The Evolution of the DNS

(Harvard University - Harvard Taiwan ROC Student Club)

The Domain Name System (DNS) is a naming database in which Internet domain names are located and translated into Internet protocol (IP) addresses. The DNS maps the name people use to locate a website to the IP address that a computer uses to locate a website. For example, if someone types example.com into a web browser, a server behind the scenes will map that name to the corresponding IP address.  

A decade or so ago, if you were building an online application, chances were it lived in physical infrastructure in a single datacenter and you managed individual servers with an esoteric set of configuration files and operator knowledge. Today, all that has changed: applications are distributed across multiple service endpoints thanks to a breadth of cloud facilities, content delivery networks, deployment automation and application technologies. And along the way, the tools you use to get traffic to your application have changed. 

Today’s most advanced online companies like Facebook or Twitter, Amazon or Google deliver reliably good performance regardless of a user's location and whether they're using a laptop or a mobile device. As a result, the expectation of fast and responsive delivery of both static and interactive content has become the norm for every online application. Users are increasingly demanding and unforgiving: Amazon calculated that a slowdown in page load time of just a single second could cost it $1.6 billion in sales each year. 

DNS isn’t what it used to be. Far beyond the basic “phone book” of the Internet, today’s DNS platforms enable application developers to leverage ubiquitous protocol to manage and optimize application delivery and performance. As infrastructure and applications continue to evolve, and the performance and reliability demands of users become more strict, today’s DNS providers will push the envelope in enabling developers and operators to manage their traffic and optimize their delivery.  

(Maggie - Jeff M. Wang)

Originally, the DNS was created to support the growth of communications by email, and the first email addresses only consisted of <user>@<host>. With the increase of users over time, RFC 805 was created to extend email addresses to <user>@<host.domain>, where domain should be a hierarchy of hosts. DNS currently supports the Internet on a global scale with this model. In the Internet, a hostname is a domain name assigned to a host computer. This is usually a combination of the host's local name with its parent domain's name. 

The DNS is a critical component of the global Internet infrastructure. Throughout its history, its design and administration has experienced significant dynamic changes as the Internet itself has evolved. At the beginning of the ARPANET, there were only a few hosts that could be kept in a simple text file of hostnames. Over the years, and with the explosive growth of the Internet, a system was required to help organize the endless number of existing domains and addresses. Before the DNS, navigating the Internet was a laborious task. In the early days of networked computing, messages were sent from computer to computer manually.

In 1984, four graduate students at the University of California, Berkeley came up with the Berkeley Internet Name Domain (BIND) program, using the Internet Engineering Task Forces (IETF) 1983 specifications. This moved the mechanism of naming Internet-connected nodes away from the topological approach to a method that was based on hierarchical records. It also decentralized the mechanism so that each node was not required to keep a copy of the entire routing database. 

Additionally, BIND introduced the concept of mapping the data in the namespace to the actual IP addresses of nodes. This is one of the most powerful concepts behind DNS today: Instead of dealing with an ever-changing universe of numerical addresses, people can navigate to destinations that have static and understandable names. Different users can also receive different translations of identical domain names at the same time, a key point of divergence from the traditional text-file view of the service. The DNS simplified the task of navigating the Internet and made it possible for multiple users to connect to the same destination simultaneously.

The DNS is the backbone of the modern Internet. Over the years, it has evolved to make networked computing accessible to everyday users. However, it has also introduced new DNS security threats, such as distributed denial-of-service (DDoS) attacks, schemes designed to redirect users to malicious websites and more. The original design of the Domain Name System (DNS) did not include any security details; instead, it was designed to be a scalable distributed system. 

The Domain Name System Security Extensions (DNSSEC) attempts to add security, while maintaining backward compatibility. DNSSEC significantly improves the security of the DNS system by reducing the risks that information can be changed or tampered with during transfer over the Internet. 

DNSSEC is the extra level of security - it is a security extension, on top of the DNS that protects the users from DNS poison attacks. RFC 3833 documents some of the known threats to the DNS and how DNSSEC responds to those threats. Most of the European country code top level domains are DNSSEC enabled.

Despite these risks, the current configuration of the DNS is deeply embedded into the fabric the Internet as we know it. That fabric, however, is poised for a fundamental shift in the near future if certain government agencies succeed in establishing their own DNS separate from the familiar, independently operated system that powers the web today. 

The U.S. ceded DNS control to the independent Internet Corporation for Assigned Names and Numbers (ICANN) in October 2016. However, Bleeping Computer reported that the members of BRICS - Brazil, Russia, India, China and South Africa - is working to develop its own name service system by August 2018. The current system has been so deeply ingrained into the fabric of the Internet that few have even considered what life would be like without it. As it turns out, that day of reckoning may be coming sooner than many technology specialists think.

[More to come ...]