Jump to content

The Domain Name System: Difference between revisions

From ICANNWiki
JP (talk | contribs)
No edit summary
minor editing
 
(8 intermediate revisions by 4 users not shown)
Line 2: Line 2:
   |__TOC__
   |__TOC__
   |}
   |}
The '''Domain Name System (DNS''') is a hierarchical naming system for computers, services, or any other resources connected to the Internet. See [[How the Domain Name System Works]] for a brief overview of the DNS.
The '''Domain Name System (DNS''') is a hierarchical naming system for computers, services, or any other resources connected to the Internet. See [[How the Domain Name System Works]] for a brief overview of the DNS. See [[Pre-ICANN History of the DNS]] for the development of the DNS in the 20th century. The DNS is a Namespace: a collection of wordstrings organized into a hierarchy of labels. It is a distributed name registration framework that assigns unique licenses to use to human-readable strings for money. It is also distributed database that assigns wordstrings to IP addresses. It is a protocol to resolve wordstrings into an attribute (a singular IP address. It is a signaling medium.<ref>[https://apacdnsforum.my/virtual/180/lobby Geoff Huston, Future of the Domain Name System, APAC DNS Forum 2022]</ref>
 
An analogy would be that the DNS is the phonebook of the Internet. Humans access information online through domain names, like example.com. Web browsers interact through Internet Protocol (IP) addresses. The DNS translates domain names to IP addresses so browsers can load Internet resources. When an user open a web browser and goes to a website, they don't have to remember and enter a long number. Instead, they can enter a domain name like example.com. Each device connected to the Internet has a unique IP address which other machines use to find the device. DNS servers eliminate the need for humans to memorize IP addresses such as 192.168.1.1 ([[IPv4]]), or more complex newer alphanumeric IP addresses such as 2001:0000:130F:0000:0000:09C0:876A:130B ([[IPv6]]).


==DNS Components==
==DNS Components==
Line 13: Line 15:
===[[Top-Level Domain|Top-Level Domains]]===
===[[Top-Level Domain|Top-Level Domains]]===
*The DNS maintains a database of top-level domains (TLDs) that can be accessed via the Internet. Top-level domains fall into three broad categories:  
*The DNS maintains a database of top-level domains (TLDs) that can be accessed via the Internet. Top-level domains fall into three broad categories:  
**[[GTLD|generic TLDs]] (gTLDs);  
**[[GTLD|generic TLDs]] (gTLDs);
**[[CcTLD|country code TLDs]] (ccTLDs); and  
**[[CcTLD|country code TLDs]] (ccTLDs); and
**[[Internationalized Domain Name|internationalized domain names]] (IDNs)
**[[Internationalized Domain Name|internationalized domain names]] (IDNs)
*[[Registry]] operators maintain the database of registrations for a particular TLD.
*[[Registry]] operators maintain the database of registrations for a particular TLD.
Line 21: Line 23:
===Foundational Operating Documents===
===Foundational Operating Documents===
*[[RFC 1591]] remains a core conceptual framework describing [[IANA]]'s role in the delegation and oversight of top-level domains.
*[[RFC 1591]] remains a core conceptual framework describing [[IANA]]'s role in the delegation and oversight of top-level domains.
*The [[Affirmation of Commitments]] forms the basis for much of ICANN's mission and operational mandate to maintain the security, stability, and resiliency of the DNS.
*The [[Affirmation of Commitments]] formed the basis for much of ICANN's mission and operational mandate to maintain the security, stability, and resiliency of the DNS.


==Challenges==
==Challenges==
[[DNS Value and Vulnerability|Ensuring the resiliency, stability, and security of the DNS is critical to perpetuating the usefulness of the Internet]]. The DNS has two key types of vulnerabilities: complexity and bad actors.
Continuing the hegemony of the DNS as the Internet means coping with the issues and questions about control ([[Internet Governance|who gets to control it]]), [[Data Privacy]], [[trust]], [[Internet Fragmentation|fragmentation]], security as a rendezvous tool and a collection of markets, [[DNS Abuse]], [https://www.icann.org/en/public-comment/proceeding/recommendations-for-early-warning-for-root-zone-scaling-05-10-2020 scaling], [https://www.senki.org/network-operations-scaling/dns-latency-and-performance-test-tools/ speed], and the [https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3746594 economics].
Ensuring the resiliency, stability, and security of the DNS is critical to perpetuating the usefulness of the Internet. The DNS has two key types of [[DNS Value and Vulnerability|vulnerabilities]]: complexity and bad actors.
===Complexity===
===Complexity===
#Cybersecurity experts are concerned about the [[DNS Camel]], which refers to the inexorable growth of DNS protocols over the past three decades, making it increasingly difficult to implement and secure DNS advancements.<ref>[https://www.ietf.org/blog/herding-dns-camel/ Herding the DNS Camel. IETF Blog]</ref>
#Cybersecurity experts are concerned about the [[DNS Camel]], which refers to the inexorable growth of DNS protocols over the past three decades, making it increasingly difficult to implement and secure DNS advancements.<ref>[https://www.ietf.org/blog/herding-dns-camel/ Herding the DNS Camel. IETF Blog]</ref>

Latest revision as of 22:04, 18 July 2024

The Domain Name System (DNS) is a hierarchical naming system for computers, services, or any other resources connected to the Internet. See How the Domain Name System Works for a brief overview of the DNS. See Pre-ICANN History of the DNS for the development of the DNS in the 20th century. The DNS is a Namespace: a collection of wordstrings organized into a hierarchy of labels. It is a distributed name registration framework that assigns unique licenses to use to human-readable strings for money. It is also distributed database that assigns wordstrings to IP addresses. It is a protocol to resolve wordstrings into an attribute (a singular IP address. It is a signaling medium.[1]

An analogy would be that the DNS is the phonebook of the Internet. Humans access information online through domain names, like example.com. Web browsers interact through Internet Protocol (IP) addresses. The DNS translates domain names to IP addresses so browsers can load Internet resources. When an user open a web browser and goes to a website, they don't have to remember and enter a long number. Instead, they can enter a domain name like example.com. Each device connected to the Internet has a unique IP address which other machines use to find the device. DNS servers eliminate the need for humans to memorize IP addresses such as 192.168.1.1 (IPv4), or more complex newer alphanumeric IP addresses such as 2001:0000:130F:0000:0000:09C0:876A:130B (IPv6).

DNS Components[edit | edit source]

  • Distributed Database: an archive of information about the computers in a network
  • Name Servers: contain address information about other computers on the network
  • Domain Name Resolvers do the work of translating domain names into numeric IP addresses based on the canonical database in the root zone.
  • The DNS Root Zone is the network of database servers that maintain the names and the numeric IP addresses of over 1500 gTLDs, ccTLDs, and IDNs.
  • Domains: logical groups of computers in a large network

Top-Level Domains[edit | edit source]

Foundational Operating Documents[edit | edit source]

  • RFC 1591 remains a core conceptual framework describing IANA's role in the delegation and oversight of top-level domains.
  • The Affirmation of Commitments formed the basis for much of ICANN's mission and operational mandate to maintain the security, stability, and resiliency of the DNS.

Challenges[edit | edit source]

Continuing the hegemony of the DNS as the Internet means coping with the issues and questions about control (who gets to control it), Data Privacy, trust, fragmentation, security as a rendezvous tool and a collection of markets, DNS Abuse, scaling, speed, and the economics. Ensuring the resiliency, stability, and security of the DNS is critical to perpetuating the usefulness of the Internet. The DNS has two key types of vulnerabilities: complexity and bad actors.

Complexity[edit | edit source]

  1. Cybersecurity experts are concerned about the DNS Camel, which refers to the inexorable growth of DNS protocols over the past three decades, making it increasingly difficult to implement and secure DNS advancements.[2]
  2. As the number and kind of TLDs continue to expand, Universal Acceptance becomes an increasingly important topic.

Bad Actors[edit | edit source]

  1. Internet governance organizations, registries, registrars, and the business constituency are very concerned about DNS Abuse, which refers to the exploitation of the DNS for malicious purposes. In particular, a debate rages over where technical abuse ends and where content abuse begins.[3]

Associated Bodies[edit | edit source]

ICANN exists to "facilitate the openness, interoperability, resilience, security and/or stability" of the Domain Name System (DNS).[4] Although ICANN as a whole is dedicated to the mission of preserving an open, interoperable, resilient, secure, and stable DNS, specific committees, organizations, and entities are directly focused on the technical operation of the DNS:

ICANN Bodies[edit | edit source]

Other Organizations[edit | edit source]

References[edit | edit source]