In message <52E699B3.9050807@gmail.com>, at 18:38:59 on Mon, 27 Jan 2014, Pier Carlo Chiodi <pc.chiodi@gmail.com> writes
my intention was not to use the example.com "technical background" such as the real NSs operated by IANA.
Except your diagrams quote "a.iana-servers.net" as the NS, which is where the potential for great confusion kicks in.
That's right, the diagram on page 6 uses the real authoritative nameservers for example.com, because there I show how really example.com works.
I'm reminded of the confusion between "root servers" and "route servers" which has beleaguered many a debate about Internet governance (and has reared its ugly head on '1net' in only the last few days). The issue of USA control over IANA, and the potential implication of a single point of failure, means I am extremely concerned about giving even the slightest [mistaken] impression that anyone's NS are located at IANA [other than a handful of I* community sites of course].
In the rest of the document I used the example.com in other scenarios too, many of them fictitious (blog.example.com, criminal.example.com), just for the purpose of describing the specific situation.
I think a suitably-chosen example would be much less difficult for the non-experts (they won't go away with the impression that IANA runs everyone's NS).
Would not this just move the problem toward the new domain's registry and NSs? If the impression that the document gives is this, maybe something else should be changed too.
One solution would be using an obviously fictional set of domains for the name servers. I'm not sure how many readers will be reaching for their DNS-tools to see if they got "real" results. Perhaps we could use something like example-network-A.com, example-network-B.com, example-network-C.com as the Name Server host networks. ps And on another topic, might it be useful to include some indication of how practical some of the circumvention methods you describe might be on a tablet/smartphone (rather than a desktop PC)? I realise that if users of *some* legacy systems can employ circumvention it's still a problem, but the migration to mobile platforms is rapid and significant, and they are much less susceptible to user customisation. On my Android phone, for example, I can't even see a way to change it from DHCP (which I assume it's using) to a fixed DNS server of *my* choice. I imagine an iPhone or iPad is the same. -- Roland Perry