July 18, 2011

GrassRoots2 Update

I've been writing a new version of the "grassroots" system that was on the net around 1998 but which has since disappeared.

The GrassRoots2 system is a tool that allows anyone to create their own domain name system (DNS) root and populate it with whatever top level domains (TLDs) that they chose to include - not merely ones approved by ICANN (and one could, if one desired, elide some approved by ICANN, such as .xxx.)

Some people think that this is a form of internet anathema.  But it's really nothing new, and is, in fact a return to the idea of innovation by users at the edges of the net - it reifies the IETF's slogan that it "rejects kings".

Since the start of the domain name system it has always been possible for anyone to establish their own DNS root - but to do so required some technical expertise.  I ran my own root servers for myself and my companies for several years.

Grassroots2 does not open any new doors; it merely tries to lower the level of expertise - and even then, it will still require a fair amount of technical ability for a person to run the underlying machinery and put it on the public side of any NAT boundary.

The original Grassroots tool was a website that offered a list of top level domains that were available.  The list at that time was about 2000 names.  There were, as one would expect, some top level domain names that were offered by different people, i.e. a conflict.

The original system let people pick and chose - and resolve the conflict by picking which one, if any, they wanted.  In other words it was user choice, not central authority, that resolved fights over names.

(Trademark law offered a gloss - anybody offering a name that offended against a right recognized by a law, if within the reach of that law, is subject to that law.)

The original system produced a collection of configuration files suitable for use to set up ISC's Bind DNS software as a root offering the given set of top level domains.

My rewrite follows the same paradigm - it produces the files needed to fire up Bind as a root server that knows about the user's choice of top level domains.  Actually running the name server as a root - and making it accessible - is an exercise left to the user.

In my rewrite the focus is on a "catalog" that contains all the known top level domains being offered.  The catalog is merely a local database; there is no central authority.  A person may construct a his own catalog using all or parts of catalogs provided by other people.  Sharing of DNS TLDs could become a kind of social networking activity.  I also have tools to build partial catalog entries by doing DNS queries or zone transfers from name servers.

I'm hoping to allow a fairly flexible set of means for people to share information about top level domain offerings.  So far I've added channels that use JSON encoded text and QR codes - It seems kinda fun to think of DNS systems that disseminate the existence of, and properties of, a top level domain, via visual graphics that can be read by a smart phone.  (I've found that the QR code readers on the smart phones that I have are full QR code readers, they often can not handle more encoded bytes than are found in a typical URL, but I anticipate that as QR gets more popular that the smart phone tools for reading them will get more capable.)

These databases would be more than mere collections of top level domain names and lists of name servers; rather they would contain information about providers, what jurisdictions those providers live in, whether they are under an ICANN contract, and so forth.

My first cut at the database was simple Python language objects, but I'm moving onto an SQL (sqlite) base (the code remains Python.)

I'm using UUIDs to form the permanent handle to a TLD - it's part of what I anticipate to be a troublesome job of filtering out duplicates (although duplicates only add noise to the Grassroots system, they do not break it.)

The bigger challenge will be the generation of self-consistent root zone files.  Making sure that glue records are proper in the context of the set of top level domains that a user selects is going to be hard, really hard.

I am also leaving DNSSEC waiting in the wings, at least for a while.

The current code status is this - little pieces are in place, but it is still more a gleam in the eye than a real system.  And its claim on my available time is of middling priority.

Why am I doing this - It is because I believe in the end-to-end principle.  And I also believe that people have the right to do stupid things to themselves.

There's really no problem on the net if there are multiple DNS roots that are consistent with one another - ones that don't surprise users with wrong or malicious answers.  (The argument is not really about multiple roots, but about the meaning of "consistency".)

I trust law, lawyers, and cops to deal with people who try to create fraudulent DNS servers and lure people into harm - there have been laws about misrepresentation and fraud for centuries, the internet adds more ways to commit fraud, but the basic tort or crime is the same.

What I'm trying to do is to give a means around those who want to use DNS as a chokepoint to exert social control, extort money, spy on people's activities or use people's DNS queries to generate marketing data.

And I am not at all pleased that ICANN has created its own "pay-the-piper" chokepoint that places top level domain opportunities out of the reach of the typical internet user, or even a small business, and at the same time burdens DNS with a very limited business model and biased private law such as ICANN's UDRP and the mandatory publication of private personal data via "whois".

Nor am I pleased with some of the silly ideas contained in the proposed "PROTECT-IP" law now being considered by the US Congress.  Grassroots2 would be a tool that would demonstrate the technical fallacies underlying that bill.

I am not anticipating running code at any time soon - my spare time is too limited.

Code, when it is available, will be under a non-viral (i.e. non GPL) open license of one sort or another.

Posted by karl at July 18, 2011 11:26 AM