Last updated on April 29, 2021.
April 13, 2021, marked the IT industry’s first annual DDI Day. Hosted by BlueCat, the day recognized the heroic efforts of network admins and others who work in the trenches of DNS, DHCP, and IP address management (together known as DDI). Their tireless efforts keep us all connected.
The past year has brought profound change for which network teams have had to pivot quickly. Whether working from your kitchen table or a data center, BlueCat recognizes that this moment has asked so much more of you to keep networks running.
For that, we say thank you.
On top of the kudos, the event included a celebrity guest panel for an insightful discussion on the history, current state, and future of DDI. And it concluded with peer-nominated awards for DDI superstars.
Paul Mockapetris and Ralph Droms were the day’s special guests. Mockapetris created the Domain Name System (DNS) in 1983 and wrote the first implementation of SMTP. Droms led the Internet Engineering Task Force (IETF) working group in 1989 that designed DHCP. Russ White, infrastructure architect at Juniper Networks and the co-host of the History of Networking and Hedge podcasts, moderated the discussion.
Plus, be sure you don’t miss our award winners in the automation, silo-breaker, and DDI guru categories.
Catch up on all the DDI highlights below or watch the full video of the event.
DNS and DHCP’s early beginnings
Both DNS and DHCP came to be in large part because someone else asked both Mockapetris and Droms to each help solve a problem.
Back in 1983, Mockapetris said he was working on other things when Jon Postel, an early internet pioneer, approached him. Postel asked him to look at some proposals for ways to improve the host table.
“I looked at them, didn’t like them, and did what I was used to and designed the protocol, taking into account mostly my background. I, once upon a time, was a real rocket scientist, so I like redundancy and so forth. So, that’s how DNS came to be,” Mockapetris said.
“Nobody thought it was an important thing at the time. So, nobody gave me adult supervision. I always intended it to be much larger than my original mission assignment, and I think it’s turned out that way.”
Meanwhile, in the late 1980s, Droms was on the faculty at Bucknell University. He told the then-chair of the IETF, Phill Gross, that he had a sabbatical coming up and was looking for something to do. Gross mentioned the problem of configuring hosts on the internet. He invited Droms to help start up a working group at the April 1989 IETF meeting.
“At the time, the way to set up the IP stack on a computer was page after page of—to a lot of people—incomprehensible instructions about, put a dotted-decimal number here, put a hexadecimal number there, add another name over here, put another name over here. If you get any of these things wrong, nothing would work and nobody would have an idea why it wasn’t working,” Droms recalled.
The unexpected longevity and evolution of DNS and DHCP
White asked both guests whether they expected DHCP and DNS to last as long as they have.
‘No idea it was going to last this long’
“I had no idea it was going to last this long,” Droms said. “It turned out not to be a single-purpose tool. We left it pretty open-ended. And there has been any number of creative uses of this path for getting information to the host that was completely unexpected.
“The other bit of design art that I think we landed on correctly was the amount of stuff we tried to carry in the DHCP,” Droms continued. “There was a push very early on to try to turn the DHCP into a reliable delivery protocol, sort of re-inventing TCP. We said, ‘No, no we don’t want to do that. If you want that much configuration information, use a server and use TCP. DHCP is going to have one UDP message full of stuff. And whatever numbers you can get into one UDP message full of stuff is what we’re going to carry in DHCP.’ And that simplicity has also contributed to the long life of the protocol.”
It’s a simple model, Droms said. The server has information to get to a client. The client then identifies itself. And then the server sends back a small and fixed set of initialization parameters.
“Over time, we found that some of our initial assumptions about how that information would be stored in the servers were extended with some very creative and clever ways of generating information on the fly to send to specific clients,” Droms said. “There were these incremental extensions to it along the way that all were accommodated in the fact that the basic format was fairly simple but easily extendable.”
DNS as just the starting point
Mockapetris said that he always viewed his creation of the DNS as just a starting point.
“If you design a tool and you know all the possible uses, it’s not a very interesting tool,” Mockapetris said. “From day one, I never expected to understand all the uses.
“Some of the successes were the things that I left out,” he added. “It wasn’t like I didn’t think that security would be important someday. I just thought, that, you know, the Wright brothers—the way I explain it, their first airplane did not have a drink cart or a lavatory. DNS, the protocol design, was there to be expanded.
“I take credit for the basement and the first two or three floors of this building. And all the stuff on top of it, you know, credit goes to other architects,” Mockapetris continued. “I’m always surprised when people say, ‘Well, why didn’t you think of that?’ Well, I did think of it. I just left it out of the original design. It was just enough to get off the ground and fly. Getting it off the ground and then having people add things to it were my two big original hopes.”
DNS, DHCP, and security risks for IoT
Mockapetris sees the intersection of DNS, DHCP, and the Internet of Things (IoT) as a big problem area for network security. He once worked with a research institute whose access control system for a biosafety lab was compromised by the Chinese. The lab was working with the Ebola virus at the time.
“One of the things that people aren’t paying as much attention to as they should is how do you harden the devices that can’t use endpoint security,” Mockapetris said. “Sure, I can install, put Crowdstrike or any of the other vendors in my computers, my endpoints. But what about all the Internet of Things devices out there? How do you protect them? I think DNS and DCHP are going to be a couple of the attack vectors that people will use.”
Droms concurred, noting the risks associated with IoT device address assignment. How does an IoT device integrate itself into the network and establish bi-directional trust when they’re both starting with no shared information?
“The IoT device needs some kind of addressing before it can communicate into the network. But in order to get an address, it’s got to get the address from the network to start with. So, there’s a tough engineering problem to solve here,” Droms said.
Helping management understand the importance of DDI
It can be hard for upper management to understand network risks that they can’t see.
“You have to explain to them why this infrastructure is important and hope that they are willing to reach a compromise,” Mockapetris said. “You’ve got to try and simplify it. You’ve got to try and motivate people. But at the end, it’s a risk analysis. All you can do is inform people and hope they make better judgments.”
Droms said it comes down to quantifying the amount of effort required for specific scenarios as much as you can. Scenarios might include fixing the addressing scheme in the DCHP server when reorganizing a network’s internal architecture. Or what happens when a network comes back up after a major power outage.
“You’ve got to just walk through those things and point out, here’s what it’s going to cost if we don’t have the right DDI system in place,” Droms continued. “And here’s what we can save by having the right one in place. Here’s the process, there’s the specifics, and here’s the difference it can make.”
DDI Day Awards
DDI Day also served to recognize DDI superstars nominated by their peers for awards in three categories: automation, silo-breaker, and DDI guru. BlueCat received dozens of nominations.
BlueCat’s 2021 Automation Award went to Jon Macy, a director at Cerner. The award recognizes someone who saw a better way to do something and pursued it, whether that meant automating a process or implementing a new solution.
His nominators noted that “Jon is constantly looking for a more efficient way of doing things. His organization boasts over 70,000 lines of code related to automation alone. Jon is an advocate of treating APIs as a ‘first-class citizen’ and looks to his vendors to deliver APIs for everything they do in the GUI for the purpose of automation.”
Hear more from Macy as a guest panelist for BlueCat’s recent Critical Conversation on Critical Infrastructure: Where’s the automation ‘promised land’? Or, listen to his thoughts on managing IT solution requirements as guest on the Network Disrupted podcast.
Silo-breaker (collaboration) award
David Muscat, an infrastructure architect at IBM Watson Health, received the Silo-Breaker Award for the year. The award recognizes someone who has reached across the aisle to work with counterparts in security, DevOps, and other teams in a way that works out better for everyone.
His nominators noted that Muscat has been in the industry since 1986 when he started as a computer operator. They described him as a trusted advisor within his organization as well as with partner vendors. “David’s attention to detail and thought-out problem-solving methods help bring his team together while overcoming challenges or difficult tasks,” his nominators wrote.
Hear more from David as a guest panelist for BlueCat’s recent Critical Conversation on Critical Infrastructure: Who should own DNS in the cloud?
DDI guru award
Kilian Krause, who provides technical information and communications services at the University of Stuttgart in Germany was the winner of the DDI guru award for 2021. The award recognizes someone who is an overall master and a thought leader. They are always looking ahead to the next big trend and have both broad and deep DDI Knowledge.
“Kilian has been consistent in his sharing of knowledge and insight into all aspects of DDI as well as IT in general,” his nominators wrote. “He’s extremely knowledgeable and approachable, which in the field of IT leadership is not all that common. There are few people who have both width and depth of knowledge in this industry. Kilian is one of those elite.”
Congratulations to our winners. Hope to see you at DDI Day next year!
New regional investments in sales and technical expertise will help customers tame network complexity
BlueCat Cloud DNS Service is a cloud-hosted external authoritative DNS service integrated seamlessly with BlueCat Address Manager.
In this impact brief, EMA explores how the acquisitions of Men&Mice and Indeni strengthen BlueCat’s position as a leader in the DDI market.
Unveiled at Cisco Live, Zero Trust DNS from BlueCat offers continuous verification, least-privilege access, and context and response to secure networks.