Charles M. Kozierok The TCP-IP Guide
Подождите немного. Документ загружается.
The TCP/IP Guide - Version 3.0 (Contents) ` 1001 _ © 2001-2005 Charles M. Kozierok. All Rights Reserved.
cally belongs to the island nation of Tuvalu. Of course, to most people, “TV” means
something quite different. Some folks thought that domain names ending in “TV” might be
popular in the English-speaking world, so they formed a company called “The .TV Corpo-
ration” and negotiated with the government of Tuvalu to use the .TV domain. Today, the
authority for this TLD is in fact this corporation, headquartered in California! Similar
arrangements can be found with the .CC, .NU, .TO and other TLDs.
This serves as a good reminder that the name space is logical and not physical. Obviously,
the many computers with “.TV” names are not actually located on a remote island in the
South Pacific. Similarly, if a Web site ends with “.CA”, for example, it probably represents a
Canadian organization, but that doesn't necessarily mean the Web site itself is actually
hosted in Canada.
Drawbacks of the Geopolitical TLDs
The geopolitical domains have been very popular for certain uses; for one thing, national
governments and other “official” institutions like to use them, for obvious reasons. Typing
“www.gov.XX” or “www.government.XX” where “XX” is a country code is likely to bring you
to the national government Web site of most countries. Some companies and organizations
use the ccTLDs because they allow them to choose a name already taken in the generic
hierarchies, or simply to express national pride.
For many other companies and organizations, however, the generic TLDs have been much
more popular than the country codes. I believe there are several reasons for this, but I think
the most important one is that organizations are easier to locate using the generic domains.
Here's a good example of what I mean. In the town near where I live, a new grocery store
called Aldi recently opened. I like the store and wanted to learn more about them, so I fired
up my Web browser and sought out their Web site. Yes, I could have typed it into a search
engine, but like most people I am lazy. It was much easier to just enter “www.aldi.com” into
my browser, and lo and behold, up popped the web site of Aldi International.
Now, Aldi is actually headquartered in Germany, and they do have a web site at
“www.aldi.de” as well. But I had no idea where they were originally from. I found them easily
by going to “www.aldi.com”, because I didn't need to know their physical location, and
because I know that most large companies have a “.COM” domain. Of course, being
“findable” is very important, especially for commercial organizations trying to do business.
Another good example is the United States, which as mentioned above has its own country
code, .US, in addition to dominating the generic TLDs. The authority in charge of this
domain chose to make it follow a strict geographical hierarchy, so every domain must be of
the form “organization.city.state-code.US”. So, to use this part of the name space, a
company in Boston must be within the “.boston.ma.us” domain.
The TCP/IP Guide - Version 3.0 (Contents) ` 1002 _ © 2001-2005 Charles M. Kozierok. All Rights Reserved.
That's very neat and logical, but it makes names both longer and harder to guess than the
generic equivalents. Suppose you wanted to get information on metals giant Alcoa. If you're
in the industry you might know they are located in Pittsburgh, but if not, which is easier to
find, “www.alcoa.pittsburgh.pa.us”, or “www.alcoa.com”? Anyone here know how to spell
Albuquerque? ☺
It is for this reason that the .US domain achieved success in certain segments of society but
not in others, especially commercial entities (corporations). The strict hierarchy does have
some real advantages, however, such as avoiding name space conflicts. The .US authority
eventually abandoned the strict geographical hierarchy due to its non-acceptance.
DNS Second-Level and Lower Domains, Delegation of Registration Authority
and Public Registration
The IANA is in charge of deciding what top-level domains (TLDs) exist in the Internet name
space, and as such, they are ultimately responsible for all names in the Internet. The entire
point of the authority hierarchy, however, is that IANA not be responsible for the whole
name space. So, while IANA maintains control over certain TLDs, such as .INT and .ARPA,
control for managing the others is delegated to secondary authorities for each TLD.
Just as IANA had the choice of how to delegate authority to the subdomains of the “root”
domain, the organization in charge of each TLD gets to make the same decision about how
second-level domains are to be created under the TLD. In many of the TLDs, especially the
generic ones, second-level domains are assigned directly to individuals or organizations.
For example, a company named XYZ Industries might want to get the domain “xyzindus-
tries.com”. In other TLDs, second-level domains are set up in a particular structure, like the
state codes used in the .US domain. There, you need to go down more levels, but
eventually you once again get to the point where companies and people register their own
domains; in the .US domain, XYZ Industries might want to register “xyz.phoenix.az.us”, for
example, if they were headquartered in Phoenix.
Centralized Public Registration
This transition point between the authorities granted responsibility for parts of the name
space and the “regular” people and groups who want to get names within it is important. A
process of public registration had to be established to allow such name assignment to occur
in a consistent and manageable way. This was not that difficult to accomplish back when
the original generic TLDs and country code TLDs were first created. The Internet was quite
small and it made sense to just have the authority in charge of each TLD perform registra-
tions within that TLD. This ensured that there was no duplication of names within a TLD
with a minimum of fuss.
For the very important generic TLDs such as .COM, .NET and .ORG, the authority in charge
of registration was the Internet Network Information Center (the InterNIC). The InterNIC
was set up as a service administered by the United States government, who later granted
The TCP/IP Guide - Version 3.0 (Contents) ` 1003 _ © 2001-2005 Charles M. Kozierok. All Rights Reserved.
the contract to manage it to Network Solutions Inc. (NSI). NSI was eventually purchased by
Verisign, then later spun it off as a separate venture. (Things change quickly in the
networking world!)
NSI single-handedly performed all registrations within the .COM, .NET and .ORG TLDs for
many years. The popularity of the original generic TLDs, however, led to an explosion in
demand for name registration in the 1990s in these domains. Having a single company in
charge of registration led to this becoming another bottleneck in the Internet's domain name
system. There were also many folks who didn't like the lack of accountability and compe-
tition that came with having a single “monopoly” in charge of registration; the InterNIC could
set its own price and originally charged $35 per year per domain name, then later $50 per
year.
Deregulation of Public Registration
In the late 1990s, responsibility for name registration was given to the Internet Corporation
for Assigned Names and Numbers (ICANN). The registration process was “deregulated”, to
borrow a term referring to removal of monopolies from industries like power generation. As
of December 1999, there was still a single authority that has overall responsibility for each
TLD, including .COM, .NET and .ORG. Today, Network Solutions is still the authority
running .COM and .NET. However, they aren't the only ones that register names within
these TLDs. They further delegate registration authority to a multitude of other companies,
called accredited registrars. Any registrar can register names within the TLD(s) for which
they are accredited.
Naturally, coordination becomes much more of a concern when you have multiple
companies registering names in a TLD compared to just one. A special set of technical and
administrative procedures is followed to ensure that there are no problems such as two
registrars trying to grab a name at the same time. The system has worked well, and those
who wish to use TLDs where competition exists now can choose from a variety of regis-
tering companies. The most noticeable result of this was also the most predictable one: the
cost of registering a domain name in the deregulated generic TLDs is usually much lower
than the fees originally charged by the InterNIC.
Once a company, individual or organization has a registered lower-level domain, he/she/it
becomes the authority for that domain. Use of the domain then becomes private, but
depending on how the domain is used, further public name registration may be required.
See the topic on private registration for more.
DNS Public Registration Disputes (Conflicts, Cybersquatting, "Deceptive
Naming", Etc.) and Dispute Resolution
The Internet started off as a medium for research into networking, evolved into a system for
interconnecting scientists and ended up as a global communications tool used by just about
everyone. As part of this evolution, the Internet also became a very important part of how
business is done in the world. Money started to really come into the Internet picture in the
The TCP/IP Guide - Version 3.0 (Contents) ` 1004 _ © 2001-2005 Charles M. Kozierok. All Rights Reserved.
early 1990s, and just a few short years later, its impact on the Internet was so significant
that the growth of the stock market to dizzying heights in the late 1990s is now often called
“the Internet bubble”.
Public Registration Disputes
Unfortunately, the increasing importance of the Internet to commercial interests crashed
headlong into the non-commercial original design of Internet technology, and nowhere was
this more evident than in the Domain Name System. Since there were only a few generic
TLDs, since each name within a TLD had to be unique, and since humans are often
confrontational creatures, it didn't take a long time before arguments broke out over who
should be able to use what name, and why. And of course, from there, it didn't take long
before lawsuits and other unpleasantries broke out.
There are a surprising number of significant problems associated with public registration of
domain names.
Corporate Name Conflicts
The .COM domain is for corporations, but many corporations have the same name. The
ACME Furniture Company, the ACME Restaurant Supply Corporation and ACME
Footwear, Inc., probably all would like to have the “acme.com” domain. But there can be
only one such domain within .COM. (These are fictional examples; “acme.com” is in fact
owned by an organization called Acme Labs.)
Corporate/Individual/Small-Business Name Conflicts
There are many corporations that have names similar to or even identical to the names of
individuals, leading to potential conflicts. For example, suppose your first name is Wendy
and you own a small fabric store called “Wendy's Fabrics”. But you are Internet savvy and
decide you want to register “wendys.com” as soon as you hear about the Internet in 1993.
Then this big hamburger chain comes along and has a problem with that… ☺
To my knowledge no such issue arose with respect to Wendy’s, but there actually was a
widely-publicized case that shows just how recently most corporations were “out of the
loop” with respect to domain naming. In 1994, a writer for Wired magazine was astonished
to find that the “mcdonalds.com” domain name was unregistered! To show just how unregu-
lated the registration process was, he registered it himself, and caused a bit of a stir as a
result. The Golden Arch Folks eventually acquired the domain from him in an amicable
arrangement where he relinquished the name and they made a donation to charity.
“Corporate Warfare”
A particularly ugly type of conflict is sometimes seen where companies intentionally try to
take business from each other by registering names that have nothing to do with their own
companies. An example would be if Burger King had tried to register “mcdonalds.com” and
use it to advertise Burger King products. (Which they didn't do, I might add, so please
nobody sue me! ☺)
The TCP/IP Guide - Version 3.0 (Contents) ` 1005 _ © 2001-2005 Charles M. Kozierok. All Rights Reserved.
Another example is when companies try to use alternate TLDs, such as registering
“burgerking.org” to confuse people trying to find “burgerking.com”. In fact, many companies
have taken the step of registering their names in many different TLDs to prevent this sort of
thing from happening.
“Cybersquatting”
Some ambitious (to choose a nice term) individuals, recognizing early on the potential value
of certain names, registered large volumes of names with the hopes of reselling them.
Many people condemned this as exploitative, and the term cybersquatting was created to
refer to this type of activity. Unfortunately, a lot of money was made this way, and there are
many domain names that to this day cannot be used because they have been “reserved”
indefinitely by people or individuals who will never use them.
Deceptive Naming Practices
Another type of somewhat-diabolic creativity has been displayed by people who seek to
take advantage of the inability of some of us to spell. For example, if you were a competitor
of a large company called Superb Transceivers Inc., which registered “superbtrans-
ceivers.com”, you might register “superbtranscievers.com” and redirect traffic from there to
your own domain. Another example takes advantage of the common mix-up between “O”
(the letter) and “0” (the number). For example, a software company once registered
“micros0ft.com”, much to the chagrin of the Redmond, Washington software giant.
Dispute Resolution Methods
So, how do we resolve these situations? As the saying goes, it can be done either the easy
way, or the hard way…
Domain Name Sharing
Sometimes the antagonists agree on a productive solution. One particularly constructive
idea is to agree to share the domain name. For example, the three ACME companies
mentioned in my example above could each create their own more-specifically-named
domains, such as “acmefurniture.com”, “acmerestaurantsupply.com” and
“acmefootwear.com”. Then, they might agree to have the “www.acme.com” registered to
nobody, by having one company register it and not use it for anything.
Even better, they could set it up with a simple web page that says the domain is shared,
with a link to the three sites above. I have seen this before, but rarely. Unfortunately, it
seems grade school children understand the concept of sharing better than most corporate
executives do.
The TCP/IP Guide - Version 3.0 (Contents) ` 1006 _ © 2001-2005 Charles M. Kozierok. All Rights Reserved.
Domain Name Purchase
Another option is purchase. If a big company wants a domain name already registered by
an individual or small business, they will often just purchase it, as this is the easiest thing to
do. During the height of the Internet mania, there were domain names that sold for millions
of dollars—just for the right to use the name! Again, many cybersquatters and other specu-
lators got rich doing this.
Litigation
Often the combatants don't play nice, and the usual occurs: threats, intimidation, law suits,
and so forth. Sometimes a letter from a lawyer is enough to resolve the issue, especially
when some poor individual owning a web site gets threatened with legal action by a large
company—this has happened many times.
However, often the disagreeing parties stick to their guns, especially if two companies lock
horns and their lawyers refused to back down. Usually the matter then ends up in the
courts, and is eventually be resolved one way or the other. This gets into legal issues that I
am totally unqualified to even talk about. Usually, claims of trademark infringement would
be used by a company challenging a prior domain name registration.
The Uniform Domain Name Dispute Resolution Policy
Lawsuits are expensive and time consuming, so there was a desire that some other
mechanism exist for resolving these conflicts as well. Since the authority for each TLD
controls what happens within it, it also has the right to create its own policies for how to deal
with these sorts of issues. For the generic TLDs, the original registering authority, the
InterNIC, had a dispute resolution policy that allowed someone with a complaint to
challenge a domain name registration if they had a trademark interest in that name. The
policy was controversial for a number of reasons, not the least of which because it led to
some domain names being successfully challenged even if there was no proof of trademark
infringement.
The current authority for the generic TLDs, IANA/ICANN, created a new Uniform Domain
Name Dispute Resolution Policy (UDRP) in 1999, to better handle domain name conflicts.
This policy specifies a procedure whereby a company that has a valid trademark can
challenge a domain name if it either infringes on the trademark, is confusingly similar to it,
or if the name was registered by someone else in bad faith. At the same time, it also lists
ways that the original registrant can prove that the registration is valid and should be
maintained. This new system eliminates many of the real problems described above, such
as deceptive naming, “corporate warfare” and cybersquatting, while not automatically
allowing a second-comer to shut down a legitimate domain.
Disputes as a Motivation for New Generic TLDs
Incidentally, it was all this nonsense that led, in part, to the clamor for new generic top level
domains. In the interest of fairness, I also want to mention that even though more compli-
cated TLDs like the old strictly hierarchical .US are not very popular, they have a huge
The TCP/IP Guide - Version 3.0 (Contents) ` 1007 _ © 2001-2005 Charles M. Kozierok. All Rights Reserved.
advantage over the generic domains. Since all registrations there are geographic, there are
far fewer conflicts, because a dispute requires that two organizations have the same name
and also be in the same state and town.
For example, you could still have three “Joe's Pizza Parlor”s in Chicago duke it out, but it's
not likely that you'd see big companies on the mat in .US. For example, the ACME Furniture
Company might use “acme.seattle.wa.us”, the ACME Restaurant Supply Corporation
“acme.mendocino.ca.us” and ACME Footwear, Inc. could go with “acme.anchorage.ak.us”.
DNS Name Space Administrative Hierarchy Partitioning: DNS Zones of
Authority
I explained earlier in this topic that the DNS name space is arranged in a hierarchy, and that
there is also a hierarchy of authorities that is related to that hierarchical name structure.
However, the two hierarchies are not exactly the same. The reason is that if they were the
same, this would mean we needed a separate authority for every domain at every level of
the tree, and that's something we are very unlikely to want to have everywhere in the
structure.
At the very top levels of the DNS tree, it seems reasonable that we might want to designate
a separate authority at each level of the structure. Consider the geopolitical name
hierarchy; IANA/ICANN manages the “root” domain, but each of the ccTLDs is managed by
a distinct national authority
The Need For Authority Hierarchy Partitioning
However, when you get to the lower levels of the structure, it is often inconvenient or
downright impossible to have each level correspond to a separate authority. As an example,
let's suppose you are in charge of the Googleplex University IT department, which runs its
own DNS servers for the “googleplex.edu” domain. Suppose there were only two schools at
this university, teaching Fine Arts and Computer Science. Suppose also that the name
space for the computers were divided into three subdomains: “finearts.googleplex.edu”,
“compsci.googleplex.edu”, and “admin.googleplex.edu” (for central administrative
functions, including the IT department itself).
Most likely, you don't want or need the Fine Arts department running its own DNS servers,
and they probably don't want to, either. The same is likely true of the administration
machines. However, it's possible that the Computer Science department does want to run
its own DNS servers, because they probably have many more computers than the other
departments, and they might use running a DNS server as part of their curriculum. In this
case, you might want yourself, the administrator for “googleplex.edu”, to maintain authority
for the “finearts.googleplex.edu” and “admin.googleplex.edu” subdomains and everything
within them, while delegating authority for “compsci.googleplex.edu” to whomever in the
Computer Science department is designated for the task.
The TCP/IP Guide - Version 3.0 (Contents) ` 1008 _ © 2001-2005 Charles M. Kozierok. All Rights Reserved.
DNS Zones of Authority
DNS is specifically designed to allow these divisions between the name hierarchy and the
authority structure to be created. The complete DNS name structure is divided by making
cuts (as the standard calls them) between adjacent nodes to create groups of contiguous
nodes in the structure. Each group is called a zone of authority, or more commonly, just a
zone. Each zone is usually identified by the domain name of the highest-level node in the
zone, that is, the one closest to the root. The zones in DNS are by definition non-
overlapping—every domain or subdomain is in exactly one zone.
Methods of Dividing the Name Space Into Zones
The division of the name space into zones can be made in an arbitrary way. At one
extreme, we could place a cut between every node, and thereby divide the entire name
space so each domain (and subdomain, etc.) was a separate zone. If we did this, the name
hierarchy and authority hierarchy would indeed be the same for the entire DNS tree. At the
other end of the scale, we could use no cuts at all, defining a single zone encompassing the
entire DNS structure. This would mean the root was the authority for the entire tree.
Of course in practice, neither of these is particularly useful, as neither really reflects how the
real-world administration of DNS works. Instead, we generally divide the name structure in
a variety of places depending on the needs of different parts of the name space. There are
many cases where we might want to create a subdomain that is responsible for its own
DNS server operation; there are others where we might not want to do that. The signifi-
cance of a “cut” in the name hierarchy is that making such a cut represents, in essence, a
declaration of DNS independence by the node below the cut from the one above the cut.
Returning to our example, if googleplex.edu is in charge of its own DNS servers, then there
would be a “cut” in the name space between “googleplex.edu” and .EDU at the next higher
level. This means that the DNS server for .EDU is no longer in charge of DNS for the
“googleplex.edu” domain; instead, either the University itself or someone they hire as a third
party must provide DNS for it. In this case, we are assuming Googleplex U. themselves run
their own DNS. Without making any other cuts, the “googleplex.edu” domain would be a
single zone containing everything below that name, including both “finearts.googleplex.edu”
and “compsci.googleplex.edu”.
In our example, however, we would make another “cut”, between “googleplex.edu” and
“compsci.googleplex.edu”. This in effect liberates
“compsci.googleplex.edu”, allowing its
administrators to be in charge of their own DNS server. In so doing, we end up with two
distinct zones: one encompassing “googleplex.edu”, “finearts.googleplex.edu” and
“admin.googleplex.edu” (and everything underneath them) and another for
“compsci.googleplex.edu” (and everything below it). This is illustrated in Figure 240.
Key Concept: The DNS name registration hierarchy is divided into regions called
zones of authority. Each zone represents an area that is administered independently,
and consists of a contiguous segment of the DNS name tree.
The TCP/IP Guide - Version 3.0 (Contents) ` 1009 _ © 2001-2005 Charles M. Kozierok. All Rights Reserved.
The Impact of Zones on Name Resolution: Authoritative Servers
The concept of zones is critical to understanding how DNS name servers work, and
therefore, how name resolution is performed. All of the information about the subdomains
and individual devices in the zone is represented using a set of resource records stored on
a DNS name server. Usually, this name server is associated with the highest-level domain
name in the zone. A name server that contains the definitive information for the zone is said
to be authoritative for the zone. An authoritative server for a zone is one that maintains the
official information about the zone, and the one that is ultimately responsible for providing
name resolution information about it. We'll see more about this in the section on DNS
servers and name resolution.
Figure 240: DNS Zones Of Authority
This example shows how cuts can be made between nodes in the DNS name tree to create an arbitrary
hierarchy of name authorities. In this example I have shown the DNS tree branch for “googleplex.edu”, with
each zone indicated using a different background color. IANA/ICANN is responsible for the root domain
(yellow), and a separate authority named Educause takes care of “.EDU” (green). The blue zone covers much
of “googleplex.edu”, except that a cut has been made between “googleplex” and “compsci” to create an
independent zone of authority for “compsci.googleplex.edu”, shown in purple.
(root)
edu
googleplex
admin finearts compsci
hw
sw
host1 hostN
...
net
host1 hostN
...
host1 hostN
...
host1 hostN
...
host1 hostN
...
The TCP/IP Guide - Version 3.0 (Contents) ` 1010 _ © 2001-2005 Charles M. Kozierok. All Rights Reserved.
Every DNS zone has a set of authoritative servers, which are usually a pair called the
primary (or master) and secondary (or slave) servers. However, it is also possible for a
single DNS name server to be authoritative for more than one zone. As mentioned above, it
is not always necessary for the actual owner of a domain to provide DNS services for it.
Very often, especially for the domains owned by small businesses or individuals, DNS
services are provided by a third party, often an Internet Service Provider.
For example, I have had “pcguide.com” registered as a domain since 1997, but my long-
time Web hosting provider, pair Networks, has provided DNS services for me since the
beginning. This means that pair's DNS servers in the “pair.com” hierarchy are responsible
for “pcguide.com”. They are also responsible for many other domains for their customers.
DNS Private Name Registration
We have now seen the hierarchical nature of the DNS name space, and the authority
structure that administers it. Name registration begins with the generic and country code
top-level domains (TLDs) within the root of the name hierarchy, proceeds to second-level
domains within the TLDs, and then lower-level subdomains below those. As we progress
down the name tree, we move from the most general, public authority (IANA/ICANN, which
runs all of DNS), through the high-level TLD authorities, and eventually down to the level of
individual organizations, corporations and individuals.
Private Domain Name Ownership
This “dividing line” between public authorities and private authorities occurs in many
different places in the name structure. Wherever it does occur, below that line, responsibility
for the domain becomes that of the organization that registered it. It can further subdivide
the name space, granting parts of it to other organizations or even reselling it if they wish.
Alternately, they may decide to use the name space to create a purely internal structure. I
call this private name registration, in contrast to the public name registration we discussed
earlier in this section.
For example, if a company called XYZ Industries registers “xyzindustries.com”, they
become the owner of not just that domain name, but any subdomain structure or named
items within it that they may choose to create. This is, of course, the beauty and power of
authority delegation and the hierarchical structure. The company has an important decision
that they must make however: they must choose whether they want to create names that
are part of the global DNS name structure, or if they want to use names within the structure
purely privately.
Using Publicly-Accessible Private Names
If a company wants names within its domain to be part of the global DNS name structure, it
is required to perform the work necessary to properly set up and manage these names so
they fit into the Domain Name System. The most common example, of course, is creating a
public World Wide Web server. Most companies name such servers beginning with “www”,
so XYZ Industries would probably wish to have the name “www.xyzindustries.com” for its
WWW server address.