People of ACM - Paul Mockapetris
August 25, 2020
What prompted you to develop the DNS system? What were the key challenges you had to overcome to make the DNS system work?
There were several thought papers and proposals for what would replace HOSTS.TXT. Jon Postel, my supervisor at ISI, asked me to see if I could put together a compromise, but most of the “DNA” in the DNS came from my experiences building distributed systems at the MIT Architecture Machine Group (now the Media Lab) and the Distributed Computer System Project at UC Irvine.
The first challenge was to build in as much functionality as possible using a simple set of features—that was essential to get early adoption and implementation. The second challenge was to try to create a design built for the added functionality I felt was sure to follow early success. It’s as if I designed the basement and first two floors of a building using primitive materials, while expecting it to evolve into a skyscraper.
With the benefit of hindsight, would you do anything differently if you were designing the DNS today?
While I tried to separate the basic principles in one document (RFC 882, later RFC 1034) from the implementation suggestions (RFC 883, later RFC1035), I probably should have created a third document explaining the design choices, and my theories for what could/should come next. This wouldn’t have been for the typical user or even implementer, but might have steered the folks who added extensions (and there’s probably a hundred proposed, adopted, or discarded) to create a more coherent DNS of today.
What kinds of challenges are you working on now at ThreatSTOP?
One of the ways to defend your network is to block traffic from known bad actors. What ThreatSTOP does is to collect hundreds of threat intelligence feeds from commercial, open source and private sensors, and then deliver that intelligence in real time to our subscribers' computers, routers, firewalls, etc. This type of defense is part of the typical endpoint (e.g. laptop) defense, but deploying it in routers and DNS servers protects network devices that have little or no inherent security. The Internet of Things, aka IoT, is probably larger than the pure population of computers with their antivirus protection, and includes things like printers, cameras, access control systems, HVAC, robotic surgery devices and your new TV set.
Another project is to incorporate full DNS servers into every laptop. The challenge here isn’t resources; it’s an easy-to-use system that can configure itself. While the tide of centralization is driven by commercial interests seeking monopolies or oligopolies, decentralization has its own benefits, including controlling your own DNS filtering strategy.
How will current challenges shape the internet five years from now?
I wish I could say that we are winning the war to make cyberspace secure, but to me that battle includes reducing the complexity of the systems we protect, and that isn’t happening. Coherent architectures let systems scale yet remain understandable, and controlling complexity is the prime directive.
Paul V. Mockapetris is Chief Scientist at ThreatSTOP Inc., a cloud-based network security company based in Carlsbad, California. In 1983, while at the Information Science Institute (ISI) of the University of Southern California, Mockapetris invented the Domain Name System (DNS) for the internet.
Prior to DNS, HOSTS.TXT (a single file) matched host names to numerical IP addresses of networked computers, and every computer had to get a current copy from the Network Information Center at Stanford Research Institute (SRI), and any changes to configuration had to go through SRI during business hours.
DNS replaced this with a distributed database that let organizations get control of their own domains so they could manage their own data, eliminating the chokepoint at SRI. From day 1, the DNS had server redundancy built in to eliminate any single point of failure. DNS also allowed for new data types and operations. The DNS thus primed the internet to grow in three dimensions: size, reliability, and function.
Over the next several decades, Mockapetris has continued to contribute to the development of the DNS and the internet through various roles in research and industry, including serving as Internet Engineering Task Force (IETF) chair and Defense Advanced Research Projects Agency (DARPA) program manager.
Mockapetris’s many honors include receiving the ACM SIGCOMM Award (2005), the ACM SIGCOMM Test-of-Time Paper Award (2006) and being inducted into the Internet Hall of Fame (2012). Recently, he was named the recipient of the 2019 ACM Software System Award for development of the DNS.