Monday, November 6, 2017

DNS, DNS what is your name?

- A little poem of DNS visiting DNS-OARC 27 in San Jose, CA

As I sitting quietly on the metal chairs, a tap on my shoulder 
asking “DNS, DNS what is your name?”
I quickly responded “I am not playing your game?”
Don’t you really know I am cybersecurity, 

There is nothing on the internet that is so cool?
I analyze all packets, anomalies too - 
so I can put anything that I don’t trust to be “on hold”
and make them disappear with my inline devices zoo

I replied, “I give light to the tunnels and give names 
to numbers with dots and colons – while you take away
my packets and drop them randomly straight on the floor”
He did not stop but wanted me to see, all the new
things he had for me
new types of records and security too – 
DNSSEC will make all things new

I have seen many protocols come and go, I will tell you some things
that even ICANN hasn't yet changes its root keys
haven’t you heard of my grandpa with one line
can change your destination and not even listen to mine
“Who is this grandpa, somebody chimed I want to find him 
and tell me clearly what’s on his mind”
Do you not know about grandpa "/etc/hosts" file that tells any lies 
even with a smile.  In the ARPAnet and all the good old ways
he was copied from machine-2-machine in the FTP days.

I heard rumble surely was loud, it was CDN 
the new kid who made popular the show “Orange is black” and even some more
CDN told me I want to survive even when you, DNS, are not completely alive!
I had to say "There is no telling how many providers you have you just 
can’t live out there without a packet of mine"
Some people complain of what I am telling, 
all I can say when TTL=0 I am not surely lying.

How about me, I am Salesforce the king I monitor DNS 
so I can tell who is my kin!
Everyone thinks just because they can see they just understand!
I have heard enough of your rate-limiting and stubby mobile apps
I want to see if someone understand where I stand?

Someone spoke out loud about botnets too 
who can attack you for the price of a sandwich or a cordon-bleu
“I found in DNS what I see signs of an attack coming after me!”
Good for you little one, go ahead and find cybercrime is looming
and is not because all the fault is mine.

IPv6 was loud and clear I can live without the IPv4 
all I need from you DNS is your DNS64 !
My T-mobile friends are lost in the cloud
while they chat with each other over tunnel and shroud.
Dr. APNIC was right to point out, If you are killing V4 
I will take you to the floor.
Have you heard of large DNS and UDP fragments too 
you can send data any day clearly through!
You need UDP and V4 too - unless you get extension to your "headers"
don't say another word as it will not matter. 

While somebody complained UDP is no good
as you cannot tell where it came from and what it will dispel.
Bring out the TCP and TLS too, we will make all things
secure while we stomp out all evil with many many handshakes.

Hurry hurry we have a lot to do, so we can add
CAA, TLSA and every new type of DNS records so all things can be true!
DNS I have seen many complaints that "I am not random enough
I am not fast enough and I am not big enough! 
But try living without me you will soon see that 
without me you cannot see through this darkness or really be fast and free.




No comments:

Post a Comment