7 Network Working Group J. Klensin
8 Request for Comments: 3071 February 2001
9 Category: Informational
12 Reflections on the DNS, RFC 1591, and Categories of Domains
16 This memo provides information for the Internet community. It does
17 not specify an Internet standard of any kind. Distribution of this
22 Copyright (C) The Internet Society (2001). All Rights Reserved.
26 RFC 1591, "Domain Name System Structure and Delegation", laid out the
27 basic administrative design and principles for the allocation and
28 administration of domains, from the top level down. It was written
29 before the introduction of the world wide web (WWW) and rapid growth
30 of the Internet put significant market, social, and political
31 pressure on domain name allocations. In recent years, 1591 has been
32 cited by all sides in various debates, and attempts have been made by
33 various bodies to update it or adjust its provisions, sometimes under
34 pressures that have arguably produced policies that are less well
35 thought out than the original. Some of those efforts have begun from
36 misconceptions about the provisions of 1591 or the motivation for
37 those provisions. The current directions of the Internet Corporation
38 for Assigned Names and Numbers (ICANN) and other groups who now
39 determine the Domain Name System (DNS) policy directions appear to be
40 drifting away from the policies and philosophy of 1591. This
41 document is being published primarily for historical context and
42 comparative purposes, essentially to document some thoughts about how
43 1591 might have been interpreted and adjusted by the Internet
44 Assigned Numbers Authority (IANA) and ICANN to better reflect today's
45 world while retaining characteristics and policies that have proven
46 to be effective in supporting Internet growth and stability. An
47 earlier variation of this memo was submitted to ICANN as a comment on
48 its evolving Top-level Domain (TLD) policies.
58 Klensin Informational [Page 1]
60 RFC 3071 Reflections on the DNS and RFC 1591 February 2001
65 RFC 1591 [1] has been heavily discussed and referenced in the last
66 year or two, especially in discussions within ICANN and its
67 predecessors about the creation, delegation, and management of top-
68 level domains. In particular, the ICANN Domain Name Supporting
69 Organization (DNSO), and especially its ccTLD constituency, have been
70 the home of many discussions in which 1591 and interpretations of it
71 have been cited in support of a variety of sometimes-contradictory
72 positions. During that period, other discussions have gone on to try
73 to reconstruct the thinking that went into RFC 1591. Those in turn
74 have led me and others to muse on how that original thinking might
75 relate to some of the issues being raised. 1591 is, I believe, one
76 of Jon Postel's masterpieces, drawing together very different
77 philosophies (e.g., his traditional view that people are basically
78 reasonable and will do the right thing if told what it is with some
79 stronger mechanisms when that model is not successful) into a single
82 RFC 1591 was written in the context of the assumption that what it
83 described as generic TLDs would be bound to policies and categories
84 of registration (see the "This domain is intended..." text in
85 section 2) while ccTLDs were expected to be used primarily to support
86 users and uses within and for a country and its residents. The
87 notion that different domains would be run in different ways --albeit
88 within the broad contexts of "public service on behalf of the
89 Internet community" and "trustee... for the global Internet
90 community"-- was considered a design feature and a safeguard against
91 a variety of potential abuses. Obviously the world has changed in
92 many ways in the seven or eight years since 1591 was written. In
93 particular, the Internet has become more heavily used and, because
94 the design of the world wide web has put domain names in front of
95 users, top-level domain names and registrations in them have been
96 heavily in demand: not only has the number of hosts increased
97 dramatically during that time, but the ratio between registered
98 domain names and physical hosts has increased very significantly.
100 The issues 1591 attempted to address when it was written and those we
101 face today have not changed significantly in principle. But one
102 alternative to present trends would be to take a step back to refine
103 it into a model that can function effectively today. Therefore, it
104 may be useful to try to reconstruct 1591's principles and think about
105 their applicability today as a model that could continue to be
106 applied: not because it is historically significant, but because many
107 of its elements have proven to work reasonably well, even in
108 difficult situations. In particular, for many domains (some in
109 1591's "generic" list and others in its "country code" category) the
110 notion of "public service" --expected then to imply being carried out
114 Klensin Informational [Page 2]
116 RFC 3071 Reflections on the DNS and RFC 1591 February 2001
119 at no or minimal cost to the users, not merely on a non-profit
120 basis-- has yielded to profitability calculations. And, in most of
121 the rest, considerations of at least calculating and recovering costs
122 have crept in. While many of us feel some nostalgia for the old
123 system, it is clear that its days are waning if not gone: perhaps the
124 public service notions as understood when 1591 was written just don't
125 scale to rapid internet growth and very large numbers of
128 In particular, some ccTLDs have advertised for registrations outside
129 the designated countries (or other entities), while others have made
130 clear decisions to allow registrations by non-nationals. These
131 decisions and others have produced protests from many sides,
132 suggesting, in turn, that a recategorization is in order. For
133 example, we have heard concerns by governments and managers of
134 traditional, "public service", in-country, ccTLDs about excessive
135 ICANN interference and fears of being forced to conform to
136 internationally-set policies for dispute resolution when their
137 domestic ones are considered more appropriate. We have also heard
138 concerns from registrars and operators of externally-marketed ccTLDs
139 about unreasonable government interference and from gTLD registrars
140 and registries about unreasonable competition from aggressively
141 marketed ccTLDs. The appropriate distinction is no longer between
142 what RFC 1591 described as "generic" TLDs (but which were really
143 intended to be "purpose-specific", a term I will use again below) and
146 (i) true "generic" TLDs, in which any registration is acceptable
147 and, ordinarily, registrations from all sources are actively
148 promoted. This list currently includes (the formerly purpose-
149 specific) COM, NET, and ORG, and some ccTLDs. There have been
150 proposals from time to time for additional TLDs of this variety in
151 which, as with COM (and, more recently, NET and ORG) anyone
152 (generally subject only to name conflicts and national law) could
153 register who could pay the fees.
155 (ii) purpose-specific TLDs, in which registration is accepted only
156 from organizations or individuals meeting particular
157 qualifications, but where those qualifications are not tied to
158 national boundaries. This list currently includes INT, EDU, the
159 infrastructure domain ARPA, and, arguably, the specialized US
160 Government TLDs MIL and GOV. There have been proposals from time
161 to time for other international TLDs of this variety, e.g., for
162 medical entities such as physicians and hospitals and for museums.
163 ICANN has recently approved several TLDs of this type and
164 describes them as "sponsored" TLDs.
170 Klensin Informational [Page 3]
172 RFC 3071 Reflections on the DNS and RFC 1591 February 2001
175 (iii) Country domains, operated according to the original
176 underlying assumptions of 1591, i.e., registrants are largely
177 expected to be people or other entities within the country. While
178 external registrations might be accepted by some of these, the
179 country does not aggressively advertise for such registrations,
180 nor does anyone expect to derive significant fee revenue from
181 them. All current domains in this category are ccTLDs, but not
182 all ccTLDs are in this category.
184 These categories are clearly orthogonal to the association between
185 the use of the IS 3166-1 registered code list [2] and two-letter
186 "country" domain names. If that relationship is to be maintained
187 (and I believe it is desirable), the only inherent requirement is
188 that no two-letter TLDs be created except from that list (in order to
189 avoid future conflicts). ICANN should control the allocation and
190 delegation of TLDs using these, and other, criteria, but only
191 registered 3166-1 two letter codes should be used as two-letter TLDs.
193 2. Implications of the Categories
195 If we had adopted this type of three-way categorization and could
196 make it work, I believe it would have presented several opportunities
197 for ICANN and the community more generally to reduce controversies
198 and move forward. Of course, there will be cases where the
199 categorization of a particular domain and its operating style will
200 not be completely clear-cut (see section 3, below). But having ICANN
201 work out procedures for dealing with those (probably few) situations
202 appears preferable to strategies that would tend to propel ICANN into
203 areas that are beyond its competence or that might require
204 significant expansion of its mandate.
206 First, the internally-operated ccTLDs (category iii above) should not
207 be required to have much interaction with ICANN or vice versa. Once
208 a domain of this sort is established and delegated, and assuming that
209 the "admin contact in the country" rule is strictly observed, the
210 domain should be able to function effectively without ICANN
211 intervention or oversight. In particular, while a country might
212 choose to adopt the general ICANN policies about dispute resolution
213 or name management, issues that arise in these areas might equally
214 well be dealt with exclusively under applicable national laws. If a
215 domain chooses to use ICANN services that cost resources to provide,
216 it should contribute to ICANN's support, but, if it does not, ICANN
217 should not presume to charge it for other than a reasonable fraction
218 of the costs to ICANN of operating the root, root servers, and any
219 directory systems that are generally agreed upon to be necessary and
220 in which the domain participates.
226 Klensin Informational [Page 4]
228 RFC 3071 Reflections on the DNS and RFC 1591 February 2001
231 By contrast, ccTLDs operated as generic domains ought to be treated
232 as generic domains. ICANN dispute resolution and name management
233 policies and any special rules developed to protect the Internet
234 public in multiple registrar or registry situations should reasonably
237 3. Telling TLD types apart
239 If appropriate policies are adopted, ccTLDs operated as generic
240 domains (category (i) above) and those operated as country domains
241 (category (iii) above) ought to be able to be self-identified. There
242 are several criteria that could be applied to make this
243 determination. For example, either a domain is aggressively seeking
244 outside registrations or it is not and either the vast majority of
245 registrants in a domain are in-country or they are not. One could
246 also think of this as the issue of having some tangible level of
247 presence in the jurisdiction - e.g., is the administrative contact
248 subject, in practical terms, to the in-country laws, or are the
249 registration rules such that it is reasonably likely that a court in
250 the jurisdiction of the country associated with the domain can
251 exercise jurisdiction and enforce a judgment against the registrant.
253 One (fairly non-intrusive) rule ICANN might well impose on all top-
254 level domains is that they identify and publish the policies they
255 intend to use. E.g., registrants in a domain that will use the laws
256 of one particular country to resolve disputes should have a
257 reasonable opportunity to understand those policies prior to
258 registration and to make other arrangements (e.g., to register
259 elsewhere) if that mechanism for dispute resolution is not
260 acceptable. Giving IANA (as the root registrar) incorrect
261 information about the purpose and use of a domain should be subject
262 to challenge, and should be grounds for reviewing the appropriateness
263 of the domain delegation, just as not acting consistently and
264 equitably provides such grounds under the original provisions of RFC
267 In order to ensure the availability of accurate and up-to-date
268 registration information the criteria must be consistent, and
269 consistent with more traditional gTLDs, for all nominally country
270 code domains operating as generic TLDs.
272 4. The role of ICANN in country domains
274 ICANN (and IANA) should, as described above, have as little
275 involvement as possible in the direction of true country [code]
276 domains (i.e., category (iii)). There is no particular reason why
282 Klensin Informational [Page 5]
284 RFC 3071 Reflections on the DNS and RFC 1591 February 2001
287 these domains should be subject to ICANN regulation beyond the basic
288 principles of 1591 and associated arrangements needed to ensure
289 Internet interoperability and stability.
291 ICANN's avoiding such involvement strengthens it: the desirability of
292 avoiding collisions with national sovereignty, determinations about
293 government legitimacy, and the authority of someone purportedly
294 writing on behalf of a government, is as important today as it was
295 when 1591 was written. The alternatives take us quickly from
296 "administration" into "internet governance" or, in the case of
297 determining which claimant is the legitimate government of a country,
298 "international relations", and the reasons for not moving in that
299 particular direction are legion.
301 5. The role of governments
303 The history of IANA strategy in handling ccTLDs included three major
304 "things to avoid" considerations:
306 * Never get involved in determining which entities were countries
307 and which ones were not.
309 * Never get involved in determining who was, or was not, the
310 legitimate government of a country. And, more generally, avoid
311 deciding what entity --government, religion, commercial,
312 academic, etc.-- has what legitimacy or rights.
314 * If possible, never become involved in in-country disputes.
315 Instead, very strongly encourage internal parties to work
316 problems out among themselves. At most, adopt a role as
317 mediator and educator, rather than judge, unless abuses are very
318 clear and clearly will not be settled by any internal mechanism.
320 All three considerations were obviously intended to avoid IANA's
321 being dragged into a political morass in which it had (and, I
322 suggest, has) no competence to resolve the issues and could only get
323 bogged down. The first consideration was the most visible (and the
324 easiest) and was implemented by strict and careful adherence (see
325 below) to the ISO 3166 registered Country Code list. If an entity
326 had a code, it was eligible to be registered with a TLD (although
327 IANA was free to apply additional criteria-most of them stated in
328 1591). If it did not, there were no exceptions: the applicant's only
329 recourse was a discussion with the 3166 Registration Authority (now
330 Maintenance Agency, often known just as "3166/MA") or the UN
331 Statistical Office (now Statistics Bureau), not with IANA.
338 Klensin Informational [Page 6]
340 RFC 3071 Reflections on the DNS and RFC 1591 February 2001
343 There are actually five ccTLD exceptions to the strict rules. One,
344 "UK", is historical: it predates the adoption of ISO 3166 for this
345 purpose. The others --Ascension Island, Guernsey, Isle of Man, and
346 Jersey --are arguably, at least in retrospect, just mistakes.
347 Regardless of the historical reasons (about which there has been much
348 speculation), it is almost certainly the case that the right way to
349 handle mistakes of this sort is to acknowledge them and move on,
350 rather than trying to use them as precedents to justify more
353 This, obviously, is also the argument against use of the "reserved"
354 list (technically internal to the 3166 maintenance activity, and not
355 part of the Standard): since IANA (or ICANN) can ask that a name be
356 placed on that list, there is no rule of an absolute determination by
357 an external organization. Purported countries can come to ICANN,
358 insist on having delegations made and persuade ICANN to ask that the
359 names be reserved. Then, since the reserved name would exist, they
360 could insist that the domain be delegated. Worse, someone could use
361 another organization to request reservation of the name by 3166/MA;
362 once it was reserved, ICANN might be hard-pressed not to do the
363 delegation. Of course, ICANN could (and probably would be forced to)
364 adopt additional criteria other than appearance on the "reserved
365 list" in order to delegate such domains. But those criteria would
366 almost certainly be nearly equivalent to determining which applicants
367 were legitimate and stable enough to be considered a country, the
368 exact decision process that 1591 strove to avoid.
370 The other two considerations were more subtle and not always
371 successful: from time to time, both before and after the formal
372 policy shifted toward "governments could have their way", IANA
373 received letters from people purporting to be competent government
374 authorities asking for changes. Some of them turned out later to not
375 have that authority or appropriate qualifications. The assumption of
376 1591 itself was that, if the "administrative contact in country" rule
377 was strictly observed, as was the rule that delegation changes
378 requested by the administrative contact would be honored, then, if a
379 government _really_ wanted to assert itself, it could pressure the
380 administrative contact into requesting the changes it wanted, using
381 whatever would pass for due process in that country. And the ability
382 to apply that process and pressure would effectively determine who
383 was the government and who wasn't, and would do so far more
384 effectively than any IANA evaluation of, e.g., whether the letterhead
385 on a request looked authentic (and far more safely for ICANN than
386 asking the opinion of any particular other government or selection of
394 Klensin Informational [Page 7]
396 RFC 3071 Reflections on the DNS and RFC 1591 February 2001
399 Specific language in 1591 permitted IANA to adopt a "work it out
400 yourselves; if we have to decide, we will strive for a solution that
401 is not satisfactory to any party" stance. That approach was used
402 successfully, along with large doses of education, on many occasions
403 over the years, to avoid IANA's having to assume the role of judge
404 between conflicting parties.
406 Similar principles could be applied to the boundary between country-
407 code-based generic TLDs and country domains. Different countries,
408 under different circumstances, might prefer to operate the ccTLD
409 either as a national service or as a profit center where the
410 "customers" were largely external. Whatever decisions were made
411 historically, general Internet stability argues that changes should
412 not be made lightly. At the same time, if a government wishes to
413 make a change, the best mechanism for doing so is not to involve
414 ICANN in a potential determination of legitimacy (or even to have
415 ICANN's Government Advisory Committee (GAC) try to formally make that
416 decision for individual countries) but for the relevant government to
417 use its own procedures to persuade the administrative contact to
418 request the change and for IANA to promptly and efficiently carry out
419 requests made by administrative contacts.
421 6. Implications for the current ICANN DNSO structure.
423 The arguments by some of the ccTLD administrators that they are
424 different from the rest of the ICANN and DNSO structures are (in this
425 model) correct: they are different. The ccTLDs that are operating as
426 generic TLDs should be separated from the ccTLD constituency and
427 joined to the gTLD constituency. The country ccTLDs should be
428 separated from ICANN's immediate Supporting Organization structure,
429 and operate in a parallel and advisory capacity to ICANN, similar to
430 the arrangements used with the GAC. The DNSO and country TLDs should
431 not be required to interact with each other except on a mutually
432 voluntary basis and, if ICANN needs interaction or advice from some
433 of all of those TLDs, it would be more appropriate to get it in the
434 form of an advisory body like the GAC rather than as DNSO
439 [1] Postel, J., "Domain Name System Structure and Delegation", RFC
442 [2] ISO 3166. ISO 3166-1. Codes for the representation of names of
443 countries and their subdivisions - Part 1: Country codes (1997).
450 Klensin Informational [Page 8]
452 RFC 3071 Reflections on the DNS and RFC 1591 February 2001
455 8. Acknowledgements and disclaimer
457 These reflections have been prepared in my individual capacity and do
458 not necessarily reflect the views of my past or present employers.
459 Several people, including Randy Bush, Theresa Swinehart, Zita Wenzel,
460 Geoff Huston, Havard Eidnes, and several anonymous reviewers, made
461 suggestions or offered editorial comments about earlier versions of
462 this document. Cord Wischhoefer, of the ISO 3166/MA, was also kind
463 enough to look at the draft and supplied some useful details. Those
464 comments contributed significantly to whatever clarity the document
465 has, but the author bears responsibility for the selection of
466 comments which were ultimately incorporated and the way in which the
467 conclusions were presented.
469 9. Security Considerations
471 This memo addresses the context for a set of administrative decisions
472 and procedures, and does not raise or address security issues.
477 1770 Massachusetts Ave, Suite 322
478 Cambridge, MA 02140, USA
480 EMail: klensin@jck.com
506 Klensin Informational [Page 9]
508 RFC 3071 Reflections on the DNS and RFC 1591 February 2001
511 11. Full Copyright Statement
513 Copyright (C) The Internet Society 2001. All Rights Reserved.
515 This document and translations of it may be copied and furnished to
516 others provided that the above copyright notice and this paragraph
517 are included on all such copies. However, this document itself may
518 not be modified in any way, such as by removing the copyright notice
519 or references to the Internet Society or other Internet
520 organizations, except as required to translate it into languages
523 The limited permissions granted above are perpetual and will not be
524 revoked by the Internet Society or its successors or assigns.
526 This document and the information contained herein is provided on an
527 "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
528 TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
529 BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
530 HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
531 MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
535 Funding for the RFC Editor function is currently provided by the
562 Klensin Informational [Page 10]
projects / FreeBSD / releng / 7.2.git / blob