DNS at 30

By Jim Hague

2017 sees the 30th anniversary of RFC1035, the RFC that defined the Internet Domain Name System (DNS). These days there can’t be many applications that don’t interact with a DNS nameserver at some point, and as proven by the recent Dyn DDoS attack, DNS is a critical part of Internet infrastructure.

However, the only change visible to most developers in recent years has been encouragement to switch from gethostbyname() to getaddrinfo(), so you might be forgiven for thinking that nothing much has changed in DNS in the last thirty years.

Not so. After a shaky start, crypto authenticated DNS, DNSSEC, is gaining traction, and there are some potentially important services defined on top of DNSSEC such as DANE, using DNSSEC as an alternative chain of trust to certificate authorities. There is also work in progress on DNS Privacy, or preventing snooping on DNS queries.

In this session, suitable for all-comers, we’ll begin with a look at how DNS works currently, and then go on to look at DNSSEC and other recent and in-progress developments. We’ll see how to sign your domain with DNSSEC, how to use DNSSEC and other new technologies in your application, and try to answer any questions you may ever have had about DNS.