Slashdot Mirror
DNS Complexity
ChelleChelle writes "Paul Vixie of Internet Systems Consortium guides us on a journey into the sublime details of the domain name system. Although it contains just a few simple rules, DNS has grown into a system of enormous complexity. This article explores the supposed and true definitions of DNS, and shows some of the tension between the two definitions through the lens of the philosophy of Internet development protocol."
I'm going to risk sounding like an idiot and say that I think it's inhuman that somebody could write an article explaining how DNS works without having at least one diagram in it. I mean, c'mon, I can wade through piles of opaque text with the best of them, but just throw me a bone here, alright?
Been a while since I've seen one of these.
~ a low user id is no indication I have a clue what I'm talking about.
While technically well written and clear, this is one of the most uninspiring pieces of work imaginable describing the values of DNS. It's so bad that I'd rather gouge my eyes out with a spoon. Highly technical and detailed while still being abstract, it's 100% accurate while still managing to be utterly devoid of any usefulness whatsoever.
Oh yeah, this is DNS we're talking about. Implementing it IS uninspiring and so abstract, it does make you rather gouge your eyes out with a rusty spoon.
But what DNS does is extremely exciting, and forms the foundation of what makes the Internet actually WORK for people. Think about it - when's the last time there was any major DNS failure? Never? Me too. Damned reliable, damned powerful, and damned easy to get you hooked up to the geek blogs, tunes, IRC, and whatever else we all crave.
Read this if:
A) You work with DNS regularly and want to know if you know enough for it to make some sense to you. (That's me)
B) You are thinking about implementing a DNS server.
Otherwise, move along, find something that might interest you, but take just a moment to reflect how difficult Internet life would be if DNS wasn't so well designed and crafted.
I have no problem with your religion until you decide it's reason to deprive others of the truth.
Well, it was written by Paul Vixie, better known for writing a whole bunch of RFCs ... they're not known for being exactly graphics-heavy, either.
(Although some of them do have some neat ASCII art.)
"Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."
The Public DNS System has become corrupted. It used to be edu, com, org, net, and country codes.
.info, .tv, and god knows what else.
r pa,dc=0,dc=168,dc=192,dc=in-addr,dc=arpa
1 90073
Then the bribes started, now we have
Internally, I use DNS and I would never replace it. Just secure it. All my Internal Updates for my home DNS System work like this. Using the LDAPDNS system, my reverse lookup zones become distinguished containers, like
relativeDomainName=1+zoneName=0.168.192.in-addr.a
(I'm the guy who wrote this.)
http://slashdot.org/comments.pl?sid=235321&cid=19
That. My zone updates are then wrapped up in SSL and replicated to my other Domain Controller. I would suggest that DNS return to its roots, restore the old Domain hierarchy and discontinue all these other TLDs, but they won't. There is too much money to be illegitimately made off the corruption of DNS.
If more ISPs provided this, would it make traffic unbearable? How many dynamic domain name servers could we tolerate? Could we finally make the registrar problem go away?
What?
I eventually got onto their 'support' crew in Singapore who assured that their engineers were looking into it. I don't know how much looking you need to do to change a single entry on a DNS table from "nnn.nnn.nnn.42" to "nnn.nnn.nnn.38".
Oh and here's a single page version of TFA.
Mongrel News all the news that fits and froths
Basically, Vixie's point in the whole article really isn't to rehash how DNS works (although he does basically do that), but to make a rather interesting point about complex systems.
His point is that large systems can become unimaginably complex, even when they begin with a very simple set of rules. Particularly when those rules are vague.
Although he doesn't say it explicitly, I think there are probably some similarities between neutral networks and DNS -- both begin with very simple rules, and then the complexity comes out of the sheer number of connections when you scale it up. Likewise, with DNS, you can have a very simple implementation (say, for a home office) that's quite easy to understand and use. Everything makes sense. It's basically understandable. But then, take that same protocol, even some of the same software, and scale it up to a few billion nodes or whatever DNS has these days, and suddenly the whole thing is so complex, nobody can even begin to really understand it in its entirety. You can't even predict, exactly, how it's going to react to any change -- it's very much like a complex organic system at that point. You can perform experiments on it, and make hypotheses, but even though it's an entirely deterministic system (or ought to be), it acts mysteriously.
"Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."
Tuvalu's main motivation for selling .tv domains was to get the money together to become a member of the UNO so they can officially get a voice to be heard concerning their country (their islands) basically sinking into the ocean due to global warming and rising sea levels.
So sometimes politics and DNS might be for a good cause.
There are two rules for success:
1. Never tell everything you know.
Eliminate the domain squatters and you'll eliminate the push for alternative TLDs. I'm sure more than half the domain names in existence are typo-squatting domain hoarders. There's no legitimate reason we need to allow them to keep those domains. Get a posse together of people with a clue and start going through domains. When you come across one that is obviously a domain squatter, delete it and then put more emphasis on analyzing that guy's other domains and delete those if necessary too until you've cleaned up the system. It's not property, you're just leasing a label from the collective community and we can choose to take it back if you're being an asshat.
The problem is that depending on who does these reviews, there will be entirely different results. I don't think that we can legally take the names back, anyway. It sure would be nice though if the /. community got to decide on it. Actually, that would be terrible. We'd spend the whole time fighting amongst ourselves.
When written in ltr language most hierarchies follow that direction. Numbers have the most significant bit(s) at the left, taxonomies are written species:subspecies:variety, pages are identified as home > category > page.
Domain Names are the exception, with the "top level" domain on the right, while the left (most significant bit) can be stuffed with random chaff (a.k.a. subdomains).
I can't help but imagine that this has some impact on how easily people fall for spoofed websites (yourbank.somesite.com vs. com.somesite.yourbank). Being naturally lazy we only read as far down a list as as needed to confirm we have what we're looking for.
Does anyone knows of a historical basis for this decision & do you think it makes any difference?
Python coder | PyQt Applications | Writer
It might be more accurate to say that systems can become unimaginably complex BECAUSE they have simple rules. The more rules, the more limitations.
Internally, I use DNS and I would never replace it. Just secure it. All my Internal Updates for my home DNS System work like this. Using the LDAPDNS system, my reverse lookup zones become distinguished containers, like
relativeDomainName=1+zoneName=0.168.192.in-addr.a
You set this up for your freakin' home network!?!?!? Brother, there's this wild and wonderful thing out there called the world and you really, REALLY need to get a taste of it!
Some of the highlights that you'd do well to consider:
First, there's the Woman. Life with a good woman is a life with greater extremes. Good moments are way better, bad moments are way worse.
Another good thing to try while roaming the wild, real world: Beer! This can be a good way to land a woman, if only for a night.
Put the two together under the right circumstances, and you just might be able to experience perhaps the greatest pleasure of them all: SEX! Many would argue that this is the point of having a woman. I'd argue instead that basic physiology has the point belonging to the man, but I digress...
Seriously, implementing an LDAP backend to DNS for a home network is about like using a jet engine for a ceiling fan. I'd love to know all the details of your implementation, since it would likely make a good candidate for submission to another good website.
Lastly, to do "secure" DNS updates is pretty simple. I keep the DNS zone files on my laptop. All my DNS nameservers are configured identically, as master servers. I use a script to SCP the files to the nameservers when I do a DNS update. Stupid simple, excellent security a la SSH.
I have no problem with your religion until you decide it's reason to deprive others of the truth.