DNS is busting out all over


New uses continue to be found for 20-year-old 'Net technology.

After 20 years as one of the cornerstones of the Internet, DNS is being tapped to revolutionize corporate supply chains, IP telephony, real-time communications and security.

DNS is being used to support two hot emerging technologies, radio frequency identification (RFID), which is expected to slash costs and streamline corporate supply chains, and the proposed IETF standard called Electronic Numbering (Enum), which promises to marry the PSTN to IP networks. DNS also is being adopted for IPv6  and could provide a foundation for a new-fangled public-key infrastructure (PKI) system and to help combat Internet-based identity theft.

While RFID and Enum still face privacy and political issues before mass implementation, DNS is helping prove these technologies are solid. Along with intranets, RFID and Enum are fueling the growth of DNS, with DNS entries expected to double in number every year for the next five years.

DNS has been humming along since June 1983, matching Internet names to IP addresses and helping deliver e-mail and Web pages. The largest and most successful globally distributed database, with 1 billion entries, the 20-year-old lookup service need not be reinvented to be an integral part in the new crop of potentially revolutionary technology advances.

"In a sense, we have moved up one level in the kind of problems that people are thinking of attacking with DNS. It's not just keeping track of hosts now. It's now higher-level services," says Paul Mockapetris, who created DNS at the University of Southern California and is now the chief scientist and chairman of Nominum, which develops IP address management software. Mockapetris says DNS also one day could help simplify PKI security.

The new capabilities debunk what Mockapetris says is one of the biggest myths about DNS - that it has peaked.

"DNS has turned into a building block underneath a number of these other naming systems," he says.

In 1999, researchers at the Auto-ID Center at the Massachusetts Institute of Technology theorized that they could make RFID tags less expensive by offloading some data stored on the tags to the network, therefore reducing data storage and silicon needs.

"But the question was, how do you connect the unique number associated with the RFID tag to the data?" says Sanjay Sarma, associate professor of mechanical engineering at MIT and chairman of the Auto-ID Center. The center is a non-profit partnership between 100 global companies, MIT, the University of Cambridge in England, the University of Adelaide in Australia, Keio University in Japan and the University of St. Gallen in Switzerland. The center is working on creating the standards and assembling the building blocks needed to create an "Internet of things."

To make the connection between the RFID tag and the network-stored data, the center developed the Object Naming Service (ONS), which is built on top of DNS. ONS converts an electronic product code into a domain name that can be looked up on a local DNS cache or a DNS server on the Internet. Once the DNS pinpoints where the product data is stored, it can be downloaded.

"DNS is so beautifully designed and so simple that it took very little work to seamlessly incorporate it," Sarma says. DNS also addressed the problem of scalability. "We realized that DNS has caching and time-to-live records and that many lookups would happen in a local cache and never go out to the Internet."

It's that same scalability that led IETF to latch onto DNS for Enum. The pending standard will make it possible to convert telephone numbers into Internet addresses. This means a caller knowing only a telephone number can use a range of Internet services - such as voice, e-mail and conferencing - to reach another user.

"The unique thing about DNS is that it is a public database, it's not a telecom database that is owned by a carrier and that you need approval and payments for access," says Kevin McCandless, senior manager for engineering and construction at VeriSign. McCandless is the author of several documents before the IETF's Enum working group and VeriSign's representative at the Enum Forum, a collection of firms developing Enum-based products.

With DNS as its location service, Enum eventually could lead a telecom revolution using phone numbers based on International Telecommunication Union E.164 format.Devil in the details

"This is all a huge threat to the ILECs," says Dave Passmore, an analyst with Burton Group. "The cable companies are starting to offer phone service and it is clear they will use SIP-based IP telephony."

DNS creator Mockapetris looks at Enum and RFID and sees the next level of intelligence for DNS. Mockapetris says he thinks DNS could provide a foundation for a PKI system that could help fight Internet-based identity theft.

"You could use the DNS as a transport, as a way to carry PKI information around," he says. "You know if you could do that, DNS is a protocol that every Internet device could speak. Of course, there is a lot of stuff you would have to add to make it work."

Other concerns remain.

Improperly configured DNS servers at corporations continue to present vulnerabilities. A downed corporate DNS server today means a company disappears from the Internet, but in the future it also could knock out phone service or other modes of real-time communication.

Today, nearly 70% of corporate DNS servers have configuration problems, a figure that has remained steady over the years, according to Men & Mice, a DNS software and consulting firm.

And the addition of new data types, such as those for Enum and RFID, will pose management problems for companies. Mockapetris says a new generation of tools will be needed to mask the complexity. "Originally we built DNS so it was very simple to configure, but everybody was a computer scientist," he says. "We need more automatic tools to monitor the health and deal with the problems."

Another welcomed advancement will be widespread adoption of DNS Security Extensions, which could provide security features for authenticity and integrity. The protocols have been under development since 1996, but suffer from technical and political issues, such as establishing trust relationships.

"The new challenge is to see whether we can continue to use DNS for whatever we like, to continue to add stuff on top of it," Mockapetris says. "We don't want DNS to be a scarce resource. We want domain names and the ability to do these lookups as a tool that people building Internet applications can use and it will just be there. It is not going to run out. It's like clean air and water: You want clean names so to speak, and clean data, it's what applications need to live on."Convergence

Must read: 11 hidden tips and tweaks for Windows 10
View Comments
Join the discussion
Be the first to comment on this article. Our Commenting Policies