Talk:Domain Name System/Draft: Difference between revisions
imported>Howard C. Berkowitz (→Thinking about Pat;s comment about resiliency: new section) |
imported>Pat Palmer (my ideas for polishing this) |
||
Line 44: | Line 44: | ||
[[User:Howard C. Berkowitz|Howard C. Berkowitz]] 08:18, 10 October 2008 (CDT) | [[User:Howard C. Berkowitz|Howard C. Berkowitz]] 08:18, 10 October 2008 (CDT) | ||
== Plans for this article == | |||
Howard, if I understand correctly, you're hoping to more this article towards approval. I think all the basic building blocks are assembled here. Yet, I'd like to make a stab at editing on it at some point. Unfortunately, I don't have a lot of free time right now, and the next block of leisure time I see in my future is Thanksgiving weekend. So if you're not in too big of a rush, I'd like to chew on this a bit more. I need to "study up" a little first, and then of course, it will need your feedback. I'm sorry to be so slow! You've done a fabulous job on this. My goals will be to make it slightly more organized and readable for non-experts while, hopefully, retaining all the good detail you've put in. Also, to make it more compelling as a topic for the uninitiated; it's an extremely important part of the internet and was introduced in a dramatic way all at once in (was it 1983?) and fortunate the average Joe the Plumber can take it absolutely for granted most of the time. Anyway, congratulations on doing such a great job on this, and please bear with me if I try to edit it a bit here and there. It will not be for technical content but for overall tone and style or something mushy like that.[[User:Pat Palmer|Pat Palmer]] 23:51, 23 October 2008 (UTC) |
Revision as of 17:51, 23 October 2008
comment
This article is developing nicely. Thanks to those who have contributed. I think it would benefit from an overview or introduction which briefly explains what DNS is, when it was first rolled out, etc., for those who are not yet familiar with the technology. After all, DNS is a function largely hidden from many computer users who do not delve into the details of how networks are implemented, so even some savvy computer scientists might not know much about it. I appreciate what has been done so far; keep up the good work!Pat Palmer
- Thanks, Pat. While I'm more a subspecialist in routing than DNS, I'm certainly comfortable with it, but for some reason, this is a painful article to write.
- When you speak of the introduction, are you including some of the business and political issues, very important in absolutely current policy meetings, that are dealing with matters such as the creation of a large number of new top level domains? There is a very real collision between the original technical purpose of DNS, and business issues it was never designed to address. To some extent, there are people in business that are trying to coerce the DNS to be a search engine, which doesn't work well both from the technical and intellectual property/trademark law areas. Howard C. Berkowitz 15:42, 5 July 2008 (CDT)
- I think I'd put the discussion of today's politics in a special section. For the intro, I was thinking of describing, for the youngsters who might not remember, what a big innovation DNS initially was--translating raw IP addresses into user-friendly domain names, and vice versa. Also worth mentioning, I think, is how the entire internet managed to cut over to the use of DNS all at once in, was it '83? Only after describing what is is, and how important is was and is, would I go into all the technical details, the stuff that you are very expert in. This is becoming a great article; keep it up!Pat Palmer 18:46, 5 July 2008 (CDT)
Moving to closure on the "capstone" article
I don't want to put that much more into this article rather than subarticles. If things seem too detailed, let me know, but remember there should be a little introduction rather than simply linking to DNS security and the like.
Things that I didn't think needed to be here--should they be?
- Recursive versus iterative resolution
- More than a casual definition of caching
- Load sharing with tricks like round robin multiple addresses on the A record
- Any detail about subdomains, either nondelegated or delegated.
Howard C. Berkowitz 18:11, 8 October 2008 (CDT)
Nice intro!
Wow, nice introduction! I will try to read in detail in the next coupla days (but off to sleep tonight). This has evolved into an excellent article!Pat Palmer 21:03, 8 October 2008 (CDT)
- One thought. Might you say something about resiliency? I think there's some high drama that we could mine here to make this article interesting even to those readers who are not geeks. Haven't there been some attempts to crash the name service (and thus the internet as a whole)? If I recall, there are 12 or so BIG name servers in the sky, so to speak, and though these recent attacks might have brought down a few of them, some always remained, enough to keep the net at least limping along, which was one of the key goals of its original designers. This issue (I hope I recall correctly) should be mentioned somewhere near the top of the article, perhaps in a paragraph of its own entitled "resiliency" or something or other, because it is one of the truly remarkable things about DNS that it is distributed and not centralized and so it's really not all that easy to kill the whole thing. Or so we hope (and so evidence has thus far shown). I haven't read all the article yet, so if this is already well covered, please forgive, in which case, maybe we can bubble it towards the top somehow.Pat Palmer 21:09, 8 October 2008 (CDT)
It's twistier and turnier
...than it looks. Officially, there the twelve named root-servers, A through M. If you look at the actual number of boxes and their locations, however, at http://www.root-servers.org/, you'll find there are 166 actual servers, quite widely distributed.
How do they do that? Well, this is one of the reasons that I wrote anycast, which I hope is close to approval. As you suggest, there are 12 addresses for name servers, but almost all of them are actually anycast addresses. In the anycast article, which does have some DNS examples but not at the root, you'll see how it introduces automatic loadsharing by means of geographic distribution of many instances of the same server. These servers are especially good for anycast, since they are essentially read-only: no synchronization required.
A good question is whether resiliency does need to be brought out an article, simply defining the metrics. Indeed, availability is tricky. It's one thing if there is a 24/7 commitment. Now, assume a machine is 9 to 5. The tech gets there at 4 and stays all night. It's back up at 10 the next morning. How many hours of downtime were there? This is not as obvious as people first think; it gets into contractual language.
Also, you may want to look at multihoming as yet another means of resiliency. Howard C. Berkowitz 21:36, 8 October 2008 (CDT)
Thinking about Pat;s comment about resiliency
Should a sub-article should only address resiliency, which is often considered a response to accident, disaster, or component failure, as opposed to DNS vulnerabilities and attack mitigation? Her mention of a denial-of-service attack on the root servers really falls somewhere inbetween. Incidentally, see [1]; the servers that denied service apparently were the only ones for which anycast backup had not been implemented,
Other attacks are far more specific to DNS than denial-of-service on the root servers, such as the recent attack described by Kaminsky [2]] on DNS cache poisoning. Prevention of such an attack probably will require at least DNS security, but operational techniques such as "trusted DNS" only accessible to a closed community of ISPs are an additional measure. Where is the balance between the resiliency, vulnerability, and DNSSEC articles?
Howard C. Berkowitz 08:18, 10 October 2008 (CDT)
Plans for this article
Howard, if I understand correctly, you're hoping to more this article towards approval. I think all the basic building blocks are assembled here. Yet, I'd like to make a stab at editing on it at some point. Unfortunately, I don't have a lot of free time right now, and the next block of leisure time I see in my future is Thanksgiving weekend. So if you're not in too big of a rush, I'd like to chew on this a bit more. I need to "study up" a little first, and then of course, it will need your feedback. I'm sorry to be so slow! You've done a fabulous job on this. My goals will be to make it slightly more organized and readable for non-experts while, hopefully, retaining all the good detail you've put in. Also, to make it more compelling as a topic for the uninitiated; it's an extremely important part of the internet and was introduced in a dramatic way all at once in (was it 1983?) and fortunate the average Joe the Plumber can take it absolutely for granted most of the time. Anyway, congratulations on doing such a great job on this, and please bear with me if I try to edit it a bit here and there. It will not be for technical content but for overall tone and style or something mushy like that.Pat Palmer 23:51, 23 October 2008 (UTC)