Paul Mockapetris On The Future of DNS

← Back to Stories (view on slashdot.org)

Paul Mockapetris On The Future of DNS

Posted by timothy on Tuesday January 6, 2004 @12:51PM from the smooshing-in-extra-stuff dept.

penciling_in writes "In a CircleID article called Letting DNS Loose, Paul Mockapetris, the inventor of DNS and Chief Scientist and Chairman of Nominum, gives a good indication of what is to be expected in the upcoming years when it comes to data riding on DNS: "RFID tags, UPC codes, International characters in email addresses and host names, and a variety of other identifiers could all go into DNS, and folks have occasionally proposed doing just that. It's really just a question of figuring out how to use the DNS -- it's ready to carry arbitrary identifiers." According to Paul, there are 40 or so data types to be added to DNS: "In fact the whole ENUM scheme is built out of classical DNS technology, and NAPTR is really just the latest data type to be added to the DNS. NAPTR is also just an extension of SRV, which was an extension of MX, which are DNS data types that Active Directory uses to start itself and the Internet uses to route each piece of mail." Paul also clarifies the recent BBC story previously discussed here on Slashdot."

40 of 188 comments (clear)

You saw it coming. by GregThePaladin · 2004-01-06 12:54 · Score: 3, Redundant

I, for one, welcome our new DNS overlords. Please, don't hate me.
Hmmm by Shut+the+fuck+up! · 2004-01-06 12:54 · Score: 3, Funny

I sure hope they can resolve all the problems.
1. Re:Hmmm by twoslice · 2004-01-06 13:09 · Score: 3, Funny
  
  Yeah, especially when China is coming out with their Domein system and over 50% of the DNS entries are Wong...
  
  --
  
  From excellent karma to terible karma with a single +5 funny post...
2. Re:Hmmm by gid13 · 2004-01-06 13:10 · Score: 2, Funny
  
  My new year's resolution is 1600 by 1200.
  
  Oh dear god, I can't believe I just said that.
3. Re:Hmmm by Trashman · 2004-01-06 13:24 · Score: 2, Funny
  
  You must be the authority on bad puns.
  
  --
  Do not read this .sig
Verisign's Sitefinder by thedillybar · 2004-01-06 12:56 · Score: 4, Insightful

All the more reason to make sure this "Sitefinder" service gets shutdown.
Who knows what Verisign will do when someone scans an "unregistered" barcode...
Maybe it's word thing by tarquin_fim_bim · 2004-01-06 12:56 · Score: 2, Funny

'classical DNS technology'

But to me classical means outdated.
... there are 40 or so data types.. by pjwalen · 2004-01-06 12:58 · Score: 3, Funny

I would like to propose a new "IN GEEK" resource record for DNS. So I can find myself on the internet easier!
1. Re:... there are 40 or so data types.. by lisany · 2004-01-06 14:03 · Score: 2, Funny
  
  A real geek always knows where she is on the Internet.
2. Re:... there are 40 or so data types.. by Anonymous Coward · 2004-01-06 16:31 · Score: 2, Funny
  
  She? There are female geeks!?!
  My world is coming undone. I curse at thee, slashdot!
naming conventions by Anonymous Coward · 2004-01-06 13:01 · Score: 4, Interesting

Naming conventions are pretty useless these days. The ``big'' TLDs like .com, .org, .net, etc. are all remnants from the old days when the Internet was still US-only. Nowadays we have all those country domains, which may or may not implement some scheme to indicate the type of site (.uk does, .nl doesn't).

Two things make the TLDs pretty much meaningless: a traditional TLD (.com etc.) does not neccesarily indicate the type of site, and a country code does not necessarily indicate the Real World location of a site (.nu anyone?). Besides, ``location'' is a very vague notion on the Internet. If my site has a .nu domain, the server is in California, and my content comes entirely from the Netherlands, then what country does my site belong to? So perhaps we should just dispense with the current naming scheme altogether and just have one word as name for the main site (I think RealNames attempted this and failed). Instead of http://www.google.com/ one would just write ``Google'' (or maybe ``google''?), dropping the http://www which is fairly redundant when using a webbrowser (yes, I know that ``www'' indicates the hostname, but who cares what the hostname is, I just want the site), and the TLD which is basically meaningless.

Just an idea for the more-or-less distant future.
1. Re:naming conventions by ultrapenguin · 2004-01-06 13:10 · Score: 5, Informative
  
  Internet explorer can also auto-add www. + .com if you press ctrl+enter while typing the url.
  so google + ctrl/enter gives you what you want.
  This also seems to depend on language settings - pressing ctrl+enter with regional settings set to "japan" will prepend www. and append .co.jp
  
  I think MYIE2 has different modifiers, ctrl+enter adds .com, shift-enter adds .net, etc.
2. Re:naming conventions by PacoTaco · 2004-01-06 13:37 · Score: 4, Funny
  
  Two things make the TLDs pretty much meaningless: a traditional TLD (.com etc.) does not neccesarily indicate the type of site
  Sure it does:
  .com = porn
  .net = porn
  .org = porn
  .
  .
  .
3. Re:naming conventions by mauthbaux · 2004-01-06 14:58 · Score: 3, Interesting
  
  Personally, I always thought that pr0n sites should be .sex sites... for instance teens.sex girls.sex...(or if you prefer) goat.sex It would make pr0n easier to find for those who were looking for it, and easy to avoid for those looking to avoid it.... just my 2 cents.. ~mauthbaux
  
  --
  "Operating systems suck: you're better off using only the BIOS" --trainsaw.com
4. Re:naming conventions by Malcontent · 2004-01-06 15:41 · Score: 2, Insightful
  
  There is no reason to limit TLDs to just a handful. It's just artificial scarcity.
  
  We should have thousands of TLDs. In fact every domain name should be a TLD. You should go to business.exxon not exxon.com.
  
  --
  War is necrophilia.
5. Re:naming conventions by iksowrak · 2004-01-06 15:51 · Score: 3, Informative
  
  Domains aren't arranged the way they are just as a convention of days past. They're arranged in a hierarchical to distribute the load of DNS lookups as well as provide as logical way to diving responsibilities for different domains (zones). Also, the hierarchical structure allows for duplicate names as long as those two names aren't sibling nodes in the DNS tree (I can have google.com and google.noodle.com). With single word domains all of a sudden your available choies would decrease dramatically.
6. Re:naming conventions by aardwolf204 · 2004-01-06 16:53 · Score: 2, Funny
  
  You mean like, AOL Keywords.. Ugh, no thank you. Its not really broken so dont fix it.
  
  If it pains you so much to type in yahoo.com (as if you really need www. anymore, most all sites work fine without it) then just type in "216.109.118.73" and be done with it.
  
  --
  Im dreaming ofa big bndwdth, That can resist the /.crowd.May ur days b merry & bright & may al
7. Re:naming conventions by Kirill+Lokshin · 2004-01-06 23:36 · Score: 2, Informative
  
  No, the reason TLDs are limited is so that the root nameservers only need to keep state for a few different identifiers. If you allow an arbitrary number of them, the roots will slow down to a crawl.
  
  This is the same reason that class C IP addresses are such a problem - there's too many of them to do a lookup quickly.
mDNS & Rendezvous? by AT · 2004-01-06 13:02 · Score: 4, Informative

I'm surprised that mDNS wasn't mentioned in the context of the future of DNS. It is, after all, the technology behind Rendezvous, Apple's protocol for automatic service advertising and configuration on local LANs. mDNS is basically just normal DNS multicasted, with some conventions on how to represent services.

mDNS is already used for zero-configuration networking, sharing iTunes playlists, and finding other iChat users on a local LAN. Since it's based on DNS, its both simple and has mature implementations. And it's open source; Apple provides a working reference implementation for MacOS 9, MacOS X, Windows, and Posix (including Linux).
1. Re:mDNS & Rendezvous? by curious.corn · 2004-01-06 13:59 · Score: 3, Informative
  
  It's more than that. I haven't yet seen the potential of mDNS revealed anywhay but take this example:
  postgres is compiled with mDNS support, when the daemon starts it registers onto the server's mDNSResponder. You launch your data analisys app that broadcasts the query:_pgsql._tcp.local. and your server responds with netaddr/port. The app establishes the connection, you move on. This stuff IS cool. Linux efforts today are limited to tmdns that requires the server admin to manually edit a config file... shure, init scripts can do this but the idea is that you link to a lib that registers the app to the responder autonomously... howl does that. It's soo cool that I break up in tears thinking back at the time I've wasted on this stuff. If only iptables had a programmatic interface to open ports rather than handcrafting config scripts your little daemon config file would be the central repository for all relevant service information... hmm, a datacenter admin's wet dream
  
  --
  Mi domando chi Ã il mandante di tutte le cazzate che faccio - Altan
2. Re:mDNS & Rendezvous? by Kent+Recal · 2004-01-06 14:32 · Score: 4, Insightful
  
  It does indeed sound pretty neat.
  I wonder whether the additional load due to the broadcasting could become an issue on large installations. Also I'm curious whether it can somehow work across switched segments (if you want to discover hosts in a neighbour net).
  
  While I doubt (correct me if I'm wrong..) that the broadcast mechanism could scale enough to replace old fashioned DNS it's still a nice substitute for DHCP at least.
  
  And it definately makes some nice playground for the p2p hackers. If you can get the auto-discovery feature basically by linking a lib and adding some syscalls then I bet we will soon see a lot of utility apps learn how to find and talk to each other over the wire.
  
  Can't wait for the xscreensaver plugin that connects to all other xscreensavers around and uh.. launches a sproingies contest.
3. Re:mDNS & Rendezvous? by keithmoore · 2004-01-06 15:19 · Score: 4, Informative
  
  mDNS is a huge mess, mostly because Apple started deploying the thing without realizing that you'd have different hosts on the same network, some using mDNS and some using DNS (since not all hosts that are connected will see the same peers) and without bothering to figure out how to keep mDNS and DNS in sync.
  
  the last time I looked the problem still wasn't solved. but the draft is in revision 27 after being taken on by an IETF working group, and still isn't done yet, which should tell you something about how ready it was for prime time when Apple shipped it.
  
  the rest of Rendezvous (v4 linklocal addressing and DNS resource discovery) is also a huge mess, but that's another topic.
Why not an IP address? by Lxy · 2004-01-06 13:04 · Score: 4, Interesting

If it needs a [UPC|RFID|Serial number|unique ID of any kind] why not give it an IPv6 address? It's a well designed heirarchical system, and DNS is already capable of handling it.

--

There is no reasonable defense against an idiot with an agenda
:wq
1. Re:Why not an IP address? by MavEtJu · 2004-01-06 14:26 · Score: 2, Funny
  
  why not give it an IPv6 address
  
  $ ping6 -c 5 2001:4f8:4:7:2e0:81ff:fe21:6564
  --- 2001:4f8:4:7:2e0:81ff:fe21:6564 ping6 statistics ---
  5 packets transmitted, 0 packets received, 100% packet loss
  
  Somebody stole a book!
  
  --
  bash$ :(){ :|:&};:
Re:What I want to know by j4y · 2004-01-06 13:19 · Score: 2, Informative

but there is a way to implement mutillingual domain without set up a application to convert native languges to DNS normal charater as iDNS mechanism.
security? by MrSpiff · 2004-01-06 13:24 · Score: 4, Insightful

what about security issues? BIND has as long history of bugs and with the recent threats to the root DNS servers, I think the real issue is building a secure DNS service rather than extending the data it carries.
Really? by Greyfox · 2004-01-06 13:24 · Score: 5, Funny

So whitehouse ctrl+enter...?

--
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
Not so sure... by rritterson · 2004-01-06 13:26 · Score: 3, Informative

DNS is great in it's hierarchal nature- one can simply delagate domains to another server, which keeps what ever DNS is managing the root (like slashdot.org.) from getting overloaded with requests.

However, how is it going to work if we add Barcodes, RFIDs, etc to DNS? Are we going to create a RFID domain? RFIDs are unique numbers, AFAIK, which is more like an IP address, which is exactly what DNS is designed to avoid the usage of! Will i go buy tee.shirt.yellow.minnesota.walmart and have the register go look up the RFID and price information? That would seem backwards.

Also, we're going to need many more DNS servers if we are going to piggy back those sorts of services on the system. While I did RTFA, it seemed short on details. I would assume a retailer using DNS for RFID would have a private DNS network, much the same way Microsoft's Active Directory normally uses one (or maybe not- maybe one would just need a seperate RFID network of servers, since there is nothing inherantly private about RFID numbers and it might be helpful for a retailer to make the RFID lookup ability public).

Yet, that would only lead back to my original question. Are you going to seperate RFIDs into domains by number and then delgate them? That seems silly- imagine trying to put MAC address lookups on DNS. Does one retailer need to be able to access the RFIDs of another? Are we going to need to create root servers for RFID lookups? Please don't use those same root servers and please don't merge the network with the same public internet DNS system.

Perhaps the article was just short on details, or maybe I missed something, but I'm wary of using DNS for the sort of system the article described- at least before more details emerge.

--
-Ryan
AUWYHSTOT (Acronyms are Useless When You Have to Spell Them Out Too)
What about P2P? by SexyKellyOsbourne · 2004-01-06 13:31 · Score: 2, Interesting

Someone really should have asked him about any plans to make DNS more peer-to-peer oriented, like the recent project to make BitTorrent .torrents part of DNS, found here:

http://www.netrogenic.com/dnstorrent/
They're right... by b00m3rang · 2004-01-06 13:32 · Score: 3, Funny

DNS isn't nearly bloated enough. Let's make all DNS servers run Active Directory on Windows, so we can store phone numbers, golf scores, medical records, and political party affiliation. Then, since it's an 'improvement', we can all rest assured our security concerns have been addressed. Let's get BIND rock solid, then get fancy if you're into that sort of thing.
1. Re:They're right... by 0racle · 2004-01-06 13:44 · Score: 2, Informative
  
  new to ldap huh? DNS doesnt store the actuall AD Data, those are on datafiles on the AD Servers (Ya i was shocked at that too), DNS simply holds pointers to find the services supplided and used by the directory, just like every other use of DNS.
  
  --
  "I use a Mac because I'm just better than you are."
Re:WEB/FTP by emptybody · 2004-01-06 13:39 · Score: 4, Informative

Actually, there already are provisions for this.
The SRV record, defined in rfc2782, is used to store a HOST:PORT pair

When will browsers (or anything else for that matter) start supporting this???

Here is a (possibly outdated) list of software that supports the SRV record.

--
comment directly in my journal
It's the politics, not the technology by BritGeek · 2004-01-06 13:45 · Score: 5, Insightful

While the main point of the article is interesting, the rather depressing part - about the politics of the ITU, ICANN, etc. - is that unless we can get these oafs to work together, we are totally hosed. Having witnessed some of the machinations that goes on in at least a couple of these groups, I despair of whether we will get anything rational out of all of this. (I would much, much rather see sausages being made, than see these groups "working' again...)

--
"The time is always now" - Victor
Eh, doesn't bother me by 1ini · 2004-01-06 13:50 · Score: 2

My browser is smarter than that. I just write the name of the site and it automatically does an "I'm feeling lucky!" google search. Gets'em right every time!(almost)
Too complicated, I don't think so by bigberk · 2004-01-06 13:52 · Score: 3, Insightful

Give me a break. DNS itself is virtually unchanged over all these years. You've pretty much got SOA, NS, A, CNAME, and MX records and some other record types for meta information. RFID? Active Directory? Ppphtt.
Re:More Basic DNS issues need to be resolved by cbreaker · 2004-01-06 13:52 · Score: 2, Insightful

Naa, without checks and balances, which is not what the internet is based upon, all the porn sites would simply mark themselves as "news" or "games" or "shopping."

--
- It's not the Macs I hate. It's Digg users. -
How about fixing bind 9 ? by Anonymous Coward · 2004-01-06 14:14 · Score: 5, Informative
Let's see...
- rrset-order is still broken.
- GSS-TSIG support is still missing.
- Strange multi-threading bugs still exist
- Awful security history isn't behind it yet.
Oddly enough, the expensive Nominum commercial product has all these things fixed and BIND does not, even though ISC and Nominum are the same set of folks, in the same building.
Does this sound like bullshit to you ? If so, see the following:
- Read the bottom parts of this and the links at the bottom of this
- Nominum/ISC relationship described here
Of course, the trouble is that there's not many alternatives. DJBDNS is stable, but missing features and has an odd "semi-open-source" license. ( Also, if you read some of the links, Dan's a really cranky source of support :) PowerDNS is promising, but just got recursion.
AAARRGGHH.
Re:WEB/FTP by MavEtJu · 2004-01-06 14:15 · Score: 2, Insightful

I'm surprised there aren't records for 'WEB' and 'FTP' and the like.

There are three ways this has been resolved in the past and today:

- portmapper, where you ask the machine (think of it as a DNS on the machine itself for port-numbers) on which port the nfsd listens.

- hostnames: ftp.freebsd.org is the ftp-server, www.freebsd.org is the www-server. Yes, still port 21 and 80, but you can figure out which hosts to use for which protocol.

- SRV records, which you ask for a service and a domain name: _smtp._tcp.mavetju.org resolves into:
_smtp._tcp.mavetju.org. : 0 0 25 tim.barnet.com.au. (try dig _smtp._tcp.mavetju.org SRV)

So as you see, the possibilities are there, now it is the applications which have to figure out how to use it.

Edwin

--
bash$ :(){ :|:&};:
Mockapetris mentioned this earlier by rs79 · 2004-01-06 17:28 · Score: 2, Interesting

DNS needs stability and property rights for existing names and uses,
and therefore requires somebody who can manage, second, the DNS also
needs somebody with the ability to create revolutionary change and
expand the technology into international character sets,telephony
applications, and new TLDs, which will require someone who is
visionary and not afraid to turn the sacred cows of the International
Telecommunication Union and the Internet Society into hamburger if
they get in the way.
- Paul Mockapetris, January 23, 2001

More here

--
Need Mercedes parts ?
International characters - consequences? by thona · 2004-01-06 18:21 · Score: 3, Insightful

::International characters in email addresses BAD idea. VERY bad idea. I can really see an american struggling over his english keyboard enting a norwegian char to send an email to his norgwegian partner. Funny (with me being in german) That said, for me it is NOT that funny anymore (being in german) when I have to figure out a way to enter a chinese char into a chinese email address given that I have no clue about how their char system works at all. PLEASE spare us international chars in emails and wbsite domains.