In-depth

Q&A: DNS inventor Paul Mockapetris

Four months after serious flaws in the internet’s addressing system were proven, its inventor is looking beyond the threats to help bolster web security.

Earlier this year, researcher Dan Kaminsky outlined flaws in the internet Domain Name System (DNS), which led to massive efforts on behalf of multiple vendors to patch vulnerable systems.

The flaw, which has been used by hackers to poison the servers that translate web addresses into internet protocol addresses and redirect unsuspecting users to spoofed malicious sites to infect their PCs, has also led to political action.

Advertisement - Article continues below

Authorities, including the European Union (EU) agencies, have been involved in promoting the adoption of standard technologies like Multiprotocol Label Switching (MPLS), IPv6 and Domain Name System Security Extensions (DNSSEC) to combat the vulnerability.

Dr. Paul Mockapetris, the inventor of DNS and chairman and chief scientist at IP address infrastructure software vendor Nominum, has been working alongside other security experts and agencies at the same time to tackle the flaw.

Earlier this week, he spoke to IT PRO about the issues involved and the challenges the IT industry faces to strengthen DNS and web security overall.

IT PRO: The DNS attack vector outlined by Dan Kaminsky in June has been one of the major web security issues of 2008. Given your involvement in the first ever DNS implementation, what are you working on towards successfully patching this flaw?

Advertisement
Advertisement - Article continues below

Mockapetris: We develop with DNS and DCHP [Dynamic Host Configuration Protocol] software for large carriers that provide services to a total 150 million broadband subscribers worldwide. When it comes to the Kaminsky attack, we're part of the consortium of vendors and organisations that have addressed ways to put new security layers over the DNS system.

Advertisement - Article continues below

Our carriers demand it of us and it's our job to meet or exceed those expectations beyond what might be expected in say, the open source world.

We saw many attacks launched against us, but have successfully dealt with every one. And our focus has now moved onto additional security measures, beyond DNS. For instance, in the DNSSEC [DNS Security Extensions] era of the future, it will be possible to distribute reputation information using digital signature technology to the filters used by email and virus filters to remove spam and block malicious or pornographic sites.

In some places, like New York State and California, they are developing them as part of regulations to ensure it's possible for people to expect to have a trusted experience of the internet. And we're seeing the work of ENISA and political movement towards making this part of the expectation of users who want to have a trusted experience on a website too.

Advertisement - Article continues below

Looking back, were you surprised that the system you originally designed for distributing naming data could be subverted in such a high-profile way?

I was the inventor' of DNS in that I designed it and deployed the first implementation 25 years ago. But I would say that design only goes up through floors one and two of its development.

Featured Resources

Top 5 challenges of migrating applications to the cloud

Explore how VMware Cloud on AWS helps to address common cloud migration challenges

Download now

3 reasons why now is the time to rethink your network

Changing requirements call for new solutions

Download now

All-flash buyer’s guide

Tips for evaluating Solid-State Arrays

Download now

Enabling enterprise machine and deep learning with intelligent storage

The power of AI can only be realised through efficient and performant delivery of data

Download now
Advertisement

Most Popular

Visit/security/privacy/355155/zoom-kills-facebook-integration-after-data-transfer-backlash
privacy

Zoom kills Facebook integration after data transfer backlash

30 Mar 2020
Visit/security/data-breaches/355173/marriott-hit-by-data-breach-exposing-personal-data-of-52-million
data breaches

Marriott data breach exposes personal data of 5.2 million guests

31 Mar 2020
Visit/security/cyber-crime/355171/fbi-warns-of-zoom-bombing-hackers-amidst-coronavirus-usage-spike
cyber crime

FBI warns of ‘Zoom-bombing’ hackers amid coronavirus usage spike

31 Mar 2020
Visit/data-insights/data-management/355170/oracle-cloud-courses-are-free-during-coronavirus-lockdown
data management

Oracle cloud courses are free during coronavirus lockdown

31 Mar 2020