[alwaysdownvoted]

"Who can..." ICANN. Yes it can be whenever they want. No one ever stops them. They added several in 2001. Now they've opened the floodgates.

"At no real cost..." True. Except the cost of running one of the 13 server addresses. And IMO it could be a dog and no one would notice. I think the A server (198.41.0.4) is really all anyone needs. The cost of a new TLD to ICANN is the cost of editing a text file.

"By what authority..." None.

", why are they allowed..." A question I have been asking for over 20 years. Answer: Because we let them?

You can say no to ICANN. Run your own root on 127.x.x.x. You can edit the root.zone to be just as you want it. Want to delete a silly TLD (e.g., .loans)? Edit a text file. Want to add your own new TLD? Edit a text file. The cost? Editing a text file.

I recall a former Board member of ICANN admitting he himself ran his own root for many years.

ICANN's ability to make millions in profit from TLD's relies on an interesting prerequisite. All DNS admins have to use a root.hints file that points to the (13) addresses serving ICANN's root.zone. Often they have no idea this root.hints file even exists, let alone have the guts to edit it. The root server addresses to use are chosen by the authors of the DNS software, e.g., the software automatically downloads root.hints from ICANN to bootstrap itself.

If admins or users choose to use a different list of root server addresses (e.g., 127.x.x.x, 10.x.x.x., etc.), all bets are off.

So how do you stop ICANN from making millions posing as a pseudo licensing authority for registries? One way is to stop using ICANN's root.hints and use a different root.zone that you control. If enough people do this then one day ICANN has no relevance.

Right. Not gonna happen. I'm probably one of only a small number of users who will ever run their own root.

[walshemj]

Having worked for a registry ICANS technical requirement are a lot more than just throwing up a single AWS instance.

For .coop we had to have fully redundant servers (ie < 99.9999 uptime) on 4 continents

[staticelf]

Well, for new applicants they have to go through the Swedish Internet Foundation testing.

https://www.iis.se/vad-vi-gor/pdt/#PDT_eng

Disclaimer: I work for the Internet foundation in Sweden.

[vertex-four]

The problem is that DNS-as-a-global-naming-service is only useful because more-or-less everyone agrees that for a given domain, it'll resolve to the same place. Therefore, to change away from ICANN's authority, you have to get every user of DNS to agree to do so.

[jug]

Now that they opened the floodgates I kind of think this is the end of it, though? The number of decent candidates for a new site has skyrocketed (to the point of there being too many even to guard against from domain squatters for many companies), and thus value of new TLD's plummeting?

[Bombthecat]

Namecoin tries to break that monopole by using a p2p database with a blockchain like bitcoin.

So far without any success :)

[pmlnr]

That is because it still relies on paying for the domain.

The Tor network can "register" and address ( call it a pointer, because it's basically a hash ) for .onion. That means if you run the the tor service, you have a pointer, and this is probably a good solution.

So if we'd all had a distributed global "dns"-like network, where each and every system gets a unique id this would partially be solved, for free, but the requirement for master nodes (like tracker servers for torrents ) would probably still be present.

The problem with this approach is that obviously you can't make a choice for xyz.mydomain, because there will be at least someone else who wants xyz.mydomain, and in this case, who and how would decide which of you can have it? Right now this decision maker is money, which of course is an issue, but at least a solution.

So: does anyone have a distributed, fair solution, that is able to solve disputes and act as a replacement for dns? So far I'm not aware of any.