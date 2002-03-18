from the mandating-diversity dept.
The world's top eight DNS providers now control 59 per cent of name resolution for the biggest Websites - and that puts the Web at risk, according to a group of Harvard University researchers.
The group was led by Harvard's Shane Greenstein, and warned that since 2011, the "entropy" of the DNS (referring to how widely distributed it is) has fallen, becoming concentrated in "a small number of dominant cloud services companies".
That state of affairs, the group's research paper (PDF) argued, creates fragility if attackers find a weakness in those DNS services.
[...] For the namespaces they measured, the team found the top eight providers grew their market share from 24 per cent to 59 per cent from 2011 to 2017, and the top four went from 17 per cent to nearly 50 per cent.
[...] The other trend they found was that unsurprisingly, in a world awash with easy-to-use cloud services, external DNS hosting has overtaken in-house DNS servers.
For companies worried that this might leave them open to a Mirai-style botnet taking out their DNS provider, the solution is simple, the paper said.
Organisations should diversify their pool of nameservers by taking DNS management services from multiple providers, the paper said. Compared to the costs of a day's downtime, this is " a comparatively costless and therefore puzzlingly rare decision".
(Score: 4, Insightful) by Anonymous Coward on Saturday March 03, @03:14PM
First we consolidated the namespaces under ICANN, then we 'incentivized' uptake of them by turning domain registrars into a wild west landgrab. Then when all the prime real estate was gobbled up we expanded... first with the country codes, then with new TLDs when the previous well dried up.
Is it any surprised that the resolution of those domains became consolidated in the same way land/nations do?
The only solution today is to walk away from the legacy DNS and either utilize something like namecoin, or simply hidden service addresses plus reputable search sites/wikis like Tor/I2P.
The internet today has all the same problems of the internet of 20-40 years ago, only now it has a shitload of money tied up in imaginary property rights which only matter so long a people keep using it.
(Score: 5, Insightful) by Justin Case on Saturday March 03, @03:27PM (4 children)
There seems to be a lot of agreement among the tech creators class that Something Is Wrong, but getting widespread agreement on exactly what and how to fix it will be difficult.
A multi-billion-dollar castle stands on the crumbling sands of an infrastructure designed for cooperation without malicious actors. Even the three-way handshake depends on some degree of trust in a stranger to follow the protocol.
The problems of identity and trust are proving harder to solve than early visionaries expected. How do you fully decentralize and still validate the evil bit?
Encryption is largely at the mercy of incompetent or malicious certificate "authorities".
DNS is an attempt to make it "easier" so you don't have to remember raw addresses. So now we have DNS names like afsdlkhboaiurgbkv.weiuhasfd.evil.org. Does that look "easy" to you?
Scrap it and start over. That part is obvious. How to avoid the mistakes next time... there's a Nobel prize in there somewhere, I suppose.
When the foundation is sand, nothing built above it can be fully trusted.
Don't expect government to fix anything. Government gives corporations permission to exist and limited liability.
(Score: 4, Interesting) by JNCF on Saturday March 03, @05:41PM
Namecoin. [namecoin.org]