The Internet and the players associated with it are in a constant state of change. Experts from nic.at outline possible scenarios: How is the Domain Name System developing? And in which direction is Anycast technology going?
"It's an incredible success story," says Alexander Mayrhofer. The Head of Research & Development at nic.at talks about the Domain Name System (DNS). A hierarchical and decentralised system that converts numerical information into domains. And it has been doing so for more than 35 years. "This is an achievement that is unparalleled in IT history." After all, he says, the internet traffic of 1985 cannot be compared to today. "We have six billion internet users, that's two-thirds of the world's population, and the protocol still works well." However, Mayrhofer also knows that there are weak points. His colleague, Klaus Darilion, Head of Operations at nic.at, names several: "The DNS was developed at a time when only people with good intentions used the internet. It's like a phone book, but it was never intended to check who was looking in the phone book. If someone massively overloads the servers, we have no way of finding out who it was." The DNS has the problem that most traffic is based on a stateless protocol where the sender address can be faked. Darilion points out, "there are big security holes because there are more and more people attacking the system." This leads, for example, to the DNS being fed with false data to redirect internet users to fraudulent websites.
The name structure will remain
Where is the DNS heading? Alexander Mayrhofer separates the Domain Name System into two parts for his analysis: One part is the administration of the name space, the digital telephone book. "The basic name structure is baked in and will not change," Mayrhofer suspects. "Today what a domain has to look like is already part of our culture. If the dot is missing, no one associates it with a domain name." The DNS protocol is also difficult to replace, he adds, because it is standard in many devices. "You can't change the basic features of the protocol." However, this does not apply to the second part of the DNS, Mayrhofer emphasises. This is the part that transmits information between computers. "In this respect, there will be a significantly greater diversity. There will also be some changes in the area of encryption. More modern transport protocols will provide more security. For example, there will be requests via other protocols or web browsers." The user will not notice much of this, however. "The structure of the DNS operators is constantly being disrupted by attacks, so it is important to recognise these attacks and react more dynamically," says Mayrhofer.
Scaling up with Anycast
"The DNS will still exist in ten years – possibly with small differences as far as security is concerned", says Richard Wein, CEO at nic.at. Thus, the Anycast service RcodeZero DNS from nic.at will still have its raison d'être when it comes to the topic of DNS security. "The advantage with Anycast is that it can be scaled across the board", says the technical managing director Robert Schischka. "Currently there are 13 root servers worldwide, and you often read that this is problematic. But of course Anycast is also in use there," explains Schischka. "For top-level domain registries, it is good practice to have several Anycast operators, so we are one of the most attractive providers for the European TLDs."
Machine Learning as a trend
And in which direction will Anycast go? "Companies or registrars will operate their own name servers less and less in the future, the effort is too much. The service is increasingly being outsourced, which speaks in favour of our product," says Alexander Mayrhofer. And he dares to take another look into the future: "I could imagine that in the future you will be able to gain more information from the operational data of your domain. It is becoming increasingly important for customers to be informed about the status of their services: How much traffic is there? How is it developing?", says Mayrhofer. nic.at already has a statistics website, where customers can query data for their domain. "In the future, it could be interesting to add an analysis based on machine learning to this service, in order to detect irregularities. Every activity on the internet typically results in a DNS query. From this information, one could gain many insights regarding the operation of one's own domain. For example, whether there is a strange clustering of queries from a certain geographical area. DNS traffic on a domain is a good indicator of anomalies." Mayrhofer emphasises: "There is nothing concrete behind these ideas yet, but this is how it could develop."