Evan

Posted on Nov 19, 2018

DNS and an Evolving Political Crisis: a Saga of the .cat Domain

#career #webdev #learning #devops

In 2017, the Spanish government shut down several websites with the top level domain .cat. 🔥🐱🔥

To understand why, let’s learn about DNS, how the internet works, and the political crisis in Spain.

The Internet was created so UCLA grad students could hit up their Stanford pals

Every discussion of DNS starts at the beginning, because the more you learn about DNS, the more it feels like it was just never meant to get this big.

In the late 1960s, ARPA, a branch of the US government founded to screw the soviets out of a Civ 5 Science Victory, fixed a problem.

ARPA had put some of their ~~large and costly monstrosities~~ early computers far away from the places they were needed.

California was a big place.

The first packets sent across the wire were from UCLA to the Stanford Research Institute. Within a couple years, the ✨ARPAnet✨ would not only connect multiple places across the world, but be interoperable with several other independently created internets.

They just dumped it all into one file

When ARPAnet was only a few hundred computers hooked together, mapping names to a computer was done via a HOSTS.TXT.

If you’re on a Mac or Linux computer you have a remnant of that HOSTS.TXT at /etc/hosts, which is what lets you type localhost into your browser instead of 127.0.0.1.

If you wanted to add a new name to ARPAnet, you emailed Stanford Research Institute (SRI) your changes and it would be compiled into the HOSTS.TXT.

The file was retrievable by anyone on the net and each host maintained their own copy.

As we started to push beyond a few hundred hosts, things got difficult. Someone could easily overwrite an existing host; there was no guaranteed unique name.

So if our hosts file looked like this:

3.0.0.1  nuclearpoweranddishwashers 
12.0.0.1 ringadingding
... some hundreds of sites

Someone might come along and overwrite ringadingding with their own address:

25.0.0.1 ringadingding

Plus, each HOSTS.TXT would look different since the speed at which new sites were being added was quicker than folks were refreshing the file.

Computer people solve problems with trees 🌲

Out of these problems came the Domain Name System. At it’s root, DNS is a hierarchical tree for retrieving names.

Much like how a file system divides things into folders, DNS divides things into domains. At the top of each tree is a top level domain (TLD) like .edu or .com.

DNS delegates both the storage and the management of domains to the subdomains below it. So example.com would be given ownership of the domain by the owner of .com and blog.example.com would be given ownership by whoever owned example.com.

Although it’s common to see only one subdomain, it’s possible to have a whole bunch. The following is a totally valid domain:

http://cs121.depalma.cs.gonzaga.edu

We can manage domains through resource records.

Each resource record is a key-value that’s used to administer a domain. If you’ve bought a domain before, you may have been asked to setup an A record or a CNAME record.

An A record points to an IP address and a CNAME acts as an alias for other records.

So if you wanted to redirect blog.foobang.com to foobang.com, you might have records like this:

blog.foobang.com CNAME foobang.com
foobang.com A 192.168.2.2

If you're curious, you can find the resource records of any domain with the unix command dig. So if you're on a mac or linux, try out the following in your terminal:

$ dig www.amazon.com

At least in 2018, you'll see a section with several CNAME records pointing to Amazon's CDN and an A name:

;; ANSWER SECTION:
www.amazon.com.     1056    IN  CNAME   www.cdn.amazon.com.
www.cdn.amazon.com. 20  IN  CNAME   www.amazon.com.edgekey.net.
www.amazon.com.edgekey.net. 260 IN  CNAME   e15316.ci.akamaiedge.net.
e15316.ci.akamaiedge.net. 1 IN  A   23.74.61.104

The first 7 TLDs

The people making this system were first-and-foremost a US government agency. No-one expected ARPAnet to become the international capital-I Internet that it is today.

As such, the first 7 top level domains are very US-centric:

com - commercial orgs like IBM
edu - universities like Berkeley
gov - the US government 
mil - the US military 
net - organizations providing network infrastructure
org - non-comercial organizations
int - international organizations like NATO

Top level domains weren't just technical artefacts anymore, they were something more.

Because ownership of the TLD meant management of the websites, the TLDs weren't just categories, they were definitions of culture. A TLD could define rules for what was in and out of the group.

Yet, at this point we don't even have country codes.

Well shoot, we've got to add countries

Countries mean a lot of issues. Our desire as programmers to have things neat and organized does not fit well into the real world.

Saying who gets a TLD means technologists are forced to weigh in on some of the most difficult geopolitical conflicts in the world. This isn't just timezones, this is the governing of human beings.

So when we go down the line of countries, do we include both Israel and Palestine? Taiwan? Kurdistan? Scotland?

Well yeah. ICANN (the current governing body) approved TLDs for all of these places. If there was a big enough group to back it, it would become a TLD.

Wait, wasn't this article about Spain?

Actually no. It's about Catalonia.

Catalonia is a region in Spain with a long history of independence conflicts. Like the Basque country, Catalonia speaks a different language and sees itself as culturally different than the surrounding Spain.

In 2005, .cat became a sponsored top-level domain specifically for Catalan culture and language developed by Fundació puntCAT and approved by ICANN.

Like many cultural TLDs, you can't get a .cat domain unless you're actually doing something related to Catalan culture.

In 2017, the region held an independence referendum that would have breached the constitution of Spain; most country's constitutions don't support regions splitting off.

In response, the Spanish government raided the offices of puntCAT, arrested their head of IT and shut down multiple .cat domains.

Let's remember what we're talking about

Fundació puntCat maintains lines in a database on a system designed so UCLA researchers could play fair with Stanford on a 1970s computer system.

No one thought they'd be weighing in on a cultural conflict thousands of miles away.

Yet the technology we build as a way to keep researchers from tripping over each other is now part of legal and cultural conflicts of one of the historically powerful countries.

So what's the point?

Well for one thing we're not going to get .🐱 domains anytime soon.

But more importantly, technical decisions can have a weight and impact far beyond what you originally prepare for. As you go off into your career, don't turn a blind eye to the way your software is being used and what it means if it 100x'd in size.

How would your software change if you knew it would be use by billions of people?