DNS under technical and regulatory siege

By Rawlson O'Neil King, theWHIR.com

February 14, 2001 -- (WEB HOST INDUSTRY REVIEW -- A series of high-profile events over the past few weeks has clearly demonstrated the need for a comprehensive revamp of the present domain name regime.

Since its de-monopolization and decentralization, the domain name system (DNS) has been plagued with a slew of technical and regulatory problems that threatens the free development of both commercial and civil participation on the Internet.

Firstly, the domain name system is not technologically sound. According to a recently released advisory from a leading Internet security research facility, the present domain name system is chocked full of holes.

Indeed, the CERT Coordination Center (cert.org) revealed that at least four vulnerabilities exist in the open-source software that runs more than 80 per cent of the domain name system. The vulnerabilities can be abused to allow remote users to take control of a name server and redirect Web traffic to any domain.

This occurred this month when both Network Associates Inc. (networkassociates.com) and Microsoft (microsoft.com) sustained attacks on their Web presence.

The embarrassing attacks on Network Associates, the world's largest independent network security and management software company were ironically precipitated by the release of its very own advisory about the domain name system (DNS) weaknesses.

When the advisory was re-distributed anonymously to a security-related mailing list, it was modified to execute a denial-of-service attack on Network Associates' DNS server. The result was that a Trojan horse program was activated by unsuspecting users, causing brief and intermittent periods of Internet service outage for a company which identifies itself as a security leader and billed its customers over $754 million U.S. for security solutions last year.

Microsoft also experienced a similar spat of service interruptions that caused their Web sites to disappear several times over a period of two days. The software behemoth first blamed poor maintenance of its own DNS services as the problem, but it was soon revealed that the problem was much more complex. The attack was actually the result of a sophisticated denial-of-service attack on the company's routers.

Microsoft's poor network architecture prevented traffic from reaching the company's DNS servers during the attack, causing the unavailability of the site and costing the company and its clients cash.

Though these problems demonstrate that the technical infrastructure of the domain name system itself is increasingly used at the peril of all Internet content providers, other issues surrounding DNS still need to be addressed. While technical issues are more easily resolved through software updates, issues surrounding governance of the system will not easily be solved. The Internet Corporation for Assigned Names and Numbers (icann.org), the decentralized authority that governs the global Internet domain name system, continues to draw controversy over fundamentally undemocratic decision-making.

During recent hearings in front of the U.S. House Commerce and Telecom Subcommittee, ICANN took heat for the method they used to approve the seven new top-level domains. A string of witnesses complained that the application process was closed, expensive, and arbitrary, lending no opportunities for applicants to appeal rulings. Domains befitting both business and society at large such as ".kids" and ".union" were passed up without an adequate hearing and rationale. With more domain name hearing slated for today in the U.S. Senate, it is my sincere hope that more attention is paid to both technical and governance issues affecting DNS

Fundamental issues have been ignored since the removal of the Network Solutions (netsol.com) monopoly over registration and have resulted in technical and regulatory mayhem over the entire system. In my opinion, the system needs more centralized, global and democratic oversight rather than the current decentralized, regional (mainly American and European) and authoritarian approach. More fair and competent management could be achieved if the system is placed in the hands of a more international and organized group, such as the International Telecommunication Union (itu.int), the international body that co-ordinates global telecom networks and services.

About the Author
Rawlson O'Neil King is a managing editor and analyst at the Web Host Industry Review. Before joining theWHIR, Mr. King was Director of Corporate Communications at WebHosting.Com. During his tenure at Canada's most successful Web host, he established ineedsupport.com, the first branded destination customer care site in the shared hosting industry. He has prior experience as an IT consultant who served non-profit organizations, government and private industry. He holds a Bachelor of Journalism degree from Carleton University. Mr. King's column appears in theWHIR weekly.