SAN FRANCISCO -- The domain name system (DNS) is a remarkably resilient technology. Even after 20 years, this basic...
method by which Internet domains are located and translated into Internet Protocol (IP) addresses remains relevant. In an interview at last week's Burton Group Catalyst Conference 2003, Paul Mockapetris talked about the past and the future of this technology, which he invented two decades ago. These days, Mockapetris makes his living as chief scientist for Nominum Inc., a Redwood City, Calif.-based provider of IP address infrastructure software.
Twenty years ago, what was your vision for DNS?
Paul Mockapetris: The goal I set for myself was to build a tool for a variety of different uses, something open that people could take advantage of no matter what came along. A lot of other people added to it, and I don't deserve the credit or the blame for that. It is an important resource for the Internet. One of the goals 20 years ago was to be able to look up phone numbers with it, and 20 years later, that is almost at hand.
How has the use of DNS changed since its early days?
Mockapetris: The most disappointing thing is that the technology has not maintained a lead over the lawyers and marketers. Innovation has slowed because of factors outside of technology. It takes years to get things approved and standardized and to deal with trademarks. The technology is not keeping three or four steps ahead of the legal community. Digital signatures are one example of that.
One of the great successes is that not one person in the room during my presentation knew what IP address they were using. That means that it is working. Making technology disappear is always the goal, supporting other uses without being in [the] forefront.
What has enabled DNS to keep pace with all of the changes of the last 20 years?
Mockapetris: It is because it has the ubiquity to be the foundation for more work on top. It is not trying to be all things to all people. It does not compete with Microsoft's .NET or Lightweight Directory Access Protocol [LDAP]. It can take advantage of having that kind of focus, and that is one of the key things that makes the technology great.
What technologies are most changing DNS today?
Mockapetris: A lot of people have added on to DNS to do things like load balancing and initiatives like ENUM [mapping phone numbers to URLs] which, rather than sending answers, sends a program to get the answer. RFID [radio frequency identification] will also create change. The volume of addresses will be huge, and it will be ubiquitous across the Internet. But it is unlikely that, in anyone's lifetime here, we will run out of names. Internet Protocol version 6 [IPv6] means that there will be dozens of zeros. It's an inexhaustible resource. RFID is exciting. If less than 10% of what people are talking about comes to pass in the next five years, there will be up to 100 billion devices. Whatever technology links the data will be vastly important. Growth will mushroom whether it is DNS, or if DNS gets replaced by something else, the opportunity is there.
From an enterprise perspective, how is DNS important?
Mockapetris: Do you need the Internet to work? If your phones are running over the Internet, do you need it then? Some organizations are more sensitive to whether their external Web presence is up or down. What is important is having guidelines for activity that is essential, so it gets the attention it needs. DNS is not the weakest link. The most reliable technology is often the hardest one to address when it fails, since it hardly ever does so.
What are the most common DNS problems in enterprises?
Mockapetris: Sometimes organizations put redundant DNS servers on the same Ethernet segment, and it all works fine until it is disconnected. It is also important to make sure that more than one person can make changes but that not everyone can reconfigure the servers. Appropriate people should be able to make some changes.
Are there security concerns?
Mockapetris: Security is a big issue for people that worry about being the focus of attacks: big online retailers, the military, high-profile targets. Most organizations need to think about identity theft. Are you connecting to who you think you are reaching? Are people reaching you when they think they are? A year ago, people found out that it was possible to attack a DNS client.
How will DNS evolve in the future?
Mockapetris: Today it is being used for non-ASCII character sets, as China and Japan get DNS names in their own characters. There will be more applications, more phone numbers. With ad hoc networks, you have to keep track of the configuration and make sure that it is tracked in real time.
FOR MORE INFORMATION:
Definition: Domain name system (DNS)
Tip: Managing DNS
Tip: DNS security