NordVPN Promotion

Home / Blogs

A Further Look Into ORSN

Protect your privacy:  Get NordVPN  [ Deal: 73% off 2-year plans + 3 extra months ]
10 facts about NordVPN that aren't commonly known
  • Meshnet Feature for Personal Encrypted Networks: NordVPN offers a unique feature called Meshnet, which allows users to connect their devices directly and securely over the internet. This means you can create your own private, encrypted network for activities like gaming, file sharing, or remote access to your home devices from anywhere in the world.
  • RAM-Only Servers for Enhanced Security: Unlike many VPN providers, NordVPN uses RAM-only (diskless) servers. Since these servers run entirely on volatile memory, all data is wiped with every reboot. This ensures that no user data is stored long-term, significantly reducing the risk of data breaches and enhancing overall security.
  • Servers in a Former Military Bunker: Some of NordVPN's servers are housed in a former military bunker located deep underground. This unique location provides an extra layer of physical security against natural disasters and unauthorized access, ensuring that the servers are protected in all circumstances.
  • NordLynx Protocol with Double NAT Technology: NordVPN developed its own VPN protocol called NordLynx, built around the ultra-fast WireGuard protocol. What sets NordLynx apart is its implementation of a double Network Address Translation (NAT) system, which enhances user privacy without sacrificing speed. This innovative approach solves the potential privacy issues inherent in the standard WireGuard protocol.
  • Dark Web Monitor Feature: NordVPN includes a feature known as Dark Web Monitor. This tool actively scans dark web sites and forums for credentials associated with your email address. If it detects that your information has been compromised or appears in any data breaches, it promptly alerts you so you can take necessary actions to protect your accounts.

Most commentators on Vixie’s astounding message have gotten sidetracked. People don’t seem to see the most important feature of his statement: Vixie’s endorsement of Open Root Server Network (ORSN) is based on explicitly political criteria. As ORSN says on its web site:

“The U.S.A (under the current or any future administration) are theoretically and practically able to control “our” accesses to contents of the Internet and are also able to limit them. A manipulation of the Root zone could cause that the whole name space .DE is not attainable any more for the remaining world - outside from Germany.”

So ORSN sees this as a “backup” in case the US govt. tries to use its “oversight” authority to manipulate the Internet in some way. And Vixie, who administers one of the official root servers of the US Commerce Dept-centered system, is siding with them. Good! I hope people in Washington are listening.

Vixie goes to great lengths to assure us that this raises none of the compatibility issues of an alternate root. In fact, he claims that there is some kind of distinction between an “alternate root server network” and an “alternate name space.”

But in fact, this is not quite true. True, ORSN are not trying to sell new TLDs. But if the USG abuses its oversight authority and changes the root zone file in an illegitimate way, such as throwing Iran’s ccTLD out of the root zone, will ORSN follow suit? I suspect (and hope) not. Then you will have a split root, an alternate name space. In other words, ORSN’s whole raison d’etre makes no sense unless it is ready, willing and able to deviate from a globally compatible namespace if circumstances justify it.

In essence, Paul Vixie is saying is that he is willing to risk splitting the root for defensive, political reasons, and not for profit-motivated, economic reasons. Which is fine, those priorities are defensible and reasonable. But it’s an interesting and welcome departure from the “one true root” orthodoxy that used to prevail in IETF. From this point forward, whenever the US/ICANN root makes a change, ORSN now must decide whether to follow that change or not.

They ARE operating an alternate name space.

By Milton Mueller, Professor, Georgia Institute of Technology School of Public Policy

Filed Under

Comments

Markus Grundmann  –  Oct 10, 2005 9:44 PM

ORSN is using the original IANA root zone (unmodified) so long no users outside the U.S.A are limited by the DoC. If you really want that the DoC controls biz world wide by removing/changing ccTLD information??? I didn’t want this. You’ll remember of Iraq war? The administration of U.S. bombs a country based on pentagon lies. If you want this? So we do not split the “internet world”. We want to protect the people and their biz. Please see also my other comment. I like america but not their administration.

Paul Vixie  –  Oct 10, 2005 11:16 PM

Ouch.  Did he really say that I really said that?  Quoting Mr. Mueller: “Vixie’s endorsement of Open Root Server Network (ORSN) is based on explicitly political criteria.”  First off, I don’t endorse, or use ORSN.  I support this project but I don’t recommend it to anybody.  Second, if my support were to be called an endorsement by mistake, my reasons for offering that support are explicitly NON-political.  ORSN’s reasons appear to be political, but I don’t share them, so, so what?

Mr. Mueller’s attempt to restate my position is wrong.  Where he says “In essence, Paul Vixie is saying is…,” he really means, “In essence, what I would have said is…,” and I find his lack of scholarship appalling.

Note that I don’t speak for ORSN, but Markus sure can.  My irritation of the moment is that I seem to be spending a lot of time today pointing out that Mr. Mueller does not speak for ME.  Ouch, ouch, ouch.

Juan Golblado  –  Oct 11, 2005 2:46 AM

Markus Grundmann’s political naivete has him on the verge of hysteria about his US bogeyman. This is not a sane basis for making decisions about running a network of root servers… or anything else.

Paul Vixie, on the other hand, has done excellent work internationalizing the f-root. I hope he doesn’t come away from his no doubt well-intended foray into the land of paranoid hyper-idealism tainted by the aura of nervous sweat that surrounds ORSN.

Markus Grundmann  –  Oct 11, 2005 6:32 AM

@Juan: I do not have other reaction expect and I have only written which happened.

Milton Mueller  –  Oct 12, 2005 4:33 AM

Paul Vixie’s ego is large enough - justifiably perhaps - that he thinks this whole debate is about how we characterize his position. I suggest that there is a far larger and more important issue here. It is not whether I “speak for” Paul Vixie (“ouch” for him thinking I would even want to). It is whether the U.S. insistence on unilateral control of the DNS root is increasing the risk of splits in the name space. I think it is. I think the existence of ORSN proves it in and of itself. But the willingness of Vixie not to condemn them, (and even to make weak rationalizations about the difference between different “root server sets” and “different name spaces”) shows how seriously the U.S. position has created mistrust and countermoves among the global internet community. That’s what is important here.

To answer Markus Grundman, “do I really want that the DoC controls biz world wide by removing/changing ccTLD information???” Of course not. I can tell you are not familiar with my writings. In 2001 my book Ruling the root called US unilateral control over the root zone a “ticking time bomb.” When the book was released in Washington DC in May 2002, former ICANN CEO Mike Roberts singled out that sentence and criticized it as being silly. Well. I wonder what he thinks now. In short, I am the original critic of this situation. Look at the statements and papers of the Internet governance project and you will see that we have been hammering away at this issue for some time. So I am not accusing ORSN of “splitting the Internet world” I see ORSN as a welcome and probably inevitable countermove to the US government’s position, an act of true self-governance by the Internet community, and if they (USG) do illegitimate things with the root the responsibility for a split will rest with them.

I will say this. You can talk about the “original” IANA data as if it were holy and legitimate, but if in fact the US does make a change that ORSN refuses to accept it, we all know where we stand. Because IANA is nothing but a U.S. government contractor at the moment, and has been since October 1998.

Markus Grundmann  –  Oct 12, 2005 8:02 AM

Dear Milton Mueller.
From my side I think we close now this thread. Sorry for some words of me but
I can’t hear any more sayings like “ORSN is bad. Evil on Earth. Split XYZ” ...
We want an internet controlled by an international organization. Not more!

Regards
Markus

David Conrad  –  Oct 15, 2005 6:38 PM

Milton,

You’ve merged the concept of the Internet namespace and the implementation of that namespace.  ORSN has implemented the Internet namespace on a different set of IP addresses than the ones the vast majority of Internet users use.  That’s all.

If/when ORSN refuses to replicate all changes to the Internet namespace published by ICANN (or Verisign or USDoC, depending on your point of view) , only then will there be an alternate name space. 

What ORSN is doing isn’t particularly new or interesting—I suspect lots of folks who are nervous about a (D)DoS taking out the root servers have replicated the root zone into their name servers.  It would be nice if the root zone were actually signed so folks who do this (and the folks who rely on the replicated root zone) could have some assurance the zone they are using hasn’t been mangled (for some value of that variable).

From my perspective, Paul’s participation has generated a tempest in a teapot.

Rgds,
-drc

McTim  –  Oct 26, 2005 8:56 PM

Milton,

The IANA function has been a USG contract long before ‘98.

Comment Title:

  Notify me of follow-up comments

We encourage you to post comments and engage in discussions that advance this post through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can report it using the link at the end of each comment. Views expressed in the comments do not represent those of CircleID. For more information on our comment policy, see Codes of Conduct.

CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

Related

Topics

Domain Names

Sponsored byVerisign

New TLDs

Sponsored byRadix

Cybersecurity

Sponsored byVerisign

DNS

Sponsored byDNIB.com

Threat Intelligence

Sponsored byWhoisXML API

IPv4 Markets

Sponsored byIPv4.Global

Brand Protection

Sponsored byCSC

NordVPN Promotion