IGF 2018 WS #408 DNS enhancements and alternatives for the Future Internet

Format: 

Panel - 90 Min

Subtheme: 

Organizer 1: Chiara Petrioli, Università degli Studi di Roma La Sapienza
Organizer 2: FRANCESCO PIRRO, AgID
Organizer 3: Jing MA, China Association for Science and Technology

Speaker 1: Dongbin Wang, Technical Community, Asia-Pacific Group
Speaker 2: Chiara Petrioli, Technical Community, Western European and Others Group (WEOG)
Speaker 3: FRANCESCO PIRRO, Government, Western European and Others Group (WEOG)
Speaker 4: Davide Lamanna, Private Sector, Western European and Others Group (WEOG)

Additional Speakers: 

Davide La Manna Binario Etico could not join, as well as EC.

The panel however benefitted by participation of reference experts and organizations:

-Ted Hardy, IETF and

-Khaled Koubaa, ICANN

were speakers at the panel.

Relevance: 

The Domain Name System (DNS) is one of the crucial features of today’s Internet. Its current implementation, based on a hierarchical organisation of domain name servers, has proven over time to be reliable and sufficiently scalable. The current hierarchical approach, while functional, has its drawbacks. Root and Top Level Domain servers have control over the domains of large portions of Internet’s resources. This means that the power of having access to a large number of websites is condensed into a few high-level domain servers. This creates problem of load imbalances, where traffic is not properly distributed between the main servers, and thus of efficiency. The hierarchical approach also arises concerns about security. Malicious entities may execute targeted attacks towards high-level domain servers, blocking the access to a large number of resources, possibly inflicting heavy damages to companies and private citizens. Finally, the high-level domain servers are not distributed evenly across the globe: the majority of root-servers’ sites are located in North America and Europe. Moreover, of the 12 organizations that control the 13 root servers, 8 of those are controlled by U.S.-based organizations, 1 is based in Sweden, another in Japan, while only 2 of them have a more international base. This geographical disproportion, other than causing load imbalances in the distribution of Internet traffic—which is currently higher in Asian countries than in the United States - originates an imbalance of influence over the Internet between different stakeholders, that is not in the original intention of the DNS designers. In addition, novel challenges to the structure and solutions of DNS are posed by novel naming systems and multiplied scalability demand brought by emerging paradigms such as IoT. As a consequence, it is strategic to explore new solutions where mechanisms enhancing the current DNS, or completely alternative to it, should be proposed and evaluated. In our proposed panel we intend to discuss different DNS weaknesses, taking into account future Internet paradigms such as IoT, and elaborating on aspects such as emerging cyber security challenges, the demand for a neutral Internet. We will also present an overview (and associated discussion) of some of the raising technologies that could play a role for DNS evolution, ranging from peer to peer models to block-chain based solutions.

Session Content: 

In this panel we will discuss the limitations of the hierarchical/client-server structure of the Domain Name System (DNS), which is currently used for resolving domain names into IP addresses, for load balancing and other services, and we solicit and discuss proposals for mechanisms that enhance and/or are completely alternative to DNS. The panel will be 90 minutes long and it will be structured in the following way: 1st Part: A brief introduction that will illustrate the theme of the discussion. Panelist will be introduced, and the problem will be summarised. (5 minutes) 2nd Part: The speakers will provide insights on enhancements and alternatives to DNS that leverage peer-to-peer solutions and the Blockchain technology. (50 minutes) 3rd Part: Questions and Answers session, open to both the audience in the room and remotely (30 minutes) 4th Part: The moderators will provide a summary of the discussion, highlighting insights and new directions that have emerged during the discussion. (5 minutes)

Interventions: 

Speakers 1) Prof. Dongbin Wang, Beijing University of Posts and Telecommunications Stakeholder group: technical community 2) Prof. Chiara Petrioli, University of Rome la Sapienza Stakeholder group: technical community 3) Francesco Pirro, AgiD Stakeholder group: Government 4) Ted Hardy, IETF and Google Evangelist Stakeholder Group: private Sector 5) Khaled Koubaa, ICANN Stakeholder group: Private Sector 6) Jeremy Rand, Namecoin Stakeholder group: Private Sector The moderator will make an introductory speech presenting the panelist and introducing the agenda of the workshop. Prof. Chiara Petrioli, coordinated and supported by Ms. Jing Ma, acting as the on-line moderator, will present DNS current challenges and weaknesses. Franhcesco Pirro, AgiD, will discuss weaknesses and possible alternative points of view  from a government stakeholder group point of view, and the emerging needs from the view point of government agencies implementing the Digital Agenda. Associate Professor Dongbin Wang, from Beijing University of Posts and Telecommunications and from China Association for Science and Technology, will talk from the technical community’s perspective, and will address alternative mechanisms for DNS services. Ted Hardy and Khaled Koubaa will discuss on going discussions on DNS evolution within IETF and ICANN.  Jeremy Rand will provide an overview of how blockchain technologies can support the evolution of DNS and on Namecoin.

Diversity: 

Diversity is the panel is necessary in order to ensure that different perspectives over the issues are shared, and that the concerns of the widest possible group are taken into considerations. We have thus ensured that our Proposers, Co-organisers and Speakers belong to different stakeholder groups, come from different geographic regions, and are of different gender. Each speaker will bring a unique perspective on the future of the DNS, its challenges and possible solutions. For gender diversity, there are 2 female co-organiser, Ms. Jing Ma, who will also be the on-line moderator, and Prof. Chiara Petrioli. For geographic diversity, 2 co-organisers are from Europe, 1 co-organiser is from Asia, 2 speakers are from Europe, 3 speaker is from US and 1 speaker is from Asia. We were particularly interested in ensuring stakeholder diversity, and the 6 speaker all come from different stakeholder groups: Private Sector, Technical Community and the Government.

Online Participation: 

Online attendees also can get involved in the session, especially during the discussion with the audience where they are entitled to make interventions, raise questions, or make observations about the panel discussion.

Discussion Facilitation: 

The moderator will open the session by summarising the issue that is going to be discussed, and will keep time to ensure that both panelists and audience can meaningfully provide insights, comments and questions. The moderator will encourage audience engagement and participation for sharing pertinent ideas.

Onsite Moderator: 

Prof. Chiara Petrioli, Univ. of Rome la Sapienza

Online Moderator: 

Ms. Jing Ma, China Association for Science and Technology

Rapporteur: 

TBD among Agid representatives attending the panel

Report: 

                                          

Session Title

DNS enhancements and alternatives for the Future Internet                        

                                                                                                                                                           

Date

12 November 2018                            

                                                                                                                                   

Time              

9:00 - 10:30                                                                                                                                                                                                                                                              

Session Organizer

Chiara Petrioli, University of Rome La Sapienza     

                       

Chair/Moderator

Chiara Petrioli , University of Rome La Sapienza (In-session moderator)

Jing Ma, China Association for Science and Technology (Remote moderator)

                                                                                               

Rapporteur/Notetaker

Veronica Birindelli, Agency for Digital Italy (AgID)                                                                                                                                                                                              

List of Speakers and their institutional affiliations

                                                           

Dongbing Wang, Associate Professor of Beijing University of Posts and Telecommunications (BUPT) - (Technical Community)

Khaled Koubaa , ICANN - (Technical Community)

Ted Hardy, IETF - (Technical Community)

Jeremy Rand, Namecoin - (Private Sector)

Francesco Pirro, Agency for Digital Italy (AgID) - (Government)

                                                                                                                       

Theme

Technical & Operational Topics                                                                                                                  

Subtheme

Domain Name System           

                                   

                                                                                               

Key Issues raised (1 sentence per issue):                                                   

The Internet has  faced significant changes in the type and volume of traffic, geographical distribution of users, increased use of mobile access. Internet applications and protocols have significantly evolved to reflect such changes. However a fundamental strategic application such as DNS has so far basically maintained its original technical approach and the ecosystem activated for its management, still under responsibility of the 13 organization, mostly US based,  that reflect the Internet of the ‘80s. Current Internet evolution, and in particular cybersecurity risks, the fast growth of IoT, with its stresses in terms of both scale and traffic volumes and in terms of amplification of security attacks, are demanding an evolution of DNS. ICANN for instance now state that adoption of a secure version of DNS such as DNSSEC is urgent. Emerging technologies such as peer to peer systems vs. centralized, BlockChain technology, and also the agility with which we can now change Internet logic, creates the basis for a rethinking of DNS from both the technical approach, its governance and the naming system. Low cost availability of storage, even on personal mobile devices, and bandwidth at the LAN level can allow a massive distribution of DNS content, opening up novel opportunities for massive distribution of DNS. The panel has gathered experts from University of Rome La Sapienza, Beijing University of Post and Telecommunication, ICANN, IETF, Namecoin and AgiD to discuss on the current challenges of DNS and DNS governance in light of Future Internet demand, the possible alternative approaches and why such approaches (either evolutionary or revolutionary) could solve emerging challenges.

                                                                                                                                                           

                                                                       

If there were presentations during the session, please provide a 1-paragraph summary for each Presentation (To be updated)

 

Dongbin Wang, Associate Professor of Beijing University of Posts and Telecommunications,  introduced how the Domain Name System (DNS) worked and the challenges, such as  centralization, and cache poison.  The emerging Blockchain technologies has the advantages of  decentralization, distributed and public digital ledger.  Alternative mechanism with blockchain were presented.

 

Khaled Koubaa, the ICANN representative emphasized how the DNS is one of the crucial features of the internet, and how ICANN’s role is also about the Internet's system of unique identifiers, including the top of the DNS hierarchy, and that their adoption of the bottom-up, multistakeholder approach ensures that this is managed appropriately. Also, he underlined how the challenges related to the Internet unique identifier systems are at the top of the list of their objectives.  In particular, he said that their vision is to Champion the Single, Open and Globally Interoperable Internet and to be the trusted guardian of its unique identifiers. He also noted that it is important to remember that with a hierarchical namespace, the search must start at the top of the namespace: there's no avoiding it. He added that the hierarchical name space does not imply inefficiency, since the DNS is very well distributed worldwide and has proved to be robust. In particular, the DNS root zone is the most over-provisioned zone in the entire namespace, and that TLDs operating within the ICANN framework have contractual obligations to provision adequately. He acknowledged that it's true that the majority of root operator organizations are U.S.-based,  but the root server instances themselves are distributed worldwide. He said that this was last decade's technical problem, and it has been solved by having a large number of anycast root instances, spread all other the world. The root operator organizations participate in the ICANN process via RSSAC, so they are visible and engaged. He also argued that the problem of DDOS attacks exploit a market concentration issue that is not a problem inherent to the hierarchical structure of the DNS. Regarding the scaling issues, particularly when it comes to the explosion of IoT devices, he stated that DNS is adapting to the scaling, and that in fact a hierarchical structure would help the scaling of the IoT.

 

 

Ted Hardy, the IETF representative, commented that as we consider experiments for the DNS, we must consider carefully whether we are experimenting with data governance or with data distribution.  He says that since the publication of RFC 3258, the community has had ways of distributing DNS services very widely, and the results have scaled well.  Public ledger systems like blockchains ensure that there is a full record of changes to the data, but they do not scale well for actually data distribution.  Similarly, the data governance questions of who makes changes are separable from distribution.  While consensus protocols like those used in Bitcoin are one possibility, other models, like that used in HTTP's certificate transparency, offer different data governance methods.  Lastly, it is critically important that these experiments do not fragment the Internet namespace.  One of way of maintaining it is using the same cryptographic assurances of the data's integrity,  no matter what the distribution method.  Since DNSSEC is an object security method, it can be adapted to those new distribution methods, and it may help us maintain that integrity.

 

Jeremy Rand, the representative for Namecoin, argued that "Trust" is actually an undesirable attribute, because trusted 3rd parties are security holes.  Namecoin is an experiment to try to produce something superficially similar to the DNS while reducing the amount of

trust required.  Namecoin is Bitcoin's codebase, with minor modifications to make the "coins" represent domain names rather than fungible currency units.  Among some of Namecoin's more interesting use cases are TLS public key infrastructure and naming for dark web sites. Some of Namecoin's security features include atomic buying/selling of names, and a scripting-language-based approach for setting up security policies for how names can be updated and transferred.

 

Francesco Pirro of Agency for Digital Italy (AgID) brought up the issue of the effects on the market of the current DNS structure. In particular, he underlined how the hierarchical structure enables the creation of monopolies that benefit those who control their specific level of the hierarchy. Another issue raised was about the growth of DNS names and the storage capacity of SD cards: while the former is almost logarithmic, the latter is almost exponential. It is not absurd then to think that perhaps the DNS mechanism could be changed, with smartphones of the future holding the maps for translation of domain names into IP addresses in their memory or in cloud, with regular updates. He also talked about their intent of sending a IETF proposal on an alternative DNS that is based on blockchain and torrent-like system to be used for IoT devices, and to explore different approach to the current hierarchical                      

                                                           

           

                                                           

Please describe the Discussions that took place during the workshop session: (3 paragraphs)

There a first round of discussion amongst panelist. A number of technical questions were raised by IETF and ICANN representative regarding details on the namecoin solution, highlighting also the role of registries and current DNS in combination with emerging technologies such as blockchain. Regarding this technology, questions were asked by both panelists and members of the audience on common perceived problem such as scalability, security and accountability with and without the utilization of novel technologies such as blockchain. With this latter technology, the issue of governance was arised, meaning who should be held accountable when using a distributed peer-to-peer approach. The discussion clarified no solution of the relevant issues, but on the other hand a combination of technologies is possible with the possibility to blend DNS evolutions with solutions such as namecoin.
 

ICANN clarified that amongst its priorities there is the revision and the update regarding DNS functionality and its governance, and IETF explained that there is space for experimentations on novel approaches around the topics on a new approach to the registries system, novel naming systems and the evolution of the DNS technical approach as well as exploring of alternative market models. It is however key to first research and experiment before thinking to change the current DNS. AGiD representative announced that a description of the proposed technical solution that they presented in the panel will be submitted as an IETF draft in the next few weeks.     

           

There was a general agreement that it is needed to think and experiment about new solutions and alternatives to the current structure and implementation of the DNS,  for example to facilitate real-world experimentation with systems like Namecoin, and perhaps achieve in a scenario in which different approaches could coexist, and hopes that the multistakeholder community will work together towards the evolution of the DNS or its eventual successor.                                                               

                                                           

                                                                       

Please describe any Participant suggestions regarding the way forward/ potential next steps /key takeaways: (3 paragraphs)

                                                           

Agid representative highlights the importance to experiment new solutions and approach to the DNS, and in particular suggested to activate a pilot to experiment with an hybrid solution where a Thing Name System (TNS) and DNS work together.

 

There was a general agreement that further research and experiments are needed in the multistakeholder community to explore new approaches and possible alternatives to the DNS.                                                           

                                                                                                           

Gender Reporting Questions

                                                                       

Estimate the overall number of the participants present at the session:

50                                                       

                                                                       

Estimate the overall number of women present at the session:

12                                                                                                                                                                                           

To what extent did the session discuss gender equality and/or women’s empowerment?

The session was about technical topics so the topic about gender equality wasn’t strictly relevant to the session.                                                                                                                                                                                                                                  

If the session addressed issues related to gender equality and/or women’s empowerment, please provide a brief summary of the discussion:

Not applicable.

           

Session Time: 
Monday, 12 November, 2018 - 09:00 to 10:30
Room: 
Salle VI

Contact Information

United Nations
Secretariat of the Internet Governance Forum (IGF)

Villa Le Bocage
Palais des Nations,
CH-1211 Geneva 10
Switzerland

igf [at] un [dot] org
+41 (0) 229 173 678