An Internet Visionary Looks at the Future of DNS
This year, Neustar celebrates the 20th anniversary of a true Internet original, UltraDNS. When Rodney Joffe, founder of UltraDNS, first unveiled his vision for a resilient, performance-enhancing DNS solution two decades ago, it was a revolutionary idea. Today, UltraDNS is recognized as both a pioneer and a leader in the industry.
The genesis of UltraDNS began when Joffe realized that DNS was being woefully underutilized. In 1998, the Internet community regarded DNS as a simple protocol designed to route web and server requests in the same fashion, every time. Joffe, however, believed that DNS could do much more by leveraging Anycast technology to customize the DNS answer based on the source of the request. The resulting product, UltraDNS, forever changed the way that people, places and things are connected on the Internet.
Over the years, Neustar has significantly expanded the capabilities of UltraDNS, particularly around the area of DNS security. Joffe believes that the story of DNS is still being written, prompting us to find out from the UltraDNS founder himself what he sees as the future of DNS.
Q: The rule of the Internet is change or die. How do you see DNS changing in the coming years?
Rodney Joffe: DNS has evolved in a way that it’s now become embedded in everything we do. Over the next several years, we’ll begin to see DNS used for things that we couldn’t have envisioned 20 years ago, such as managing digital certificates, distributing security keys and enforcing digital rights. DNS will continue to become more than a protocol or a service; it will continue to evolve into a platform for managing things like devices on the Internet.
Q: So DNS will have an important role to play in the Internet of Things (IoT)?
RJ: IoT has technically been around in one form or another since the 1980s. In the coming years, yes, there will be a lot more devices connected to the Internet. Something will need to manage the directory/registry information and authentication credentials for all these devices, and DNS is a logical platform to do that. The real changing force in the Internet, however, will come not with the “thingafication” of the Internet, but the vulcanization of the Internet.
Q: What do you mean by a vulcanization of the Internet?
RJ: It’s been said that no one country can control the Internet. And while that’s still true, what you’re seeing today are countries enforcing physical borders on their own sections of the Internet. China has done this for years. Russia is in the process of doing this. The goal of these countries is to have a kind of security-hardened Internet, thus the idea of vulcanization. DNS will have an interesting role to play in all this, as it is the basis for directing users from point A to point B. For example, a user in China might submit a DNS query for Facebook, and the DNS server could direct them to either a state-approved social media site or a page simply stating that the requested web page has been blocked. This will fundamentally change the way the Internet works for millions of users.
Q: What do you see as the next big security threat for DNS?
RJ: Ironically, the next big threat in DNS security will probably be very small micro-attacks. While large-scale DDoS attacks will still exist, we’re pretty effective as an industry at mitigating those. Where we’re vulnerable is our inability to detect small, targeted attacks that either corrupt the DNS response during transit or exploit a weakness in the DNS servers or software. As an illustration, think of someone driving along the highway and suddenly encountering a detour sign pointing them down a different road. The sign looks legitimate, but unbeknownst to them the sign was placed there right before they arrived and will disappear once they pass. These kinds of attacks are highly targeted to redirect a single user to a phishing site or other dangerous location, and they’re very difficult to protect against because detection and mitigation needs to happen in real-time to be effective.
While it’s impossible to stop every DNS attack, it’s imperative that we try. We spend a lot of our time at Neustar looking at how to detect these minute attacks and mitigate the damage. Much of the work we’re doing in threat analytics today is bleeding-edge technology that will allow organizations to automate the detection and mitigation process and stop these micro-attacks in the future. It’s exciting developments like this that make working in the DNS space as exciting today as it was 20 years ago.