In message <[email protected]>, at 18:38:59 on Mon, 27 Jan
2014, Pier Carlo Chiodi <[email protected]> writes
my intention was not to use the example.com "technical background"
such as the real NSs operated by IANA.
Except your diagrams quote "a.iana-servers.net" as the NS, which is
where the potential for great confusion kicks in.
That's right, the diagram on page 6 uses the real authoritative
nameservers for example.com, because there I show how really
example.com
works.
I'm reminded of the confusion between "root servers" and "route servers"
which has beleaguered many a debate about Internet governance (and has
reared its ugly head on '1net' in only the last few days). The issue of
USA control over IANA, and the potential implication of a single point
of failure, means I am extremely concerned about giving even the
slightest [mistaken] impression that anyone's NS are located at IANA
[other than a handful of I* community sites of course].
In the rest of the document I used the example.com in other scenarios
too, many of them fictitious (blog.example.com, criminal.example.com),
just for the purpose of describing the specific situation.
I think a suitably-chosen example would be much less difficult for the
non-experts (they won't go away with the impression that IANA runs
everyone's NS).
Would not this just move the problem toward the new domain's registry
and NSs? If the impression that the document gives is this, maybe
something else should be changed too.
One solution would be using an obviously fictional set of domains for
the name servers. I'm not sure how many readers will be reaching for
their DNS-tools to see if they got "real" results.
Perhaps we could use something like example-network-A.com,
example-network-B.com, example-network-C.com as the Name Server host
networks.
ps And on another topic, might it be useful to include some indication
of how practical some of the circumvention methods you describe might be
on a tablet/smartphone (rather than a desktop PC)?
I realise that if users of *some* legacy systems can employ
circumvention it's still a problem, but the migration to mobile
platforms is rapid and significant, and they are much less susceptible
to user customisation.
On my Android phone, for example, I can't even see a way to change it
from DHCP (which I assume it's using) to a fixed DNS server of *my*
choice. I imagine an iPhone or iPad is the same.
--
Roland Perry
