SoylentNews is people
SoylentNews
Arthur T Knackerbracket has found the following story:
The world's top eight DNS providers now control 59 per cent of name resolution for the biggest Websites - and that puts the Web at risk, according to a group of Harvard University researchers.
The group was led by Harvard's Shane Greenstein, and warned that since 2011, the "entropy" of the DNS (referring to how widely distributed it is) has fallen, becoming concentrated in "a small number of dominant cloud services companies".
That state of affairs, the group's research paper (PDF) argued, creates fragility if attackers find a weakness in those DNS services.
[...] For the namespaces they measured, the team found the top eight providers grew their market share from 24 per cent to 59 per cent from 2011 to 2017, and the top four went from 17 per cent to nearly 50 per cent.
[...] The other trend they found was that unsurprisingly, in a world awash with easy-to-use cloud services, external DNS hosting has overtaken in-house DNS servers.
For companies worried that this might leave them open to a Mirai-style botnet taking out their DNS provider, the solution is simple, the paper said.
Organisations should diversify their pool of nameservers by taking DNS management services from multiple providers, the paper said. Compared to the costs of a day's downtime, this is " a comparatively costless and therefore puzzlingly rare decision".
(Score: 0) by Anonymous Coward on Sunday March 04 2018, @09:55AM (2 children)
I don't understand the DNS system well enough to comment on the AC's point, but IF he is correct, then anyone who argues against him is either knowledgeable enough that they are intellectually dishonest for disagreeing, or intellectually dishonest enough to argue on a subject they are uninformed about.
(Score: 2) by maxwell demon on Sunday March 04 2018, @11:49AM
Just because you are uninformed does not mean you know that you are uninformed. That is, you may think you know enough about a subject because you don't know how much you don't know.
The Tao of math: The numbers you can count are not the real numbers.
(Score: 2) by NotSanguine on Sunday March 04 2018, @12:38PM
I do understand DNS well enough to comment on both AC's and Maxwell Demon's points.
I'd say that the AC was being somewhat hyperbolic, although abusive TOS by ISPs really chaps my ass too. Running a DNS *server* on the Internet isn't really necessary unless you have network resources that you wish to share with the world. Given those self same abusive TOS' (not to mention dynamic, and sometimes even RFC 1918 [ietf.org]-style, IP addressing forced on users by ISPs) that restrict much more than just DNS servers, I'm not sure what resources they might be able to share, and as such, why someone would need a DNS server.
Maxwell demon makes a valid point. It's ridiculous to expect someone who doesn't understand DNS, let alone have need for a DNS zone [wikipedia.org] to have any sort of informed opinion about that.
That said, If I ignore the "intellectual dishonesty" portion of AC's comment as hyperbole, I mostly agree with his assessment. Where I disagree is that if one needs to publish a DNS zone, a single server on a single residential network link is insufficient.
Even if all the network resources referenced in such a zone are hosted on systems attached to the Internet only through that same link, not having multiple, preferably geographically distributed, authoritative DNS servers can still cause significant name resolution problems after a link outage, due to timeouts on caching DNS servers around the 'net.
The reality is a bit more complex than the above, but the above covers most of the salient points, IMHO.
No, no, you're not thinking; you're just being logical. --Niels Bohr