Nothing But Net

Mark McFadden on DNS at Risk

That old workhorse, the Domain Name System (DNS), has been much in the news lately. You’ve no doubt heard that new, generic top-level domain names have been approved. Now, the tried-and-true top level domains, ".com," ".net" and ".org," are joined by five specialty domains, ".aero," ".coop," ".museum," ".name," and ".pro," as well as two general suffixes, ".biz" and ".info," that will be available to anyone.

There’s plenty of controversy over the addition of new top-level domains, but I’ll let you in on a little secret: the DNS is in real danger of being a victim of its own success. And it has nothing to do with those new top-level domains.

The domain name system is simply a distributed database that responds to requests to look up IP addresses. At least that’s what it was in the beginning. In the last three years the DNS has been incrementally altered with new and often useful features. As time goes on, the complexity and overhead of the DNS grows as each new feature is added on the top of an already complex system.

One example is Dynamic DNS. The Domain Name System was originally designed to support queries against a statically configured database. While the data was expected to change, the frequency of those changes was expected to be fairly low, and all updates were applied against an external Master File. The addition of Dynamic DNS makes it possible to add or delete DNS resource records from the database on the fly.

Obviously, there needs to be security for those dynamic updates -- otherwise, anyone could add, delete or hijack DNS names from the DNS database. Dynamic DNS solves this problem by storing digital signatures in the DNS as a special resource record. DNS security also permits the storage of public keys in the DNS.

That’s great -- Dynamic DNS and DNS security are good things -- but notice how things other than names and IP addresses are starting to populate the DNS. Today the DNS is home to geographic locators, digital certificates, IP version 6 addresses, and even access control lists.

My favorite example of overloading the DNS is the new push for internationalization. Several organizations are working on schemes to allow the DNS to support international character sets. Last month Verisign announced it would begin accepting Web addresses written in Chinese, as well as Japanese and Korean. Almost immediately China's Network Information Center, the government agency that oversees the national registry in China, responded by unveiling a competing system.

Officials quoted in China's state-run media called the system China’s sole legal cyber-registry. The Chinese government’s system threatens to use the same domain names as one of Verisign’s partners, a Singapore-based start-up called idns.Net. That means users in different geographical locations may have Chinese DNS names resolved to different IP addresses.

Amazing! Will this be the year that the DNS breaks? I don’t think the sky is falling . . . yet. Still, there’s one thing I’m sure of: the DNS will get plenty of public scrutiny in the next year -- and not just because of new domain names. --Mark McFadden is a consultant and is communications director for the Commercial Internet eXchange (Washington). Contact him at

About the Author

Scott Bekker is editor in chief of Redmond Channel Partner magazine.


  • SharePoint Framework 1.8 Now Generally Available

    Microsoft this week announced that SharePoint Framework 1.8 had reached "general availability" status, although some features are still at the preview stage.

  • How To Create Office 365 User Accounts in Bulk

    Manual account creation can be tedious, time-consuming and prone to human error, especially if you have more than a handful of Office 365 users to set up. Brien shows you a better way.

  • System Center 2019 Reaches General Availability

    System Center 2019 has now reached the "general availability" product stage, Microsoft indicated in a Thursday update.

  • SharePoint Online Users Getting News Improvements This Month

    Microsoft plans to roll out new capabilities for SharePoint Online users this month that will add greater control over how News articles appear in SharePoint sites, according to a Wednesday announcement.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.