Slashdot Mirror
Paul Mockapetris On The Future of DNS
penciling_in writes "In a CircleID article called Letting
DNS Loose, Paul Mockapetris, the inventor of DNS and Chief Scientist and Chairman of Nominum, gives a good indication of
what is to be expected in the upcoming years when it comes to data riding on
DNS: "RFID tags, UPC codes, International characters in email
addresses and host names, and a variety of other identifiers could all go into
DNS, and folks have occasionally proposed doing just that. It's really just a
question of figuring out how to use the DNS -- it's ready to carry arbitrary
identifiers." According to Paul, there are 40 or so data types to be added
to DNS: "In fact the whole ENUM scheme is built out of classical DNS
technology, and NAPTR is really just the latest data type to be added to the
DNS. NAPTR is also just an extension of SRV, which was an extension of MX, which
are DNS data types that Active Directory uses to start itself and the Internet
uses to route each piece of mail." Paul also clarifies the recent BBC story
previously discussed here
on Slashdot."
I, for one, welcome our new DNS overlords. Please, don't hate me.
I sure hope they can resolve all the problems.
Who knows what Verisign will do when someone scans an "unregistered" barcode...
I would like to propose a new "IN GEEK" resource record for DNS. So I can find myself on the internet easier!
Naming conventions are pretty useless these days. The ``big'' TLDs like .com, .org, .net, etc. are all remnants from the old days when the Internet was still US-only. Nowadays we have all those country domains, which may or may not implement some scheme to indicate the type of site (.uk does, .nl doesn't).
.nu domain, the server is in California, and my content comes entirely from the Netherlands, then what country does my site belong to? So perhaps we should just dispense with the current naming scheme altogether and just have one word as name for the main site (I think RealNames attempted this and failed). Instead of http://www.google.com/ one would just write ``Google'' (or maybe ``google''?), dropping the http://www which is fairly redundant when using a webbrowser (yes, I know that ``www'' indicates the hostname, but who cares what the hostname is, I just want the site), and the TLD which is basically meaningless.
Two things make the TLDs pretty much meaningless: a traditional TLD (.com etc.) does not neccesarily indicate the type of site, and a country code does not necessarily indicate the Real World location of a site (.nu anyone?). Besides, ``location'' is a very vague notion on the Internet. If my site has a
Just an idea for the more-or-less distant future.
I'm surprised that mDNS wasn't mentioned in the context of the future of DNS. It is, after all, the technology behind Rendezvous, Apple's protocol for automatic service advertising and configuration on local LANs. mDNS is basically just normal DNS multicasted, with some conventions on how to represent services.
mDNS is already used for zero-configuration networking, sharing iTunes playlists, and finding other iChat users on a local LAN. Since it's based on DNS, its both simple and has mature implementations. And it's open source; Apple provides a working reference implementation for MacOS 9, MacOS X, Windows, and Posix (including Linux).
If it needs a [UPC|RFID|Serial number|unique ID of any kind] why not give it an IPv6 address? It's a well designed heirarchical system, and DNS is already capable of handling it.
There is no reasonable defense against an idiot with an agenda
:wq
what about security issues? BIND has as long history of bugs and with the recent threats to the root DNS servers, I think the real issue is building a secure DNS service rather than extending the data it carries.
So whitehouse ctrl+enter...?
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
DNS is great in it's hierarchal nature- one can simply delagate domains to another server, which keeps what ever DNS is managing the root (like slashdot.org.) from getting overloaded with requests.
However, how is it going to work if we add Barcodes, RFIDs, etc to DNS? Are we going to create a RFID domain? RFIDs are unique numbers, AFAIK, which is more like an IP address, which is exactly what DNS is designed to avoid the usage of! Will i go buy tee.shirt.yellow.minnesota.walmart and have the register go look up the RFID and price information? That would seem backwards.
Also, we're going to need many more DNS servers if we are going to piggy back those sorts of services on the system. While I did RTFA, it seemed short on details. I would assume a retailer using DNS for RFID would have a private DNS network, much the same way Microsoft's Active Directory normally uses one (or maybe not- maybe one would just need a seperate RFID network of servers, since there is nothing inherantly private about RFID numbers and it might be helpful for a retailer to make the RFID lookup ability public).
Yet, that would only lead back to my original question. Are you going to seperate RFIDs into domains by number and then delgate them? That seems silly- imagine trying to put MAC address lookups on DNS. Does one retailer need to be able to access the RFIDs of another? Are we going to need to create root servers for RFID lookups? Please don't use those same root servers and please don't merge the network with the same public internet DNS system.
Perhaps the article was just short on details, or maybe I missed something, but I'm wary of using DNS for the sort of system the article described- at least before more details emerge.
-Ryan
AUWYHSTOT (Acronyms are Useless When You Have to Spell Them Out Too)
DNS isn't nearly bloated enough. Let's make all DNS servers run Active Directory on Windows, so we can store phone numbers, golf scores, medical records, and political party affiliation. Then, since it's an 'improvement', we can all rest assured our security concerns have been addressed. Let's get BIND rock solid, then get fancy if you're into that sort of thing.
Actually, there already are provisions for this.
The SRV record, defined in rfc2782, is used to store a HOST:PORT pair
When will browsers (or anything else for that matter) start supporting this???
Here is a (possibly outdated) list of software that supports the SRV record.
comment directly in my journal
While the main point of the article is interesting, the rather depressing part - about the politics of the ITU, ICANN, etc. - is that unless we can get these oafs to work together, we are totally hosed. Having witnessed some of the machinations that goes on in at least a couple of these groups, I despair of whether we will get anything rational out of all of this. (I would much, much rather see sausages being made, than see these groups "working' again...)
"The time is always now" - Victor
Give me a break. DNS itself is virtually unchanged over all these years. You've pretty much got SOA, NS, A, CNAME, and MX records and some other record types for meta information. RFID? Active Directory? Ppphtt.
- rrset-order is still broken.
- GSS-TSIG support is still missing.
- Strange multi-threading bugs still exist
- Awful security history isn't behind it yet.
Oddly enough, the expensive Nominum commercial product has all these things fixed and BIND does not, even though ISC and Nominum are the same set of folks, in the same building.Does this sound like bullshit to you ? If so, see the following:
- Read the bottom parts of this
and the links at the bottom of this
- Nominum/ISC relationship described here
Of course, the trouble is that there's not many alternatives. DJBDNS is stable, but missing features and has an odd "semi-open-source" license. ( Also, if you read some of the links, Dan's a really cranky source of supportAAARRGGHH.
::International characters in email addresses BAD idea. VERY bad idea. I can really see an american struggling over his english keyboard enting a norwegian char to send an email to his norgwegian partner. Funny (with me being in german) That said, for me it is NOT that funny anymore (being in german) when I have to figure out a way to enter a chinese char into a chinese email address given that I have no clue about how their char system works at all. PLEASE spare us international chars in emails and wbsite domains.