DNS Debate Casts Cloak Over Bigger Issue

The debate over new Internet domain names makes it difficult to concentrate on the serious technology issues facing Domain Name System (DNS) servers and the use of Berkeley Internet Name Domain (BIND), a free program developed in the 1980s to match domain names with unique numerical addresses.

Earlier this month, New.net, a Pasadena, Calif.-based start-up, announced that it would sell Internet domain names with extensions such as .store, .xxx and .chat.

These aren't top-level domain names in the same league as .com, .org and .net, names created by the Internet Corporation for Assigned Names and Numbers (ICANN). Acting independently of ICANN, New.net inked deals with some of the largest Internet service providers to reconfigure their DNS tables and give about 16 million customers direct access to these new domain extensions.

While this is a clever attempt to work around ICANN's slow release of more top-level domains, the DNS reconfigurations have heightened concerns over the weaknesses of BIND and potential confusion of the public domain name space.

With both publicly and privately created domain names, as well as multiple DNS registries, it's possible that two users could type the same Internet address but be sent to two different sites. And this potential confusion pales in comparison with the real security issues associated with BIND.

Written in the early 1980s as part of a graduate program at the University of California, Berkeley, BIND is a memory resident application used in about 90% of the Internet's DNS servers.

"It is a flat database and doesn't carry a lot of information; that's why your query times out," says Ben Petro, chief marketing officer at UltraDNS Corp., a start-up working with New.net customers to offer a competing managed DNS service using an application service provider model.

In January, the CERT Coordination Center, a government-funded Internet watchdog group, described "potentially devastating compromises" to the Web unless upgrades to BIND were made.

But making the IT fixes to BIND could be slow and won't erase its core vulnerability.

"Many of the problems with BIND have to do with coding problems and that just won't go away," says Ian Poynter, president of Jerboa Inc., an Internet security consultancy in Cambridge, Mass.

Scott Beale, founder of Laughing Squid LLC, a San Francisco-based Web host, says, "You find out about these bugs, but people can still try to exploit them faster than you can deploy a fix."

What Internet users need is for ICANN, CERT and the Internet Software Consortium (the industry-backed nonprofit in charge of BIND) to resolve some of these problems before Web addresses lead to dead ends, e-mails go awry and hackers start messing with the guts of the Net.

This story, "DNS Debate Casts Cloak Over Bigger Issue" was originally published by Computerworld.

ITWorld DealPost: The best in tech deals and discounts.
Shop Tech Products at Amazon