And the DNS was Born

by Paul Mockapetris

Split image of Paul Mockapetris and DNS image
Photograph by Katie Rain Photography

While working at ISI in the 1980s, Paul Mockapetris invented a technology that remains fundamental to the Internet: the DNS, or Domain Name System. The DNS acts like the Internet’s directory, allowing people to access websites using human-readable domain names (www.isi.edu) rather than computer-readable IP addresses (141.193.213.20).

The magic of the DNS is that it’s completely open and scalable. Each organization gets to manage their own piece of the internet's naming system on their own servers, and anyone's computer anywhere in the world can access this information. Today, the system is used by billions of people—or their phones and computers—and consists of millions of servers and tens of billions of names.

Paul Mockapetris tells the story of how the DNS was born.

The Question 

I joined ISI in 1978 as a graduate student from UC Irvine. It was a magical place: the computers were plentiful and ISI was working on many of the core issues of network research. My team was made up of about 20 or so people supervised by the late Jon Postel, who later earned the nickname "god of the Internet" for his role in creating the Internet Assigned Numbers Authority (IANA).

At the time, the network research community was gearing up for the transition from the ARPAnet, the first operational computer network, to the IP/TCP-based Internet, which we have today. Almost any aspect of network design was up for rethinking. One day, Jon walked into my office and asked whether I’d like to work on the domain naming problem. It’s hard to overstate how attractive that opportunity was.

ARPAnet: A precursor

In the early days, SRI, a Silicon Valley-based research institute, managed the ARPAnet. Their operation used a file called hosts.txt, which listed all the computers on the network as well as their associated addresses. To change or add a computer to the network, you had to call SRI during their business hours. They would assign you a network address number and add it to their master host table. Periodically, people would get updated copies of the file. This sort of worked like a phone book—with the exception that new versions of the phone book got published more often.

The drawback of this scheme was that the cost went up as the number of machines on the network grew. As a solution, the research community began to talk about a domain naming system, but there was no real blueprint on how to build it. This is the problem I set out to solve.

Making the DNS Work

The first step was to design a system that could be implemented. I came up with two proposals for the DNS, published as RFCs 882 and 883 in 1981. One documented the system’s overall principles; the other, implementation guidance.

Several aspects of the design were controversial. While the work was meant to be a system for matching names to addresses, it was really a distributed database capable of adding a virtually limitless number of other data types. Previously, reliability in network protocols was accomplished by retransmitting requests until they were acknowledged; the DNS changed that by requiring multiple servers for any particular data, with the requester moving on to the next server if a request went unanswered. This new approach made the older, more complicated connection methods unnecessary.

The next step was to actually code the server. This was my doing, supported by Ruth Brungardt and later Steve Hotz, who did supporting utilities and test suites. In 1984, we launched the first DNS server on the 11th floor of ISI, and then set up other name servers in places like SRI. 

To get people to join the DNS, ISI folk gave many tutorials and helped others implement the system for various computer systems. Perhaps the most famous implementation was BIND, or the Berkeley Internet Name Domain—a software package designed at UC Berkeley that allowed computers to participate in the DNS.​ Progress was enabled by a rock solid service on the PDP-10s, which were popular computers at the time. Later, when BIND was included in Berkeley's free version of the UNIX operating system, it helped spread the DNS system widely through academia and beyond.

The End of the Beginning

By 1986, operating systems and machines were being built that relied solely on DNS, abandoning the old host tables entirely. That's when I knew the system had truly become "production." Commercialization was happening, and the DNS started walking the tightrope without a net.

Because of its success, that same year ARPA decided that the DNS was no longer breakthrough research. That meant that funding was going away, and I had to find something else to do. ARPA ended up offering me a job as a program manager—a rewarding opportunity in public service that exposed me to many new research frontiers. Meanwhile, Jon Postel and ISI continued to operate one of the expanding root server constellations, and administered the allocation of domains and Internet numbers.

DNS Today

Today, ISI still manages a root server, and does some DNS research. In late 2024, I listened to UCLA researchers that are still adding new DNS applications to solve new problems. Some see the over 100 DNS additions documented in RFCs as bloat, and there are certainly failures there as well as successes.

Looking back, I never anticipated how domain names would become the equivalent of stock market certificates or real estate deeds, representing billions in value. The system has also become a battlefield for cybersecurity. At ThreatSTOP, my current company, we track domain names associated with cybercriminals and state actors.

I think of the original DNS work as the foundation and first few floors of a very tall structure. Dan Lynch, ISI’s former computer center director, used to say that I was the only person he knew that invented a billion dollar industry, but neither I nor ISI cashed in. Still, the DNS remains a crucial building block of the Internet today, and that’s worth something.

Want to write about this story?