Day 0 Event #112 The Technical Community Safeguarding the Internet You Want

Summary

This discussion focused on explaining the fundamental structure and functioning of the Internet, particularly its addressing systems. The speakers described the Internet as a network of networks, comprising around 70,000 independently operated networks that provide global connectivity. They emphasized that this system relies on open standards and interoperability.

The discussion covered two key components of Internet addressing: IP addresses and domain names. IP addresses, managed by Regional Internet Registries (RIRs), are unique identifiers assigned to devices on the network. The speakers explained how RIRs allocate IP addresses hierarchically and highlighted their community-driven, bottom-up policy development process.

Domain names, coordinated by ICANN, were described as human-readable alternatives to IP addresses. The speakers detailed the Domain Name System (DNS) structure and resolution process, emphasizing its globally distributed nature. They stressed that no single entity controls or maintains the entire DNS infrastructure.

The discussion also touched on the challenges of maintaining security and accountability in this decentralized system. Speakers addressed issues such as tracing malicious activities and balancing privacy concerns with the need for transparency.

Throughout the presentation, the speakers emphasized the importance of multi-stakeholder governance in Internet infrastructure. They highlighted how technical communities, academia, civil society, governments, and the private sector all play roles in shaping Internet policies and standards.

In conclusion, the discussion provided a comprehensive overview of Internet addressing systems, their governance structures, and the challenges faced in maintaining a secure and accessible global network.

Keypoints

Major discussion points:

– The Internet is a network of networks (around 70,000) that provides global connectivity

– IP addresses and domain names are critical resources for the Internet to function

– Regional Internet Registries (RIRs) manage the allocation of IP addresses in different regions

– The Domain Name System (DNS) translates domain names to IP addresses

– Internet governance involves multiple stakeholders and bottom-up policy development

Overall purpose:

The goal of this discussion was to provide an overview of how the Internet functions at a technical level, explaining the roles of IP addresses, domain names, and the organizations that manage these critical resources. The speakers aimed to demystify Internet infrastructure and governance for the audience.

Tone:

The tone was primarily educational and informative. The speakers tried to explain complex technical concepts in an accessible way, often using analogies and visual aids. There was a collaborative atmosphere, with speakers building on each other’s points. Towards the end, the tone shifted slightly to address more challenging issues around accountability and security on the Internet.

Speakers

– Theresa Swinehart: Moderator

– Olaf Christoph: Expert on Internet infrastructure and protocols

– Ulka Athale: Works at RIPE NCC, one of the five regional Internet registries

– Fahd Batayneh: Works for ICANN, covers the Middle East

Additional speakers:

– AUDIENCE: Attendees asking questions

Internet Infrastructure and Governance: A Comprehensive Overview

This discussion provided an in-depth exploration of the fundamental structure and functioning of the Internet, with a particular focus on its addressing systems and governance mechanisms. The speakers, representing various organizations involved in Internet management, offered complementary perspectives on the complex ecosystem that enables global connectivity.

Structure and Functioning of the Internet

The discussion began with Olaf Christoph’s foundational explanation of the Internet as a “network of networks”. He emphasized that the Internet comprises approximately 70,000 independently operated networks that collectively provide global connectivity. This decentralized structure relies on open standards and interoperability to function effectively, with the Internet Engineering Task Force (IETF) playing a crucial role in developing these standards.

Two key components of Internet addressing were examined in detail: IP addresses and domain names. Ulka Athale, representing RIPE NCC (one of the five Regional Internet Registries), explained the critical role of IP addresses as unique identifiers assigned to devices on the network. She described how RIRs manage the allocation of IP addresses to large organizations like ISPs through a hierarchical system, emphasizing the community-driven, bottom-up policy development process that governs this allocation.

The discussion also covered technical aspects of IP addressing, including the use of private addresses and Network Address Translation (NAT) for IPv4. These techniques have helped extend the lifespan of IPv4 addresses despite the limited address space.

Fahd Batayneh, from ICANN, elaborated on domain names, describing them as human-readable alternatives to IP addresses. He detailed the structure and resolution process of the Domain Name System (DNS), highlighting its globally distributed nature. Using the example of www.example.com, Batayneh explained the step-by-step process of DNS resolution, from the root servers to the authoritative name servers for the specific domain.

Christoph reinforced this point, stressing that “There is not one domain name resolver. There is not one authoritative server. There is not one database that maintains all the information of the DNS. That is globally distributed.”

Governance of Internet Resources

A significant portion of the discussion focused on the governance structures that maintain the Internet’s critical resources. Athale explained that RIRs operate as not-for-profit organizations, funded by membership fees for services rather than selling IP addresses directly. This model underscores the service-oriented nature of Internet resource management.

Batayneh described ICANN’s role in coordinating domain names through a multi-stakeholder model. This approach involves various stakeholders, including technical communities, academia, civil society, governments, and the private sector, in shaping Internet policies and standards.

All speakers agreed on the importance of coordination to maintain interoperability and uniqueness in the Internet ecosystem. They emphasized that the Internet’s governance model is characterized by community-driven, bottom-up processes that ensure diverse stakeholder input.

Challenges in Internet Management

The discussion also addressed several challenges inherent in managing a globally distributed system. Theresa Swinehart, the moderator, raised the issue of balancing decentralization and security in domain registrations. This led to a broader conversation about accountability and traceability in the Internet ecosystem.

An audience member from the Bangladesh cyber team posed a question about tracing domain names using dynamic or shared IPs, particularly in cases of cyberbullying. This highlighted the complexities of maintaining security and addressing abuse in a system designed for openness and accessibility.

The speakers discussed various tools and methods for tracing domain names and addressing cyberbullying, including the use of WHOIS databases and cooperation with law enforcement agencies. However, they also noted the impact of GDPR on WHOIS data availability, which has made some investigative processes more challenging.

Christoph acknowledged the difficulty of establishing accountability on the Internet, describing it as “one of the more wicked issues”. He noted the challenge of identifying responsible parties and holding them accountable across different jurisdictions with varying privacy laws.

Future Considerations

The discussion highlighted several unresolved issues that warrant further consideration:

1. Effectively tracing and addressing cyberbullying through IP/domain information, especially with dynamic or shared IPs.

2. Balancing the decentralization of domain registrations with robust security measures to prevent abuses such as domain squatting.

3. Improving accountability and transparency in a globally distributed system with varying privacy laws across jurisdictions.

4. Adapting to the challenges posed by GDPR and similar regulations on data availability and investigative processes.

These challenges underscore the ongoing need for collaboration and innovation in Internet governance to ensure a secure, accessible, and accountable global network.

In conclusion, this discussion provided a comprehensive overview of Internet addressing systems, their governance structures, and the technical intricacies of IP addressing and DNS resolution. It highlighted the complex interplay between technical infrastructure, policy development, and global cooperation that underpins the modern Internet, while emphasizing the persistent challenges in maintaining a secure and accessible global network.

Theresa Swinehart: … … … … … … … … … Okay. Can everybody hear me okay? … … Okay. Can everybody hear me okay? No? Yes? … No? Maybe? … … … … … … … … … … … So, let’s give this a try. Is that working? Yes? Excellent. Very good. Okay. I can’t hear myself though. … … … … … … … … … … … … … … … … … … … … … … … … … … … … … … … … … … … … … … … … … … … … … … … … … …

Olaf Christoph: … … … … … … … … … … … … … … … … … … … … … … … … … … … … … … … … … … … … … … … … network of networks that gives you a perceived notion of global interconnectivity. So you could see this as my phone connects to, when I connect to that big cloud, I have all the services that live in that cloud. But how does that cloud work? How does that work? In fact, when I connect to a network, to the Internet, I connect to this room. You connect to a Wi-Fi network, you have to fill in your telephone number, and there you are. Suddenly, well, not completely. You are connected to the network that is maintained here at the ITF. And when you connect to the network, you get a unique address that works, that is unique on the whole of the Internet, so that you can communicate to any other thing that is connected to the Internet. And you will talk about how those addresses are connected. You can’t hear me? Okay, good. However, the network that we have here has handed you an IP address and will know how to connect to other networks that are near to it. And the networks that are near to it will connect to other networks. And so we have 70,000 networks that independently operate to give us global connectivity. And the magic of all of that is open standards. The magic that makes that work are open standards and interoperability. Those standards and interoperability are created by a number of standards or organizations, of which one is the ITF. Ah, beautiful. I can take a sketch and start sketching. So, normally we would conceive the Internet as one big cloud to which I, as a user, with a thing. It is the headsets. Okay. Day zero, people, day zero. Oh, yeah, yeah, okay. So, normally you would conceive as connecting to the Internet through, you know, it’s a big cloud to which other people are connected. For instance, WhatsApp or Facebook. But internally, there is a number of networks, and there are 70,000 of them, that all are interconnected and give you the perception of a global connectivity. Now, all these networks make their own business choices. The network here has chosen to connect you through Wi-Fi and has a captive portal. But they connect probably to a network that provides a connectivity to the rest of the Internet, provides what we call as transit. They might be connecting to, for instance, a network that provides transatlantic fibers. So, all these networks make their own decisions about how to connect. And what they ship are very tiny envelopes of information called datagrams or packets. Basically, when you connect to the Internet and you use a service, your device, at the end, splits up whatever you use in tiny little datagrams or packets. And those are shipped over the Internet. Just like you would have a book, you tear up the pages, you put them in envelopes, and hand them over to the postal system. And the Saudi postal system would hand it over to the next postal system that transfers it over the ocean, that gives it to the postal office in, say, the U.S., and there the book gets delivered page by page. The standards by which that is done are globally agreed upon. How you tear up the book and put it in envelopes, that’s a global standard. And all these networks make their own business decisions, as I already said. Together, they provide us the image of global connectivity. And there are many users of that global network. Facebook is an application that uses that global network. WhatsApp is an application that uses the global network. The World Wide Web itself is an application that uses that network. There are a few functions that you need in order to interoperate here, and that’s what my colleagues will talk about. You need every device that is connected to this Internet to have a unique address. Just as in the postal system, if you want to deliver an envelope to somebody, a piece of mail to somebody, you need to have a unique address of that person. The Internet works the same. There are organizations that provide you unique addresses, and they will be talked about. But we don’t think in addresses, we think in names. So we also need a sort of a name system, a naming system, that provides us that connectivity. And I think you will talk about the naming system. So this gives you, I hope, in sufficient time, a little bit of context. The Internet is built out of a network of networks that provides you global connectivity, in addition to a number of global services that you need to hook that up. And once you’ve got that running, you can provide the things that we interact as humans with. Facebook, WhatsApp, Signal, Amazon, your local government website, all those types of things. And with that, I’m going to hand back the mic.

Theresa Swinehart: Thank you. Thank you so much. And also, I’m so glad that the visual worked. And everybody, thank you for your patience as we’re doing the run through this. I’m now going to turn it over to Ulke, who’s going to talk about the processes connecting to this network of the Internet and the role of the Internet protocol addresses and other resources. So with that, we’ll turn it over to Ulke.

Ulka Athale: Hi. Good afternoon, everyone. My name is Ulke Ahte, and I work at the RIPE NCC, one of the five regional Internet registries. I’m just waiting to get my slides up on the board, please. Well, I can start talking a little bit about what I’m going to explain in my presentation. I luckily have my slides here, but you’ll see them in a minute. Day zero, people, as we’re hearing. So as Olaf mentioned, the Internet is a foundational network of networks. And from the regional Internet registry or technical community perspective, the Internet is something that’s distinct from the World Wide Web. In our daily experience as users, as, you know, if you can’t get a message on WhatsApp, you say the Internet is down, but it could just be WhatsApp that’s not working or you can’t connect to your website. And again, it’s not the Internet that’s down, but your access to a part of it. So… Can you hear me? Great. Then it’s just my headset that’s dropping out. So as you can see in what will be my first slide, the Internet and the Web are two different things. And from the RIR perspective, the Web is one of many different applications that runs on this foundational network of networks, one of the 70,000. So let me explain. Now that we’re a bit clear on what we mean by Internet and we don’t mean the Web, because you’re going to keep hearing this with regional Internet registries, RIRs, Internet Number Resources, let me explain what it is we do as a regional Internet registry. If you’ve decided you want to be a part of these 70,000 network of networks and you decide that now you want to get yourself onto this big global thing called the Internet, how would you go about it? Your first port of call would be to contact your local regional Internet registry. And RIR manages the allocation, administration, and registration of Internet Number Resources in a particular part of the world. So which RIR you go to would depend on where in the world you’re based. It’s five regional Internet registries, one for each continent. So there’s ARIN if you were in North America, and parts of the Caribbean, LACNIC for Latin America, and the other part of the Caribbean, RIPE NCC, that’s us, for Europe, Middle East, and parts of Central Asia, AFRINIC, the African continent, and APNIC for South Asia and Asia Pacific. So how did the RR system come into being? So many of you might already know that in the 1980s, the Internet was essentially a project from the U.S. Department of Defense, and it was chiefly universities and physics departments from these universities who were collaborating on this thing called Internet Protocol Networking. The web hadn’t been invented yet, there were no PCs yet, people didn’t know where this was going. So it was just chiefly universities trying to figure out what this IP thing could be. The U.S. Department of Defense handed over the management of this to, well, one of the universities saying, well, it’s chiefly universities working on it, you guys look after this yourself, please stop bothering us about this. And so it was someone who in the RR world is very, very famous, a man called John Postel. And if anyone talks to you about John Postel, they will talk to you about John Postel’s notebook. And I would love to know if anyone in the room has actually seen this famous notebook. This notebook is famous because when John Postel was approached by universities and other groups asking for IP addresses, this new IP thing, he would write down, ah, lovely, we have slides. So here you see the map of the five RIRs, and that’s us, RIPE NCC, Saudi Arabia is also part of our service region. And here we are, John, with John Postel. So John, I don’t hear myself anymore, it could be my headset, but if you hear me, perfect. So John handed out IP addresses, and he would write down in his notebook who he gave the IP addresses to. This was in the 1980s, I would say. But then this IP networking thing just kept getting bigger and bigger and bigger, and at some point, it was too much. So he stopped using just one notebook, and he formalized it in the form of the Internet Assigned Numbers Authority, IANA, which still exists today. And gradually, the RIR system came into being. RIPE NCC was the first RIR, which was set up in 1992, and then they spun off the management of domain names, away from the management of IP addresses, and Fahd will be talking about that. So what is it that RIRs actually do? We manage the distribution of Internet number resources, and by that, we mean IP addresses and autonomous system numbers. We maintain the registry of directory services, including WHOIS, the routing registries, and we provide reverse DNS, but that’s not all the RIRs do. We support Internet infrastructure through technical coordination, and this is super important, right? Think five continents, 70,000 networks, all of which need to keep talking to each other, otherwise the system starts to fall apart. We also provide some security features, like public key infrastructure, and above all, when we work, we work with the support of our local communities. Local means, well, a continent, in our terminology. So we have community-driven processes for policy development, and community management is a very important role, and also training and capacity building in the areas in which we work. Here we go. Let me give it a second. Could I have the next slide, please? Well, we have it up on this slide anyway. Is this going to work? Yeah. Okay. I’m just going to keep going and not hold us up. I was just going to give you a quick overview of an IPv4 and an IPv6 address. Great. We have the next slide. Could I have the next one as well, please? There we go. So when we talk about Internet number resources in the RIR world, we’re chiefly referring to IP addresses. There are two kinds, IPv4, IPv6, or an autonomous system number. So when Olaf was drawing his circles that are connecting to one another, that is usually referring to an autonomous system, which contains IP addresses or prefixes within it. So these are the Internet number resources that an RIR registers. So where would you get, how are these resources registered? So IP addresses are registered hierarchically. And by that, we mean that IANA manages all the IPv4 space and a part of the IPv6 space and IANA hands over a block of IPv4 or IPv6 addresses to a regional Internet registry. And on my slide, you see RIPE NCC being used as an example. RIPE NCC then further allocates these IP addresses to what we, in our terminology, call a local Internet registry. But that would be any company to run its own independent Internet network. A telecom provider, an Internet service provider, a media provider, a content network. So these are our members. And then your Internet service provider finally allocates your IP address to you as the end user. So we don’t do that directly. We give the addresses to an Internet service provider, also governments, also universities. I think Fahd will be going into this a bit more and Olaf mentioned this. I just wanted to refer to this that IP addresses and domain names interact with one another but they’re not the same thing. So here you just see a screenshot of the RIPE NCC website. So what you see, www.ripe.net, that’s the website. And if you go to our website and just click on the search button, you will see your IP address. The unique address that your device is connecting to our website with. And in my case, you can see that it was an IPv6 address that I connected to the website with when I made this screenshot. But this is actually what I would like to focus on a little bit in this talk. That all the RIRs are not-for-profit membership-based organizations. We are all independent bodies. That is, we are not governmental entities. We are all membership-based organizations. So the way the RIRs work is anyone that wants to run an independent internet network, that wants to get resources from us, signs up, becomes a member, signs a contract with us, and then we give them the IP addresses. We are all not-for-profits. So we are funded by our membership fees. And the fees are for services, so you’re not buying IP addresses or ASMs from us. You are getting services from us and you get the right to use the IP addresses. And finally, we are community-driven. Our governing boards are elected by our members. And as organizations, we are all committed to being open and transparent. And each RIR operates in accordance with three factors. The community policies. So each RIR’s communities, that is the technical stakeholders involved, our members, the people running these networks, the actual internet service providers, the people using the IP address, they set the policies, we implement the policies. And this is something very important. We are all established in whichever jurisdiction we’re established in, the national legal framework applies to the RIR. And finally, we fulfill a specific function in the global internet governance system. There are different bodies, like the IETF that Olaf referenced, the ICANN, which manages domain names, and then the RIRs that manage IP addresses. And our approach to governance is multi-stakeholder. The RIRs have been doing this right from their inception, so starting from 1992, so multi-stakeholderism is not new. It is written into the definition of how the RIRs operate. And our stakeholders are the technical community, academia, academia were actually the founders of the internet in a sense, civil society and internet users, this is who we do this for, governments and national organizations, keep in mind governments also run their own networks, governments are also members of the RIRs, and the private sector, of course. Each RIR has its own version of this policy development process, but there are some common elements. Anyone can participate in developing policies at RIRs, including you. The policies are set in a bottom-up manner, the communities propose and approve the policies, and finally, all our decisions and policies are documented and published. Discussions on policies take place on public mailing lists. So if there is a particular topic that’s of interest to you, you can go to our RIR websites and see what’s under discussion. And policies are developed through a consensus-based process. And I’m just going to wrap up, I know we’re running behind here. So if you want to participate, I’ve given a couple of examples from RIPE NCC, you’re thinking, okay, this looks interesting, how would I even get started? I might not have a technical background. We have an online academy, this is free, you just need to make an account. We publish a lot of research and articles on our website, on labs.ripe.net. And if you have any questions, we have a booth, we’ll be there all week, and you can find your local internet registry. Thank you.

Olaf Christoph: I have a small two-finger. The notebooks of John Postel. John Postel was a modern guy. He used to maintain his stuff in computer files. So there are no physical notebooks. I think it’s metaphorical.

Ulka Athale: I thought that was an actual notebook. I’ve heard so much about John Postel’s notebooks. I’ve been misinformed.

Theresa Swinehart: Yes, I’ve had the same visual of just some books that were there, so absolutely. Okay. Thank you so much. You’ve really highlighted an important aspect also to this conversation, that the inclusive nature, which we call multi-stakeholder, is inherent to the IETF. It’s inherent to the RIR community and the governance around that. And I think that’s an important aspect on how one operationalizes things in a reality and make it function. With that, I’m going to turn it over to my colleague, Bhad, to talk about the domain name system, the other element of this addressing system. And Bhad, over to you.

Fahd Batayneh: Thank you, Theresa. And good afternoon, everyone. I hope I’m audible. So my name is Fahad Bataine. I am from the region. I’m from Jordan. I work for ICANN. I cover the Middle East. I’ll be presenting today about the domain name system. But just maybe I need my slides.

Olaf Christoph: In the meantime, you might have noticed the word governance and so on and so forth. But the reason why we do this is to maintain interoperability. We need coordination on IP addresses so that they are unique. And that coordination is done in a bottom-up fashion by the stakeholders that coordinate to make this network run. The standards development is done bottom-up by the stakeholders who need this to get stuff working. And I think that what Bhad will say is that we need coordination to make sure that those nest names that he will be talking about are unique. Sorry for filling up the time with some additional.

Fahd Batayneh: Thank you, Olaf. So my slides are up now. So ICANN stands for the Internet Corporation for Assigned Names and Numbers. Can you hear me? We play a coordination role. So we don’t regulate. We don’t run the Internet. Of course, there is no one organization that runs the Internet. We play a coordination role. We coordinate with many active players in the domain name industry, whether technical or non-technical. Sorry, so my presentation involves a lot of visuals, really. Can you hear me? Okay. It’s working. Thank you. So ICANN plays a coordination role. We are into the coordination of mostly domain names. Of course, my colleague Olga spoke about coordination in the numbering world. Olof spoke about protocol development at the IETF and others. So there are technical organizations, and ICANN is considered one of the technical organizations that are into the Internet governance ecosystem. But then also the Internet is not just technical. There are many other non-technical players who are responsible for different elements of the Internet. ICANN has a very unique model of governance that consists of three key entities or components. So at the heart of the ICANN ecosystem is the ICANN community. The ICANN community is a group of volunteers from across the world, thousands of volunteers, who are really keen and eager to drive policy development of the Internet Unique Identifier Systems forward. We also have the ICANN board of directors, and inside this room we have a number of esteemed board members whom you can talk to. And then, of course, there is ICANN the organization. We are a little bit over 400 staff members working on different elements of ICANN’s work. Our multi-stakeholder model is bottom-up in a sense that when policies are developed, it’s really the community who puts these policies. And once they are final and approved, they are executed and implemented. It’s very different to the top-down approach where a policy is developed and then it’s enforced on its citizens. Now, what’s the role of domain names? Why do we use domain names? So domain names really… So an IP address is always behind a domain name. And, of course, if I ask anybody in the room, do you know what’s the IP address of your website? I’m sure very few of us, if maybe none of us, knows what’s the IP address of any website, whether google.com or intgovforum.org or whatever. And that’s why we use domain names. So domain names are easier for us to remember. We can remember names. It’s even tougher for us to remember numbers. And the good thing is that behind one name, you can have several IP addresses, whether IPv4 or IPv6, and I’m not going to get into those details. This is how a fully qualified domain name looks like. So we start at the top, which is the dot. So this is called the root server system. This is where all DNS translation starts. And I’ll be explaining in a while really quickly, using cartoons, how the domain name system actually functions. Now, below the dot is a top-level domain, com, net, sa, you name it. Of course, there are thousands of top-level domains, whether generic or country codes. And under a top-level domain that we select, we can register a domain name under it, according to the policy of that top-level domain. And of course, once we have the domain name, we can register as many subdomains as we wish. Of course, there has been an expansion to the top-level domain namespace. So today you can find top-level domains of more than three characters. You can find top-level domains in local languages. So here in Saudi Arabia, they have dot as Saudi and Arabic. Of course, you can find top-level domains in Cyrillic, Chinese, Japanese, you name it. And now I’m really getting a little bit technical, but I’ll try to keep it extremely easy to understand. So these are the different components of the domain name system. And maybe I’ll take a pause here and inform everybody in the room that there is a difference between a domain name and the domain name system. So the domain name system is really the technical part of things, whereas we as human beings, we register a domain name. So google.com or maybe igf2024.sa. So these are domain names. Now, the different components of the domain name system include authoritative name servers. And they have the authority to provide answers. We have the recursive resolvers. And I’ll explain in a while what recursive resolvers are all about. We have caching resolvers. So like in any other system or any other IT system, the DNS also has this caching facility. So rather than going through an entire process, you might find an answer to a domain name within the cache. And then we have the stub resolver or the client resolver. And this is actually the starting point of any domain name inquiry. So I’ll show a really quick demonstration in a very easy manner on really how a domain name resolution starts. So if you look at the bottom left, we have a stub resolver. So every device has a stub resolver. Your laptop has a stub resolver. Your phone has a stub resolver. You fire up a web browser and you type in a URL, example.com, www.example.com. Now, what happens is that the stub resolver would send this query to the nearest recursive resolver. So probably your ISP has a recursive resolver in-house, or maybe they have it through one of the other providers. But your stub resolver would send your query to the nearest recursive resolver, which is maybe for your ISP. And it asks the question, what’s the IP address of www.example.com? Now, the stub resolver would say, well, I don’t know, and I don’t have it in my cache. So let me go and ask the root server system. And so it goes and says to the root server system, what’s the IP address of www.example.com? The answer comes back where it says, I don’t know. But here is the name server of the .com server. So the recursive resolver sends the same question to the .com server, which is named here c.gtldservers.net. And it says, what’s the IP address of www.example.com? Now, the .com server says, I don’t know. But here is the name server of example.com. And by the way, there is a difference in this example between example.com and www.example.com, just to be clear here. Now, the query goes again. So the recursive resolver sends the same question to the example.com server, to the name server. And it says, what’s the IP address of www.example.com? And actually, ns1.example.com has the answer. So it sends back the IP address to the recursive resolver. And the recursive resolver sends it back to the stub resolver. And we actually have the IP address of www.example.com. So as you can see, the recursive resolver is at the center of this entire domain name query thing. Now, of course, if you have a cache, the stub resolver would send the question to the recursive resolver. The recursive resolver would find it inside the cache. And then the cache just sends back the answer. So that was really quickly how the DNS functions from a governance. standpoint and from a technical standpoint. Thank you. Back to you, Christophe.

Olaf Christoph: If I may, what is important in this context is that you saw three servers on the screen, but in reality, the domain name system has millions of servers providing this service of translating names into numbers. That is not the thing that is maintained in one place. No, it is globally distributed. One of the things about the internet, that 70,000 networks and the services that make the internet connect, they are global and distributed. I think that is an important takeaway. There is not one domain name resolver. There is not one authoritative server. There is not one database that maintains all the information of the DNS. That is globally distributed. I think that is an important takeaway. Globally distributed and locally maintained.

Theresa Swinehart: issue is not whether the system is working, the addressing system. It is actually about whether you have access to that system itself where the challenges are. I think it is a great observation. I am cognizant of time. We have about another 10 minutes. I realize that we had some glitches to start with. But first, I think maybe I turn it over to the floor or to the virtual participants to see if we have any questions. Otherwise, I have some questions for the panelists. Any questions?

AUDIENCE: I would like to ask one question about the IPs. You say each one should be a unique IP address. How is it managed when we are using our private network? How does the translation be made?

Olaf Christoph: Yes. The easy answer is every computer has one address and it is unique. But there are nuances to that. What we usually see is that, for instance, in your house, when you have a house network, you are using so-called private addresses, which are unique within your house, but not unique within the system. Your neighbor might be using the same addresses. Those addresses are, within your router, translated to the IP address of your router. And your IP address of the router in your house, the thing that is on your access network, that does the translation to a unique global address. That is a hack. That is a hack to make IPv4 work with the amount of devices that we have on earth. With IPv6, that is strictly not necessary. With IPv6, the story is that you all have unique addresses, no matter whether you are in a house or outside a house. It is basically all connected. There are many nuances to that, but on the first level, that is the case.

Ulka Athale: Okay. Did you want to add anything to that? No. Thank you, Olaf. I think that is a pretty clear explanation. I was going to say that most Internet service providers give their customers private addresses, as Olaf mentioned, but with your Internet service provider, they connect you to the big network of networks. That is when the unique address is used. Thank you.

Theresa Swinehart: Any other questions? I understand there’s none in the remote participants, but any other questions from the floor at all? Yes, sir.

AUDIENCE: We are from cyber team from Bangladesh. We have a phone number, which is 13 to 19 of teenagers, and it’s a handshake domain. We are now working for cyber bullying to protect from Bangladesh, and now we are working for global. I have a question, which is actually how can we protect from cyber bullying? I have a question, which is actually how can we trace in the domain, in case if they are using a dynamic IP or something, how can we solve the issues where we are tracing any kind of victims or something? Somehow, we are seeing that IP, V6, that are not actually properly traced, if they are sharing the IP.

Olaf Christoph: I think that’s a question for the person maintaining IP address, who is systems.

Fahd Batayneh: Thanks for your question. That’s a very important question, and actually within ICANN, there is a lot of work within the ICANN community and the contracted parties to combat and really mitigate and even reduce DNS abuse and misuse, which we call DNS security. Now, to your specific questions, there are several tools out there that can actually help get more information on any domain name. There is, for example, the Whois. The Whois can give you some data about the domain name itself. Of course, before GDPR, you could get much more data. Now, after GDPR, it’s much more limited, but then there is still a mechanism where you can actually ask the registrar for that information, and it’s a longer discussion, really. Now, the other part about knowing about the technical aspects of a domain name, you can always look at the zone file of a domain name. So if you do a simple NS lookup, it gives you more information about the domain name. So there are many times in the time to live and start of authority and when was the last time a domain name was updated and so on and so forth. Sometimes by analyzing that data, you can get some sense of what the domain name is. Now, there are also reputation block lists that actually solicit bad domain names, of course, in addition to many other things. So those are good places also where you can maybe obtain some information about a domain name. Talking to your local law enforcement agency can help you. Of course, when it comes to the domain name aspect, you can always talk to ICANN, and we can maybe get you in touch with one of our experts who can maybe help you or even point you on what you can do, actually. Yeah, that’s a question that we do get, particularly when there is, when people want to find who the holder of a particular IP address is. As I mentioned in my presentation, as the registry, we maintain a database of all the IP addresses that we allocate. But in the diagram that I showed, that we allocate IP addresses usually to big organizations like an internet service provider. So when there is a case of abuse within the RIPE database or the registry, we have a contact called an abuse contact. So every network operator that has IP addresses from us is supposed to maintain an up-to-date email address on which you can contact them when there is abuse originating from a particular IP address. In our databases, our visibility stops at the organization that we give the IP addresses to. So if you’re on a particular Wi-Fi network, a big company, imagine a big telecom company and that’s who your internet service provider is. When you query the database, when you query the IP address in our database, you will see that RIPE NCC, or if you’re in Bangladesh it’s more likely to be APNIC, gave those IP addresses to X company. And you will be able to see the abuse contact information of that company. And that is who you would need to get in touch with. Because if you contact one of the RIRs, we’ll say, we know these IP addresses are being held by this telecom company or that internet service provider, but we don’t know who every single customer is. That would be pretty much every person on earth whose records we need to maintain. So that’s not what we have visibility in this.

Olaf Christoph: I feel your pain. You are operating, getting accountability and transparency in a globally distributed world where there are different laws pertaining to privacy, where there are requirements or even approaches to responding to requests of organizations that you don’t know. And I think it’s fair to say that this is one of the more wicked issues in the internet. How do you find who is responsible for something in the internet and people accountable?

Theresa Swinehart: Thank you. We have one question from a virtual remote participant, which I’ll read out. In the context of maintaining a secure and accessible internet, what are the current challenges ICANN faces in balancing the decentralization of domain registrations with the need for robust security measures, particularly in addressing abuse such as domain squatting? Thank you. Thank you.

Agreement Points

Internet is a globally distributed network of networks

speakers

Olaf Christoph

Ulka Athale

Fahd Batayneh

arguments

Internet is a network of networks providing global connectivity

Regional Internet Registries (RIRs) manage allocation of IP addresses

Domain Name System translates domain names to IP addresses

summary

All speakers agree that the Internet is a complex, globally distributed system composed of interconnected networks, managed by various organizations like RIRs and ICANN.

Internet governance involves multi-stakeholder, bottom-up processes

speakers

Ulka Athale

Fahd Batayneh

arguments

RIRs use community-driven, bottom-up policy development processes

ICANN coordinates domain names through multi-stakeholder model

summary

Both speakers emphasize the importance of community-driven, bottom-up processes in Internet governance, whether for IP address allocation or domain name management.

Similar Viewpoints

Both speakers highlight the importance of coordination among stakeholders to maintain the Internet’s functionality, emphasizing bottom-up processes.

speakers

Olaf Christoph

Ulka Athale

arguments

Coordination is needed to maintain interoperability and uniqueness

RIRs use community-driven, bottom-up policy development processes

Unexpected Consensus

Challenges in maintaining accountability in a globally distributed system

speakers

Olaf Christoph

Ulka Athale

Fahd Batayneh

arguments

Maintaining accountability in a globally distributed system

Tracing and addressing cyberbullying through IP/domain information

Balancing decentralization and security in domain registrations

explanation

All speakers, despite their different areas of expertise, acknowledge the complexities and challenges in maintaining accountability and security in the globally distributed Internet system.

Overall Assessment

Summary

The speakers generally agree on the distributed nature of the Internet, the importance of multi-stakeholder governance, and the challenges in maintaining security and accountability in such a system.

Consensus level

High level of consensus on the fundamental structure and governance of the Internet, with shared recognition of common challenges. This implies a unified understanding of the Internet’s core principles among technical experts, which could facilitate collaborative problem-solving in addressing global Internet issues.

Different Viewpoints

No significant disagreements identified

speakers

arguments

summary

The speakers largely presented complementary information about different aspects of Internet infrastructure and governance without notable disagreements.

Unexpected Differences

Overall Assessment

summary

No significant areas of disagreement were identified among the speakers.

difference_level

The level of disagreement among the speakers was minimal to non-existent. The speakers presented complementary information about different aspects of Internet infrastructure and governance, focusing on their respective areas of expertise. This lack of disagreement suggests a cohesive understanding of the Internet’s technical foundations and governance structures among the presenters, which could contribute to a more unified approach to addressing Internet-related challenges and policy development.

Partial Agreements

Similar Viewpoints

Both speakers highlight the importance of coordination among stakeholders to maintain the Internet’s functionality, emphasizing bottom-up processes.

speakers

Olaf Christoph

Ulka Athale

arguments

Coordination is needed to maintain interoperability and uniqueness

RIRs use community-driven, bottom-up policy development processes

Key Takeaways

The Internet is a globally distributed network of networks that provides connectivity through open standards and interoperability

Regional Internet Registries (RIRs) manage the allocation of IP addresses using community-driven, bottom-up policy processes

The Domain Name System (DNS) translates domain names to IP addresses and is also globally distributed

Internet governance involves multiple stakeholders and uses bottom-up policy development approaches

Maintaining accountability and addressing abuse in a globally distributed system remains a challenge

Resolutions and Action Items

None identified

Unresolved Issues

How to effectively trace and address cyberbullying through IP/domain information

Balancing decentralization of domain registrations with robust security measures

Improving accountability and transparency in a globally distributed system with varying privacy laws

Suggested Compromises

None identified

The Internet is built out of a network of networks that provides you global connectivity, in addition to a number of global services that you need to hook that up.

speaker

Olaf Christoph

reason

This comment provides a foundational understanding of how the Internet functions as an interconnected system rather than a single entity.

impact

It set the stage for the rest of the discussion by establishing a shared understanding of the Internet’s structure. Subsequent speakers built on this concept to explain their specific areas of expertise.

We are all not-for-profits. So we are funded by our membership fees. And the fees are for services, so you’re not buying IP addresses or ASMs from us. You are getting services from us and you get the right to use the IP addresses.

speaker

Ulka Athale

reason

This insight challenges common misconceptions about how IP addresses are distributed and highlights the service-oriented nature of RIRs.

impact

It shifted the conversation towards the governance and operational aspects of Internet infrastructure, leading to discussions about community-driven processes and multi-stakeholder models.

There is not one domain name resolver. There is not one authoritative server. There is not one database that maintains all the information of the DNS. That is globally distributed.

speaker

Olaf Christoph

reason

This comment emphasizes the decentralized nature of the DNS, which is a crucial aspect of Internet resilience and global accessibility.

impact

It deepened the technical discussion and highlighted the importance of distributed systems in Internet architecture, leading to questions about security and traceability.

I think it’s fair to say that this is one of the more wicked issues in the internet. How do you find who is responsible for something in the internet and people accountable?

speaker

Olaf Christoph

reason

This comment acknowledges the complex challenges in Internet governance, particularly regarding accountability and traceability.

impact

It brought the discussion to a higher level, addressing the real-world implications of the technical systems discussed earlier, and opened up considerations of legal and ethical issues in Internet governance.

Overall Assessment

These key comments shaped the discussion by progressively building a comprehensive picture of Internet infrastructure, from its basic network structure to the complexities of its governance. The conversation evolved from technical explanations to broader considerations of accountability and global coordination. The speakers effectively linked their specialized knowledge to overarching themes, providing a multi-faceted view of Internet operations and challenges.

How can we trace domain names using dynamic IPs or shared IPs, particularly in cases of cyberbullying?

speaker

Audience member from Bangladesh cyber team

explanation

This is important for addressing cyberbullying and tracing victims in cases where traditional IP tracing methods may be ineffective.

How can we balance the decentralization of domain registrations with the need for robust security measures, particularly in addressing abuse such as domain squatting?

speaker

Virtual remote participant

explanation

This is crucial for maintaining a secure and accessible internet while addressing potential abuses in the domain name system.

How can we improve accountability and transparency in identifying responsible parties for internet-related issues across different jurisdictions with varying privacy laws?

speaker

Olaf Christoph

explanation

This is a complex challenge in the globally distributed internet ecosystem, affecting how abuse and accountability are handled across borders.