I’ve already written a few times (here and here) about DNS.

Why?

A concerted effort to drive readers away with dry technical information about internet plumbing, possibly?

No,  it’s because I don’t think DNS gets the love and respect it deserves – either for its sheer technical coolness as a massively replicated global peer-to-peer data structure, or for its vital importance to The Internet As We Know It.

With that in mind, let’s take a look at two relatively recent types of internet services that both encroach upon the traditional functionality of the legacy public DNS system: URL Redirection and Managed DNS.

URL Redirection With the exponential growth of Twitter comes the exponential growth in the use of URL Redirection services such as TinyURL.  These services take a (potentially long) URL and generate a much shorter alias address under their domain they will redirect back to the original URL.   Although primarily used to allow long web addresses to fit more easily within the 140 character limit of a twitter tweet, growth in the use of these dramatically shorter (and easier to type) aliases will also be driven by the ever-increasing number of internet-enabled mobile devices out there.  Granted, ultimately the  name-to-IP lookup occurs via traditional DNS,  but the addition of a private name-to-name alias layer is significant, especially given the phenomenal twitter-driven rate of growth these services are  experiencing – and there can be ramifications (see below).

Managed DNS The public DNS system is awesome, sure – but hey, this thing was designed by some kids from Berkeley about 25 years ago,  is managed by a few non-profit organizations in California, and is routinely attacked by hackers.  On top of that, it can take a day or more for any routine name changes to propagate throughout the  system.   How can global e-commerce be expected to accept that?  Enter Managed DNS:  companies such as Dynect and UltraDNS deploy a proprietary fabric of widely distributed name servers running proprietary software, offering any enterprise with a mission-critical need for internet accessibility a private name server solution that’s quicker, more dependable, and more responsive to any address changes than the legacy public DNS system.  In some cases, the private name servers are located at major ISPs, so look-up requests there can be resolved before ever having to mingle with all the riff-raff out there on that nasty public internet at all (in other words, a complete and utter abandonment of the publc DNS system).

Security Issues DNS is the soft white underbelly of the internet, and while the crucial importance of the system is widely (ok, completely) overlooked by the general public, the point is not lost on the bad guys.  As an ex-IT worker, I’ve personally seen the almost daily barrage of Denial of Service attacks a publicly exposed DNS server can be subjected to – I’ve had a real-world education in just how stormy a place the internet really is, and it’s left me admiring DNS for the robustness most of us take for granted.  Are some of the attacks successful?  Sure – but the replicated nature of the system has generally proven quite resilient.  And it’s worth noting that these same types of attacks can affect these private name server services too:

• A recent report on the Easter weekend Twitter outage specifically cites the use of URL redirection services as a significant obstacle to tracking down bad guys on Twitter.  This is because  the malevolent link’s actual IP address and public domain name are both internal to the redirection service, and therefore one step removed from the Twitter technical team (and of course invisible to the end user – think of the phishing possibilities).
• The UltraDNS service proved itself vulnerable to a traditional Denial of Service attack as recently as two weeks ago.  Starting in Europe, this attack resulten in e-commerce sites such as Amazon.com being unreachable for several hours (imagine being the guy at UltraDNS who has to pick up the phone and take the call from a dead-in-the-water Amazon, and you get an idea of the stakes we’re talking about here).

Conclusion Managed DNS, Dynamic DNS, URL redirection, Content Delivery Networks…   the trend is clear: for better or worse, we’re seeing the gradual privatization of the internet.  Going froward, will we see some private technologies supplanting public legacy technologies?  In certain cases, yes – because after all,  it’s worth noting that these services are addressing sound technological needs.

It’s also worth noting, though, that they will face increasing incidences of online attack, the same type of attacks the public legacy DNS system has faced (and perservered over) for years.