Skip to main content

The Second Annual ICANN DNS Symposium

The ICANN organization's Office of the Chief Technology Officer (OCTO) organized the second annual ICANN DNS Symposium (IDS), a one-day event focused on all aspects of the Domain Name System (DNS). IDS 2018 was held last Friday, July 13, in Montreal, Quebec, Canada and this year's theme was "Attention, Domain Name System: Your 30-year scheduled maintenance is overdue"

Surprising as it may seem, the Domain Name System (DNS) is well into its thirties. The DNS runs remarkably well, and most users think of it as rock solid. But perhaps the system could be made healthier or could be improved to support even further innovation. The program for IDS 2018 explored putting the DNS through a scheduled maintenance with the kind of full diagnostic assessment routinely recommended for high performance vehicles. Members of research, academia, and operational communities shared experiences, data, and innovative thinking on the past, present, and future of the DNS.

The day started with a keynote from Dr. Paul Mockapetris, an Internet pioneer credited with being the inventor of the DNS, entitled "Lessons from history relevant to the future of DNS – principles and examples." Paul told the audience he expected that his list of lessons learned might be somewhat controversial. For example, he mused if the traditional tree structure of the DNS database was under pressure to evolve, and if the DNS engineering community could derive inspiration from many years of developments in the database field.

The rest of the day was filled with a dozen presentations. Some presenters looked back: Ed Lewis revisited and commented on the predictions and observations of an early paper describing the then-current design and operations of DNS. Brian Reid gave a short history of how the BIND name server has evolved along with the DNS protocol. Others focused on the DNS of today: both John Kristoff and Tobias Fiebig described the state of DNS operations dealing with data consistency and reverse DNS, respectively. Still other presentations looked to the future: Ondřej Surý commented on the historic baggage in the DNS protocol resulting from over 30 years of evolution and wondered if certain features should be removed. Jari Arkko asked questions about the level of concentration we now see in the various players in the DNS industry, notably in recursive resolvers. Benno Overeinder described the security features provided by DNS over SSL and wondered if its wider adoption would put pressure on DNSSEC deployment, since there is some overlap in the kind of protections provided by the two protocols.

Included among the various presentations were two panels. The first, entitled "DNS Weaknesses," was led by Dr. Steve Crocker with the panelists commenting on various aspects of DNS protocol and operations that they thought could be improved. The second panel, "DNS over Application Layers", covered the current trend to transport DNS over other protocols, including SSL and HTTPS, and was overseen by Allison Mankin.

We were pleased with a strong turnout of over 120 people filling the hotel ballroom and almost 50 who followed remotely, and gratified by many positive comments afterward, both in person and from our post-event survey. Attendees were impressed with the high quality of the presentations, appreciated the good interaction and discussion among the audience, presenters and panelists, and enjoyed having access to so many DNS experts. We are already looking forward to planning the next IDS, currently scheduled for May 2019 in Asia. We hope to see you there!

Comments

    umairaslam  00:42 UTC on 29 July 2018

    Remarkable as it may seem, the Domain Name System (DNS) is well into its thirties. The DNS began as an exercise to improve the scaling properties of mapping host names on the ARPANET to Internet addresses, and to also help decentralize email box names. In 30 years, we have evolved from the early experimentation and implementation of the formative domain name standards to a distributed name resolution system with millions of name servers that process billions of queries daily.

Domain Name System
Internationalized Domain Name ,IDN,"IDNs are domain names that include characters used in the local representation of languages that are not written with the twenty-six letters of the basic Latin alphabet ""a-z"". An IDN can contain Latin letters with diacritical marks, as required by many European languages, or may consist of characters from non-Latin scripts such as Arabic or Chinese. Many languages also use other types of digits than the European ""0-9"". The basic Latin alphabet together with the European-Arabic digits are, for the purpose of domain names, termed ""ASCII characters"" (ASCII = American Standard Code for Information Interchange). These are also included in the broader range of ""Unicode characters"" that provides the basis for IDNs. The ""hostname rule"" requires that all domain names of the type under consideration here are stored in the DNS using only the ASCII characters listed above, with the one further addition of the hyphen ""-"". The Unicode form of an IDN therefore requires special encoding before it is entered into the DNS. The following terminology is used when distinguishing between these forms: A domain name consists of a series of ""labels"" (separated by ""dots""). The ASCII form of an IDN label is termed an ""A-label"". All operations defined in the DNS protocol use A-labels exclusively. The Unicode form, which a user expects to be displayed, is termed a ""U-label"". The difference may be illustrated with the Hindi word for ""test"" — परीका — appearing here as a U-label would (in the Devanagari script). A special form of ""ASCII compatible encoding"" (abbreviated ACE) is applied to this to produce the corresponding A-label: xn--11b5bs1di. A domain name that only includes ASCII letters, digits, and hyphens is termed an ""LDH label"". Although the definitions of A-labels and LDH-labels overlap, a name consisting exclusively of LDH labels, such as""icann.org"" is not an IDN."