Feeds

DNS creator considers the Internet's next 20 years

Dr Paul Mockapetris speaks

  • alert
  • submit to reddit

High performance access to file storage

Interview It was 20 years ago to the day yesterday that the first test of the DNS system was carried out by its inventor Dr Paul Mockapetris and Internet founding father Jon Postel. It did rather well. To the extent that it still underpins every single website and every single email sent every day.

It seems only fitting then that we have a transatlantic call with Dr Mockapetris and chat about the past, present and future not only of DNS but also ENUM, VoIP, ICANN and various other acronyms that will probably mean nothing to you but will change the way you live your life in the same way that email and the Internet is ingrained in our society.

The Doc is a busy man with his fingers in a number of pies. He's chief scientist and chairman at Nominum, a company that produces commercial applications for DNS and IP-related matters. He has also taken on a major role at the Jon Postel Center where he ponders what will happen in the next 20 years. He knows his stuff.

Talking about those days 20 years ago when he devised a system that would connect words to numbers and so make the vital interface between humans and machines, he says: "At the time we built DNS, we put in more than we needed to, which is probably just as well, as we are still enjoying the flexibility of DNS. There are currently a billion DNS names and a billion people that use them."

It was the far-sighted vision of Dr Mockapetris that meant the system he designed was capable of handling the exponential growth in its use. "When I was in grad school, getting 100 transistors on a chip was a big deal. But it became clear that once we had computers, the next step was going to be a communications device for tens of millions of computers." And so DNS was written with the idea of accommodating millions of computers. Considering, as Dr Mockapetris points out, that 20 years ago it was unsure whether you'd ever had a PC in your house, this wasn't bad going.

DNS - Domain Name System - is the foundation of the network that is the Internet. However while it has served us extremely well, it needs an update. In five years, the doctor reckons, we will have "well beyond" 10 billions DNS names - and most of them will not be PCs but hundreds of other devices or products ("sweaters, razor blades") that use the code to communicate with other machines. Technology has moved forward as well and DNS needs strengthening and expanding.

In fact, there already is an update - DNSSec, standing for DNS Security. This was sparked by increasing concerns over abuse of the DNS network. As the Internet becomes more widespread and hence more valuable, the impetus is there for people to find ways of using it criminally.

The Internet overseeing body ICANN cleverly hijacked its annual conference in November 2001, following the New York terrorist attacks, by insisting that the only discussion was security of the Internet. While this held back rebellion over other Internet issues, it did help produce DNSSec which seeks to cut out things such as identity theft at the very foundation level by introducing checking passwords and signatures.

It is still stuck in political battles and Dr Mockapetris is not happy about it. "I keep trying to think how to get it unstuck," he tells us. "I am hoping people will see it has to change, they have to move forward. It could be done in six months. DNSSec is about making the basics safe. There are technical issues being argued about what will goes in and what comes out, which really reflect what people stand to gain out of them."

The biggest and daftest stopping block though is ICANN itself. "An issue is whether or not to let ICANN have the root of the security information. But it can't, this is a completely unworkable system. You have to have multiple ways of people selecting who they trust. ICANN can't decide. At one point you had ICANN in the position where it would tell governments what they could do with their domains."

As a central figure in the creation of the Internet, Dr Mockapetris is not happy seeing it sucked into political and bureaucratic wrangling. And in particular is supportive of anything that keeps ICANN's "feet close to the fire".

ICANN, for a variety of reasons, none of which aid the Internet or Internet users, has been holding back on releasing new domain extensions like .com or .net. Despite occasional claims by ICANN that this is to protect the integrity of the DNS, the man who wrote the actual code is far more convinced of its stability.

In fact, Dr Mockapetris is surprisingly relaxed about other aspects that DNS experts spit blood over. A recent report by Nominum revealed that a worrying number of servers running different countries' domains were badly set up and badly run and, well, hanging on by the skin of their teeth.

"The good thing about DNS is that it's designed to work even if it isn't configured right. It's like a car - there may not be enough air in the tyres or oil in the engine, but it is still supposed to work anyway. I tend to concentrate on getting the important parts of the DNS set up right. I don't think we can or should ever make enough people DNS experts. We should make products that automatically check whether it's right and then tell you if it isn't. It'll make the technology more robust and easier to use." He says that a test he carried out in 1989 showed that 50 per cent of computers didn't have the DNS configured properly and that this is still the case now.

Anycasting of some of the 13 root servers that sit at the very top of the Internet is lending greater stability. He doesn't rule out an extension of the basic 56K byte size set in 1983 and said they probably should have changed it, but points out that there is no problem with it and no need to solve it, so any change is likely to be far off.

The other thing that tends to aggravate DNS experts is the actions of company New.net. New.net decided that because ICANN was artificially constraining the number of top-level domains, it would build a business out of other domains like .shop, .travel, .sport. Since they are not allowed into the main DNS system, it has achieved this by setting up its own mini-DNS at New.net. So if you buy "www.football.sport" from New.net, the reality of the address is at "www.football.sport.new.net".

New.net enables people to see these addresses from the normal Internet system by adding a small bit of code to your browser where if your computer asks where a certain domain is like .sport and the DNS proper doesn't know, it then asks New.net if it knows it.

The DNS boys hate this and accuse it of making the whole system unstable. Dr Mockapetris is more circumspect. While he doesn't think the business will last long term, he says it is "in one sense good". "If the bureaucracy running the Internet, ICANN, doesn't expand fast enough, it's good to have someone pressuring it."

What does worry him is people spoofing DNS information and getting normal Internet visitors to think they are at one Internet site when they are in fact at another. He comes up with the example of the FCC in the US. If you were able to make people go to your site thinking it was the FCC, you could post all sorts of documents about companies that would have an immediate effect on their share price. A little clever buying and selling and you'd make a fortune. Another example is, say, Amazon.com - you can get hold of thousands of people's credit card details in just a matter of hours.

As for the future of the DNS, ENUM is good - where people will be able to connect the Internet numbering system with the existing international phone system. This means each individual gets their own number where they can run and Internet domain, pick up phone calls, send texts, well anything that can be done with data in fact.

It's all going to be about connecting everything up. "The next 20 years the network will make things a bit better for all of us. Like knowing when you are walking down the hall, it will make life easier for us. It will be about integrating with higher levels."

But before you can start worrying about Matrix-like pseudo-philosophy, he adds: "Sorry to be so vague about it." Considering that vague is what enabled Dr Mockapetris to design the foundation stone of the entire Internet, vague isn't so bad. ®

High performance access to file storage

More from The Register

next story
Sorry London, Europe's top tech city is Munich
New 'Atlas of ICT Activity' finds innovation isn't happening at Silicon Roundabout
MtGox chief Karpelès refuses to come to US for g-men's grilling
Bitcoin baron says he needs another lawyer for FinCEN chat
Dropbox defends fantastically badly timed Condoleezza Rice appointment
'Nothing is going to change with Dr. Rice's appointment,' file sharer promises
Audio fans, prepare yourself for the Second Coming ... of Blu-ray
High Fidelity Pure Audio – is this what your ears have been waiting for?
Did a date calculation bug just cost hard-up Co-op Bank £110m?
And just when Brit banking org needs £400m to stay afloat
Zucker punched: Google gobbles Facebook-wooed Titan Aerospace
Up, up and away in my beautiful balloon flying broadband-bot
Apple DOMINATES the Valley, rakes in more profit than Google, HP, Intel, Cisco COMBINED
Cook & Co. also pay more taxes than those four worthies PLUS eBay and Oracle
prev story

Whitepapers

Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
HP ArcSight ESM solution helps Finansbank
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Mobile application security study
Download this report to see the alarming realities regarding the sheer number of applications vulnerable to attack, as well as the most common and easily addressable vulnerability errors.