Talk:Domain Name System/Draft
comment
This article is developing nicely. Thanks to those who have contributed. I think it would benefit from an overview or introduction which briefly explains what DNS is, when it was first rolled out, etc., for those who are not yet familiar with the technology. After all, DNS is a function largely hidden from many computer users who do not delve into the details of how networks are implemented, so even some savvy computer scientists might not know much about it. I appreciate what has been done so far; keep up the good work!Pat Palmer
- Thanks, Pat. While I'm more a subspecialist in routing than DNS, I'm certainly comfortable with it, but for some reason, this is a painful article to write.
- When you speak of the introduction, are you including some of the business and political issues, very important in absolutely current policy meetings, that are dealing with matters such as the creation of a large number of new top level domains? There is a very real collision between the original technical purpose of DNS, and business issues it was never designed to address. To some extent, there are people in business that are trying to coerce the DNS to be a search engine, which doesn't work well both from the technical and intellectual property/trademark law areas. Howard C. Berkowitz 15:42, 5 July 2008 (CDT)
- I think I'd put the discussion of today's politics in a special section. For the intro, I was thinking of describing, for the youngsters who might not remember, what a big innovation DNS initially was--translating raw IP addresses into user-friendly domain names, and vice versa. Also worth mentioning, I think, is how the entire internet managed to cut over to the use of DNS all at once in, was it '83? Only after describing what is is, and how important is was and is, would I go into all the technical details, the stuff that you are very expert in. This is becoming a great article; keep it up!Pat Palmer 18:46, 5 July 2008 (CDT)
Moving to closure on the "capstone" article
I don't want to put that much more into this article rather than subarticles. If things seem too detailed, let me know, but remember there should be a little introduction rather than simply linking to DNS security and the like.
Things that I didn't think needed to be here--should they be?
- Recursive versus iterative resolution
- More than a casual definition of caching
- Load sharing with tricks like round robin multiple addresses on the A record
- Any detail about subdomains, either nondelegated or delegated.
Howard C. Berkowitz 18:11, 8 October 2008 (CDT)
Nice intro!
Wow, nice introduction! I will try to read in detail in the next coupla days (but off to sleep tonight). This has evolved into an excellent article!Pat Palmer 21:03, 8 October 2008 (CDT)
- One thought. Might you say something about resiliency? I think there's some high drama that we could mine here to make this article interesting even to those readers who are not geeks. Haven't there been some attempts to crash the name service (and thus the internet as a whole)? If I recall, there are 12 or so BIG name servers in the sky, so to speak, and though these recent attacks might have brought down a few of them, some always remained, enough to keep the net at least limping along, which was one of the key goals of its original designers. This issue (I hope I recall correctly) should be mentioned somewhere near the top of the article, perhaps in a paragraph of its own entitled "resiliency" or something or other, because it is one of the truly remarkable things about DNS that it is distributed and not centralized and so it's really not all that easy to kill the whole thing. Or so we hope (and so evidence has thus far shown). I haven't read all the article yet, so if this is already well covered, please forgive, in which case, maybe we can bubble it towards the top somehow.Pat Palmer 21:09, 8 October 2008 (CDT)
It's twistier and turnier
...than it looks. Officially, there the twelve named root-servers, A through M. If you look at the actual number of boxes and their locations, however, at http://www.root-servers.org/, you'll find there are 166 actual servers, quite widely distributed.
How do they do that? Well, this is one of the reasons that I wrote anycast, which I hope is close to approval. As you suggest, there are 12 addresses for name servers, but almost all of them are actually anycast addresses. In the anycast article, which does have some DNS examples but not at the root, you'll see how it introduces automatic loadsharing by means of geographic distribution of many instances of the same server. These servers are especially good for anycast, since they are essentially read-only: no synchronization required.
A good question is whether resiliency does need to be brought out an article, simply defining the metrics. Indeed, availability is tricky. It's one thing if there is a 24/7 commitment. Now, assume a machine is 9 to 5. The tech gets there at 4 and stays all night. It's back up at 10 the next morning. How many hours of downtime were there? This is not as obvious as people first think; it gets into contractual language.
Also, you may want to look at multihoming as yet another means of resiliency. Howard C. Berkowitz 21:36, 8 October 2008 (CDT)
- Howard, I really like your explanation here and I will be looking for the right way to fold this into the article itself.Pat Palmer 23:53, 23 October 2008 (UTC)
- How much should be here, and what about a general availability article? I really like that "how many hours was it down" question to get people thinking, a variant being was "if it didn't work between 6PM and 6AM, was it down at all?" Of course, some of this is in anycast, but only DNS as an incidental comment. I'll probably drop you an email; I must go and see to the bread I have rising. Howard C. Berkowitz 00:08, 24 October 2008 (UTC)
Thinking about Pat;s comment about resiliency
Should a sub-article should only address resiliency, which is often considered a response to accident, disaster, or component failure, as opposed to DNS vulnerabilities and attack mitigation? Her mention of a denial-of-service attack on the root servers really falls somewhere inbetween. Incidentally, see [1]; the servers that denied service apparently were the only ones for which anycast backup had not been implemented,
Other attacks are far more specific to DNS than denial-of-service on the root servers, such as the recent attack described by Kaminsky [2]] on DNS cache poisoning. Prevention of such an attack probably will require at least DNS security, but operational techniques such as "trusted DNS" only accessible to a closed community of ISPs are an additional measure. Where is the balance between the resiliency, vulnerability, and DNSSEC articles?
Howard C. Berkowitz 08:18, 10 October 2008 (CDT)
Plans for this article
Howard, if I understand correctly, you're hoping to more this article towards approval. I think all the basic building blocks are assembled here. Yet, I'd like to make a stab at editing on it at some point. Unfortunately, I don't have a lot of free time right now, and the next block of leisure time I see in my future is Thanksgiving weekend. So if you're not in too big of a rush, I'd like to chew on this a bit more. I need to "study up" a little first, and then of course, it will need your feedback. I'm sorry to be so slow! You've done a fabulous job on this. My goals will be to make it slightly more organized and readable for non-experts while, hopefully, retaining all the good detail you've put in. Also, to make it more compelling as a topic for the uninitiated; it's an extremely important part of the internet and was introduced in a dramatic way all at once in (was it 1983?) and fortunate the average Joe the Plumber can take it absolutely for granted most of the time. Anyway, congratulations on doing such a great job on this, and please bear with me if I try to edit it a bit here and there. It will not be for technical content but for overall tone and style or something mushy like that.Pat Palmer 23:51, 23 October 2008 (UTC)
- P S, one thing I'll probably do is remove the boldface type; style guidelines, I believe, suggest that only the article title be bolded the first time it is used. I think we can achieve an appropriate amount of emphasis, in most cases, my moving the information up, and by (sometimes rather radically) rewording the way the information is imparted. If this makes no sense, please wait and I'll try my hand and you are welcome to grouse if you don't like the outcome; we can always revert!Pat Palmer 23:56, 23 October 2008 (UTC)
- No problem. This is meant as a capstone introduction, and we might decide some material, or perhaps the level of detail of presentation, belongs in a subordinate article. The ideal would be to think of it as a part of a set, and, since my whiteboard isn't up in temporary quarters, may try to put not just DNS, but the twistiness and turniness with which a lot of things are coming together: DNS, IPv6, IPSec, PKI, DNSSEC (which is probably confusing because it really isn't ready for prime time), and a few other things. I'm also thinking about where QoS and availability go; I'm tempted to update some of my book text in those areas.
- It may well be that you will have a better rewording for this article, and the wording that I have belongs somewhere in the tree below. You probably have a better sense of the beginner than I do; it's been a long time since I did introductory networking classes. Actually, I largely got out of teaching when it became a matter of teaching Cisco certification test rather than the subject.
- As far as Joe the Plumber, a master plumber once gave me some of the Laws of Plumbing. "Water runs downhill" is #3. #2 is "Anyone can run water pipe; only real plumbers can vent." The First Law, however, is relevant to networks: "If it don't leak, don't fix it."Howard C. Berkowitz 00:05, 24 October 2008 (UTC)
Comments & questions
Nit-picking: intro has "translates to and from raw IP addresses and domain names". Would it be clearer as "translates in both directions between raw IP addresses and domain names"?
BIND is mentioned. Certainly it is the commonest, but what about other DNS implementations? Bernstein's [3] is fairly widely used, especially for people who only need a caching server, not authoritative, e.g. on firewalls for small organisations. There are others.
I hate to ask, but is there a Microsoft DNS server? Do we need a link to some coverage of how naming on an MS or Novell network interfaces to DNS? Or how an SNA network does? I am emphatically not suggesting those topics should be covered in any detail in this article, but a sentence and a link each might be needed.
There's quite a bit of detail on setting up an authoritative name server. Obviously, that belongs somewhere in an encyclopedia, but is this the right place? Or should some text move to lower level articles, perhaps DNS administration, leaving this as a higher-level overview? On the other hand, I see mention of caching-only servers, but nothing on setting those up. Should that be added?
RFC 4322 proposes using DNS to manage keys for IPsec. Sandy Harris 15:26, 31 October 2008 (UTC)
- And there's a Domain Name System security subarticle where that is mentioned; that may be the place for it, or there may be a need for yet another subarticle on Domain Name System support for IPSec (or IPSec use of DNS, or various redirects). The question was whether it should be mentioned at all here. As I see this article's role and level, I definitely would not give the RFC here. The queestion is how little, not how much, is necessary and sufficient for the top-level article.
Editing per Howard's request
Today I have begun in-depth editing of this article per Howard Berkowitz' request. I am going to catalog my major revisions and suggestions below. I expect this will take several days. My approach is to read top-down and assume that I know not-too-much about computers. This article is currently nicely written at the appropriate level for college CS students, which is great, but I also think we can make it accessible to those with less prior background in telephony and networking, and you will see my efforts along the way towards that end.Pat Palmer 13:55, 13 February 2009 (UTC)
Summary of Pat's edits:
- Revised the wording of the intro to make it simpler and more self-consistentPat Palmer 14:19, 13 February 2009 (UTC)
- Provided a small stub article defining what an IP address isPat Palmer 14:19, 13 February 2009 (UTC)
- Moved the TOC down below the opening paragraph; I strongly feel that people should be allowed to peruse the introduction without interference from the TOCPat Palmer 14:19, 13 February 2009 (UTC)
- I added a discussion of the binding concept to the bottom of the intro, because it is one of the guiding principles of systems design that is now implemented all over the place, and DNS was the first great implementation of itPat Palmer 17:04, 13 February 2009 (UTC)
- I added resiliency and security as article topics in the intro (though I tried to hintr that this may be covered in related sub-articles)Pat Palmer 17:04, 13 February 2009 (UTC)
- I tried to define the goals in the intro: 1) explain what DNS does, 2) explain how it does it, 3) clarify why it's not the same as a search engine (and should not be), 4) discuss its critical role to the internet, and thus the importance of protecting it from the growing press of attacks while keeping it usefulPat Palmer 17:04, 13 February 2009 (UTC)
- Don't look to closely at the history; I managed to delete most of the article by accident and had to restore it (a very messy process, had to figure out how to do it)Pat Palmer 17:04, 13 February 2009 (UTC)
- Let me go read in detail. A few quick responses:
- There are existing articles that have IP address as a subtopic; some reorganizations (maybe splitting into subarticles) may exist.
- The intro vs. TOC is something of a religious issue, and, sooner or later, we need at least workgroup standards. I have a very different and strong feeling that having the TOC at the beginning is part of what I want to see to know what's in the article.
- Let me look at the resiliency and security and how best to link them. As you know, any IETF specification has a security section. We might want to have a standard form, even an infobox (although I hate the things) for all top-level protocol/service articles (e.g., security considerations, numbering and identifier (IANA) considerations, deployment issues, resiliency (somewhat overlapping security).Howard C. Berkowitz 17:42, 13 February 2009 (UTC)
need simple overview, probably before History section
I'm mulling about adding an overview section of how DNS works (at a fairly high level, but with lots of specific examples) for lay people, probably before the History section. I feel we need the 10,000 mile high view before delving into all the dirty details.Pat Palmer 17:06, 13 February 2009 (UTC)
Late binding
This feels like an architectural concept done too early. What about moving it to the section containing things such as recursion or cacheing? That would also give a place for a sentence or so about stale caches.
Intelligent DNS-based load redirectors seem beyond the scope of this article. Howard C. Berkowitz 02:44, 14 February 2009 (UTC)
New top level domain names?
Nice article. However, I miss mention of the new top level domain names (like .info .name .museum) Peter Schmitt 15:24, 5 June 2009 (UTC)
- I'd hesitate putting them into this article, because those aren't implicit to DNS itself, although they are terribly important to the administration, management, and economics of the Internet. I believe TLD politics deserve their own subarticle.
- My hope is to get this article approved as the basic definition of DNS, and then, indeed, have a large number of subarticles. TLDs alone, for example, quickly get into intellectual property rights, internationalization and character sets, registrars and registries, security of the root, etc. I hesitate, therefore, to add more content that isn't essential. Howard C. Berkowitz 15:45, 5 June 2009 (UTC)
- I see your point. What about just one short sentence (near the table) with a link?
Something like "In/Since (year) [[(link)|more TDLs]] have been added."?
Peter Schmitt 14:41, 6 June 2009 (UTC)
- I see your point. What about just one short sentence (near the table) with a link?
A formulation
In history: "Sharing hosts files manually quickly became impossible to scale" Does this mean: became impossible because of scale? Peter Schmitt 23:08, 14 June 2009 (UTC)
SOA RR: missing part of sentence
"it should assume that all of the RR information in its copy of the zone file." Peter Schmitt 23:24, 15 June 2009 (UTC)
Preparing for approval
I would like to nominate this article for approval, but there are a few minor issues open:
- DN registries
- I still think (to describe the history) that it should be mentioned since when country codes are used, and when other TLDs were introduced (and which was the first).
- Legal issues
- The remarks about "intellectual property" would better fit here
- Domains versus zones
- This (to me) is not completely clear
- reference 6
- address no longer valid
Peter Schmitt 23:23, 23 October 2009 (UTC)
TLDs
According to WP .biz (2001) was among the first "new" ones, .aero (2002) came later, and you forgot .gov from the first set (.arpa seems to be different). --Peter Schmitt 10:37, 6 May 2010 (UTC)
- I didn't mean to suggest the non-country TLDs came at once. Indeed, I still mean to write an article about the controversies around .xxx, which I suspect will finally pass.
- What are you thinking about .gov? Like .mil, it was for U.S. use only, long before internationalization. When I last looked, it was administered by the U.S. General Services Administration.
- Although there was briefly a purpose for .arpa, it was reused as the root of reverse DNS; there are no "conventional" forward names in .arpa. Howard C. Berkowitz 15:13, 6 May 2010 (UTC)
- Until I looked at the article mentioned, I interpreted your table (incorrectly) as the table of the first TLDs, and that the paragraph below it as discussing later additions. Since from the initial ones only .gov is not mentioned, it could easily be included, and be told that new ones -- including .biz and .aero (as examples) were not added before 2001. I do not suggest to write a complete history of TLDs here, but this would be "basic" information. (I do not do these changes, because this may be considered as "contributing content. --Peter Schmitt 23:21, 6 May 2010 (UTC)
xxx
I was just reading about this elsewhere and my understanding is that this is *still* only a tentative approval by a single body and that it may well be another year before the system is actually implemented *if* it is implemented at all. It is not a sure thing. Although surer than it was a couple of years ago. Hayford Peirce 00:00, 26 June 2010 (UTC)
- My understanding is that only that single body's approval is needed, and now nothing is likely to stop it. It's just a few formalities to go through (signing of contracts, etc.). I wrote in the article that it will not be implemented until early 2011. --Chris Key 05:31, 26 June 2010 (UTC)
- I haven't had time to read the decision, but ICANN is the only body that needs to approve. Now, does this mean DNS is screwed?
- It occurs to me that .yyy might be good either for encyclopedias or toddler yammering. Howard C. Berkowitz 05:59, 26 June 2010 (UTC)
- The board of directors at ICANN are the ones that approved it after an independant review. --Chris Key 13:25, 26 June 2010 (UTC)
Nominated for approval
Finally, to finish this, I have nominated the article for approval. However, I hope that the following issues will be resolved:
- The paragraph on .uk domains (last before the table) has to be cleaned.
- The section "Domains versus zones" starts "At each of these levels is an abstract namespace." -- 'these'?
- When you compare domains with CZ name spaced: Where do the analogues to aaaa ... zzzz enter?
--Peter Schmitt 00:55, 9 July 2010 (UTC)
- Thanks to Ro, the first issue is almost done. But .or.uk/.org.uk is still not correct. It is .org (nor .or), isn't it?
Oh, and wouldn't the two external links belong into the references? --Peter Schmitt 13:48, 9 July 2010 (UTC)
- Someone in the UK can confirm this, but I believe .or, not .org, is correct and non-obvious.
- I propose to remove the sentence containing the external links; this is not a tutorial on .uk. Howard C. Berkowitz 16:33, 9 July 2010 (UTC)
- The international version is, as you know, .org
- The UK version is .org.uk
- .or.uk does not exist.
- On the other hand, the UK version of .com is .co.uk
- .com.uk does not exist
- --Chris Key 18:11, 9 July 2010 (UTC)
- The full list of UK SLD's is: .co.uk, .me.uk, .org.uk, .ltd.uk, .plc.uk, .net.uk, .sch.uk, .ac.uk, .gov.uk, .nhs.uk, police.uk, .mod.uk, .mil.uk --Chris Key
So, why doesn't someone correct the sentence:
- "What would a relatively naive user expect: .co.uk or rather .com.uk, .or.uk or rather org.uk?"
--Peter Schmitt 20:36, 9 July 2010 (UTC)
- I've trimmed it down a bit and corrected it. --Chris Key 21:24, 9 July 2010 (UTC)
Font consistency
When talking about TLDs and SLDs, in some areas we are using <tt>.com</tt> and in others we are using '''.com'''. I suggest we pick one and stick to it. I recommend using bold font (.com) for TLDs and SLDs that actually exist, and teletype (.new) for ones that do not exist. URLs and file names can use code tags (en.citizendium.org
). --Chris Key 22:12, 9 July 2010 (UTC)
- I cannot discover a major inconsistency. Bold is only used in the registry section to emphasize the (correct) objects under discussion. (Do I miss something?)
- However, I just tried it: We can use <tt>'''.com'''</tt> to get .com instead of .com.
- --Peter Schmitt 00:32, 10 July 2010 (UTC)
Toward Approval
This version of this article has been nominated for approval By User:Peter Schmitt using the single editor approval method. There have been several edits by Peter, but I consider them copy type edits at this point. There have been several edits since the nominated version, so do consider updating the template before July 13, 2010 when the article will be locked on the version in the template. In the meantime, please feel free to continue to improve this article. D. Matt Innis 04:08, 10 July 2010 (UTC)
- I have updated the version to include the improved treatment of .uk DNS. I hope that the two other issues will be addressed, too. --Peter Schmitt 10:20, 10 July 2010 (UTC)
- There needs to be standardisation of 'internet/Internet'. As usage on this talk page suggests, the capitalised version is moribund (& a good thing, too)... Ro Thorpe 14:13, 10 July 2010 (UTC)
- I do not consider it moribund. Both can be used, but "an internet" is a common noun so uncapitalised while "the Internet" is a proper noun and, as I see it, the capital is required. I cannot think of a really good analogy offhand, but a TV channel vs the Channel comes to mind. Sandy Harris 14:24, 10 July 2010 (UTC)
- Ah, well, if that distinction needs to be preserved, I suspect all examples in the article should be capitalised. Ro Thorpe 16:03, 10 July 2010 (UTC)
- I agree with Sandy. Nevertheless, it might be useful to try to use "public Internet" when speaking of DNS naming when ICANN compliance is necessary--although I will raise a nuance in a moment. Lower-case "internet" can apply to any set of interconnected IP networks. I might, for example, have DNS in a lab network and use TLDs such as .lab1, .lab2, .test, .dmz, etc.
- It's probably beyond the scope of this article, but "public Internet" might be ambiguous in real-world networks behind address-translating firewalls, which use split DNS. In a split DNS, the DNS names remain the same on both sides of the NAT, but, "inside", internal addresses resolve, via an internal DNS, to internal addresses and external addresses resolve to the inside interface of the firewall. "Outside", the DNS resolves to the registered address of hosts visible to the public Internet, while internal host names that the administrator wants to be accessible resolve to the address of the outside port of the firewall.
- Yes, split DNS and firewalling can get a lot more complex. My recommendation is to keep them out of this article.
- Note -- I'm off to the emergency room shortly; don't think it's major but I have a swollen arm with labs pending from Thursday (mystery hematoma). Not sure of availability and whether I'll be able to type with both hands. Howard C. Berkowitz 16:40, 10 July 2010 (UTC)
- Another update. But at the beginning of a section it is (still) not cleare where the these in "At each of these hierarchical levels is pointing. And how does "aaaa.citizendium.org" compare to a namespace. Do you mean "Talk:Aaaa", or "Aaaa:" (Is "I/internet" spelling now resolved?) --Peter Schmitt 23:46, 12 July 2010 (UTC)
- I forgot to mention: The second sentence ("More importantyl ...") needs a stylistic correction: "still move ... to move" --Peter Schmitt 10:58, 13 July 2010 (UTC)
- So there is a need to have 'move' twice? They mean different things? Ro Thorpe 12:29, 13 July 2010 (UTC)
- No, it is one too many. It is the result of a partial rewrite [4]. --Peter Schmitt 14:18, 13 July 2010 (UTC)
- Good, thanks. Ro Thorpe 15:30, 13 July 2010 (UTC)
(unindent)
Thank you all for your help. I am sorry to be a nuisance, but I cannot do it myself because I might lose my right to approve. The rewritten sentence in the lead may be difficult to understand:
- More importantly, it allows computer-friendly IP addresses to change while continuing to move information around the public Internet or private internets.
Perhaps the "from host to host" would still be helpful?
- More importantly, it allows information to move around on the internet, from host to host, whereas people can still expect to find the information via its domain name.
and perhaps "computer-friendly but user-unfriendly"? --Peter Schmitt 22:21, 13 July 2010 (UTC)
- Sorry, didn't realise this was addressed to me when I first saw it, but I see Howard has made the necessary changes. Ro Thorpe 01:01, 14 July 2010 (UTC)
- Are we on track?
- I can probably get outside reviewers, but I'd rather get them commenting on the family of DNS articles. A question is where they should send comments. Howard C. Berkowitz 16:28, 14 July 2010 (UTC)
- Ro, it was not addressed to you in particular but to "whom it may concern" (rather to Howard).
- Howard, yes. I have already updated the version (but just noticed that I mixed "now" with "date". Approval is supposed to happen today.
- --Peter Schmitt 18:53, 14 July 2010 (UTC)