This "experiences" paper presents the motivation and design decisions
that led to the current DNS design, as well as retrospective insight
into what did and did not work, as well as what future work might
hold. Even under today's context, it is not obvious that a
distributed system would work better than a master HOSTS.TXT list.
After all, today's technology gives us the ability to have
fault-tolerant servers with fat pipes serving copies of this file and
performing IP address updates very quickly. Who needs DNS if all we
need are servers hard-wired to google? However, we now know that
having DNS avoids having such a heavy centralized solution -- one
fraught with complicated issues linked to politics and cost.
In general, DNS delegates name resolution to sub-groups called zones.
At the root level, there are 11 root DNS servers, with hard-wired IP
addresses. There are also approximately (at the time of the paper's
writing) 30 top-level zones, which include EDU, COM, NET, and CA.
Zones provide their own DNS server which can answer name resolution
queries. Furthermore, each zone can be further delegated into deeper
sub-zones. Name queries are performed iteratively, starting and the
root. DNS servers redirect clients to each subsequent zone DNS
controller until the IP of the given name can be fully resolved.
Personally, I found one of the interesting aspects of the experiences
is that despite the technological design, human error is still an
unavoidable cost. Wrong values and poor settings can still over-load
the system and cause poor performance. As a result, the paper
suggests the need for negative update entries, for over-riding
improper settings. Unfortunately, the author fails to see the need
for security in an open Internet system. DNS DoS attacks, spoofed IP
addresses, and false DNS resource records are complex issues for
today's security researchers. However, it is understandable that in
1988 few foresaw such problems.
The paper also considers the drive to have a more comprehensive naming
system, one which can resolve many things, down to directories and
files. Interestingly, in today's complex Internet, naming isn't that
important anymore. DNS as a service suffices; more interesting
queries can be accomplished with search engines, and directory
services like X.500 and LDAP have been moved to intranet settings.
Received on Mon Oct 03 2005 - 00:22:10 EDT
This archive was generated by hypermail 2.2.0 : Mon Oct 03 2005 - 02:10:12 EDT