So, for K5 readers, I probably don't need to go too deeply into descriptions of what's wrong with the current state of the DNS, right? Here, as I see it, are the main problems which I think we should consider and to which I'd like to propose a solution:
- DNS is centrally controlled by an organization (ICANN) whose primary interest is supporting business, rather than in maintaining and improving the system itself and whose primary claim to legitimacy is through delegation by a single country's government (USA).
- The system is managed by a single for-profit corporation (NSI), which is bad enough but registrations are managed by many competing for-profit corporations. NSI is also primarily legitimized by delegation from a single government (USA again, naturally).
- The Intellectual Property laws of a single country (there's the USA again) are being used inappropriately to control the activities of users in non-commercial parts of the Net (corporate control of the .net and .org domain trees through US Trademark law) and in other countries.
I think we can, for the most part, agree that the amount of effort necessary to gain sufficient control of the existing ICANN/NSI system to repair these faults would be too great for that to be a viable option, though I do think it should not be ruled out completely. With the support of the American government and the large corporations, this system is very well defended from outside influence. As the recent post to Slashdot describes, ICANN's voting "membership" is being given far too few seats on the Board to have any real impact on its activities and as a recent K5 post describes, those activities are not necessarily desirable.
So, any viable solution must come from and operate outside the ICANN/NSI system. It cannot attempt to fix the current hierarchies (.net, ,org, .us, .fr and so on), since those are all controlled by the current established system, but must be based on either the establishment of a new name resolution protocol or on the raising of new hierarchies using the existing protocol. There is a system being proposed for a new protocol which could be used to replace the ICANN/NSI system but, since I do not personally find much to fault in DNS/BIND (from a technical perspective), I propose that the best solution is to establish new domain hierarchies using the existing protocol.
As AlterNIC attempted demonstrate a few years ago (and what seems to be anotherAlterNIC continues to try) this is technically possible, though it has not worked out for them. Many of us, myself included, who would have supported such a project even several years ago refused to support the AlterNIC project largely because they are just another profit-motivated business. Since the major problems in the current DNS system derive from the fact that it is run by corporations whose primary motivation is profit rather than maintaining the system itself, I fail to see how adding another such system would improve the situation.
AlterNIC has demonstrated, however, that there are no large technical issues preventing the establishment of new domain hierarchies. The real impediment is social, rather than technical: in order to succeed, an alternate hierarchy must convince a sufficient number of networks to support their root servers as well as NSI's. Whereas domains registered through the ICANN/NSI system work automatically, since that system is supported by the ISC BIND distribution, alternate hierarchies must convince network administrators to add support themselves. This has been difficult for AlterNIC, as I said above, largely because they are just another for-profit venture.
From this I conclude that any new DNS proposal which depends on establishing new domain hierarchies needs to meet these criteria:
- It must be non-profit, as its primary motivation has to be the functioning of the system itself, not shareholder profit.
- Control and functionality need to be distributed Net-wide as a true membership organization since its legitimacy must derive from its users, rather than from the business and government interests of a few countries (or from one country).
- It must provide domain trees that are explicitly and unconditionally non-commercial, to maintain the freedom of those domain's users from commercial interests, as well as trees which are completely commercial, to guarantee uniqueness within the commercial sphere. It must actually enforce these policies.
If this analysis is correct, the best (and possibly only) way to repair the DNS system is to establish a set of linked non-profit organizations around the world to operate it. This distribution of the social structure would also help distribute the technological structure as well, since each regional or local registrar would also maintain a regional or local root DNS system. These organizations need to be controlled by their users in a manner similar to consumer cooperatives (or whatever is closest in the host country's legal system).
What do you folks think? We, the users of the Net, have the technical expertise. We have the computational and bandwidth resources. We have, if organizations like the Electronic Frontier Foundation can be convinced to support it, the legal expertise. We have the worldwide distributed presence and the example of other global projects to lean on. I think we could do it.