Feeds

DNS creator considers the Internet's next 20 years

Dr Paul Mockapetris speaks

  • alert
  • submit to reddit

Choosing a cloud hosting partner with confidence

Interview It was 20 years ago to the day yesterday that the first test of the DNS system was carried out by its inventor Dr Paul Mockapetris and Internet founding father Jon Postel. It did rather well. To the extent that it still underpins every single website and every single email sent every day.

It seems only fitting then that we have a transatlantic call with Dr Mockapetris and chat about the past, present and future not only of DNS but also ENUM, VoIP, ICANN and various other acronyms that will probably mean nothing to you but will change the way you live your life in the same way that email and the Internet is ingrained in our society.

The Doc is a busy man with his fingers in a number of pies. He's chief scientist and chairman at Nominum, a company that produces commercial applications for DNS and IP-related matters. He has also taken on a major role at the Jon Postel Center where he ponders what will happen in the next 20 years. He knows his stuff.

Talking about those days 20 years ago when he devised a system that would connect words to numbers and so make the vital interface between humans and machines, he says: "At the time we built DNS, we put in more than we needed to, which is probably just as well, as we are still enjoying the flexibility of DNS. There are currently a billion DNS names and a billion people that use them."

It was the far-sighted vision of Dr Mockapetris that meant the system he designed was capable of handling the exponential growth in its use. "When I was in grad school, getting 100 transistors on a chip was a big deal. But it became clear that once we had computers, the next step was going to be a communications device for tens of millions of computers." And so DNS was written with the idea of accommodating millions of computers. Considering, as Dr Mockapetris points out, that 20 years ago it was unsure whether you'd ever had a PC in your house, this wasn't bad going.

DNS - Domain Name System - is the foundation of the network that is the Internet. However while it has served us extremely well, it needs an update. In five years, the doctor reckons, we will have "well beyond" 10 billions DNS names - and most of them will not be PCs but hundreds of other devices or products ("sweaters, razor blades") that use the code to communicate with other machines. Technology has moved forward as well and DNS needs strengthening and expanding.

In fact, there already is an update - DNSSec, standing for DNS Security. This was sparked by increasing concerns over abuse of the DNS network. As the Internet becomes more widespread and hence more valuable, the impetus is there for people to find ways of using it criminally.

The Internet overseeing body ICANN cleverly hijacked its annual conference in November 2001, following the New York terrorist attacks, by insisting that the only discussion was security of the Internet. While this held back rebellion over other Internet issues, it did help produce DNSSec which seeks to cut out things such as identity theft at the very foundation level by introducing checking passwords and signatures.

It is still stuck in political battles and Dr Mockapetris is not happy about it. "I keep trying to think how to get it unstuck," he tells us. "I am hoping people will see it has to change, they have to move forward. It could be done in six months. DNSSec is about making the basics safe. There are technical issues being argued about what will goes in and what comes out, which really reflect what people stand to gain out of them."

The biggest and daftest stopping block though is ICANN itself. "An issue is whether or not to let ICANN have the root of the security information. But it can't, this is a completely unworkable system. You have to have multiple ways of people selecting who they trust. ICANN can't decide. At one point you had ICANN in the position where it would tell governments what they could do with their domains."

As a central figure in the creation of the Internet, Dr Mockapetris is not happy seeing it sucked into political and bureaucratic wrangling. And in particular is supportive of anything that keeps ICANN's "feet close to the fire".

ICANN, for a variety of reasons, none of which aid the Internet or Internet users, has been holding back on releasing new domain extensions like .com or .net. Despite occasional claims by ICANN that this is to protect the integrity of the DNS, the man who wrote the actual code is far more convinced of its stability.

In fact, Dr Mockapetris is surprisingly relaxed about other aspects that DNS experts spit blood over. A recent report by Nominum revealed that a worrying number of servers running different countries' domains were badly set up and badly run and, well, hanging on by the skin of their teeth.

"The good thing about DNS is that it's designed to work even if it isn't configured right. It's like a car - there may not be enough air in the tyres or oil in the engine, but it is still supposed to work anyway. I tend to concentrate on getting the important parts of the DNS set up right. I don't think we can or should ever make enough people DNS experts. We should make products that automatically check whether it's right and then tell you if it isn't. It'll make the technology more robust and easier to use." He says that a test he carried out in 1989 showed that 50 per cent of computers didn't have the DNS configured properly and that this is still the case now.

Anycasting of some of the 13 root servers that sit at the very top of the Internet is lending greater stability. He doesn't rule out an extension of the basic 56K byte size set in 1983 and said they probably should have changed it, but points out that there is no problem with it and no need to solve it, so any change is likely to be far off.

The other thing that tends to aggravate DNS experts is the actions of company New.net. New.net decided that because ICANN was artificially constraining the number of top-level domains, it would build a business out of other domains like .shop, .travel, .sport. Since they are not allowed into the main DNS system, it has achieved this by setting up its own mini-DNS at New.net. So if you buy "www.football.sport" from New.net, the reality of the address is at "www.football.sport.new.net".

New.net enables people to see these addresses from the normal Internet system by adding a small bit of code to your browser where if your computer asks where a certain domain is like .sport and the DNS proper doesn't know, it then asks New.net if it knows it.

The DNS boys hate this and accuse it of making the whole system unstable. Dr Mockapetris is more circumspect. While he doesn't think the business will last long term, he says it is "in one sense good". "If the bureaucracy running the Internet, ICANN, doesn't expand fast enough, it's good to have someone pressuring it."

What does worry him is people spoofing DNS information and getting normal Internet visitors to think they are at one Internet site when they are in fact at another. He comes up with the example of the FCC in the US. If you were able to make people go to your site thinking it was the FCC, you could post all sorts of documents about companies that would have an immediate effect on their share price. A little clever buying and selling and you'd make a fortune. Another example is, say, Amazon.com - you can get hold of thousands of people's credit card details in just a matter of hours.

As for the future of the DNS, ENUM is good - where people will be able to connect the Internet numbering system with the existing international phone system. This means each individual gets their own number where they can run and Internet domain, pick up phone calls, send texts, well anything that can be done with data in fact.

It's all going to be about connecting everything up. "The next 20 years the network will make things a bit better for all of us. Like knowing when you are walking down the hall, it will make life easier for us. It will be about integrating with higher levels."

But before you can start worrying about Matrix-like pseudo-philosophy, he adds: "Sorry to be so vague about it." Considering that vague is what enabled Dr Mockapetris to design the foundation stone of the entire Internet, vague isn't so bad. ®

Choosing a cloud hosting partner with confidence

More from The Register

next story
Facebook pays INFINITELY MORE UK corp tax than in 2012
Thanks for the £3k, Zuck. Doh! you're IN CREDIT. Guess not
Facebook, Apple: LADIES! Why not FREEZE your EGGS? It's on the company!
No biological clockwatching when you work in Silicon Valley
Happiness economics is bollocks. Oh, UK.gov just adopted it? Er ...
Opportunity doesn't knock; it costs us instead
Sysadmin with EBOLA? Gartner's issued advice to debug your biz
Start hoarding cleaning supplies, analyst firm says, and assume your team will scatter
YARR! Pirates walk the plank: DMCA magnets sink in Google results
Spaffing copyrighted stuff over the web? No search ranking for you
Don't bother telling people if you lose their data, say Euro bods
You read that right – with the proviso that it's encrypted
Apple SILENCES Bose, YANKS headphones from stores
The, er, Beats go on after noise-cancelling spat
prev story

Whitepapers

Cloud and hybrid-cloud data protection for VMware
Learn how quick and easy it is to configure backups and perform restores for VMware environments.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Three 1TB solid state scorchers up for grabs
Big SSDs can be expensive but think big and think free because you could be the lucky winner of one of three 1TB Samsung SSD 840 EVO drives that we’re giving away worth over £300 apiece.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.