February 12, 2009


Here's a question: in the age of crowdsourcing, social networking, and distributed peer-to-peer filesharing, why do we have to pay a centralized body $2500 for the right to directly register a domain name? Small wonder that some disagree. Part of the issue is DNS itself - to translate that nice, human-readable URL into an IP address like, your computer has to ask a translator. To find the right translator, it asks a global directory.

If you have any background in security whatsoever, digital or otherwise, you're probably asking yourself - isn't that a really dumb idea? Sure. Let's ignore that, however, and envision instead the following scenario:

A person, who we'll call X, decides one night to nmap -sP | grep "appears to be up". X then scrapes DNS and WHOIS info for each responding host using nslookup and whois into a massive database. Since X is a computer programmer par excellence with access to infinite upload bandwidth, they write their own server capable of answering all DNS queries worldwide.

Obviously, there are some minor wrinkles - like the intractability of crawling the IPv6 address space, or the impossibility of X being able to serve the immense global DNS lookup demand, or the infeasibility of expecting your average (read: clueless) computer user to change their DNS lookup settings. The above scheme is clearly suboptimal, though; the scraping part is embarrassingly parallel, and X could easily publish the data publicly - as a torrent, say, or as multiple smaller chunks.

Of course, this opens up a whole new can of worms: as a decentralized DNS provider, I could direct every lookup to my website or add entries for my competitors pointing to, er, less reputable content. Nevertheless, the idea is at least plausible; with a reliable trust model and just enough regulation of domain markets to shut out serial cybersquatters, it might even be workable.

No comments:

Post a Comment