One man's test is another's attempted hijack.
Last weekend, Jon Postel, who is responsible for assigning numerical IP addresses and Internet domain names such as .com, .org and .net, attempted to wrest control of some of the root servers that act as the Internet's global IP directories.
Although he was successful, had the test gone awry, it could have brought much of the Internet down. Some in the Internet community also expressed concern over the ease with which one person was able to take control of a key part of the Internet, even if only temporarily.
The root servers normally synchronize their IP information with Root Server A, the master root server owned by the government and run by Network Solutions, Inc. (NSI), in Herndon, Va. These slave root servers are located around the world and receive updates about domain names and IP addresses from the master server.
If the root servers malfunction, users might not be able to access Internet sites because the root servers cannot match the URLs to numerical IP addresses.
Postel is head of the Internet Assigned Numbers Authority (IANA), an organization that establishes IP addresses and oversees Internet domains. This past weekend, he set up a server at IANA to answer domain name queries and handle updates from many of the 12 root servers that normally get their information from Root Server A.
In a written statement, Postel said he wanted to see how easily management of the root servers could be passed to another machine when the government gives up its control of the domain system. A government "green paper" last month recommended handing the system over to an unformed nonprofit group. IANA would be folded into this group under the plan.
Postel had asked NSI for permission to conduct the test last month. However, NSI had said that in accordance with its government contract it had to get official clearance.
But Postel went ahead even without that clearance, said Dave Holtzman, senior vice president of engineering at NSI. Postel last week sent a letter to the operators of the 12 root servers asking them to reconfigure their machines to point to them at an IANA server, instead of Root Server A. This included configuring them to download updated domain files from IANA rather than from the master machine. All but the four root servers operated by the government complied with the request from Postel, long accepted as the leader of the domain community.
"As a verification that such a transfer can be accomplished smoothly and without interruption to the operational service, a test is being performed to rearrange the flow of root zone information," Postel wrote in his request to the operators.
But NSI had no idea what was going on until Akira Kato, who runs a root server in Japan, sent e-mail asking why his machine was out of sync with Root Server A. Postel had told him the test would not result in any noticeable difference between the records on his and the master server.
Becky Burr, a senior official with the Department of Commerce, said the government knew nothing of the test beforehand. "The timing is unfortunate," she said, referring to the release of the controversial domain plan.
Although no Internet users were affected by the test, some 'Net caretakers close to the situation blasted Postel for what they said was really a protest against the government's domain proposal. Some are concerned about the ease with which Postel was able to take control, even if only temporarily.
"Postel [conducted the test] entirely without authority and only stopped with strong comments from the U.S. government," said Karl Denninger, who runs MCSNet, a Chicago-based Internet service provider. "He ought to be investigated and if it is found to be illegal, he should be convicted and sent to jail."
Sources said government officials demanded Postel stop the test and hand back control to Root Server A as soon as they learned what he was doing.
"Had it gone wrong, it could have thrown the whole Internet off," said Richard Sexton, a Domain Name System (DNS) consultant and technologist in Ontario. "The government allowed him to save face by saying it was a test."
Denninger said Postel's test was not necessary because it involved a change in just one line in the servers' configuration files; something that is commonly done.
"There was no technical demonstration here," he said. "Trying to paint this as proof of concept is fraud. There was no reason to believe it would not work."
But Burr said nothing had been harmed and Postel "assured the government that everything would be returned to normal." She attributed Postel's actions to the fact that he is "used to having latitude." Under the new system, he no longer can act independently. However, many 'Net insiders agree, it is unclear who has authority during this transition period.
Adding insult to injury
It is no secret that Postel was unhappy with the government's recommendations about the DNS, sources close to the situation said.
In a statement from IANA, Postel said, "I am in agreement with the main theme of the proposal... I am less comfortable with the details of the proposal on how new generic top-level domains, registrars and registries would be established, and the restriction to only five new gTLDs."
The government's plan flies in the face of a plan that Postel had put forth with the Internet Society to create a Geneva-based cooperative called the Council of Registrars (CORE), 88 companies that would register under seven new gTLDs using a centralized database. Postel told these companies that he had the power to add these new gTLDs for them.
However, the government panned this idea and instead recommended that NSI keep control of the .com, .org and .net domains and that five gTLDs be created, but only one could be administered by CORE.
Once bitten
For some in the 'Net community, Postel's actions brought to mind Eugene Kashpureff, who is facing federal charges of computer and wire fraud for last year hijacking NSI's InterNIC Web site where users register their domain names.
Kashpureff redirected traffic to his AlterNIC Web site.