeed they don't yet begin to even grasp the issues. Right now the only thing that is allowing the buggy whip makers to continue to exert their power over the governance process is the existence of GLOBAL top level domains. Ones that transcend national boundaries. Why not eliminate GLOBAL top level domains and deprive the IAHC and IPOC - CORE process of its very reason for existence?
Now we will note that the role of the ITU as the holder of MoU signatories seems to us not to indicate an immediate threat of an ITU take over of the Internet. However some may say it will be the first step in a process that will be hard to stop. On the other hand, WIPO and INTA's roles seem more immediately insidious. More top level domains will multiply and not alleviate the intellectual property and trademark issues that already threaten and indeed prevent the legitimate use of some business domains under .com. The result will be more work for the lawyers not less and more layers of legal underbrush especially for small businesses to hack through in getting or keeping a viable business address in cyberspace.
What happens then if we simply say that DNS is something to be worked out by each country according to the laws of that country and quit pretending that the internet can do what the postal services cannot do and that is have addresses with no relationship what-so-ever to geography. In other words what happens if we institute a phase-out period for all global Top Level Domains except country codes?
It could become possible for the US government to say this as it concludes what it might call the internet development period that the current Federal Notice of Inquiry could be seen as summing up or bringing to an end - depending on one's point of view. What if the predominant prescription offered by the position papers submitted under the NOI was to be to get rid of Top Level Domains and let DNS be handled on a country by-country basis until such time in the future as the Internet has coalesced into a community that can offer a cohesive and unified alternative approach?
Perhaps we should not try to solve the problems of global internet governance in the short run. We should localize them until there is indeed a sufficiently mature global internet community capable of resolving its own problems. Otherwise the resolution to these problems may be forced by global powers whose interests are, not only outside, but also, perhaps, antithetical to those of the internet community. Also, while we have sometimes found it difficult to understand the extreme suspicion with which IAHC is greeted, this way of approaching the problem - by rendering IAHC irrelevant to the process - may be the best way of keeping peace within the various parts of the network. It would adopt a course of action that looks more attractive than any of the alternatives. Certainly, given the tensions that IAHC is exploiting under the current approaches of the various players to the situation, IAHC would seem to be presently in the drivers seat and looking nearly unstoppable. Changing the most fundamental international basis of approaching DNS would seem to leave the other players with a playing field that they could accept and by avoiding the current collision course do the least harm to the stability of the Internet.
While we don't believe this approach can solve the authority issue behind the IANA, issues that are truly global unless the registries can coalesce their own policy together in a coherent way, we do think that this approach could defuse what is otherwise shaping up as a lose-lose scenario for everyone involved.
Executive Summary pp. 5 - 10
April:
Domain Name Service Under Stress Can IAHC Solution Work or Is NSI Unassailable? Could Legal Action Challenge Authority of IANA? pp. 11 - 16
May:
Clinton Administration Embraces DNS Tar Baby, Magaziner & OMB Responsible Action Derails Agreement with Network Solutions & NSF to End Co-operative Agreement on April 1 1997 Ill Considered Move Halts Formation of ARIN IP Registry pp. 17 - 21
Some Source Documents with Our Interpretations Added Magaziner Interview, NSI Database Summary & Explanation, Rutkowski, Crocker & Dillon on IAHC, the Ambler Law Suit, Linda Sundro Makes Policy pp. 21 - 27 June:
CIX, NSI & Rutkowski Favor Current U.S. Intervention Against IAHC DNS Plan IANA Authority & ARIN Still Critical Unsolved Problem IAHC February 4 Plan Generates Intense Opposition Success of IAHC Plan Uncertain -- Critics Want it Killed Now pp. 28 - 30
NSF Will Not Renew NSI Cooperative Agreement p. 30
CIX, Citing Failure of Process with IAHC, Cites Custodial Duty of US Gov't to Maintain Stability Calls for an IANA Authority Accepted by US Government Asks for Separation IP Number & DNS Authority Wants to Phase out GLTDs within Five Years pp. 31 - 35
July - August: ARIN Approved! Magaziner Breaks Log Jam Administration Makes Ninth Inning Move Helpful to Net Signs of Leadership Emerge from Sea of Hesitation Government Wide NOI on DNS Expected Shortly pp. 36 - 45
Rudolph Geist, USIPA Lawyer: ARIN is Unneeded Monopoly - Action Threatened by Unknown ISP Association Lawyer Shows Lack of ISP Business Issues Awareness pp. 46 - 48
IAHC's Seven New Top Level Domains Will Confuse Customers -- Donna Hoffman Finds the Domains: "Disaster Waiting to Happen From a Business Perspective" p. 49
September:
Internet Governance Not Scaling Well IANA & IP Number Registry Policy Need Formalizing - NSF Tells NSI Not to Enter New Top Level Domains NSI Operational Failures & Direction of US Government Policy Could Give Impetus to Move of DNS Operations to Europe as Opening of ARIN Delayed pp. 50 - 68 Part I: Registry Policy, pp. 51 Part II: IANA Authority, pp. 56 Part III: Launching ARIN, pp. 62 Part IV: DNS, IANA and US Government on a Collision Course?, pp. 65
Appendix - July Aug. Issue:
The NSF Inspector General's Plan to Administer and Tax the Internet World Wide [Rejected on April 17, 1997 ] pp. 69 - 75
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Price per copy (GBC bound) is $175, if paid by check in advance to COOK Network Consultants, or $225 if we must ship and invoice. Foreign shipping is $25 extra. $10 extra for Canada. For US - price includes USPS Priority Rate postage. Orders and Payment to COOK Network Consultants, 431 Greenway Ave, Ewing, NJ 08618, USA.
Questions? Call 609 882-2572 or email cook@cookreport.com