Home / Blogs

The Ageless Warning of Icarus

Domain Name System (DNS) stakeholders should heed the cautionary moral from an ancient myth about straying in the strata.

It wasn’t that long ago that, during a visit home, my brother asked me, “Why are you so stuck on this Internet thing?” His direct question caused me to realize that I had never actually stopped and considered why I was investing so much time—and in such a highly visible manner—into Internet governance when I wasn’t being compensated for doing so and, in fact, was—not putting too fine of a point on it—flat broke.

Considering the source, the question demanded further reflection—and a response. After some introspection, I realized that my motivation is actually quite simple: the current DNS regime is offensive and not since the day in 7th grade when another boy smacked me across the face in the schoolyard—and four boys had to pull me off of him—have I been able to tolerate bullies. Regardless of original intent, ICANN and the system of governance it presides over have mutated into something that is unhealthy, unseemly, and unacceptable.

The practice of collecting tolls on the information superhighway has been obsolete for some time now, yet the toll booths remain. By persisting, these economic chokepoints harm the public interest by perpetuating and legitimizing the fiction that value is provided by the toll collectors. They also present an irresistible temptation to four for-profit companies and a non-profit corporation that have proven—time and again—to have a tendency for coveting and appropriating unearned and undeserved economic returns that don’t correspond to the value contributed in real terms.

An illustrative analogy might be that of companies engaged in mineral extraction. In many cases, these are monopolies that are entitled—by virtue of owning land or mineral rights—to explore and extract resources from a specific, discrete area in order to create value. However, this comparison only works up to a point.

That’s because mineral extraction enterprises may have a monopoly—and, in fact, can generate vast sums of cash—but risk to the public interest is limited because even the most resource-rich field has a shelf life. There’s a finite commodity that, at some point, will be depleted. This scarcity functions as an existential incentive for continual investment in exploration and innovation while also functioning as a defensive barrier that helps to protect the public interest from monopolistic rapacity. This is a rational—and free—system.

Legacy sponsored gTLDs, such as .COM, .NET, and .ORG, that have achieved scale, on the other hand, are an infinite digital commodity with relatively modest fixed costs and no inherent incentive for continued innovation. This results in a systemic version of addictive and co-dependent behavior as well as forming the ideal environment for corruption and profiteering that materially harms the public interest. This is a dysfunctional and, therefore, irrational system.

As others have pointed out, the legacy sponsored gTLDs were “found” bonanzas—literally, a concession granted by the United States Government and guaranteed by the full faith and credit of the United States taxpayer—that require minimal maintenance and print an endless supply of cash. Yet, a domain name registry is essentially an encrypted .TXT file that is published to a virtualized system of root and recursive servers. There is no longer any single point of failure for the Internet, such as a single authoritative root server. The “A” root is just one virtualized server cluster with 12 virtualized server cluster siblings and the so-called “hidden master” references functional operations of publishing the root zone file via Anycast—not an actual set of discrete server and network resources.

VeriSign, when it bothers to communicate at all, points to the sky and says, “because of registration fees, the sky is blue, and to keep it blue, we must raise rates.” What is left unsaid, and which very few seem to realize, is that the sky is blue today, just as it was blue yesterday and will be tomorrow—and anybody seeking to be paid to keep the sky blue is engaging in nothing more than a thinly veiled protection racket and foisting it upon an unbelievably gullible set of marks. A trained monkey—to say nothing of an AI-enabled resource—could perform the functions that VeriSign performs at an infinitesimal fraction of VeriSign’s current burn rate—which is, itself, a rounding error in an ocean of cash that is nothing more than an enormous transfer of wealth and inefficient resource allocation swaddled in a shroud of hocus-pocus.

The only consequence of putting the .COM registry out to bid would be that IBM, AT&T, or some other highly competent organization subject to the jurisdiction of the United States would operate it moving forward while charging an annual wholesale registration price of about $3—while still turning a healthy profit. A stratified set of investors may experience modest corrective effects, and this would be essential to the imperative of restoring rational and free economics.

Many errors were made during the Internet’s infancy. Primarily among those, is that the resources that enable the DNS exist for the benefit of the public interest and, as such, should be owned by an organization that faithfully represents that trust. The tempest that punctuates debate about VeriSign’s potential ability to function as a registrar, as well as a registry, is revealed to be raging in a teapot when compared to the egregious injury inflicted upon the public interest by VeriSign’s vertical integration.

During the IANA transition, the .COM registry agreement was extended to correspond with the term of the new Root Zone Maintenance agreement between VeriSign and ICANN—which replaced what had previously existed in the Cooperative Agreement between the National Telecommunications and Information Administration and VeriSign. The primary explanation for why this extension was necessary was explicit and asserted that the .COM registry is “inextricably intertwined” with the root zone of the DNS and that they cannot be separated without destabilizing the DNS.

This is both true and untrue at the same time. That’s because the .COM registry is the root zone of the DNS—VeriSign has never maintained separate infrastructures and it has never been required to. It is this same infrastructure which has been partitioned in order to create the individual namespaces that can be leased to new gTLD operators who don’t wish to run their own infrastructure—who, instead, aspire to be brand developers, service providers, and marketing organizations. If this is untrue, then how can it be asserted that customers of VeriSign’s Back End Registry Services (BERS), along with the root zone itself, enjoy the same low latency and continual uptime as .COM when more than 90% of VeriSign’s free cash flow is used for stock buybacks?

Insult and injury in equal measure will continue to be inflicted upon the public interest until this dysfunction is resolved. One possible solution might be to separate ownership of infrastructure from the function of maintaining and operating it—a form of vertical disintegration.

The effectiveness of accountability reforms accompanying the IANA transition were predicated upon a community of stakeholders remaining vigilant and engaged to counter-balance what history and experience tell us inevitably happens when systems of governance are left insufficiently checked. This empowered community turned out not to be such an effective safeguard, and near-limitless economic resources have enabled the capture of the ICANN organization and its constituencies by its largest ratepayer—which appears intent on gaining an unrestrained range of operation in the DNS. For editing, encrypting, and publishing a .TXT file—this sad and sorry state of affairs must not continue.

As they say, past is prologue, and my next post will take cues from history—some more recent than others—to inform proposed solutions that can help set a corrected course for the future.

By Greg Thomas, Founder of DNSDecrypt

Greg Thomas is founder of DNSDecrypt and author of How to Save the Internet in Three Simple Steps: The Netizen’s Guide to Reboot the Root. The views expressed in this article are solely those of Greg Thomas and and are not made on behalf of or for any other individual or organization.

Visit Page

Filed Under


You are not alone! Klaus Stoll  –  Jul 15, 2019 3:44 PM

Welcome Greg to the club of flat broke, disenchanted to the point of disgust, ICANN privateers.

You are trying to start a important discussion, which, given the predominant powers will be hard to have and to maintain to the point of real change. Such a discussion needs to involve ALL stakeholders, even those who do everything to discredit themselves by their deeds. We should avoid polemics,for the sake of an discussion that, if it does not take place, will result in the end of the Internet as a space of our dreams and aspirations.

One starting point is to separate the IP from the DNS. It is time to question the words of Jon Postel, that without the DNS there is not enough “there there,” to make a viable Internet ecosystem full of interacting processes and structures. As Scott Bradner put it to the point in his keynote at NANOG 68:
  “IANA dealt with three topics
  But the DNS was the only one of interest to most people
  It was where the money was
  It was where the Trademark issues were
  It was where the lawyers were
  It was where the politicians were
  It was where the policy wonk wanabees were
  Its all the news media could grok (or think they did)”

The Internet, as we know it, is in danger, but not because of technical reasons, but the failure to create a viable, effective and — most of all — legitimate multi-layered system of Internet Governance. We have not even started discussing its basics as that would mean questioning existing powers and privileges.But which ecosystem can ultimately survive without that discussion? Better to have it now, than having it during a wake for the DNS.(Although a Glasgow wake can be more fun than a Edinburgh weeding). All those happy to dance on the grave of the DNS, just avoid this discussion.

Klaus Stoll

Thank you Greg Thomas  –  Jul 17, 2019 4:48 AM

Herr Stoll: Thank you for your message. Groucho Marx once wrote, “I refuse to join any club that would have me as a member.” However, I think in this case that I welcome the solidarity. I agree with you that the time is long past due for a critically important discussion that must take place. At times, my own frustration has boiled over into outrage, but polemics do not have any productive role in constructive dialogue and have a chilling effect that is destructive to the aspiration — or, more aptly, the imperative — for a truly inclusive governance model. I also support your assertion that it is time to revisit the words of Dr. Postel. I’ve spent time reviewing archived emails from the mid-90’s that capture the discussions that he had with others who were “present at the creation” of the IANA and the DNS. The emails were difficult to find but fascinating to read — and what they reveal is that Dr. Postel’s vision was remarkably quaint. By 1994 he had already noted that the .COM registry was growing larger than he was comfortable with — and suggested that perhaps it, along with all the other publicly-available registries (there were two), should be capped at 10,000 domain names! He was clearly uncomfortable with the burgeoning commercial nature of the DNS and sought to limit its effects. But his vision is made myopic because it is frozen in time and his brilliance did not extend to founding the type of dynamic governance model that will endure. Because of my familiarity with the .COM registry, I probably pick on it too much. But the governance shortcomings of today are not VeriSign’s fault and it shouldn't be blamed for operating within the confines of the system as it exists in order to fulfill a fiduciary duty to return value to shareholders. Rather, the fault lies with the organization that is charged with coordinating governance — but ultimate culpability rests with the community of stakeholders. That is because, in a system of self-governance, we don’t have the luxury of blaming others when things don’t work how we wish them to. For the Internet to endure as the place of our dreams and aspirations it is upon us to make it so. I welcome the dialogue and hope others join too. Greg Thomas #wearenotalone

Comment Title:

  Notify me of follow-up comments

We encourage you to post comments and engage in discussions that advance this post through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can report it using the link at the end of each comment. Views expressed in the comments do not represent those of CircleID. For more information on our comment policy, see Codes of Conduct.

CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

Co-designer of the TCP/IP Protocols & the Architecture of the Internet



Threat Intelligence

Sponsored byWhoisXML API


Sponsored byDNIB.com

Domain Names

Sponsored byVerisign

Brand Protection

Sponsored byCSC


Sponsored byVerisign

New TLDs

Sponsored byRadix

IPv4 Markets

Sponsored byIPv4.Global