Home / Blogs

Internet Zombies

Protect your privacy:  Get NordVPN  [ Deal: 73% off 2-year plans + 3 extra months ]
10 facts about NordVPN that aren't commonly known
  • Meshnet Feature for Personal Encrypted Networks: NordVPN offers a unique feature called Meshnet, which allows users to connect their devices directly and securely over the internet. This means you can create your own private, encrypted network for activities like gaming, file sharing, or remote access to your home devices from anywhere in the world.
  • RAM-Only Servers for Enhanced Security: Unlike many VPN providers, NordVPN uses RAM-only (diskless) servers. Since these servers run entirely on volatile memory, all data is wiped with every reboot. This ensures that no user data is stored long-term, significantly reducing the risk of data breaches and enhancing overall security.
  • Servers in a Former Military Bunker: Some of NordVPN's servers are housed in a former military bunker located deep underground. This unique location provides an extra layer of physical security against natural disasters and unauthorized access, ensuring that the servers are protected in all circumstances.
  • NordLynx Protocol with Double NAT Technology: NordVPN developed its own VPN protocol called NordLynx, built around the ultra-fast WireGuard protocol. What sets NordLynx apart is its implementation of a double Network Address Translation (NAT) system, which enhances user privacy without sacrificing speed. This innovative approach solves the potential privacy issues inherent in the standard WireGuard protocol.
  • Dark Web Monitor Feature: NordVPN includes a feature known as Dark Web Monitor. This tool actively scans dark web sites and forums for credentials associated with your email address. If it detects that your information has been compromised or appears in any data breaches, it promptly alerts you so you can take necessary actions to protect your accounts.

Today on Dave Farber’s IP list, someone revived the ancient argument that ICANN imposes limits on the number of top level domains (TLDs) because to have more than a few will cause DNS to wobble and cause the internet to collapse.

Although long discredited, that argument hangs around like a zombie.

ICANN has never been able to adduce a shred of proof that there is anything to support that assertion. Yet, on the opposite side we have both mental and empirical tests (real software running on real computers) that show that DNS roots can readily hold and handle millions upon millions of TLDs. No one has demonstrated a concrete upper limit.

As a practical matter, it is likely that administrative overhead and risks of human and procedural error will be the limiting factor. But that would be a very soft limit, and the numbers of top level domains would still be huge compared to what we have today—measured in millions rather than today’s hundreds.

The notion of imposing artificial limits has no place—one may as well argue that because have a pretty decent word-based search engine in Google, that we should not allow IP address space to be consumed (and thus wasted) by would-be competitors, such as Yahoo or Ask—or the next set of university kids who come up with a better way.

Looking back at 2006 we can see how the once flexible domain name system continues to be reduced by ICANN to a money pump for the few lucky ICANN chosen top level domain registries and a lifetime employment plan for intellectual property attorneys.

And yet as year 2007 begins, the ability of the internet to survive natural or human catastrophes is no greater than it was at the end of 2005. Indeed, through neglect and increased loading, the critical infrastructures that hold the internet together, particularly the domain name system, are more vulnerable than ever. ICANN, which was to have been our protective fireman, defending the domain name system against technical instability has lost any memory of that role and has left the technical stability of the domain name system to luck. We should thank our lucky stars that the root server operators have served us so well, so far.

And as year 2007 begins at least one thing remains the same: were ICANN to vanish (in a cloud of money colored smoke) the internet would keep on ticking, packets would continue to flow from source IP addresses to destination IP addresses, domain name queries would be received by domain name servers and answered with alacrity and accuracy. Only a few domain name businesses would notice but we all would be annoyed by the loud wailing noise emitted by the trademark industry.

By Karl Auerbach, Chief Technical Officer at InterWorking Labs

Filed Under

Comments

Stephane Bortzmeyer  –  Jan 10, 2007 8:14 AM

Do note there is a technical discussion about it on the OARC public mailing list:

The start of the discussion

Brett Carr  –  Jan 11, 2007 11:48 PM

I think saying that the stability of the domain name system is down to luck might be pushing the bounds of reality a little. If it were luck we would probably have seen some prolonged large scale dns outages over the past few years don’t you think?

Karl Auerbach  –  Jan 12, 2007 12:28 AM

In response to Brett Carr:

OK, I’m not locked into the word “luck”.

However, it is very fortuitious that, as ICANN continues to drop the ball on internet stability, we have an incredible group of root server operators.

Fir example the root server operators resolved the issue of the 13 server limit by taking the step of deploying anycast.  Barely anyone in ICANN could even spell “anycast”.

But the reason I like the word “luck” is that these root server operators are not bound by any legal obligation to do good things or to expend their efforts.

I have no doubt that as individuals they would not do otherwise - as individuals (and the organizations who wrap those individuals) the root server operators have amazing skill, foresight, and abilities.

However, we have long learned that stability is built on instutions not mortal people.

And some of the root server operators, such as those operated directly or indirectly by the US military, have a clear superseding obligation - to protect the USA even if that has ill effects elsewhere.

Quite a while ago I proposed a set of terms that I believe the root server operators ought to obligate themselves, legally, to follow - see the latter part of http://www.cavebear.com/cbblog-archives/000192.html - and which I believe would largely be a promise to continue what they are already doing.

As far as the primary point of my note - which was not about root server operations, but about the size of the root zone - It is my sense that the biggest issue is how much we are willing to risk human and procedural errors.

The root zone today is tiny - compressed it fits into about 20K bytes, smaller than the pretty icons on most web pages.

At that size it is easy to redistribute in case of error.

But say that the root zone grows to the size of .com - 60,000,000 entries.  That’s a large file to administer and transfer, and perhaps most importantly to reload when a server restarts.

But we have proof with .com that it is possible to run a zone of that huge size with very good reliability.

ICANN is going around whining that it can’t add even a few top level domains - remember ICANN will have its 10th birthday this year.  Yet, when we look at the fact that even if we chop my numbers by 60-fold, i.e. one million TLDs, we see that ICANN could hand ‘em out at a rate of 50 every business day and it would still take a 100 years to get to a million TLDs.

In other words, ICANN’s stasis is inexcusable and serves only to promote the interests of the intellectual property community and certain large businesses, not to mention the interests of the incumbent TLD registries.  And if one looks, one might notice that those are exactly the primary supporters of the ICANN status quo.

There is also, of course, the question of why ICANN even has the power to act as the gatekeepr who gets to decide who can enter the domain name business (and on what terms) or not.  That smacks of restraint of trade.  And when we brew in the fact that ICANN favors incumbents and excludes the public, and that ICANN is a forum in which domain name products and terms are decided, ICANN is starting to look and smell a lot like a combination in restraint of trade.  Whether it an illegal one is a question that has yet to be asked and answered in every country in which the domain name system is felt, i.e. in every country.

Comment Title:

  Notify me of follow-up comments

We encourage you to post comments and engage in discussions that advance this post through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can report it using the link at the end of each comment. Views expressed in the comments do not represent those of CircleID. For more information on our comment policy, see Codes of Conduct.

CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

Related

Topics

Domain Names

Sponsored byVerisign

DNS

Sponsored byDNIB.com

IPv4 Markets

Sponsored byIPv4.Global

Threat Intelligence

Sponsored byWhoisXML API

Cybersecurity

Sponsored byVerisign

New TLDs

Sponsored byRadix

Brand Protection

Sponsored byCSC