A Tear in the Internet Big Enough to Drive a Pushpin Through

The weekly public radio program â''On The Mediaâ'' had another great show last Saturday, as usual, except for its story on the Internetâ''s domain name system. The occasion was nominally the grudging acceptance by the Internet Corporation for Assigned Names and Numbers, or ICANN, of new top-level domains for non-Roman alphabets, specifically Chinese and Cyrillic ones. In reality, the OTM story was inspired by a confused story in the UK paper The Guardian, â''Kremlin eyes internet control ...,â'' back on 3 January.

On the Media presented a single â''expert,â'' Tim Wu, who is a lawyer and academician, not a network engineer or scientist, and one known for iconclastic views, to put it mildly. Worse, OTM host Brooke Gladstone let him assert without further questioning that having multiple alphabets or multiple root servers could fracture the Internet. If youâ''re not going to present an alternative view, Brooke, you have to at least ask how the one causes the other. It may seem obvious it will, but it isnâ''t. And it may not be true.

Worse still, for On The Media, China already has the equivalent of an alternative root, and it hasnâ''t fractured the Internet. And lastly, the ICANN method for handling alternative alphabetsâ''which has already been approved by the Internet Engineering Task Force as the standard way of doing itâ''would to some extent do away with the need for the alternative Chinese root server. So it would heal any potential Internet breach, not create one.

Not that alternative root servers are such a big deal anyway. The fact is, weâ''ve had them for a long time. I first wrote about them in January 2001 ("Internet Name Game Gets Serious"), and they werenâ''t new even then. I presented arguments that alternative roots were, indeed, a potential problem, and described the two ways they could be. I didnâ''t believe it was likely to prove a real problem then and I donâ''t think it is one now.

The potential problems are these. First, domains accessible only via an alternative root may not be findable by the mainstream users, who service providers who access only the main root system, the one blessed by ICANN.

Second is the potential for ambiguity in resolving an Internet address. If both the main root system and the alternative root system support their own .biz domains, for example, a name like onthemedia.biz could resolve to two different Internet protocol addresses, depending on which root system was queried.

This second problem is potentially serious, but in practice one rootâ''s domain will win and the other will lose. Thatâ''s what happened in 2001 when ICANN created its own .biz domain. The existing one, an already-not-very-popular five-year-old domain run by Atlantic Root Network Inc., quickly faded into disuse.

The first problem has never been a serious one in theory or practice. The first thing to note is that a root server resolves very few queries, relatively speaking. Domain name records, which are what associate a domain name and an Internet protocol address, donâ''t change very often, and service providers cache the most common ones.

Queries that canâ''t be resolved by the cache go on to the service providerâ''s domain name server, and then to that of the entity from whom the service provider gets its Internet feed from. Only if a query canâ''t be resolved by such a chain does it end up at the root server (or one of its twelve mirrors). The root server does only one thing: look at the tail portion of the problematic domain nameâ''.com, .org, .uk, .cn, etc.â''and say what organization is responsible for it. Then the query goes back down a chain of name resolutions, reading the domain name dot-by-dot from right to left, until the entity is found that actually assigned the complete domain name to an IP address.

Typically, the companies that run alternative root server issue software patches for Internet service providers and for end-users (either patching the operating system or the browser) that redirect domain name references about their domains to their own domain name servers.

According to Milton Mueller of Syracuse University, who has written a book about the domain name system, thatâ''s pretty much what the Chinese do for Chinese character domain names right now. The Chinese have created a Chinese character equivalent for .com, .net, and .cn. If youâ''re inside China and, say, try to look up a web page with one of these non-Roman endings, a domain name query goes directly to the root server in charge of that top-level domain. Outside China, the patch slaps â''.cnâ'' in ASCII onto the domain name. That forces the query to be sent to the entity that runs the alternative root domains, because itâ''s the same organization that runs the the .cn root server (the ASCII one). Those queries, in other words, get resolved as second-level domain queries, not at the root level. This is not exactly a fracturing of the net. In fact, the point of the patch is the ensure that the net remains unified and that the existing domain name server system doesnâ''t need to change the way it does things.

The solution that ICANN is testing is even more benign than this. Domain names will be translated into a ASCII code that domain name servers will use to do their own internal lookup. Roman alphabet domain names donâ''t have to be translated, though they can be. Non-Roman alphabet domain names will always be translated. This method has already been endorsed in IETF standards documents known as RFCs. ICANN is testing it to make sure that it works in the real world.

Thatâ''s the big change taking place. A name lookup will now take a domain name server another step, and presumably another nanosecond to resolve. Now, Tim and Brooke, how exactly will that fracture the net?


Tech Talk

IEEE Spectrum’s general technology blog, featuring news, analysis, and opinions about engineering, consumer electronics, and technology and society, from the editorial staff and freelance contributors.

Newsletter Sign Up

Sign up for the Tech Alert newsletter and receive ground-breaking technology and science news from IEEE Spectrum every Thursday.