A new proposed solution to internet restrictions could, by bypassing DNS entirely, overcome internet restrictions and censorship, and even overcome a total internet shutdown.
There is a big problem in the world of the internet today. This problem is that the organizations regulating and subsequently controlling the internet are a monopoly. In order to solve this serious problem, there are two potential solutions: to break up ICANN, or bypass DNS.
The first solution, which will probably not ever happen, is to somehow break up ICANN, as Brad Templeton, former Chairman of the Board of the Electronic Frontier Foundation (EFF), suggested. However, as Brad himself admits, he does not expect that ICANN getting broken up into subagencies, each with less power, will ever happen.
It seems that there are many intelligent ideas out there that will never come to fruition because the government simply has no desire to implement things effectively unless it has an immediate and significant short-term motivation to do so, despite whether or not the long-term benefits or ramifications could be dramatically greater.
The Only Effective Solution To Bypass DNS
The second and probably only solution that could ever actually be implemented is one that I am going to propose here. I spend a lot of time thinking about the problems of the world and potential solutions. Often I see that the only real solution to overcoming the inherent problems resulting from regulatory overreach is to bypass these regulatory systems altogether.
One of these serious problems is regarding control of the internet DNS (Domain Name System). As the internet continues to become an integral part of not only the global economy but also even every individual’s personal lives directly impacting people’s Hierarchy of Needs, internet freedom and prevention of governmental control and regulation of the internet becomes an ever-more prevalent issue.
To understand what the problem with the internet is, first you need to understand how the internet DNS works. Another article by Brad Templeton entitled, “How DNS Works” very well describes this issue. One also must understand how the internet works, which you can read in my post on “The Future of Consumer Internet Connectivity and Demise of Oligopoly ISP Giants“.
Here is a diagram I created showing how our current internet DNS system works. I included what happens when a user uses Tor or a VPN. As you see, no matter what, it is all filtered through ICANN root DNS servers.
Once understanding the fundamentals of how DNS and the internet works, one can then begin to formulate potential solutions to bypassing overreach of the monopoly governmental agencies such as ICANN, and corporations such as the major ISPs, which control the internet. My previous post demonstrates how to bypass the ISPs, and this post will demonstrate how to bypass ICANN and other DNS regulatory agencies.
Bypassing DNS Will Result In More Freedom, Not Less
It must be stated that shallow-thinking people or people with a secret agenda will try to claim that bypassing ICANN and the fundamental DNS system will somehow limit freedom of the internet. On some level, this may have some truth, but fundamentally and in practice, this could not be farther from the truth.
Let me address this issue first. The argument against bypassing a universal (monopoly) DNS system is that it could enable countries and individuals to ironically have the freedom to limit freedom of internet access. For example, the government of China might decide to limit websites on its own DNS from being accessed by anyone from any other country, such as was thought occurred in this false news story which was later refuted in which it was reported (falsely) that China had created new TLDs (such as .cn) in order to bypass universal DNS.
China did not do that, but doing so is part of the real solution. However, first we need to address the overarchingly erroneous assertion that bypassing universal (monopoly) DNS could somehow prevent internet freedom. To understand why this isn’t true in the big picture, first you need to understand the implications of such a strategy. While it is true that an independent country could prevent access to their closed DNS, this is more preferable to the alternative which is the universal DNS we have now.
Why? Here is the truth. Our current universal (monopoly) DNS system puts the entire internet – the entire world internet – into the hands of just a few people. There is a serious problem with this. Sure, it can, in a perfect world, prevent countries from limiting access to their internet. However, they themselves, when becoming corrupt as is inevitable in any monopoly, have the power to do the same, but not just for one country but for the entire world. This is colloquially referred to as “flipping the switch”, “pulling the plug on the internet”, or global internet shutdown.
With our current universal DNS system, if the powers that be who control the internet decided they wanted to turn off the internet, they can. They can and they do have the complete and total power to do so. That any agency has the ability to actually do this if they wanted, is highly disturbing. This is a serious, critical problem and one that is a constant threat to internet freedom and freedom of information. Moreover, the government is already leveraging this power to shut down websites, track down individuals, and limit access to the internet.
Conversely, a DNS system that is not universal, which bypasses the universal (monopoly) DNS system for accessing the internet which is currently in place, will take away some of this totalitarian power over the global internet. If we can begin to “decentralize” control of the internet by bypassing the existing systems, this spells freedom for the global internet which will endure even a total shutdown of the world’s internet.
ICANN’s Power Is Growing At An Alarming Rate
Put simply, in our existing system, the entire internet can be shut down at any time, with no recourse. Additionally, it can and is already being censored and limited, albeit slowly, but certainly surely. Regulations on the internet are growing, and people are losing freedom.
ICANN passed a law requiring more strict checking of domain owners in 2014. In 2015 they tried (but thankfully failed) to eliminate domain privacy (so that anyone and their mother can force a registrar to give up the personal contact details of a domain owner). Worse, on December 1 2016, ICANN passed a new law which enables them to require registrars to verify the home addresses and even the driver’s license of domain owners, or ICANN can and will shut down websites at the DNS level.
Websites shut down at the ICANN DNS level isn’t even done by the registrar. ICANN now has the power to independently, without any checks and balances, shut down websites at will. This is very dangerous and a terrifying prospect. Whoever controls ICANN can shut down any website on the internet, and they are already doing that for “unverified” domain registrants.
This means that ICANN has secretly and covertly gained new powers in internet control, and subsequently governments have gained new secret powers in tracking down individuals and further removing personal privacy. Through this new policy, now governments will be able to track down website owners very easily. If a website like wikileaks for example wanted to hide, it can’t any longer. Not only can ICANN shut it down permanently at the DNS level, but they can require personal verification of the domain owners in order to track them down (and arrest them, if they want), in order to make the website live again.
Worse, in doing some research I have discovered that just recently ICANN is no longer government controlled but rather has become privatized. This could explain these new ICANN policy changes.
Freedom of Information Is In Grave Danger
Our internet freedom is at grave risk. Independent journalists will no longer be able to host anonymous websites. Yes, they can hide it with domain privacy, but this doesn’t prevent a malicious government, like Raul Castro, the totalitarian dictator of Cuba, from accessing these personal details. Governments can also use this new ICANN policy to legally shut down websites by forcing independent journalists to verify their personal details including public name and address. If it is unlisted, then there is now no way to verify without a driver’s license. A government can deem a driver’s license invalid and thereby indefinitely terminate a website at the root DNS level though ICANN due to having “unverified contact information”.
The only solution to this serious and critical internet crisis is to bypass ICANN and the entire internet DNS system. While as described in my other post, the ISPs can be bypassed by a fully decentralized wireless long-range internet system which I dubbed “GUD-WI” (Global Ultra Long-Range Decentralized Wireless Internet), this doesn’t solve the problem at the root level, the DNS level.
In other words, even on Global Ultra Long-Range Decentralized Wireless Internet, if you typed in the URL for wikileaks or some other private journalist website, and it was banned by ICANN at the DNS level, then you still couldn’t access the website through the internet. Even though you bypassed the ISPs, you did not bypass the DNS. Therefore I propose a solution to bypassing DNS to use in conjunction with GUD-WI.
The problem is rooted in how DNS works. If you read the post linked to earlier on “How DNS Works”, you learned about how domain names translate to IPs. User software such as web browsers translate domain names into IP addresses based on a root level registry controlled by ICANN and related agencies. Therefore, in order to bypass this, you need to bypass this entire root DNS system.
Check out this infographic on the death of internet freedom around the world:
How To Bypass The Internet DNS System
In order to bypass this entire system, what you need are two primary elements. First, you need a decentralized yet highly secure system of “parallel DNS propagation”. Such a system doesn’t exist; the idea probably has never been considered, so don’t bother looking it up. I just coined that. Let’s call it, “PDNS”, short for Parallel Domain Name System.
PDNS basically uses a new system for DNS which no longer relies on one single source for DNS propagation. In practice, what this means is two things. First, ICANN will no longer be able to control any but the primary DNS system. PDNS is unlikely to entirely replace traditional DNS, since the primary ICANN DNS root servers will still be used by all the major government and corporate conglomerates. Therefore, most people will still continue to access the primary ICANN-controlled root DNS system.
The difference is that with PDNS, it will open up a new system which allows for a non-controlled DNS that cannot be controlled, tracked, or regulated by ICANN. There could be a virtually limitless stream of PDNS subservers in which a whole new system of domain names could be reused an unlimited number of times. This is the second element – domains will no longer be restricted to one user only. Still, only one person can own a primary DNS on the official ICANN root servers; but anyone and an unlimited number of people can own any domain on any other independent PDNS server.
PDNS Enables Unlimited Unrestricted Domain Names
What is amazing with the system I am proposing, is that no longer would any domain names be restricted to one individual party. For example, if you wanted to own “microsoft.com”, you could. Of course, there are some implications with this, because hackers could pose as a website, but that is beside the point. For example, no one “accidentally” visits the deep web. You need to intentionally go there. People wanting to go there use Tor.
However, Tor is not PDNS. Tor utilizes a complicated system of bouncing servers around the world, but ultimately it still relies on ICANN’s root DNS system. Granted, the deep web is similar to PDNS in that you can visit .onion URLs not accessible from the regular web because they do not go through ICANN. However, this is not PDNS. PDNS is different.
Through PDNS, DNS can become decentralized and there will no longer be any restrictions to domain registration. You won’t have to pay for domains anymore. If you wanted, you could make your entire personal internet that only you control. It also won’t affect the primary internet controlled by ICANN, so if you went to microsoft.com in a traditional web browser, it still goes to the official website for Microsoft. However, if you accessed your private root PDNS server, microsoft.com could go to whatever IP you wanted. This wouldn’t affect anyone except the people directly accessing your private PDNS root.
As you can see, Tor does not bypass DNS, it only obfuscates (confuses) the path to you. Tor is not the solution.
Software To Implement PDNS
There is another element to address, however. As I touched on earlier, the web browser, that is, the software, is what translates your domain request into an IP address. The solution to this is simple. Just like Tor utilizes a separate web browser which alone is able to resolve a .onion address, likewise a new web browser or other DNS software will need to be created and developed in order to determine which PDNS root you want to fetch from.
For example, say you open up your Google Chrome browser and type in “microsoft.com”. What Chrome does is send a request to the ICANN DNS registry and queries the ICANN root servers to find out what IP that ICANN says microsoft.com is supposed to go to. So, while in your Chrome browser you see “microsoft.com” in your URL bar, behind the scenes Chrome is displaying a webpage from the server at the IP that ICANN told the browser the microsoft.com website is located.
The second part of the software element is the web server. Currently, web servers have certain software which query the public DNS. Any DNS servers that are set up, whether it is Google’s public DNS or another DNS, all still query the public universal (monopoly) ICANN root DNS registry to resolve the domain names into an IP address. New server software needs to be developed to query the desired new PDNS decentralized server root DNS system to allow users to fetch the IP from the server not listed in official ICANN root DNS servers.
PDNS Decentralized Global Servers
The final element is that for maximum security and protection of the internet, web servers cannot be hosted in mainstream server farms which are plugged directly into the ISP hardwire network. They can be, sure, and it will work, until they are discovered. So the most secure way is to utilize independent servers decentralized around the world to host the websites, which are plugged into only the GUD-WI system and not the traditional T1 hardwire to the internet hubs. With GUD-WI, anyone with a hard drive of any size (even just a microSD card) and GUD-WI hardware can not only host a website, but can host an entirely new internet stream that is virtually untraceable and completely private and secure.
There is also a solution needed for the user-level software element. People need to know what to type. Currentl, for users to access a website, they simply type in a website like “microsoft.com” and that is it. There are a few ways to solve this issue. One simple solution is to have a new prefix, such as “hub95” or just “h95”. It could be anything, such as “h23”, “j78” etc.
For example, “h95.microsoft.com” would go to the PDNS system named “hub95”. However, this is an unnecessary step and could be confusing to web browser which could confuse it with a subdomain. A different separator could be used, such as a #, but this is not necessary. Instead, there should be a field selector where you can type in your PDNS root DNS hub which you want to use. For example, go to the field selector and type “h95” and once selected all your URLs you type go to the new root DNS hub of your choice. See the graphic below that I created to illustration this:
Here is how I envision the URL bar of a PDNS-compatible web browser.
PDNS Prefixes
Ironically, this could create a new monopoly on root hubs, but this can be mitigated by creating open-source PDNS-supported web browsers so that no one entity has complete control over it, so that no one could for example ban the whole “h95” root DNS hub. Also, like our current domain name system, PDNS is also limited by a first-come-first-serve domain basis, although this can be mitigated by restricting the length of PDNS prefixes (i.e. no more than 5 characters) and denying dictionary words.
If you think this additional step (PDNS prefixes / root names) wouldn’t work, consider QR codes. People thought no one would use them, but people do. Many people even put them on their business cards alongside their website URL. You could even do something simliar, so instead of specifying the “h95” or random string for your root hub, you could just post a QR code or similar. This is also an alternative solution to the named root hub (i.e. “h95”), because you could just have something like a QR code instead of a text string to specify your root hub.
There is a problem with this, however, because it would be impossible for a human to know which root hub they are visiting; but it is an idea. However, it is more likely that the text string will be the most effective method. There could also be a mix of the two, like a QR code could be scanned and it would populate the DNS prefix text string.
People already use QR codes. Specifying a DNS root isn’t much of a stretch.
Marketing PDNS Servers
The only real challenge after implementing PDNS and GUD-WI is marketing. People just need to know where to look. For example, you could advertise on your business card, first listing your website, such as “tech.com” which could never have been normally acquired by an individual under the current DNS system. Second, your PDNS root hub, i.e. “h95” will be specified so people know which one to go to.
People will need to advertise their PDNS. However, the PDNS at heart will have a fundamental continuity, so anyone with the standard PDNS software can access another PDNS root once they know the name of it (i.e. “h95”). What is likely to occur is that one or a couple PDNS roots will become popular and widely used. Meanwhile, the remaining millions of Parallel DNS system roots will go largely unused, much like there are some websites on the internet today which few people have ever visited.
With GUD-WI, PDNS Will Solve The Problems With Internet Access And Domain Privacy
With this new decentralized PDNS – that is, “Parallel DNS” system, the internet will truly be free for the world. When paired along with GUD-WI, PDNS will allow the world to have an internet no longer controlled by any regulatory agencies. There will no longer be restrictions on buying particular domain names, and no government will be able to track down and find independent journalists which are hosted on PDNS – at least, not through ICANN anyway (there are still other ways to track you down). But PDNS will prevent any government from shutting down the internet in its entirety, especially when paired with GUD-WI to bypass Internet Service Providers (ISPs).
The great thing about PDNS is that it does not destroy the existing internet system, but neither does it piggyback off it. ICANN-controlled primary root DNS will still work. People who are already used to using the internet a certain way don’t need to change anything. However, informed users such as the millions of people today who use Tor, will now have another element to access the internet – as well as a recourse for internet privacy as the world governments continue to limit and threaten access. Moreover, PDNS is a recourse in the event of a global internet shutdown.
PDNS internet will not be affected in any way by ICANN bans or internet shutdowns. And when paired with GUD-WI, the only way to shut down the internet would be to basically set off an EMP over the entire world. If that happened, we would have a lot more to worry about than the internet, so effectively PDNS is the solution to bypass internet restrictions, censorship, bans, privacy violations, and shutdowns.
Here is a diagram I created to demonstrate How PDNS Works. Contrast this to my earlier graphic on how the current DNS system works.
What do you think about PDNS? Let us know in the comments below.
https://github.com/dlorch/dnsserver
Nice job! I’m glad someone created something based off this idea. This is a good start. Let’s get some more people to expand this to be usable for the world.
I’m actually going to try to build this.
Questions I have:
How do I make the software element in the server?
How do I make the web browser?
Are there any open-source browsers I could legally edit the code of to support “PDNS” and distribute?
Is there any code already for a “PDNS” web server?
I am hoping to have a “PDNS” site and I would like to know this.
Thanks.
Chromium is a free and open-source web browsing framework on which Chrome is based, and you are free to use it and edit as you please, it’s fully open-source. Many devs currently use Chromium as the foundation for their privacy browsers; even Yandex, the popular Russian competitor to Google, uses Chromium for their browser. Yes, if you know how to code, you can create the PDNS element. As for how, you would need to have a development background to learn how.
PDNS does not exist yet. I invented the concept, so before this article, no such thing existed before. In order to have a successful PDNS website, there would already have to be a popular web browser which utilizes the technology; and as of this writing, no such technology exists, since I’m the inventor of it and at the same time I have not created any software to support the idea.
At this time, it’s open to the open-source community to develop PDNS as I do not have any active plans to create it, although I would at some point years in the future if it is not created yet, but don’t hold your breath. Someone will need to take up this project.
I think it would be much better if it was designed using a non-value tokenized blockchain smart contract technology to deal with localization and to segregate parts of the block by scaling which nodes hold what parts of the chain (redundancy should be built in and scaled as users join the network)… a flag to show the acquisition of that domain… that way you can do away with the prefix… there are a few ideas to play around with, your idea is on the right track though, well done!
Great idea. In fact as I was reviewing this post that I made years ago, I was thinking the same thing. Then I saw your comment.
The big problem with having any centralized source is problems with the one who owns it, not to mention hacking. Putting the PDNS DNS databases on the blockchain solves this both for decentralization, as well as security.
Using smart contracts helps facilitate this. This solves the security problem of how do we ensure that PDNS of P95 for example is the same on anyone’s web browser which supports PDNS.
Let’s keep up with the ideas, I believe the only way to have freedom on the open internet is to have total decentralization of DNS. The open source community can help facilitate this new and open internet. PDNS solves that, and putting it on the blockchain solves the security and decentralization aspects.
There are problems to a totally free internet, yes. Bad actors (nefarious parties) may host unwanted things on the open internet. However, this already happens. And the solution isn’t to restrict the internet for the Earth, it’s to find the bad actors and take them down.
Historically, restricting freedom of speech and freedom of access to information never helped prevent bad actors from spreading their terror. For example, it never stopped ISIS, who now rules Afghanistan. They won, despite all the money laundering laws and other restrictions. Nothing worked, and they won. Meanwhile, the rest of the world is still oppressed by those same laws that didn’t stop drug traffickers or other bad actors.
Freedom of the internet will provide a greater freedom for humanity. By taking the power out of the hands of the few, the world will be a better place in the end.