At first glance, the domain name system performs a relatively simple set of tasks. Its primary purpose is to translate domain names that are easily readable and remembered by humans into numerical IP addresses. IP addresses serve as the basis for how computers are identified on networks and across the internet. As an example of how DNS functions, TechTarget is translated by DNS to an IPv4 address of 22.214.171.124.
So, on one hand, DNS functions as a relatively simple service to understand. Yet, if you dig a bit deeper, you'll discover that DNS is full of complexities due to its hierarchical and decentralized nature. It's also an aging system rife with security flaws, and there are concerns that it may not be able to keep up with growing global demands and changes in networking trends.
DNS functions, architecture
According to the Internet Assigned Numbers Authority, there are 13 named authorities around the world that act as DNS root server systems. Within these 13 authorities, there are thousands of DNS servers that take up the root server role. DNS functions use a hierarchy structure to manage the millions of IP address mappings from the top- and second-level domains. At the lowest level of this hierarchy, medium- and large-sized organizations often maintain their own sub-DNS servers locally to map private servers to internal DNS names. When the resolution of servers outside of the local business domain is required, these DNS servers reach out to a recursive-resolver DNS server. A recursive-resolver server is commonly an ISP or third-party DNS service on the internet. If the recursive-resolver server doesn't have the answer to a DNS query, the request continues up the hierarchical chain until it reaches a root server. While the underlying architecture of DNS has not changed since its inception, the number of DNS servers in use continues to rise.
Security remains top concern
Easily the biggest concern for DNS administrators in 2018 will be how to handle the various exploits, misconfigurations and distributed denial-of-service (DDoS) attacks that inevitably will occur. In 2016, DNS provider Dyn suffered a massive DDoS attack that effectively took down major internet sites including Twitter, GitHub and Spotify. That same year, cloud service provider, Scalr, knocked customer sites offline after one of the company's administrators mistakenly deleted DNS records due to "flawed logic." Finally, new vulnerabilities continue to be found within popular DNS server software. Such is the case when Google discovered several remote code vulnerabilities in the popular Dnsmasq server software in October 2017. Failures and attacks on critical DNS servers remain one of the weak points of the internet. While there are methods and concepts to remediate many of these security issues, progress remains slow.
Implications of exponential endpoint growth and IPv6
Nearly every endpoint residing on an IP network relies on a DNS server to find other network-connected resources. While there are an estimated 8 billion to 9 billion internet-connected devices on the planet today, Gartner Research predicted that number will more than double to over 20 billion devices by the end of 2020. Unless the number of DNS servers in operation is significantly increased -- or the DNS query process is streamlined -- the doubling of internet devices is expected to put tremendous strain on DNS servers.
Perhaps the biggest disruption to DNS server deployments in 2018 will be due to the increasing number of internet-connected devices operating within IPv6-only networks. Until recently, unique problems found with IPv6 DNS have been masked by the fact that most IPv6 deployments ran in a dual-stack mode. Dual-stack is when endpoints run both IPv4 and IPv6 simultaneously. However, there are growing numbers of networks -- particularly within mobile internet companies -- beginning to roll out IPv6 without dual-stacking alongside IPv4. As this trend toward IPv6-only devices continues, architecture issues found with the support of stateless address autoconfiguration and Dynamic Host Configuration Protocol version 6 could fragment IPv6 DNS server deployments across the globe. These inefficiencies must be addressed and resolved relatively quickly by the technology community.
To say that DNS functions are just one item in a long list of important network standards and protocols is a massive understatement. Because of our continued reliance on the internet for both business and personal use, DNS performs functions that make it one of the most essential services we use today. As global internet usage increases -- and as we migrate to new and better networking technologies -- it's crucial that DNS keep up in terms of performance, reliability and scalability.