DNS creator considers the Internet's next 20 years

Dr Paul Mockapetris speaks

Interview It was 20 years ago to the day yesterday that the first test of the DNS system was carried out by its inventor Dr Paul Mockapetris and Internet founding father Jon Postel. It did rather well. To the extent that it still underpins every single website and every single email sent every day.

It seems only fitting then that we have a transatlantic call with Dr Mockapetris and chat about the past, present and future not only of DNS but also ENUM, VoIP, ICANN and various other acronyms that will probably mean nothing to you but will change the way you live your life in the same way that email and the Internet is ingrained in our society.

The Doc is a busy man with his fingers in a number of pies. He's chief scientist and chairman at Nominum, a company that produces commercial applications for DNS and IP-related matters. He has also taken on a major role at the Jon Postel Center where he ponders what will happen in the next 20 years. He knows his stuff.

Talking about those days 20 years ago when he devised a system that would connect words to numbers and so make the vital interface between humans and machines, he says: "At the time we built DNS, we put in more than we needed to, which is probably just as well, as we are still enjoying the flexibility of DNS. There are currently a billion DNS names and a billion people that use them."

It was the far-sighted vision of Dr Mockapetris that meant the system he designed was capable of handling the exponential growth in its use. "When I was in grad school, getting 100 transistors on a chip was a big deal. But it became clear that once we had computers, the next step was going to be a communications device for tens of millions of computers." And so DNS was written with the idea of accommodating millions of computers. Considering, as Dr Mockapetris points out, that 20 years ago it was unsure whether you'd ever had a PC in your house, this wasn't bad going.

DNS - Domain Name System - is the foundation of the network that is the Internet. However while it has served us extremely well, it needs an update. In five years, the doctor reckons, we will have "well beyond" 10 billions DNS names - and most of them will not be PCs but hundreds of other devices or products ("sweaters, razor blades") that use the code to communicate with other machines. Technology has moved forward as well and DNS needs strengthening and expanding.

In fact, there already is an update - DNSSec, standing for DNS Security. This was sparked by increasing concerns over abuse of the DNS network. As the Internet becomes more widespread and hence more valuable, the impetus is there for people to find ways of using it criminally.

The Internet overseeing body ICANN cleverly hijacked its annual conference in November 2001, following the New York terrorist attacks, by insisting that the only discussion was security of the Internet. While this held back rebellion over other Internet issues, it did help produce DNSSec which seeks to cut out things such as identity theft at the very foundation level by introducing checking passwords and signatures.

It is still stuck in political battles and Dr Mockapetris is not happy about it. "I keep trying to think how to get it unstuck," he tells us. "I am hoping people will see it has to change, they have to move forward. It could be done in six months. DNSSec is about making the basics safe. There are technical issues being argued about what will goes in and what comes out, which really reflect what people stand to gain out of them."

The biggest and daftest stopping block though is ICANN itself. "An issue is whether or not to let ICANN have the root of the security information. But it can't, this is a completely unworkable system. You have to have multiple ways of people selecting who they trust. ICANN can't decide. At one point you had ICANN in the position where it would tell governments what they could do with their domains."

As a central figure in the creation of the Internet, Dr Mockapetris is not happy seeing it sucked into political and bureaucratic wrangling. And in particular is supportive of anything that keeps ICANN's "feet close to the fire".

ICANN, for a variety of reasons, none of which aid the Internet or Internet users, has been holding back on releasing new domain extensions like .com or .net. Despite occasional claims by ICANN that this is to protect the integrity of the DNS, the man who wrote the actual code is far more convinced of its stability.

In fact, Dr Mockapetris is surprisingly relaxed about other aspects that DNS experts spit blood over. A recent report by Nominum revealed that a worrying number of servers running different countries' domains were badly set up and badly run and, well, hanging on by the skin of their teeth.

"The good thing about DNS is that it's designed to work even if it isn't configured right. It's like a car - there may not be enough air in the tyres or oil in the engine, but it is still supposed to work anyway. I tend to concentrate on getting the important parts of the DNS set up right. I don't think we can or should ever make enough people DNS experts. We should make products that automatically check whether it's right and then tell you if it isn't. It'll make the technology more robust and easier to use." He says that a test he carried out in 1989 showed that 50 per cent of computers didn't have the DNS configured properly and that this is still the case now.

Anycasting of some of the 13 root servers that sit at the very top of the Internet is lending greater stability. He doesn't rule out an extension of the basic 56K byte size set in 1983 and said they probably should have changed it, but points out that there is no problem with it and no need to solve it, so any change is likely to be far off.

The other thing that tends to aggravate DNS experts is the actions of company New.net. New.net decided that because ICANN was artificially constraining the number of top-level domains, it would build a business out of other domains like .shop, .travel, .sport. Since they are not allowed into the main DNS system, it has achieved this by setting up its own mini-DNS at New.net. So if you buy "www.football.sport" from New.net, the reality of the address is at "www.football.sport.new.net".

New.net enables people to see these addresses from the normal Internet system by adding a small bit of code to your browser where if your computer asks where a certain domain is like .sport and the DNS proper doesn't know, it then asks New.net if it knows it.

The DNS boys hate this and accuse it of making the whole system unstable. Dr Mockapetris is more circumspect. While he doesn't think the business will last long term, he says it is "in one sense good". "If the bureaucracy running the Internet, ICANN, doesn't expand fast enough, it's good to have someone pressuring it."

What does worry him is people spoofing DNS information and getting normal Internet visitors to think they are at one Internet site when they are in fact at another. He comes up with the example of the FCC in the US. If you were able to make people go to your site thinking it was the FCC, you could post all sorts of documents about companies that would have an immediate effect on their share price. A little clever buying and selling and you'd make a fortune. Another example is, say, Amazon.com - you can get hold of thousands of people's credit card details in just a matter of hours.

As for the future of the DNS, ENUM is good - where people will be able to connect the Internet numbering system with the existing international phone system. This means each individual gets their own number where they can run and Internet domain, pick up phone calls, send texts, well anything that can be done with data in fact.

It's all going to be about connecting everything up. "The next 20 years the network will make things a bit better for all of us. Like knowing when you are walking down the hall, it will make life easier for us. It will be about integrating with higher levels."

But before you can start worrying about Matrix-like pseudo-philosophy, he adds: "Sorry to be so vague about it." Considering that vague is what enabled Dr Mockapetris to design the foundation stone of the entire Internet, vague isn't so bad. ®

Other stories you might like

  • D-Wave deploys first US-based Advantage quantum system
    For those that want to keep their data in the homeland

    Quantum computing outfit D-Wave Systems has announced availability of an Advantage quantum computer accessible via the cloud but physically located in the US, a key move for selling quantum services to American customers.

    D-Wave reported that the newly deployed system is the first of its Advantage line of quantum computers available via its Leap quantum cloud service that is physically located in the US, rather than operating out of D-Wave’s facilities in British Columbia.

    The new system is based at the University of Southern California, as part of the USC-Lockheed Martin Quantum Computing Center hosted at USC’s Information Sciences Institute, a factor that may encourage US organizations interested in evaluating quantum computing that are likely to want the assurance of accessing facilities based in the same country.

    Continue reading
  • Bosses using AI to hire candidates risk discriminating against disabled applicants
    US publishes technical guide to help organizations avoid violating Americans with Disabilities Act

    The Biden administration and Department of Justice have warned employers using AI software for recruitment purposes to take extra steps to support disabled job applicants or they risk violating the Americans with Disabilities Act (ADA).

    Under the ADA, employers must provide adequate accommodations to all qualified disabled job seekers so they can fairly take part in the application process. But the increasing rollout of machine learning algorithms by companies in their hiring processes opens new possibilities that can disadvantage candidates with disabilities. 

    The Equal Employment Opportunity Commission (EEOC) and the DoJ published a new document this week, providing technical guidance to ensure companies don't violate ADA when using AI technology for recruitment purposes.

    Continue reading
  • How ICE became a $2.8b domestic surveillance agency
    Your US tax dollars at work

    The US Immigration and Customs Enforcement (ICE) agency has spent about $2.8 billion over the past 14 years on a massive surveillance "dragnet" that uses big data and facial-recognition technology to secretly spy on most Americans, according to a report from Georgetown Law's Center on Privacy and Technology.

    The research took two years and included "hundreds" of Freedom of Information Act requests, along with reviews of ICE's contracting and procurement records. It details how ICE surveillance spending jumped from about $71 million annually in 2008 to about $388 million per year as of 2021. The network it has purchased with this $2.8 billion means that "ICE now operates as a domestic surveillance agency" and its methods cross "legal and ethical lines," the report concludes.

    ICE did not respond to The Register's request for comment.

    Continue reading
  • Fully automated AI networks less than 5 years away, reckons Juniper CEO
    You robot kids, get off my LAN

    AI will completely automate the network within five years, Juniper CEO Rami Rahim boasted during the company’s Global Summit this week.

    “I truly believe that just as there is this need today for a self-driving automobile, the future is around a self-driving network where humans literally have to do nothing,” he said. “It's probably weird for people to hear the CEO of a networking company say that… but that's exactly what we should be wishing for.”

    Rahim believes AI-driven automation is the latest phase in computer networking’s evolution, which began with the rise of TCP/IP and the internet, was accelerated by faster and more efficient silicon, and then made manageable by advances in software.

    Continue reading
  • Pictured: Sagittarius A*, the supermassive black hole at the center of the Milky Way
    We speak to scientists involved in historic first snap – and no, this isn't the M87*

    Astronomers have captured a clear image of the gigantic supermassive black hole at the center of our galaxy for the first time.

    Sagittarius A*, or Sgr A* for short, is 27,000 light-years from Earth. Scientists knew for a while there was a mysterious object in the constellation of Sagittarius emitting strong radio waves, though it wasn't really discovered until the 1970s. Although astronomers managed to characterize some of the object's properties, experts weren't quite sure what exactly they were looking at.

    Years later, in 2020, the Nobel Prize in physics was awarded to a pair of scientists, who mathematically proved the object must be a supermassive black hole. Now, their work has been experimentally verified in the form of the first-ever snap of Sgr A*, captured by more than 300 researchers working across 80 institutions in the Event Horizon Telescope Collaboration. 

    Continue reading
  • Shopping for malware: $260 gets you a password stealer. $90 for a crypto-miner...
    We take a look at low, low subscription prices – not that we want to give anyone any ideas

    A Tor-hidden website dubbed the Eternity Project is offering a toolkit of malware, including ransomware, worms, and – coming soon – distributed denial-of-service programs, at low prices.

    According to researchers at cyber-intelligence outfit Cyble, the Eternity site's operators also have a channel on Telegram, where they provide videos detailing features and functions of the Windows malware. Once bought, it's up to the buyer how victims' computers are infected; we'll leave that to your imagination.

    The Telegram channel has about 500 subscribers, Team Cyble documented this week. Once someone decides to purchase of one or more of Eternity's malware components, they have the option to customize the final binary executable for whatever crimes they want to commit.

    Continue reading
  • Ukrainian crook jailed in US for selling thousands of stolen login credentials
    Touting info on 6,700 compromised systems will get you four years behind bars

    A Ukrainian man has been sentenced to four years in a US federal prison for selling on a dark-web marketplace stolen login credentials for more than 6,700 compromised servers.

    Glib Oleksandr Ivanov-Tolpintsev, 28, was arrested by Polish authorities in Korczowa, Poland, on October 3, 2020, and extradited to America. He pleaded guilty on February 22, and was sentenced on Thursday in a Florida federal district court. The court also ordered Ivanov-Tolpintsev, of Chernivtsi, Ukraine, to forfeit his ill-gotten gains of $82,648 from the credential theft scheme.

    The prosecution's documents [PDF] detail an unnamed, dark-web marketplace on which usernames and passwords along with personal data, including more than 330,000 dates of birth and social security numbers belonging to US residents, were bought and sold illegally.

    Continue reading
  • Another ex-eBay exec admits cyberstalking web souk critics
    David Harville is seventh to cop to harassment campaign

    David Harville, eBay's former director of global resiliency, pleaded guilty this week to five felony counts of participating in a plan to harass and intimidate journalists who were critical of the online auction business.

    Harville is the last of seven former eBay employees/contractors charged by the US Justice Department to have admitted participating in a 2019 cyberstalking campaign to silence Ina and David Steiner, who publish the web newsletter and website EcommerceBytes.

    Former eBay employees/contractors Philip Cooke, Brian Gilbert, Stephanie Popp, Veronica Zea, and Stephanie Stockwell previously pleaded guilty. Cooke last July was sentenced to 18 months behind bars. Gilbert, Popp, Zea and Stockwell are currently awaiting sentencing.

    Continue reading

Biting the hand that feeds IT © 1998–2022