Domain suffixes not an endangered species

I’ve seen several references to the firm that wants to get rid of net suffixes over the weekend, and at the risk of sounding like a stuffy curmudgeon I have to state my suspicion that it is at least partially attributable to a “slow technews weekend” after the US Thanksgiving. From monday morning’s vantage point this outfit’s 15 seconds of fame have probably already expired.

At first glance I thought this was another doomed protocol to sit on top of the DNS layer like the long defunct Realnames but further reading reveals this to be just another alternate root server initiative.

Whenever these things are brought to my attention I am quick to concede a few points:

  • There is nothing revolutionary or innovative about creating an alternative root structure. All it takes is a nameserver. You can load anything you want into your root hints file and then try to convince people to use it.
  • The current state of the DNS and the internet naming structure is built entirely on consensus and held together by convention. Thus, it is theoretically possible to alter consensus and change convention.
  • There probably exist already “private” roots outside of the legacy namespace which are not visible to the world at large and this is intentional and by design (most VPNs can fit in the category but I suspect there are “pseudo-public” ones. My theoretical example has always posited the existence of a .CDC root for the Cult of the Dead Cow hacker group)

In practical terms, all you have to do is convince every nameserver operator in the world to change their root hints to [insert magic bullet solution to all the world’s naming ills here] and if enough parties do it, absolute chaos will reign supreme until 100% uptake is achieved.

100% uptake will never be achieved. I have a friend who once made an apt analogy: “convince every car owner in the world to change their tires on the same day”.

Thus, the best an alternative root structure can hope to achieve is to cause permanent and lasting damage, to in effect “break the internet”.

If not enough parties do it, it will sink into the internet graveyard where all the other alternative root structures go to die. (It is a place that runs exclusively on IPv8 and INEGroup’s Bindplus software has a de facto monopoly)

People may ask: Would easyDNS “support” these alternative roots? Our reply is that we’ll provide DNS for anything our members want DNS for. If you want to give some company $1000 USD to register “mycompany” as a Top Level Domain in a namespace nobody else on the planet can see, we’ll provide DNS for it on request. It’s your money. (We will caution you up front that this borders on vapourware) but to us it’s just another zone in our nameservers (one that doesn’t get a whole lot of queries).

Nouvelles concernant nos services

1. Mis a jours a notre réseau
À cause de les attaques récente sur nos serveurs, nous avons fait des mis a jours sur notre réseau pour améliorer et minimiser les effets dans le futur, et nous sommes confiante que les changements sont déjà très effective.

Nous avons fait une mise à niveau à la bande passante de notre réseau, et aussi remplacé les autres protections comme le pare-feu. De conséquence, quand une attaque a venu la semaine passé, même que notre page web a était inaccessible pour une bref période, la résolution DNS n‘était pas affecter de tout, et aucune domaine a était affecter.

Nous avons aussi déplacer nos serveurs de nom à distance aux centres de protection d‘info Prolexic, et encore, sont très heureux avec les résultats de ce déménagement. Les serveurs là ont teins le coup durant quelques autres attaques sans effet.

Pour plus d‘info, voyez SVP ici :

Nous sommes très reconnaissante, ce jour, pour le patience et compréhension pendant cette période.

2. Transfert d‘info de zone de nos serveurs

En répondant au demande pour plus de sécurité en cas d’attaque, on a ajoute’ a l’interface sur votre page de membres une section qui vous permettra d’ajouter des adresses IP des serveurs de nom possédant le droit pour le transferts de fichier de zone.

Pour plus d‘info, voyez, SVP :

3. Certificats SSL pour votre site web maintenant disponible

Pour mieux servir nos clients, et pour faire plus simple et rapide le processus d‘obtenir les certificats SSL, nous avons ajouter un service as votre interface sur le page de membres qui vous permet d‘acheter, par nous, les certificats SSL de Geotrust (Quick SSL et True Biz Id), même qu‘on utilise nous ici

Avec un prix pour nos clients que ce commence a $99.00, et la capacité d‘être commander, acheter et activer dans moins que dix minutes, nous sommes confiantes que c‘est un bon addition a la liste de services et options qu‘on offre a nos clients.

Pour commandez vos certificats, veuillez, SVP, accéder votre page membres, et cherchez dans le module d‘utilités.

Pour plus d‘info, voyez, SVP :

System update and SSL certs now available

In this email:

1. easyDNS system upgrades

2. Members can now add 3rd-party nameservers to their domain ACLs

3. SSL web certificates now available

1. easyDNS System Upgrades

We have completed most of our system upgrades in the face of the recent
Denial-of-Service attacks and thus far we are cautiously optimistic about
the results.

We increased our bandwidth capacity significantly at Q9 and replaced our
firewalls with new equipment and DOS-mitigation measures and devices.
We were then attacked again at Q9 last week and despite the web interface
being unavailable for a brief period of time, all other services local to
Q9, including DNS, remained unaffected.

We have also redeployed the remote nameservers to datacenters
and again, are pleased with the results. The nameservers there have come
through several more DOS attacks completely unscathed and with no
noticeable effects on our service.

More can be read about this at our blog:

At this point we would like to thank our members for their patience and
understanding through this period.

2. Members can now add 3rd-party nameservers to their domain ACLs

Following up on some concerns about redundancy throughout the DOS
attacks, we’ve added a feature to allow members to add nameserver redundancy
beyond the easyDNS nameserver cluster.

You can now specify other non-easyDNS nameservers for your domains and we
will allow those nameservers to slave your zones from us.

Also see:

3. SSL web certificates now available

In response to customers asking if there was some way we could streamline
and simplify the otherwise byzantine and Kafka-esque process of purchasing
and renewing SSL web certificates, we have begun reselling Geotrust’s
“Quick SSL” and “True Biz ID” SSL web certificates, which provide 128-bit
security and are fully recognized by all major browser types.

At the easyDNS member’s price of $99 USD for a QuickSSL webcert, which
can be completely ordered, provisioned, authenticated via email, and
installed in under 10 minutes, we feel it’s a compelling value. Further
savings are available with discounts on multi-year terms.

You can order SSL certs for your domains under the “utilities” module
of your easyDNS Members’ Login at

For more information see:


Brief Members site maintenance tomorrow morning

We will be conducting a brief maintenance on the web server that hosts our members interface starting November 16th at 12:00am, ending at 12:15am. This maintenance will increase the capacity of the web server, resulting in a performance gain for the members interface.

During this period, the members interface will not be accessible, and dynamic DNS updates may be delayed up to 15 minutes.

Mail spooling time re-set to standard

Our mail spooling times have been rolled back from 10 days (in response to hurricane Katrina)
to our 5 day standard.