This paper published at the early stage of DNS; it reviews DNS design
principles, implementation, and further discusses the shortcomings and
successes of DNS.
As their prediction of DNS success, DNS has already evolved into one of
the biggest distributed Internet Service and ensures the normal working of
today's Internet. I think, there are three main points to achieve these
successes. First, DNS concept decouples the name of an Internet Service
with its service hosting machine (IP address), and thus makes people
easily remember the names of services. Second, its variable depth
hierarchy name design is flexible and easy to extend. Third, its fully
distributed and hierarchy server system as well as caching techniques
guarantee that DNS is globally available.
Nevertheless, the authors do not consider some important issues related
with DNS design.
First, they completely ignore security issues for designing DNS. DNS
severs are easily to be selected as target machines of hackers. If some
important domain DNS servers are attacked, they may lead to some services
unavailable or direct clients to malicious machines. Moreover, though
domain names bring great convenience, some malicious domain names could be
very similar to some well-known domains, like bank services or email
services. Therefore, due to misspelling, clients may go to these forged
servers and input their account number and password. These cheatings are
very popular frauds. In addition, current domain hierarchy does not
provide sufficient information about organizations authentication,
geography places, etc.. The question here is what kind of semantics the
domain names should provide.
Second, they assume DNS as a lean service. However, today's DNS servers
are much more complex than ten years ago. It not only provides naming
service, also can be used to provide wide area availability and load
balancing. DNS redirection is widely used by large scale Internet
services, such as Akamai. So, the debate here is whether we should put
more functions on DNS servers in the future.
The last question about DNS is whether the current authoritative hierarchy
architecture is efficient in terms of performance, availability as well as
security.
Received on Sun Oct 02 2005 - 15:44:51 EDT
This archive was generated by hypermail 2.2.0 : Sun Oct 02 2005 - 16:49:06 EDT