The Domain Name System (DNS) has a very simple but important task, and with the proliferation of devices running in IPv6 networks, the service faces several challenges. At first glance, the Domain Name System performs a relatively simple set of tasks. Its main purpose is to convert domain names that are easy to read and remember into numeric IP addresses. IP address is the basis for identifying computers on local area networks and the Internet. As an example of the functionality of DNS, the IPv4 address of the TechTarget website was resolved by DNS to 206.19.49.102.
So, in one respect, DNS is a relatively simple service to understand. However, if one takes a deeper look, one will find that DNS is full of complexity due to its hierarchical and decentralized nature. It's also an aging system with many security vulnerabilities, and there are concerns it may not be able to meet growing global demands and keep up with changing online trends.
Function and architecture of DNS
According to statistics from the Internet Assigned Numbers Authority (IANA), there are only 13 DNS root server systems in the world. Among these 13 DNS root server systems, there are thousands of DNS servers acting as root servers. The DNS function uses a hierarchy to manage millions of IP address mappings from top-level and second-level domains. At the bottom of this hierarchy, medium and large organizations often maintain their own sub-DNS servers locally in order to map dedicated servers to internal DNS names. When server resolution outside the local business domain is required, these DNS servers will contact the recursive resolver DNS server. A recursive resolver server is typically an Internet Service Provider (ISP) or a third-party DNS service on the Internet. If the recursive resolver server does not have the answer to the DNS query, its request continues upward until it reaches the root server. Although the underlying architecture of DNS has remained unchanged since its inception, the number of DNS servers in use continues to increase.
Security remains a primary concern
The biggest concern for DNS managers in 2018 is how to deal with the inevitable various vulnerability attacks, misconfigurations and distributed denial of service (DDoS) attack. In 2016, DNS service provider Dyn suffered a large-scale DDoS attack, which also affected major Internet websites including Twitter, GitHub, and Spotify. And that same year, an administrator at cloud computing service provider Scalr mistakenly deleted DNS records due to "flawed logic," causing undesirable consequences. In addition, new vulnerabilities still exist in some popular DNS server software. Google discovered several remote code vulnerabilities in the popular Dnsmasq server software in October 2017. Such situations abound. Failures and attacks on critical DNS servers remain one of the Internet's weakest links. Although there are many methods and concepts to fix these security problems, progress is slow.
The Exponential Growth of Endpoints and the Impact of IPv6
Nearly every endpoint residing on an IP network relies on DNS servers to find other network connectivity resources. Although there are currently 8 billion to 9 billion IoT devices in the world, according to the forecast of the research firm Gartner, this number will more than double by the end of 2020, and IoT devices will exceed 20 billion. Therefore, unless the number of DNS servers in operation is significantly increased or the DNS query process is simplified, the doubling of IoT devices is expected to put tremendous pressure on DNS servers.
Perhaps the biggest disruptive impact of DNS server deployment in 2018 will be due to the increase in the number of IoT devices running in IPv6-only networks. Until recently, the unique problems found with IPv6 DNS have been obscured by the fact that most IPv6 deployments operate in dual-stack mode. Dual stack refers to endpoints running IPv4 and IPv6 at the same time. However, more and more network providers (especially mobile Internet companies) are starting to roll out IPv6 protocols instead of dual stacking them with IPv4 protocols.
As this trend toward IPv6-only devices continues, architectural issues supporting stateless address autoconfiguration and DHCPV6 (Dynamic Host Configuration Protocol version 6) may push IPv6 DNS server deployments to All over the world. Therefore, network technicians must quickly address these inefficiencies.
Conclusion
Some people say that DNS functionality is just one item in a list of important network standards and protocols, but that is an understatement. As people continue to rely on the Internet for business and personal use, the functions performed by DNS make it one of the most important services people apply today. As Internet usage increases worldwide, and as people adopt or migrate to new and better network technologies, DNS remains critical in terms of performance, reliability, and scalability.