Slashdot Mirror
Paul Mockapetris On The Future of DNS
penciling_in writes "In a CircleID article called Letting
DNS Loose, Paul Mockapetris, the inventor of DNS and Chief Scientist and Chairman of Nominum, gives a good indication of
what is to be expected in the upcoming years when it comes to data riding on
DNS: "RFID tags, UPC codes, International characters in email
addresses and host names, and a variety of other identifiers could all go into
DNS, and folks have occasionally proposed doing just that. It's really just a
question of figuring out how to use the DNS -- it's ready to carry arbitrary
identifiers." According to Paul, there are 40 or so data types to be added
to DNS: "In fact the whole ENUM scheme is built out of classical DNS
technology, and NAPTR is really just the latest data type to be added to the
DNS. NAPTR is also just an extension of SRV, which was an extension of MX, which
are DNS data types that Active Directory uses to start itself and the Internet
uses to route each piece of mail." Paul also clarifies the recent BBC story
previously discussed here
on Slashdot."
I, for one, welcome our new DNS overlords. Please, don't hate me.
I sure hope they can resolve all the problems.
Who knows what Verisign will do when someone scans an "unregistered" barcode...
'classical DNS technology'
But to me classical means outdated.
I would like to propose a new "IN GEEK" resource record for DNS. So I can find myself on the internet easier!
I always thought the whole point of DNS was to be human friendly, now there going to go and break it by adding all kinds of crazy characters. I will not be Cypher in The Matrix, or if I must be I want a free steak dinner! And call me Mr. Schwarzenegger!
Naming conventions are pretty useless these days. The ``big'' TLDs like .com, .org, .net, etc. are all remnants from the old days when the Internet was still US-only. Nowadays we have all those country domains, which may or may not implement some scheme to indicate the type of site (.uk does, .nl doesn't).
.nu domain, the server is in California, and my content comes entirely from the Netherlands, then what country does my site belong to? So perhaps we should just dispense with the current naming scheme altogether and just have one word as name for the main site (I think RealNames attempted this and failed). Instead of http://www.google.com/ one would just write ``Google'' (or maybe ``google''?), dropping the http://www which is fairly redundant when using a webbrowser (yes, I know that ``www'' indicates the hostname, but who cares what the hostname is, I just want the site), and the TLD which is basically meaningless.
Two things make the TLDs pretty much meaningless: a traditional TLD (.com etc.) does not neccesarily indicate the type of site, and a country code does not necessarily indicate the Real World location of a site (.nu anyone?). Besides, ``location'' is a very vague notion on the Internet. If my site has a
Just an idea for the more-or-less distant future.
I'm surprised that mDNS wasn't mentioned in the context of the future of DNS. It is, after all, the technology behind Rendezvous, Apple's protocol for automatic service advertising and configuration on local LANs. mDNS is basically just normal DNS multicasted, with some conventions on how to represent services.
mDNS is already used for zero-configuration networking, sharing iTunes playlists, and finding other iChat users on a local LAN. Since it's based on DNS, its both simple and has mature implementations. And it's open source; Apple provides a working reference implementation for MacOS 9, MacOS X, Windows, and Posix (including Linux).
Please retitle this article to "Paul Mockapetris On The Future of Acronyms."
Thanks.
-- The Slashdot Readership
If it needs a [UPC|RFID|Serial number|unique ID of any kind] why not give it an IPv6 address? It's a well designed heirarchical system, and DNS is already capable of handling it.
There is no reasonable defense against an idiot with an agenda
:wq
a) Adult
b) Shopping
c) News
d) etc.
This way, I can prevent myself from accidentally going to hidden goatse.cx links that appear under more innoculous DNS entries such as "www.welcometomysite.com".
is when the hell is BIND going to support unicode?
It won't be "ready to carry arbitrary identifiers" until BIND stops rejecting unknown types. Or until everyone switches to something that works. :-)
djbdns!
Or unless you want to run something not created by an egomaniacal freak who wants to send TLD data over usenet.
what about security issues? BIND has as long history of bugs and with the recent threats to the root DNS servers, I think the real issue is building a secure DNS service rather than extending the data it carries.
So whitehouse ctrl+enter...?
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
DNS is great in it's hierarchal nature- one can simply delagate domains to another server, which keeps what ever DNS is managing the root (like slashdot.org.) from getting overloaded with requests.
However, how is it going to work if we add Barcodes, RFIDs, etc to DNS? Are we going to create a RFID domain? RFIDs are unique numbers, AFAIK, which is more like an IP address, which is exactly what DNS is designed to avoid the usage of! Will i go buy tee.shirt.yellow.minnesota.walmart and have the register go look up the RFID and price information? That would seem backwards.
Also, we're going to need many more DNS servers if we are going to piggy back those sorts of services on the system. While I did RTFA, it seemed short on details. I would assume a retailer using DNS for RFID would have a private DNS network, much the same way Microsoft's Active Directory normally uses one (or maybe not- maybe one would just need a seperate RFID network of servers, since there is nothing inherantly private about RFID numbers and it might be helpful for a retailer to make the RFID lookup ability public).
Yet, that would only lead back to my original question. Are you going to seperate RFIDs into domains by number and then delgate them? That seems silly- imagine trying to put MAC address lookups on DNS. Does one retailer need to be able to access the RFIDs of another? Are we going to need to create root servers for RFID lookups? Please don't use those same root servers and please don't merge the network with the same public internet DNS system.
Perhaps the article was just short on details, or maybe I missed something, but I'm wary of using DNS for the sort of system the article described- at least before more details emerge.
-Ryan
AUWYHSTOT (Acronyms are Useless When You Have to Spell Them Out Too)
Oh, sorry, that's petris isn't it? My bad.
hey -- Paul's a nice guy from Boston. Leave him alone.
Someone really should have asked him about any plans to make DNS more peer-to-peer oriented, like the recent project to make BitTorrent .torrents part of DNS, found here:
http://www.netrogenic.com/dnstorrent/
I'm surprised there aren't records for 'WEB' and 'FTP' and the like. Why are we still relying on well-known-ports so much? DNS could point to many different types of resources similar to 'MX'...
"Ignorance more frequently begets confidence than does knowledge"
- Charles Darwin
DNS isn't nearly bloated enough. Let's make all DNS servers run Active Directory on Windows, so we can store phone numbers, golf scores, medical records, and political party affiliation. Then, since it's an 'improvement', we can all rest assured our security concerns have been addressed. Let's get BIND rock solid, then get fancy if you're into that sort of thing.
I think he should write an article entitled "How to Survive Elementary School with a Last Name like Mockapetris."
Because, only in elementary school would someone make fun of someone else's name...wait...
...
Letting DNS Loose
Jan 02, 2004 | From CircleID Empowering DNS
By Paul Mockapetris
Most folks tend to think of the DNS as a way to map ASCII host names to IP addresses, perhaps www.nominum.com to 10.0.01 or some such.
I believe that when Vint talks about "escaping the bonds of DNS", [see BBC's report and Doug Mehus' CircleID report] he's really talking about letting it loose rather than replacing it.
In the case of ENUM and NAPTR, all we are doing is saying that "domain names can carry phone numbers, so why not let them". NAPTR is a DNS data type, so we aren't replacing DNS with NAPTR, that would make no sense. In fact the whole ENUM scheme is built out of classical DNS technology, and NAPTR is really just the latest data type to be added to the DNS (there's 40 or so). NAPTR is also just an extension of SRV, which was an extension of MX, which are DNS data types that Active Directory uses to start itself and the Internet uses to route each piece of mail.
RFID tags, UPC codes, International characters in email addresses and host names, and a variety of other identifiers could all go into DNS, and folks have occasionally proposed doing just that. Its really just a question of figuring out how to use the DNS -- its ready to carry arbitrary identifiers. And by the way, this isn't a new idea, see RFC 1101 for proof, although even earlier I designed the DNS in the early 1980s to allow it to be so, but it seemed too far fetched to document for a while.
But don't think that I'm claiming to have solved the whole problem. What I certainly didn't anticipate was the political, legal, and commercial fight that would come with it. These squabbles behind ENUM and RFID use of DNS are really the problem, not the technology, although there may be ways to help with more technology. I was in Geneva for a WSIS meeting of CTOs, and was surprised that the various organizations (ITU, ICANN, ISOC) haven't figured out that they need each other to make this technology work, rather than asserting ownership.
While it is inevitable that the DNS gets replaced, I think there could be far more usage and opportunity if the political aspects were addressed coherently, and if the technology types just let experimentation happen, rather than trying to make rules about how the DNS is used.
- Kaos games and encryption systems developer
While the main point of the article is interesting, the rather depressing part - about the politics of the ITU, ICANN, etc. - is that unless we can get these oafs to work together, we are totally hosed. Having witnessed some of the machinations that goes on in at least a couple of these groups, I despair of whether we will get anything rational out of all of this. (I would much, much rather see sausages being made, than see these groups "working' again...)
"The time is always now" - Victor
My browser is smarter than that. I just write the name of the site and it automatically does an "I'm feeling lucky!" google search. Gets'em right every time!(almost)
Isn't the design of DNS especially relevant to host names because hosts, and hence host names are dynamically distributed?
Why would it necessarily follow that we would want to use DNS to store other arbitrary types of data (that do not necessarily have a decentralized nature) instead of a central database?
It's 10 PM. Do you know if you're un-American?
Give me a break. DNS itself is virtually unchanged over all these years. You've pretty much got SOA, NS, A, CNAME, and MX records and some other record types for meta information. RFID? Active Directory? Ppphtt.
demo minna ga kanji wo wakanai desu kara yaku ni tata nai desou?
- rrset-order is still broken.
- GSS-TSIG support is still missing.
- Strange multi-threading bugs still exist
- Awful security history isn't behind it yet.
Oddly enough, the expensive Nominum commercial product has all these things fixed and BIND does not, even though ISC and Nominum are the same set of folks, in the same building.Does this sound like bullshit to you ? If so, see the following:
- Read the bottom parts of this
and the links at the bottom of this
- Nominum/ISC relationship described here
Of course, the trouble is that there's not many alternatives. DJBDNS is stable, but missing features and has an odd "semi-open-source" license. ( Also, if you read some of the links, Dan's a really cranky source of supportAAARRGGHH.
if you read rfc2782 you will see that SRV isn't intended to be retroactively applied to all applications - because it would break compatibility with apps that expected to use default port numbers. SRV should only be used by applications which are explicitly specified to use it, and HTTP/web browsing hasn't been specified to use SRV.
to really fix web browsing it should use NAPTR records in addition to SRV records - that would allow arbitrary mappings from from any URI type to any suitable access protocol, including URNs that don't have locations embedded in them.
In the 90s Paul tried to commercialize DNS by creating a server that would compete with other free DNS servers. We ended up writing a DNS server that was scaleable, slower and subscription based. Of course no one bought the software, the project failed and Paul 'willfully' left the company. It seemed like he was more interested in his job title and being known as 'the father of DNS' than ensuring the quality of the project. To see him take part in choosing the future of DNS make me worry.
Great one, dude. You're really in the zone tonight.
I refuse to italicize my bad jokes.
All's true that is mistrusted
...looked just like my breakfast: Alphabits.
There is also the very serious issue of conflicts and contention checking. mDNS is a man-in-the-middle attackers wet dream.
[RIAA] says its concern is artists. That's true, in just the sense that a cattle rancher is concerned about its cattle.
Mockapetris sounds like some weird varient of tetris.
DNS needs stability and property rights for existing names and uses,
and therefore requires somebody who can manage, second, the DNS also
needs somebody with the ability to create revolutionary change and
expand the technology into international character sets,telephony
applications, and new TLDs, which will require someone who is
visionary and not afraid to turn the sacred cows of the International
Telecommunication Union and the Internet Society into hamburger if
they get in the way.
- Paul Mockapetris, January 23, 2001
More here
Need Mercedes parts ?
Universal Product Code codes?
What's your GCNSEQNO?
Jesus christ, I mean what do you expect when you can't enter an extended Latin-1 character (to properly spell naive or deja vu). Hint, though: try entering raw Unicode into your signature. I understand that works.
I guess in the interest of keeping slashdot free from page-hijacking trolls (or maybe for preventing complaints by people who "don't have the right font"), they went (arguably) a little too far with the character set folding/HTML entity removal
THIS THING CAN TURN ON A DIME, MACROSSZERO STYLE ALSO FUCK BETA, ~NYORON
::International characters in email addresses BAD idea. VERY bad idea. I can really see an american struggling over his english keyboard enting a norwegian char to send an email to his norgwegian partner. Funny (with me being in german) That said, for me it is NOT that funny anymore (being in german) when I have to figure out a way to enter a chinese char into a chinese email address given that I have no clue about how their char system works at all. PLEASE spare us international chars in emails and wbsite domains.
Most of the time it seems to work, I tend to find interesting stuff that I wasn't even aware I looked at, but then sometimes I get confused.
When I scanned this title I thought Starbucks had started basing their Coffee on some disturbing 'cocktail' type name.
Let's go further than that.
Face it. The "www" subdomain notation is a relic. It comes from a lumbering nerdish approach to system administration, a poor first understanding of the functionality of the DNS. The principle domain name should have an A record and that's where you find the webserver. Just as it has an MX record and that's where you find the mailserver. We don't specify a "mail" subdomain to send mail...so we shouldn't specify the "www" to hit the webserver.
Sure set up the www name too - sadly, you have to... but redirect it straight back to the principle domain on the webserver. And while we are at it, we should change it to "web". WWW is a childish name and infuriating abbreviation. Drop that too, say I.
Everytime I see a URL painted on the side of a truck or printed in a newspaper with all those miles of redundant characters - yeah drop the "http://" too - i shudder. I cringe. It's so so uncool.
Is it just me, or does Mockapetris sound like a tetris-like game played with falling five-block pieces that make fun of you as they descend?
You see? You see? Your stupid minds! Stupid! Stupid!
...as "Mockapenis". Naughty me. :)
Just what I always wanted DNS entries for all the products that I own. So then everyone could slashdot that RFID tag with embedded wireless webserver that will one day be in my fruit of the looms? It will be a very connected brave new world.
I for one welcome our new Dr Bernstein overload...
You are in a maze of twisted little posts, all alike.
Omae ni ha kanzi ga wakannai koto ga barebare da ze...
Haa? Anou, iso-2022-jp wo tukaeba, densi-meiru de mo kanji ga pittari kantan to omou kedo? Mojira Thunderbird ga dekiru rasii.
A, mosikasite meiru-adoresu no koto daro? Nara saisyo kara ieba ii zyanai!
Sore yori, roomaji no yomeru hitobito ha taitei kanji mo yomeru hitobito deshou? Yappari watashi nara kanji no hou ga yomiyasui to omoimasu ga...