Internet and e-mail policy and practice
including Notes on Internet E-mail


2005
Months
Dec

Click the comments link on any story to see comments or add your own.


Subscribe to this blog


RSS feed


Home :: ICANN


02 Dec 2005

Splitting the root -- it's too late ICANN

One of the consistent chants we've always heard from ICANN is that there has to be a single DNS root, so everyone sees the same set of names on the net, a sentiment with which I agree. Unfortunately, I discovered at this week's ICANN meeting that due to ICANN's inaction, it's already too late.

Among the topics that ICANN has been grinding away at is Internationalized Domain Names (IDNs) that contain characters outside the traditional English ASCII character set. The technical issues were settled a while ago in the IETF, with a scheme called punycode that encodes Unicode characters as ASCII strings stat start with xn--. ICANN has tied itself with the issue of homographs, different characters that look the same or mean the same thing. Once people noticed that IDNs let you register different names that look the same, the intellectual property crowd that has always had a mysteriously great influence on ICANN went into a tizzy and they went into lengthy discussions on what to do about them. Unfortunately, there is no technical way to make homographs go away, because there is no agreement on what ''the same'' means. ICANN came up with a draft recommendation on IDN policy which nobody implemented, and is now about to come up with a second draft which nobody seems likely to implement, either.

While ICANN dithered, groups in China and in Arabic speaking countries went ahead with experiments in IDNs for Chinese and Arabic, and set up experimental parallel root zones with names in the local character sets. These experiments worked (no surprise, Unicode and punycode are technically sound) and now those roots are the roots that everyone in those countries use.

A friend who travelled to Arabic countries reported that ISPs simply reroute traffic for the public routes to their own root servers, and most people are none the wiser except that Arabic domain names work. He only realized what was going on when he tried to reach the Red Cross web site and kept getting the local Red Crescent instead, and tracked it down to the DNS returning different answers from what he'd expected to get from the usual DNS.

Furthermore, at least one large ISP in Europe is doing the same thing, redirecting root server traffic to their own servers. In their case the goal more likely is to deal with users with misconfigured DNS clients by catching traffic to any name server, not just the roots, but it also offers the opportunity to make additions and deletions without the knowledge or consent of either the real domains or the users.

Now that the split root genie is out of the bottle, is there any way to get it back in? Not that I can see. Let's hope that users in China and other countries with their own private roots figure out that there's more to the net than their DNS shows them.


posted at: 13:27 :: permanent link to this entry :: 1 comments
posted at: 13:27 :: permanent link to this entry :: 1 comments

comments...        (Jump to the end to add your own comment)


And now everybody also want to run av DLV zone for DNSSEC records in the root. Happy joy.

(by Patrik Wallström 08 Apr 2007 13:37)


Add your comment...

Note: all comments require an email address to send a confirmation to verify that it was posted by a person and not a spambot. The comment won't be visible until you click the link in the confirmation. Unless you check the box below, which almost nobody does, your email won't be displayed, and I won't use it for other purposes.

 
Name:
Email: you@wherever (required, for confirmation)
Title: (optional)
Comments:
Show my Email address
Save my Name and Email for next time

Topics


My other sites

Who is this guy?

Airline ticket info

Taughannock Networks

Other blogs

CAUCE
Criminal Abuse of Domain Names: Bulk Registration and Contact Information Access
New!

A keen grasp of the obvious
My high security debit card
306 days ago

Related sites

Coalition Against Unsolicited Commercial E-mail

Network Abuse Clearinghouse



© 2005-2018 John R. Levine.
CAN SPAM address harvesting notice: the operator of this website will not give, sell, or otherwise transfer addresses maintained by this website to any other party for the purposes of initiating, or enabling others to initiate, electronic mail messages.