Perimeter

6/23/2016
03:00 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Internet Pioneer Discusses Creation, Expectations and Security of DNS on Its 33rd Birthday

"The Internet community has let legacy infrastructure designs constrain the future."

CARLSBAD, CA--(Marketwired - Jun 23, 2016) - 33 years ago today, Paul Mockapetris, inventor of the Internet Domain Name System, watched the DNS take its first steps. This critical development would open up what may be the world's most utilized and important technological development for a mass audience. Did he understand the importance or impact that DNS would have when it was created?

"I think I saw the potential importance more clearly than the traditional ARPAnet era folks, who were busy replacing the old NCP protocols with IP and TCP," noted Mockapetris, now Chief Scientist at ThreatSTOP. "So I was very happy to take on the design job and build something quite beyond the task given me."

By 1983, he had already spent 15 years designing distributed systems at what would become the Media Lab at MIT, Draper Labs, IBM, and the Distributed Computer System at UC Irvine. So he did expect his creation to be used across the Internet to manage distributed operating systems and applications. DNS was really meant to manage a heterogeneous distributed, federated cloud and its services.

Something Mockapetris did not expect was the whole marketing and branding of names. "I guess I should have taken some classes in business and marketing," he joked. His biggest surprise was that the research agencies in the late 80s and 90s didn't see naming systems and DNS in particular as merely the first steps in an Internet naming architecture. The original design had many places where next steps and additional mechanisms were indicated, and were never taken. Recent work in named data networking has revived this field a bit.

"If I'd been told in 1988 what the DNS would eventually be used for, I would have said it wasn't possible," said Dr. Paul Vixie, Internet pioneer and CEO of Farsight Security, Inc."Almost all Internet activities, whether for good or evil, begin with a DNS lookup. Defenders who can monitor, and control, and investigate their use of DNS can by extension monitor, and control, and investigate their relationship to the Internet itself."

The DNS was introduced during the transition from the ARPAnet to the IP/TCP-based Internet, and was the largest single architectural innovation of that transition. As a critical infrastructure, DNS has been subjected to many attacks and misuse, but in today's hardened form, it is seen as an essential tool for implementing security.

Security was intentionally left out of the initial design, along with several other functions. DNSSEC is a next step, but is very heavy weight and doesn't solve current problems like DDoS.

"The Internet community has let legacy infrastructure designs constrain the future," notes Mockapetris. "For example, the 512 byte datagram limit of 1983 should be more like 500 Megabytes if we adjust for the million-fold increase in transmission speed in today's Internet, though I'd settle for 512K bytes. We are giving up on datagrams because of DDoS -- while I understand the argument, I'm not ready to surrender yet. There's a lot of room for innovation here. It's as if we are requiring DNS to support paper tape and floppy disks."

Mockapetris now provides guidance to the ongoing product innovation process for ThreatSTOP, and leads research into DNS-based security. "Effective security requires real-time threat intelligence that is distributed to all of an enterprise's enforcement devices whether they are routers, firewalls, application delivery controllers, or servers. DNS is an ideal vehicle," said Mockapetris. "Fielding powerful, scalable security tools that leverage the ubiquity of DNS to protect organizations of all sizes is critical."

About ThreatSTOP
ThreatSTOP is a network security company offering a cloud-based threat protection service that protects every device and workload on a network from cyberattacks and data theft. It can protect any network, from virtual cloud networks to branch LANs to the largest carrier networks. The service leverages market-leading threat intelligence to deflect inbound and outbound threats, including botnet, phishing and ransomware attacks, and prevents data exfiltration. For more information visit www.threatstop.com.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Russia Hacked Clinton's Computers Five Hours After Trump's Call
Robert Lemos, Technology Journalist/Data Researcher,  4/19/2019
Why We Need a 'Cleaner Internet'
Darren Anstee, Chief Technology Officer at Arbor Networks,  4/19/2019
4 Tips to Protect Your Business Against Social Media Mistakes
Guy Bunker, CTO of Clearswift,  4/22/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
5 Emerging Cyber Threats to Watch for in 2019
Online attackers are constantly developing new, innovative ways to break into the enterprise. This Dark Reading Tech Digest gives an in-depth look at five emerging attack trends and exploits your security team should look out for, along with helpful recommendations on how you can prevent your organization from falling victim.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-16558
PUBLISHED: 2019-04-25
Contao 3.0.0 to 3.5.30 and 4.0.0 to 4.4.7 contains an SQL injection vulnerability in the back end as well as in the listing module.
CVE-2018-18369
PUBLISHED: 2019-04-25
Norton Security (Windows client) prior to 22.16.3 and SEP SBE (Windows client) prior to Cloud Agent 3.00.31.2817, NIS-22.15.2.22 & SEP-12.1.7484.7002, may be susceptible to a DLL Preloading vulnerability, which is a type of issue that can occur when an application looks to call a DLL for executi...
CVE-2018-19442
PUBLISHED: 2019-04-25
A Buffer Overflow in Network::AuthenticationClient::VerifySignature in /bin/astro in Neato Botvac Connected 2.2.0 allows a remote attacker to execute arbitrary code with root privileges via a crafted POST request to a nucleo.neatocloud.com:4443/vendors/neato/robots/[robot_serial]/messages Neato clou...
CVE-2019-9135
PUBLISHED: 2019-04-25
DaviewIndy 8.98.7 and earlier versions have a Heap-based overflow vulnerability, triggered when the user opens a specific file that is mishandled by Daview.exe. Attackers could exploit this and arbitrary code execution. .
CVE-2019-9136
PUBLISHED: 2019-04-25
DaviewIndy 8.98.7 and earlier versions have a Heap-based overflow vulnerability, triggered when the user opens a malformed JPEG2000 format file that is mishandled by Daview.exe. Attackers could exploit this and arbitrary code execution.