Slashdot Mirror

← Back to Stories (view on slashdot.org)

DNS Complexity

Posted by ryuzaki0 on from the loosely-specified dept.

ChelleChelle writes "Paul Vixie of Internet Systems Consortium guides us on a journey into the sublime details of the domain name system. Although it contains just a few simple rules, DNS has grown into a system of enormous complexity. This article explores the supposed and true definitions of DNS, and shows some of the tension between the two definitions through the lens of the philosophy of Internet development protocol."

9 of 93 comments (clear)

  1. Taking a risk by Anonymous Coward · · Score: 5, Insightful

    I'm going to risk sounding like an idiot and say that I think it's inhuman that somebody could write an article explaining how DNS works without having at least one diagram in it. I mean, c'mon, I can wade through piles of opaque text with the best of them, but just throw me a bone here, alright?

  2. Wow. A real slashdot story by m0nkyman · · Score: 5, Funny

    Been a while since I've seen one of these.

    --
    ~ a low user id is no indication I have a clue what I'm talking about.
  3. That's the IETF Way by Kadin2048 · · Score: 4, Informative

    Well, it was written by Paul Vixie, better known for writing a whole bunch of RFCs ... they're not known for being exactly graphics-heavy, either.

    (Although some of them do have some neat ASCII art.)

    --
    "Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."
  4. Public DNS is corrupt, but Private DNS is sublime. by Zombie+Ryushu · · Score: 4, Interesting

    The Public DNS System has become corrupted. It used to be edu, com, org, net, and country codes.

    Then the bribes started, now we have .info, .tv, and god knows what else.

    Internally, I use DNS and I would never replace it. Just secure it. All my Internal Updates for my home DNS System work like this. Using the LDAPDNS system, my reverse lookup zones become distinguished containers, like

    relativeDomainName=1+zoneName=0.168.192.in-addr.ar pa,dc=0,dc=168,dc=192,dc=in-addr,dc=arpa

    (I'm the guy who wrote this.)

    http://slashdot.org/comments.pl?sid=235321&cid=191 90073

    That. My zone updates are then wrapped up in SSL and replicated to my other Domain Controller. I would suggest that DNS return to its roots, restore the old Domain hierarchy and discontinue all these other TLDs, but they won't. There is too much money to be illegitimately made off the corruption of DNS.

  5. moving hosts blows by weighn · · Score: 4, Interesting
    my website is in an internet backwater and you wouldn't believe the crap we went through when our hosting provider changed the IP address of the server. We were given a weeks' notice of the new IP and the knobs at ozemail or uunet or iinet or whatever the fsck they are called for the moment still had us hanging for TWO DAYS after the address was changed (it wasn't due to dns caching - that added another 24-48 hours according to some lookups).

    I eventually got onto their 'support' crew in Singapore who assured that their engineers were looking into it. I don't know how much looking you need to do to change a single entry on a DNS table from "nnn.nnn.nnn.42" to "nnn.nnn.nnn.38".

    Oh and here's a single page version of TFA.

    --
    Mongrel News all the news that fits and froths
    1. Re:moving hosts blows by totally+bogus+dude · · Score: 5, Interesting

      Not sure exactly what your rant was about, but it just sounds like you had crappy support from ISP staff. Not really news, that. There's nothing about the DNS down under that makes it inherently slow. We moved our site recently to a different IP (different ISP, in fact), but we host our own DNS so we had control of the process. I reduced the TTL on the record a few days beforehand, and then really reduced it shortly before we launched the new site, and voila -- the updated record was visible to everyone pretty much instantly. (Except for people who configure their DNS proxies to ignore/override TTL values, but that's their problem.)

      Obviously, relying on third parties to do the right thing by you is a crapshoot at the best of times. Not everyone has the luxury of hosting things themselves, though.

  6. Here's the Cliffs' Notes version by Kadin2048 · · Score: 5, Interesting

    Basically, Vixie's point in the whole article really isn't to rehash how DNS works (although he does basically do that), but to make a rather interesting point about complex systems.

    His point is that large systems can become unimaginably complex, even when they begin with a very simple set of rules. Particularly when those rules are vague.

    Although he doesn't say it explicitly, I think there are probably some similarities between neutral networks and DNS -- both begin with very simple rules, and then the complexity comes out of the sheer number of connections when you scale it up. Likewise, with DNS, you can have a very simple implementation (say, for a home office) that's quite easy to understand and use. Everything makes sense. It's basically understandable. But then, take that same protocol, even some of the same software, and scale it up to a few billion nodes or whatever DNS has these days, and suddenly the whole thing is so complex, nobody can even begin to really understand it in its entirety. You can't even predict, exactly, how it's going to react to any change -- it's very much like a complex organic system at that point. You can perform experiments on it, and make hypotheses, but even though it's an entirely deterministic system (or ought to be), it acts mysteriously.

    --
    "Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."
  7. Re:DNS DNS DNS DNS by isaac · · Score: 4, Insightful

    Read this if:

    A) You work with DNS regularly and want to know if you know enough for it to make some sense to you. (That's me)

    B) You are thinking about implementing a DNS server.

    Otherwise, move along, find something that might interest you, but take just a moment to reflect how difficult Internet life would be if DNS wasn't so well designed and crafted.


    I admire Paul Vixie a real whole lot (from afar; when the day comes that I have something interesting to say to him directly I'll be sure to mention it but until then, I'm sure he gets enough email.) That said, this article isn't really interesting to someone who really does work intensively with DNS implementations, and for whom intermediate caching nameserver and client resolver behaviour on the wild-and-wooly internet is a matter of near-daily concern.

    It's actually rather depressing insofar as it only confirms what those of us in this position have come to discover: that a system loosely defined has become an ecosystem incapable of complete definition. FTA: "Most of it is not written down anywhere, and some of it would still be considered arguable if you got two or three DNS implementers in a room to talk about it." Ain't that the truth.

    No, this article should be read by smart technical users and managers who don't have much experience with DNS and who intuitively believe that the way DNS works in the real world is well-defined and handed down on high on stone tablets from some standards-making body - the sort of well-meaning people who haven't yet realized what "RFC" stands for, if you will. For these people, this article could be a useful eye-opener.

    -Isaac
    --
    I am not a lawyer, and this is not legal advice. For Entertainment Purposes Only.
  8. BECAUSE of simple rules by CarpetShark · · Score: 4, Insightful

    His point is that large systems can become unimaginably complex, even when they begin with a very simple set of rules. Particularly when those rules are vague.


    It might be more accurate to say that systems can become unimaginably complex BECAUSE they have simple rules. The more rules, the more limitations.