DNS quo vadis: Addressing challenges and the future functionality of the DNS

9 Jun 2018 02:00h

Event report

This session explored challenges related to the Domain Name System (DNS). The moderator, Mr Laurin Weissinger (DPhil student, University of Oxford) called for an open discussion on issues such as (geo)political shifts and disagreements, technical and architectural issues, and the fight against the DNS abuse.

Co-moderator Mr Chris Buckridge (External Relations Manager, RIPE Network Coordination Centre (RIPE NCC)) put forward the question of focus: Should we focus on the technical challenges of the DNS or on improving how the Internet community uses the DNS system? Buckridge reminded participants that when the DNS is being mended, it remains in use as the core of the Internet and users’ access should not be endangered.  

The focus of Ms Alexandra Kulikova (Global Stakeholder Engagement Director – Eastern Europe and Central Asia, Internet Corporation for Assigned Names and Numbers (ICANN)) was that the Internet today is the result of the so-called network effect. The more people use the DNS system as it is, the more our global Internet depends on it. According to Kulikova, in order to mitigate the potential harm of the ‘network effect’, we need to be aware of the pressures on this 30-year-old system. ‘The DNS system is constantly evolving’, Kulikova said. She reminded the audience that ICANN is researching new emerging identifier technologies such as blockchain and Digital Object Architecture (DOA). The stability of the Internet as it is today remains the responsibility of ICANN, and the Root KSK Rollover that was postponed in 2017, is set to take place in October 2018. 

Speaking from the law enforcement perspective was Mr Grégory Mounier (Head of Outreach, European Police Agency (Europol)). Mounier stated that ‘criminals and malicious businesses online very frequently use the DNS to carry out their activities.’ From less to more aggressive techniques such as launching attacks, stealing personal data, and hiding from the law, the abuses are difficult to prevent. Mounier recognised that it is important to strengthen security measures around the DNS to prevent domain shadowing, hijacking, and so on. However, these measures are a double-edged sword for law enforcement because they also add a layer of protection to the abuses. The main challenge remains developing new monitoring tools. The existing technology and data can measure the rate of abuse almost in real time, but when it comes to fighting abuse of DNS Registries, corresponding tools are lacking. The key is to gradually reduce the rate of abuse, and not stifle competition and DNS functionality. 

Mr Peter Koch (Senior Policy Advisor, DENIC) highlighted that the DNS system has become increasingly complex over the last 30 years. Adoption of protocols and capital changes of the Internet infrastructure cannot be demanded; changes have to come from the governing and policy-making side. Koch noted that regulation is not necessarily good or bad, but it should be well informed from both technical and informational perspectives. It should also consider long-term architectural consequences of even the smallest of changes made to the system. Addressing the concerns raised by Mounier, Koch noted that the DNS abuses are not a technical issue, but rather a wider issue of Internet abuse. According to Koch, the main challenge lies beyond the protocol itself. The technical complexity should not compromise the stability of the Internet. Regulation and standardisation need to be addressed carefully, because innovation and the changing of the parameters of the DNS system on a global scale can have negative consequences worldwide.

Mr David Tabatadze (IT Service Manager, Georgian Research and Educational Networking Association (GRENA)) underscored the main challenges as a lack of implementation, privacy concerns, data collection, governmental control, and the creation of the ‘other Internets’.  Tabatadze added that the insufficient deployment of the DNS Security Extensions (DNSSEC) poses another complication to the future functionality of the DNS.