Inventor looks to DNS's past, future

Paul Mockapetris is surprised that the Domain Name System (DNS) hasn't changed more in the 20 years since he invented it, but he doesn't expect it to run out of steam any time soon.

The chief scientist and chairman of the board at IP address software vendor Nominum Inc. created DNS in 1983 and ran the first successful test of it 20 years ago this week, laying one of the foundations for the Internet as we know it. DNS is the distributed database system that reconciles domain names with IP addresses, sending Web surfers to the correct sites and e-mail to its intended destination.

"I had expected people to think a little about enhancing the infrastructure, but it's still working hard and I don't think there are any obvious stress points where it's going to fall down in the next couple of years," Mockapetris said in an interview Tuesday.

While a researcher at the University of Southern California (USC) School of Engineering's Information Sciences Institute (ISI) in 1983, Mockapetris was asked by his manager, Jon Postel, to come up with a new way of keeping track of the destinations on the fledgling Internet. At the time, every computer on the Internet relied on a central catalog of host names and addresses called the host tables, maintained by SRI International Inc. in Menlo Park, Calif.

"People had figured out that the old scheme wouldn't work forever," Mockapetris said. The Internet had recently evolved out of the U.S. Department of Defense's ARPANET and companies and research institutions were starting to join up with it.

His solution was DNS, a distributed database system that would allow those who joined the Internet to own a domain.

"Once you got your organization connected to the network, you could have as many computers on it as you wanted, and you could name them yourself," Mockapetris said. Corporations would be distinguished by ".com," universities by ".edu," and so on.

DNS originally was designed to handle up to 50 million entries, with a "safety factor" built in so it could scale up to a few hundred million, he said. Mockapetris estimates there are now about 1 billion DNS names, including nearly 200 million public names and others that belong to systems behind firewalls whose names are not made public.

The new system was phased in over the next few years as other researchers experimented with features and Mockapetris worked at maintaining a stable "root server" on Digital Equipment Corp. mainframes at ISI in Marina Del Rey, Calif. Engineers kept emergency copies of the host tables on every computer until 1986, when some systems started using DNS alone. Then more made the full migration, though some held on a bit longer.

"I used to look around the Internet to see who was still using the host tables, but I kind of gave that up about 10 years ago," Mockapetris said.

Internet addressing didn't start out as smooth as it is today. For a few years after DNS was introduced there were some glitches and conflicts. For example, another addressing system in the U.K., called the Name Registration System, put the parts of an address such as ".com" and the country domain in a different order from DNS. And some computer science departments at U.S. universities used "cs" in a way that conflicted with the "cs" country domain assigned to Czechoslovakia. Those problems were worked out eventually but at the time caused the equivalent of a very wild ride, he said.

"Imagine driving down the street trying to figure out which side of the road you're supposed to be driving on," Mockapetris said.

Since it was stabilized, with a few additions DNS has been able to grow with the Internet and go beyond just computer addresses to handle phone numbers and even radio frequency identification tags on products. Looking for a way to keep track of all the phone numbers in the world so IP voice calls could be routed properly, the developers of the Enum standard turned to DNS and added software to it to handle the problem. A similar step let manufacturers put an identification code on every product they make, which gets sent out by a radio transmitter to inventory management systems, Mockapetris said.

"If you have simple, quick and huge as your job description, if you can fit it into the DNS, you can do it," he said.

But Mockapetris, currently a visiting scholar at USC's Jon Postel Center for Experimental Networking, named for the late researcher, says DNS is overdue for beefing up in a few areas, namely security and support for languages that use different character sets.

The way DNS is now, hackers can modify DNS entries so, for example, a Web Uniform Resource Locator (URL) sends visitors to the wrong page. That means bank customers might end up on a page that mimics their bank's legitimate site but actually is collecting passwords, Mockapetris said. The way to solve this would be to have digital signatures that can be verified so users can tell if they are dealing with the legitimate domain owner.

The Internet Engineering Task Force (IETF) has been working on the problem for about two years but hasn't yet been able to work out a standard, Mockapetris said. It should be able to finish the standard in less than six months from now, he added.

The IETF also has settled on a basic approach for supporting non-English character sets, such as Chinese characters and accented French vowels, in URLs and e-mail addresses, he said. The industry will probably converge on that standard approach, he said.

All the recent additions put pressure on organizations to make sure their DNS software is up to date and reliable, problems Redwood City, Calif.-based Nominum is addressing with its address management software, Mockapetris said. DNS is becoming even more critical as voice calls start to travel over IP networks, he said.

"If your phone calls aren't going through, you're probably going to get cranky about it," Mockapetris said

Copyright © 2003 IDG Communications, Inc.

It’s time to break the ChatGPT habit
Shop Tech Products at Amazon