User:Onse/drawbacks of dns

Drawbacks of DNS
The domain name system (short: DNS) has some drawbacks, due to its hierarchical structure. Without set up DNS-caches, a query must reach a root-server. If this one has been compromised, it may return wrong addresses. Additionally, the root-server can censor content by deliberately omitting addresses. Instead of returning the matchin IP-address, it would tell the client that the lookup did not return an IP. These two points are problematic if the root-server cannot be trusted. The ICANN hosts and controls root-servers (see |ICANN's FAQ). As it is US-based, it might be legally forced to act in the interest of the US government instead of the interest of the global community. There is a growing mistrust in the US government due to recent events like PRISM (see |The Guardian's PRISM category). Consequentially, a need for alternative root-servers may arise. An open alternative which went back online due to these events, is the |Open Root Server Network. A third drawback is that the root-server must be online while querying to return results. If it is unreliable, domain names cannot be resolved. This is less bad, when it comes to nameservers, because for them, there can be fallback nameservers configured. Often, this is not the case for root-servers.