Disruption and the DNS: Mad Science at NamesCon 2017

Static1.squarespace 11 2 750x350

01“My thesis is, we need more disruption,” said Paul Mockapetris, Chief Scientist at ThreatSTOP and the inventor of the Internet Domain Name System (DNS, an acronym you all know by now). Paul talked about disruption and the DNS.

In his NamesCon 2017 keynote, Mockapetris said that all distributed systems have three parts: Hardware, software, and configuration. Hardware, he said, has to be fresh. Software is better as it ages. However, “configuration is like death and taxes,” he said: nobody likes to do it, but it’s inevitable. The task, he said is to minimize the pain associated with configuration.

The Beautiful Monster

Configuration is messy because we always build systems to beat the other guy, building bigger and more complex systems until we’re teetering atop Towers of Babel. The DNS was introduced in 1983, which is when ARPANET became what we now know as the internet. Nobody thought it was important at the time, so he got the job: “It was a nice little job for a grad student!” His ideas—which he laughingly described as “stolen”— came from stuff he studied: virtual machine and distributed computing tech from the Sixties, and space and networking tech from the Seventies. The key was the concept of networking-by-name.

He combined those notions with UDP and server redundancy, likening the resulting gorgeous mess to Gaudi’s Sagrada Familia in Barcelona. The intention of the DNS design was meant to be “just lightweight enough to take off”, a minimum viable product. He had to provide a design that had orthogonal features which could be combined to produce lots of possibilities: “more of a recipe than an invention”. He wanted speed, reliability, distributed control, and the ability for the system to evolve. Security? Access control? Clever replication? Nah, those were left out at first.

01 Static1.squarespace 12 1

Over the following decades, others built on top of Mockapetris’ creation. In 1986, documentation began to appear! That’s progress, right? “Things seemed to happen quicker back then,” said Mockapetris. However, nobody wanted to deal with standardizing the implementation of new developments. Mockapetris had to step up again, because stuff just wasn’t working right: the internet wasn’t indexed, and DDOS attacks happened accidentally back then.

“Speed kills”, said Mockapetris. DNS trends have been driven by security issues such as cache poisoning and DDOS attacks.  Today, his work with ThreatSTOP revolves around internet security using DNS. He looks at the confluence of enterprise cloud workload, traditional enterprise networks, and folks working on the coffee-shop WiFi. The problem is that your network is faced with attacks ranging from infected emails and malicious(or compromised) websites. “You have to figure out what the bad stuff is.”

So ThreatSTOP gets hold of attack software, and uses DNS to sent info to clients’ servers and firewalls that say, “Don’t talk to these guys!” If you have real-time threat intelligence, said Mockapetris, you have an idea of who the current villains are: their identities are constantly changing. You don’t want to get stuck analyzing content, because it’s so insanely processor-intensive. We can do better, he says, and a whole industry around threat intelligence is out there.

Roll On

A better DNS is possible, he says, but it involves re-confronting issues like backwards compatibility, name structures, and infrastructure replacement: “We can just get rid of root servers!”  We have to distribute those crucial servers more widely, he said, to give them a fighting chance against massive attacks. Blockchain technology, such as that behind Bitcoin, could come into play as well, for a bit of shared zone control.

“My favorite example of technology is the wheelie bag,” Mockapetris said, switching gears a bit. Forty years after jet travel, the wheelie bag was invented: “There are probably innovations out there if you can just think outside the box!”

More from our blog: