DNS Enhancements and Alternatives for the Future Internet

Session: WS 408

12 Nov 2018 - 09:00 to 10:30

#IGF2018, #WS408

Report

[Read more session reports and live updates from the 13th Internet Governance Forum]

The objective of the session was to examine the existing Domain Name System (DNS) which is used for resolving domain names into Internet Protocol (IP) addresses, for load balancing and other services; outlining the limitations of this system; and to discuss proposals for DNS enhancements or alternatives for the future Internet.

Initiating the discussion, the moderator Ms Chiara Petrioli, University of Rome la Sapienza, spoke about how the Internet has changed our lives, with the growth of the Internet resulting in big changes in traffic and volume, which are expected to grow significantly with new technologies such as the Internet of Things (IoT). She then asked speakers to share their views on what they see as the current forecast and challenges in terms of both the DNS solution, and also in terms of DNS management – and whether the DNS should be changed to meet future requirements.

Mr Dongbin Wang, Beijing University of Posts and Telecommunications, spoke on the current challenges and limitations of the DNS, such as the centralised resolution of the system, which makes it vulnerable to cyber-attack such as DNS spoofing and cache poisoning. He suggested using blockchain decentralised distributed and public digital ledger solutions for storing the DNS.

Mr Khaled Khoubaa, Board Director of the Internet Corporation for Assigned Names and Numbers (ICANN), pointed to the advantages of the DNS system, such as an efficient load balance, and the efficiency it provides, with around 1000 instances distributed across the globe. Clarifying concerns related to cyber-attacks due to the hierarchical structure of the DNS, he argued that there could be similar concerns with blockchain, or any other service. Moreover, as the DNS makes up a small portion of Internet traffic, therefore the distribution of DNS servers is not what defines how the traffic flows, or is balanced. Other factors, such as routing decisions and content distribution solutions are part of what drives this distribution of Internet traffic. He further added that the existing DNS system is capable of handling IoT devices.

Mr Ted Hardy, Internet Engineering Task Force (IETF), spoke of how the DNS has grown over the years and is serving about 1 million queries per second across the route name service. He suggested that when looking at alternative technologies or solutions for the DNS, it is critical to look at the core methods of the DNS and check if the same guarantees can be provided by other solutions. He would prefer that such experimentation should result in a single name space, as this helps drive the Internet in remaining as a single system.

Mr Jeremy Rand, Lead Application Engineer & Community Organiser, Namecoin, shared his view that the need to trust a lot of third parties in the DNS system brings vulnerability to the system. He spoke of the work being done at Namecoin and its advantages to the DNS model, highlighting instances where Namecoin's deterministic behaviour can improve security, compared to the DNS.

Replying to a question, Rand clarified that Namecoin does not have any mechanism for taking down domain names that infringe a trademark. He suggested that Namecoin and the DNS should coexist, because some users care more about making censorship as difficult as possible and enforcing free speech, while other users want to have protection from trademark infringement for sites they visit, and only a centralised system like the DNS can provide this.  

Mr Francesco Prirro, Agency for Digital Italy Government, spoke on the need to look at alternatives to the DNS system due to concerns about traffic management, owing to use of IoT devices and potential security risks of the DNS, due to its hierarchical nature. He further shared that his government has started working on an alternative solution for the DNS, based on a mix of solutions using blockchain and a torrent-like system, and are planning to submit a proposal soon to the IETF to discuss upon it.

 

By Amrita Choudhury

 

The GIP Digital Watch observatory is provided by

in partnership with

and members of the GIP Steering Committee



 

GIP Digital Watch is operated by

Scroll to Top