May/June issue of acmqueue

The May/June issue of acmqueue is out now


  Download PDF version of this article PDF

Arrogance in Business Planning

Technology business plans that assume no competition (ever)

Paul Vixie, Internet Systems Consortium

In the Internet addressing and naming market there's a lot of competition, margins are thin, and the premiums on good planning and good execution are nowhere higher. To survive, investors and entrepreneurs have to be bold. Some entrepreneurs, however, go beyond "bold" and enter the territory of "arrogant" by making the wild assumption that they will have no competitors if they create a new and profitable niche. So it is with those who would unilaterally supplant or redraw the existing Internet resource governance or allocation systems. Because alternative DNS (Domain Name System) roots provide such a well-proved and well-understood example of this kind of arrogance, this article begins with a short slog through that swamp before discussing the more current and topical matter of alternative numbering Whois.

Alternative DNS Roots

The DNS root is the dictionary of top-level domain names such as .COM or .US. It is managed cooperatively and transparently by a community that includes the IAB (Internet Activities Board), which designates and recognizes the IANA (Internet Assigned Number Authority); the U.S. DoC (Department of Commerce), which contracts for IANA services; and ICANN (Internet Corporation for Assigned Names and Numbers), which operates the IANA functions under that contract. The IANA functions contract includes among other things the job of editing the DNS root zone to add new top-level domain names such as .XXX. Each of these entities (IAB, U.S. DoC, ICANN) is itself a multistakeholder body that engages with the community to gather input to the decisions it makes about DNS. This governance model is imperfect, but it has worked for a long time and continues to evolve.

Technically speaking, every Internet device using DNS to look things up assumes that there is a universal name space with a root zone to describe the top-level domain names, and there are some well-known root name servers to publish this root zone. To be universal in this context means that every name has a specific identity and will always mean the same thing no matter where you are on the Internet when you look that name up. The IETF (Internet Engineering Task Force) periodically revises the DNS protocol to add new capabilities, but this is always done in a backward-compatible way because of the installed base of hundreds of millions of connected devices. So while we could discuss a possible future in which new devices are connected to the Internet having a broader or somehow multiplicitous view of the DNS name space, as of today the only reliable way to treat this name space is as universal.

Given the high visibility and economic value of a new top-level domain name, DNS has been under considerable pressure to add more such names ever since the Internet climbed down from its academic ivory tower and became a world-changing dominating commercial and social apparatus. Prior work in this area includes adding a handful of new top-level names (.INFO, .MUSEUM, .BIZ, .XXX, and so on), and current work involves throwing the doors open to hundreds or thousands of new top-level domains (.APPLE or .MICROSOFT could soon exist). In addition to that, several bold (or dare I say, "arrogant") entrepreneurs have tried to enter the market unilaterally.

Here is how this kind of unilateralism goes: first you create your own root zone, usually by copying the IANA root zone at some point in time; and then you try to get ISPs (Internet service providers) to use your root name servers instead of the IANA root name servers. If you succeed at this, then you try to sell name registrations in your alternative name space, where your new names will be visible only to the ISPs you have convinced to subscribe to your system. No such alternative root zone has really taken off, since this value proposition is pretty shaky—there is no way to manage the risk of conflict between an alternative name and some future real name in the IANA system. There is also no good way to align the interests of the people publishing the alternative names with the interests of some population who might want to look up such names.

What's arrogant here isn't the willingness to charge ahead in spite of the shaky value proposition; it's the assumption that there will be only one alternative DNS name space, even if it is a financial success. Does anyone really think that other investors and entrepreneurs would not follow almost immediately, that other teams looking for their next opportunity would say, "Well, one is enough," or even, "Being a late entrant into that market will be too difficult"? I cannot think of a single supporting example; success breeds copycats, in all times and all places.

It's a marvel why the investors in today's alternative DNS systems didn't ask about copycatting. This is a pretty standard investment question. A bunch of copycats who pull various ISPs into competing alternative DNS systems could all sell the same names to different DNS operators, and there would be no way for customers to tell the difference. Being first would count for nothing.

This spotlights a good test for whether some technology is a candidate for Internet governance infrastructure: does it have to be done cooperatively, or do the physics allow for competition?

Alternative Numbering Whois

So far I've discussed the governance and economics of domain names, but there is another kind of Internet resource that has some superficial similarities to DNS: Internet numbering resources. Every network and every connected Internet device needs a number. This article focuses on IPv4 (Internet Protocol version 4) addresses, which are usually written as four numbers separated by three dots (e.g., or Some of these numbers are private and can be used only for local communication—for example, the address is used by almost every cable or DSL router in every home in the world. Hosts connected to private networks rely on their routers to translate their private addresses into public addresses, a process known as NAT (network address translation). For the purpose of this article the discussion is limited to public IPv4 addresses that are globally unique and used without NAT.

Before the commercialization and privatization of the Internet in the 1990s, the U. S. government assigned blocks of IP addresses without fee or contract. This befits the original purpose of the Internet, which was to be an interconnection mechanism for the government and its contractors. When commercialization and privatization began, the IP address-allocation function was moved out of government hands and into an RIR (regional Internet registry) system, which now consists of five registries serving the regions of North America and the Caribbean, Africa, Europe, Asia/Pacific, and Latin America. Each RIR is a nonprofit association serving a community of network operators including both service providers and end users. Allocation policy is set in each region by a public policy development process, and resource allocations are governed by agreements that clearly describe the allocation as being based on "demonstrated need" for network growth. These agreements also declare that number resources are not property.

Legacy numbering allocations made in the decades before the RIR system was put in place were very large because of the technical limitations of the time. The effect of this today is that about half of all allocated numbers are of the legacy type even though most allocations are of the RIR type. Now that the Internet is running short of new IPv4 numbers for network growth, many network operators are looking for ways to acquire the rights to as many IPv4 numbers as possible so they can continue to grow their networks while the Internet converts from IPv4 to IPv6. This makes the older and larger legacy numbers very attractive, since the allocations were larger and are often held by older companies and universities whose needs may be modest by current standards. The holders of legacy numbers have no contractually explicit rights concerning those numbers unless they have sought safe harbor by entering into an RIR contract, but as a practical matter anyone who is using legacy addresses received in the pre-RIR era can safely continue to do so.

The RIR system permits designated transfers between address holders. The goal of the RIR transfer regime is to bring more IPv4 addresses into active use to facilitate network growth during the IPv6 transition. Any network operator who can demonstrate near-term operational need for number resources and who can negotiate a transfer with the current holder of those resources can simply sign an RIR contract and receive rights to the resources. Because this transfer regime was developed through a public policy development process, which is therefore bottom up rather than top down in nature, these rules are literally what the community of network operators asked for—such rules cannot be imposed by any government. Some interested parties, however, may not be able to demonstrate an immediate operational need and thus will not qualify as number-resource recipients. One class of such parties is the network operator who desires a long-term forward reserve. Another class is speculators who will never have need for the numbering resources in their own names but who would like to hold the resources for later monetization (for example, rental or trading in futures).

It's necessary to digest all of this background information to understand that not all interested parties are qualified recipients by the current transfer policies and not all transferable resources are under an explicit contract. The oft-stated concern is that these resources will be traded outside the system and that the RIR records (called Whois) will become useless. Since network operators use the RIR records every day to manage and diagnose their networks, these records should be complete and accurate. One proposal often heard in this context is that RIRs should not regulate transfers in any way and should simply record any transfer brought to them by a cooperating seller and buyer. A supporting argument for this proposal is that Whois can be run by anybody and if the RIRs won't run an accurate Whois system (which is to say, a permissive system accepting the results of any and all transfers without limitation), then somebody else will do so. This argument breeds arrogance.

A strong advantage of the RIR Whois system in the eyes of network operators is that it is universal. There is only one entry for any given netblock and, therefore, effectively only one Whois system even though each RIR independently runs its part of that system. Let's assume for the purposes of argument, however, that an alternative Whois system is created and enough network operators trust it that this alternative system becomes operationally relevant and that a non-RIR resource transfer regime becomes practical. Does anybody really believe that there would be only one alternative Whois system—no copycatting? Or as in the case of alternative DNS described earlier, would not the number of potential alternative Whois systems be limited only by available capital?

It would be technically possible to maintain a list of all alternative Whois systems and to query them all in parallel whenever network operations require knowing the details about a block of IP addresses. Inevitably, however, the same network would appear to be registered to different operators in different Whois systems since freedom from transfer limitations is the stated reason for the very existence of the alternative systems. While anybody can start a new Whois system at any time, the operational usefulness and therefore the relevance of a Whois system depends on coherence and cooperation—two properties that an alternative Whois system and the alternative transfer market it supports would not have.

In Conclusion

Any proposal for a competing Whois registry model is as doomed by design and destiny as every alternative DNS system. Even if it succeeds at first, it would fail after copycatting occurred. Participants in RIR public policy development would do well to remember this when evaluating dire warnings of RIR Whois irrelevancy because of an RIR transfer regime having a requirement of near-term demonstrated operational need. Speculators who want to monetize future need and network operators who want a forward reserve might still find ways to act outside the system, but resources will have to come into the system when their ultimate recipients qualify to receive the resources due to then-immediate operational need. The RIR system has no power to govern such private actions, but it need not and should not cede authority over the transfer policy and Whois registry—because that's in the physics.


PAUL VIXIE is president of ISC (Internet Systems Consortium), a nonprofit company that operates the DNS F root name server and publishes the BIND software used by 80 percent of the Internet for DNS publication. He is also chairman of ARIN (American Registry for Internet Numbers), a nonprofit company that allocates Internet number resources in the North America and Caribbean region. Previously, Vixie was a founder and president of PAIX, the first neutral commercial Internet exchange; senior vice president/CTO of AboveNet; and founder of the first anti-spam company (MAPS LLC) in 1996.

© 2011 ACM 1542-7730/11/0700 $10.00


Originally published in Queue vol. 9, no. 7
see this item in the ACM Digital Library



Theo Schlossnagle - Time, but Faster
A computing adventure about time through the looking glass

Neal Cardwell, Yuchung Cheng, C. Stephen Gunn, Soheil Hassas Yeganeh, Van Jacobson - BBR: Congestion-Based Congestion Control
Measuring bottleneck bandwidth and round-trip propagation time

Josh Bailey, Stephen Stuart - Faucet: Deploying SDN in the Enterprise
Using OpenFlow and DevOps for rapid development

Amin Vahdat, David Clark, Jennifer Rexford - A Purpose-built Global Network: Google's Move to SDN
A discussion with Amin Vahdat, David Clark, and Jennifer Rexford


(newest first)

Doug Mauer | Thu, 23 Feb 2012 23:49:17 UTC

The scariest thing about all of this is how small the number of people who are aware of these standards and the ramifications of changes in policy must be that Paul feels the need to express and educate on these issues?

McTim | Tue, 30 Aug 2011 05:51:07 UTC

@Chris Jacobi,

I think you are conflating routing and DNS. Routers don't cache DNS information, (some) DNS server do that.

The bottom line is that many people want to monetise the DNS, so that's why we have new gTLDs.

Paul Vixie | Mon, 29 Aug 2011 23:59:37 UTC

ARS Technica has today published an article that refers back here. My reply in the comments thread is as follows:

I think you've misunderstood ARIN's position. ARIN has a designated transfer policy which allows for private trading in IPv4 number resources. Potential sellers and buyers (and even brokers) can register with ARIN to use our listing service, or they can meet up by way of e-Bay. When it's time to consummate a transaction and register the resources under the buyer's name, ARIN has a process for that. We did this to ensure that IPv4 number resources would be maximally utilized and so that the Whois records would remain accurate -- because this is what the ARIN community decided via the public policy process. Some have criticized ARIN's transfer policy because it requires that the buyer demonstrate a short term need for the number resources they are receiving, but the ARIN community chose to prevent its transfer policy being used for hoarding and speculation so those complains might be coming from potential hoarders and speculators.

Of greater interest to me is the question: "and then what?" That is, let's imagine that ARIN's transfer policy becomes widely used and all IPv4 number resources reach what the economists call their "highest and best use". Would we simply stop growing the internet at that point? Or would the value of these number resources continue to increase, with people who can renumber into NAT clouds gradually and forever doing that in order to free up address space for those whose network growth is not compatible with NAT? To me that's an unattractive future because we'll all be spending out time and energy learning how to traverse multilayer NAT. So to me the need for a global transition to IPv6 remains inevitable no matter what happens in the IPv4 number resources market. IPv4 is just too small no matter how efficiently the world learns to use it. Perhaps some investors (and perhaps some speculators) would be well served by lengthening the lifetime of IPv4 by a few more years, but the bigger the IPv4 network gets the harder it will be to pull it through the knothole of the IPv6 transition.

In summary, ARIN has a transfer policy and ARIN stands ready to record the results of private party transactions in IPv4 numbering resources. But the real game in the long run is deploying IPv6, not adding a few years of life or a lot of layers of NAT to the IPv4 network.

Tom Vest | Thu, 11 Aug 2011 18:14:41 UTC

Following up on the comments by Dashworlds and Karl S., in some cases the utility of "competition," "copycatting," etc. -- as well as the possibility of constructive, pro-adaptive "evolution, innovation, and improvement" is bounded by the intrinsic nature of the service domain in question. To illustrate, Karl's watch example suggests a "value proposition" in which the utility of investing in a timepiece varies inversely with the "authority" of the device. The primary motivation for having such a device is to facilitate coordination with other individuals who also recognize and accept the same basic time measure and use that metric as a framework for scheduling and, when necessary, coordinating their own distributed, independent activities. This suggests that the individual and/or collective "value equation" for a coordination standard takes the form:

value = utility of coordination / number of competing reference standards, or [v = c/n]

By implication, an individual who owns two timepieces that give consistently divergent views of the time would be less capable of coordinating their own actions with others, and this would reduce the utility of not only that individual's investment in timepiece(s), but also the value of the overall time-based coordination regime for every other timepiece user who ever benefited or might benefit -- in the past, present or future -- from more effective coordination with the two-timepiece owner.

The main thrust of Paul's argument is that *if* an aspiring new reference standard provider believes that they would profit by offering an alternative view of an established coordination reference standard -- even though that would shift the denominator in the standard's value equation from one to two -- then the aspiring new entrant should also anticipate the near certainty that additional new entrants will also arrive at the same conclusion, and also seek to become competing providers for the same reference standard. Thus, because the overall authority and value of the standard itself varies inversely with the number of divergent, directly competing alternatives, the critical question for the first new entrant is *not* "what share of this particular 'reference standard market' can I expect to capture given [v = c/(n=2)]?" but rather, "what do I stand to gain given [v=c/(n=3,4,5,6...)]?."

Of course, aspiring new entrants and "standards competition" advocates should also recall that previous experience (c.f., the IRRs after RADB) suggests that once n > 1 or 2, the standard's overall utility -- both as a coordination mechanism for the universe of "standards consumers," and as a revenue generator for the much smaller number of competing "standards providers" -- falls steeply if asymptotically toward zero.

Dashworlds | Fri, 22 Jul 2011 11:34:17 UTC

From such a well respected author, the proposition that certain competition should be classed as arrogance comes as a surprise to say the least.

The world is no longer a Pangaea; it fragmented some time ago (when I was a lot younger). The one stop shop Pangaea has become a group of competing countries with various agenda, all contactable using the same telephone numbers, but of course via different country codes.

The DNS will follow the same path. Competition is to be expected, yet the aim is not always to smash the opponent. Sometimes its there to add intrinsic value (whether or not the other side chooses to see it that way). With the DNS for example, as well as Dotcoms, there are now Dashcoms.

Yes, success breeds copycats. It has also been known to breed evolution, innovation and improvement.

Karl Siegemund | Fri, 22 Jul 2011 00:03:02 UTC

Basicly the argument boils down to: A man with a watch always knows the time. A man with two watches never can be sure.

Chris Jacobi | Thu, 21 Jul 2011 21:34:20 UTC

I really agree. I could not understand why on earth we keep adding top-level domains.

Saying what you say in simpler words: The current domain-name structure is hierarchical. Having arbitrary top level domains makes that structure flat.

Social The small benefit of the big "microsofts" of this world is payed by every ISP with routing overhead. Also, the mental picture of a small number of top level domains (orthogonal to company names) will be lost, subjecting everyone to some confusion.

Technical Caching: Every router might have to cache every domain... How are changes propagated?

Security Can no more be "delegated" to top level domains (including country names); chaos will happen. Forgive me for just blowing the same horn, but I agree with you. Chris

Leave this field empty

Post a Comment:

© 2017 ACM, Inc. All Rights Reserved.