@rune @rysiek @Hyolobrika @sofia OTOH you could decentralise DNS somewhat by replacing ICANN with a consortium made up of the national registries, and require a number of root servers at each of them. At least as an outline of a solution, that is.

@rune @rysiek @Hyolobrika @sofia The point here is, it's theoretically very easy to decentralise DNS, because other than the root maintenance, it's already decentralised - via delegation.

@jens @rune @rysiek @Hyolobrika @sofia Actually, DNS is distributed, and far from being decentralized. A tree is, by essence, hierarchical, and hierarchy is, by essence, opposed to peer systems. One could decentralize one node of the DNS tree, and a branch could be composed of decentralized nodes, but each delegation acts as a bailliwick, both technically and organisationally.

@x_cli @rune @rysiek @Hyolobrika @sofia That's a lot to unpack.

Definitions of decentralised Vs distributed go back to Baran's 1964 paper ( rand.org/content/dam/rand/pubs ), where the main criterion he uses to distinguish distributed systems from decentralised ones is whether the destruction of a node or link affects the availability of nodes (in a nutshell).

Conceptually - in name structure and resolution order of full names - DNS..

@x_cli @rune @rysiek @Hyolobrika @sofia ... is not in the slightest distributed. What makes it distributed technically is that at every level in the name hierarchy it's possible to have redundancy, such that destruction of any individual name server does not affect resolution.

Organisationally, it's not distributed, either. Here, we don't even have this kind of redundancy. It's not as if - commonly speaking - any name...

@x_cli @rune @rysiek @Hyolobrika @sofia ... component is managed by multiple legal entities. So I don't really know where the claim comes from that it's distributed.

It's very much decentralised organisationally, though, in that no central entity controls the entire name assignment space.

TLDs at the root are a bit of an exception simply because they're a single root, because the names are hierarchical.

Are we talking about...

@jens @x_cli @rune @rysiek @sofia Isn't it at least theoretically possible for the people who control the root zone to threaten lower down zones with removal from their zone file? I.e. They could threaten a. to remove b.a. to remove c.b.a. and so on indefinitely?
Follow

@Hyolobrika @sofia @rysiek @rune @jens
A domain can be "unlinked" by their direct parent and it happens all the time, for political, economic or legal reasons. Pressures from a grand parent are rarer but can still exist, yes. For instance, eu.org is a SLD that is acting as a "second-level registry". I guess they could be pressured to unlink a domain by their parent or risk being unlinked themselves.

Sign in to participate in the conversation
Infosec Exchange

A Mastodon instance for info/cyber security-minded people.