DNS Complexity

ChelleChelle writes "Paul Vixie of Internet Systems Consortium guides us on a journey into the sublime details of the domain name system. Although it contains just a few simple rules, DNS has grown into a system of enormous complexity. This article explores the supposed and true definitions of DNS, and shows some of the tension between the two definitions through the lens of the philosophy of Internet development protocol."

Taking a risk

[Anonymous Coward]

I'm going to risk sounding like an idiot and say that I think it's inhuman that somebody could write an article explaining how DNS works without having at least one diagram in it. I mean, c'mon, I can wade through piles of opaque text with the best of them, but just throw me a bone here, alright?

DNS DNS DNS DNS

[mcrbids]

While technically well written and clear, this is one of the most uninspiring pieces of work imaginable describing the values of DNS. It's so bad that I'd rather gouge my eyes out with a spoon. Highly technical and detailed while still being abstract, it's 100% accurate while still managing to be utterly devoid of any usefulness whatsoever.

Oh yeah, this is DNS we're talking about. Implementing it IS uninspiring and so abstract, it does make you rather gouge your eyes out with a rusty spoon.

But what DNS does is extremely exciting, and forms the foundation of what makes the Internet actually WORK for people. Think about it - when's the last time there was any major DNS failure? Never? Me too. Damned reliable, damned powerful, and damned easy to get you hooked up to the geek blogs, tunes, IRC, and whatever else we all crave.

Read this if:

A) You work with DNS regularly and want to know if you know enough for it to make some sense to you. (That's me)

B) You are thinking about implementing a DNS server.

Otherwise, move along, find something that might interest you, but take just a moment to reflect how difficult Internet life would be if DNS wasn't so well designed and crafted.

Re:Public DNS is corrupt, but Private DNS is subli

[Zombie Ryushu]

Oh... well my point is still valid. DNS Should not be a tool for politicians.

Re:DNS DNS DNS DNS

[isaac]

Read this if:

A) You work with DNS regularly and want to know if you know enough for it to make some sense to you. (That's me)

B) You are thinking about implementing a DNS server.

Otherwise, move along, find something that might interest you, but take just a moment to reflect how difficult Internet life would be if DNS wasn't so well designed and crafted.

I admire Paul Vixie a real whole lot (from afar; when the day comes that I have something interesting to say to him directly I'll be sure to mention it but until then, I'm sure he gets enough email.) That said, this article isn't really interesting to someone who really does work intensively with DNS implementations, and for whom intermediate caching nameserver and client resolver behaviour on the wild-and-wooly internet is a matter of near-daily concern.

It's actually rather depressing insofar as it only confirms what those of us in this position have come to discover: that a system loosely defined has become an ecosystem incapable of complete definition. FTA: "Most of it is not written down anywhere, and some of it would still be considered arguable if you got two or three DNS implementers in a room to talk about it." Ain't that the truth.

No, this article should be read by smart technical users and managers who don't have much experience with DNS and who intuitively believe that the way DNS works in the real world is well-defined and handed down on high on stone tablets from some standards-making body - the sort of well-meaning people who haven't yet realized what "RFC" stands for, if you will. For these people, this article could be a useful eye-opener.

-Isaac

Re:DNS DNS DNS DNS

[isaac]

To reply to myself...

It's actually rather depressing insofar as it only confirms what those of us in this position have come to discover: that a system loosely defined has become an ecosystem incapable of complete definition.

"Depressing" is the wrong word here - though it can certainly be frustrating to continually confront problems that wouldn't be problems if DNS weren't such a losely-defined protocol. When the scales truly fall from one's eyes, though, one realizes that it's not coincidental that the widely-adopted protocols of the internet are all simple and, mostly, loosely defined and easy to implement. Natural selection, of a sort, has led to the success of DNS (and TCP/IP, and HTTP, et cetera). Maybe a major change in the ecosystem will cause it to disappear (or be challenged in its niche) because it's simply not flexible enough to respond.

More probably, DNS is sufficiently simple and ubiquitous that it will continue to evolve as necessary in mostly minor ways while remaining as essentially recognizable to we dinosaurs of the internet era as the cockroach would be to the dinosaurs of the dinosaur era.

-Isaac

Article wrong about Unicode?

[amorsen]

From the article: "To express multilingual symbol sets usually means Unicode, whose binary representation is not directly compatible with the upper/lowercase "folding" required for DNS labels."

UTF-8 should be perfectly compatible with the case folding. The character which get folded are in the US-ASCII subset of UTF-8 and therefore have their high bit unset. All multibyte-characters in UTF-8 have the high bit set in each byte, so they aren't subject to that case folding. The DNS standard is, as far as I know, completely UTF-8-compatible except in the places where it explicitly says that "only these particular characters are allowed here".

Re:Wow. A real slashdot story

[Anonymous Coward]

Maybe any networking geek worth his salt should know this. But any computer geek? I disagree.

As a numerical modelling and computer graphics geek I have to say that I know very little about DNS & network architectures in general, and that I learned something today.

Re:Public DNS is corrupt, but Private DNS is subli

[MT628496]

The problem is that depending on who does these reviews, there will be entirely different results. I don't think that we can legally take the names back, anyway. It sure would be nice though if the /. community got to decide on it. Actually, that would be terrible. We'd spend the whole time fighting amongst ourselves.

BECAUSE of simple rules

[CarpetShark]

His point is that large systems can become unimaginably complex, even when they begin with a very simple set of rules. Particularly when those rules are vague.

It might be more accurate to say that systems can become unimaginably complex BECAUSE they have simple rules. The more rules, the more limitations.

Pike's "The Hideous Name" paper from Plan 9

[billstewart]

Rob Pike and Peter Weinberger wrote a paper in 1985 called "The Hideous Name", arguing against DNS's naming order in favor of Plan 9's Unix-like order. Plan 9 very aggressively uses the file system naming structure for everything, and they argue that consistent naming systems are much better than the alternatives, including the relatively new Arpanet naming system that some people were starting to use for email. I haven't read it in a decade or more, but one issue besides the one you mention is that if you do high-level-first names, it gives you a lot more flexibility for localized namespace management, and gets around some of the semantic and political issues with rootedness.

The original paper is available in Postscript at bell-labs.com [bell-labs.com] or Google has an HTML translation.

Re:Public DNS is corrupt, but Private DNS is subli

[grasshoppa]

As has already been pointed out, you can have a single TLD spread across several servers. You can also have multiple TLDs on a single server. More likely, you end up with a combination of these things: Multiple TLDs on a geographically disperse cluster of systems.