What are the main challenges facing DNS management today?

What are the main challenges facing DNS management today?

Managing DNS has always been tricky. DNS sits at the confluence of two major but quite distinct disciplines: system administration and network management. Traditionally, DNS management has required both system administration skills (to compile new name servers, edit zone data files, write configuration files) and networking expertise (to understand IP addresses and subnets, for example).

In many companies, this causes a tug-of-war over responsibility for DNS. (When I managed hp.com, the game was more like hot potato: neither the computing nor the networking organization wanted it.) It also means that whichever organization draws the long (short?) straw winds up with a staffing problem: they'll need to assign an experienced IT staffer to DNS, not just some Johnny-come-lately. And even the most seasoned DNS administrator will have his hands full once his DNS infrastructure spans multiple continents, operating systems and DNS implementations. Managing a distributed system such as DNS will require more administrators with similar expertise in more locations, and with experience in the various OSs and name servers involved.

Now add our increasing dependence on DNS to the mix. Back when I started working on DNS, the technology was a nicety, but really only required if a user was sending email to someone on the ARPAnet or, later, accessing one of those newfangled web servers. Internally, most companies used a different naming service, such as host tables or YP (now NIS).

Today, nearly every TCP/IP-based network of any size uses DNS as its naming service, and almost all non-trivial applications on those networks rely on DNS. If DNS isn't working, neither is the network.

With the advent of Active Directory, even the desktop relies upon DNS. Computers that belong to Active Directory domains look up SRV records in DNS to locate a Domain Controller. Without DNS, users can't find those Domain Controllers and can't access any of the domain's resources – including authentication services, which are required to log in. Whoops.

IT organizations now need to deliver DNS as a utility service, in much the same way that they currently deliver IP routing. But their existing DNS infrastructures are rarely up to the task.