Educated Guesswork: Who controls the Internet?

« More on prisoner treatment | Main | Why there's no real problem with ccTLDs »

October 9, 2005

Who controls the Internet?

The EU's desire to "control the Internet" is getting a lot of press. Unfortunately, the press is doing a lousy job of explaining what this means, probably because it's not a well-formed concept. Nobody really "controls" the Internet, anymore than anyone controls the market. The Internet is basically what you get when a bunch of people agree to connect to each other using more or less the same protocols. That isn't to say that nobody controls segments of the Internet: ordinary legal mechanisms can be used to compel individual actors to do specific things, as 2257, the Yahoo/France incident, and the Great Firewall of China demonstrate quite clearly. But none of these authorities can really be said to control the Internet as a whole, and it's not what people mean when they talk about control of the Internet. What they mean is ICANN.

Remember that I said that the Internet requires that people agree to do more or less the same things? Well, there are two important things that ICANN controls: the names that are used to map hosts on the Internet (for the present purposes, this means things like Web sites, mail servers, etc.) to IP addresses and the IP addresses themselves. (They also control protocol code points, but those are typically pretty uncontroversial).

Domain Names
Domain Name System (DNS), used to map host names to IP addresses, is a hierarchical, distributed system. with each level of the name being controlled by the one above it. Take a name like educatedguesswork.org. The Public Interest Registry operates .org. They decide which server gets to control educatedguesswork.org. When I wanted that domain name, I registered it with them.¹, for which I pay a fairly nominal fee.

ICANN controls which top level domains (.org, .com, etc.,) and who gets to operate them, and through that to some extent what their policies are. This tends to be a beauty contest and some of their decisions on all of these fronts have been controversial, most recently .net and .xxx.

To understand how ICANN controls this stuff, you need to have some idea how DNS name resolution works. Take, for instance the name www.educatedguesswork.org. The way that this is resolved looks something like this:

Contact one of the root servers, e.g., a.root-servers.net and find the server for .org. This gives us six servers, TLD1.ULTRADNS.NET, TLD2.ULTRADNS.NET, etc.
Contact TLD1.ULTRADNS.NET, and ask for educatedguesswork.org. This gives us 3 servers, ns1.dreamhost.com, etc. ²
Contact ns1.dreamhost.com to get www.educatedguesswork.org. This gives the IP address, 205.196.213.214

Now, what ICANN controls is the first step of the operation, where you look up .org. They do this by pushing out the root zone to the various root name servers, imaginatively named A-M. But here's the interesting thing: what makes those the root servers is that people's name servers are configured to point to them. If people reconfigured their name servers to point to some other set of root servers, the control of the root zone would change just like that. On the other hand, as long as people's resolvers don't change, then it doesn't much matter what the governments of various countries try to do.

If the governments in question are serious, then, what they'll probably do is require that ISPs to reconfigure their servers. Since most people just use their local ISP's server, this would get most of the job done. Of course, this assumes that they can all agree on what the new roots should be and the US ISPs (and software vendors) go along. If not, the result will be a partition in the namespace--not a good outcome.

IP Addresses
Less well known, but probably more important than domain names are IP addresses. The Internet Assigned Numbers Authority (IANA) allocated IP address blocks to the Routing Information Registries (RIRs). The RIRs allocate them to ISPs and end users.

Why this matters is that IP addreses (well, at least IPv4 addresses, which is what everyone uses) are a somewhat scarce commodity. Back in the old days, they used to be allocated a lot more freely, so they're distributed fairly unevenly and that US and Europe got the bulk of them, with things being a lot more scarce outside those areas. I suspect there's some angst about this as well, but because it's less overtly political, there's less public fulminating about how unfair it is.

The situation with control of IP addresses is similar to that with domain names, but even more anarchic, since there's no real trustworthy master list of all the IP address assignees (though there are bogon lists of addresses which have not been assigned to anyone. The way that one ISP learns about addresses assigned to other ISPs is by BGP advertisements from ISPs, who are mostly trusted not to generate advertisements for addresses they haven't been assigned. Given this, it's not clear how ISPs would treat advertisements that they know weren't made by ICANN/IANA. If a substantial fraction choose not to accept them, you end up with a partition again--not exactly a desirable outcome for the recipient of that new space.

^2. Note that if you don't have the IP address for ns1.dreamhost.com, you'll need to follow a similar procedure to get it. I'm omitting that for the sake of clarity.

¹ Technically, I arranged for Dreamhost to have it registered, but this particular detail doesn't matter here.

Posted by ekr at October 9, 2005 10:07 PM | Filed under:

Comments

Why do you think it matters if countries break off and form their own Internet, separate from the U.S. internet? What's the worst case?

Posted by: Steve Purpura at October 11, 2005 8:09 AM