Alumni Spotlight: Paul Mockapetris Receives ACM Software System Award for Developing the DNS
In May, Paul Mockapetris was among the technology leaders recognized by the Association for Computing Machinery (ACM) for advances in computing research, education and industry. Mockapetris was honored with the 2019 Software System Award for his development of the Domain Name System (DNS), a key enabler of the Internet. Given annually since 1983, this prestigious award comes with a $35,000 prize for an institution or individual credited with developing a software system with a lasting influence. “Mockapetris exploited his experience working with the MIT Architecture Machine Group (now the Media Lab) and UC Irvine’s Distributed Computer System to specify the Domain Name System and associated query protocol, a bold, disarmingly simple design,” notes the ACM announcement. “[DNS] functionality has increased significantly and the ability of the design to accommodate new features is a credit to Mockapetris’ architecture.” Today, Mockapetris is a chief scientist at ThreatSTOP. He earned his B.S. degrees in physics and electrical engineering from MIT and his Ph.D. in information and computer science (ICS) from UCI. Here, he talks about how he was handed the “nice little problem” of designing the DNS and where he looks to find opportunities for innovation.
What was your reaction to learning you had received the ACM Software System Award?
I was happy to see the DNS recognized as I believe it was a catalyst for the expansion of the Internet and diversity of Internet applications and services. My work was on the foundation of the DNS. It’s been gratifying to see how many people have used this foundation and built upon it over nearly 40 years, validating the original design but also adding to it.
So you recognized early on the significance of the DNS?
Short answer: Yes. At the start, I was doing some performance studies on TCP. But there were a lot of people doing that, all more senior than I, so I jumped at the opportunity to do what became the DNS.
One of the questions I get asked a lot is, “How did you get the very important job of designing the DNS?” The answer is that at the time, the research community and government sponsors thought that replacing the HOSTS.TXT system of the time was, at best, “a nice little problem” for a newly minted Ph.D. and certainly not one of the important issues of the day. There were at least four or five proposals, including a new centralized service that I was supposed to consider.
My time at the MIT Architecture Machine Group (now the Media Lab) working on distributed systems; IBM and virtual machine technology; Draper Labs and space flight; and, most importantly, UC Irvine’s Distributed Computer System (DCS) had built up a stock of principles and ideas in my head about how to build reliable, performant, distributed systems. It was an opportunity to just let my creative juices flow.
So what I designed was much more general and open ended than “replace HOSTS.TXT.” It was a unique distributed database. I knew it could change the way we thought about networking, and it did.
However, when you design something to be general and open ended, you will always get uses that you didn’t expect. That’s not a bug, that’s a feature.
What is the secret to creating such a simple, durable and adaptable software design?
Design something that relies on simple concepts that are easy to explain but is extensible. Expect that when it’s first released, people will complain it’s too general and complicated, but in three to five years, they’ll complain it’s missing features. Essential features come first.
For example, the DNS purposely had no security when it first came out, though I had ideas, and there were ways for an organization to protect its own infrastructure. The Wright brothers had no bathrooms on their first plane. Security is essential today for DNS, but it wasn’t then.
What first led to your interest in computer science and your decision to get a Ph.D. in ICS at UCI?
I programmed my first computer in high school, thanks to an MIT program of free summer classes for high school students. I was a physics major at MIT, and I programmed to finance my education. Somewhere around my junior year, my boss from IBM had lunch with the head of the physics department and my name came up. To make a long story short, they intervened and suggested that I was a mediocre physicist but great with computers, so why not change fields?
California was an interesting place, and UC Irvine was a startup (foreshadowing my later life?). There was much more to computer science than the things I had done, so it was time to look at AI, formal methods, etc.
How has your ICS education helped you throughout your career?
I had some great mentors and heroes at UCI — Dave Farber, Tim Standish, Julian Feldman, Martin Kay, Ed Thorpe, and many more. I had only lived in Boston, so driving to California and starting at UCI was quite an adventure. The ICS department, a startup itself, welcomed me and jump-started my networking with the research community and local industry.
Dave’s DCS project employed me and did an early version of cloud computing and a LAN hardware system that contributed to the design of IBM’s token ring. UCI also led me to my first ARPAnet access via USC’s Information Sciences Institute (ISI), where I eventually did the DNS. Marshall Rose and I did a dialup Internet connection from ISI to UCI in the very early days of the Internet – early adopters included the Thesaurus Linguae Graecae – Internet pioneers who worked in ancient Greek!
Dave also introduced me to Carver Mead at Caltech, who introduced me to integrated circuit design and let me audit classes at Caltech. My programming skills, coupled with my physics background, made me valuable to companies using the very primitive simulation tools of the day. Orange County had several startups in the area at the time, and UCI’s computer center supported their work.
I wrote my first (unsuccessful) NSF proposal with Tim Standish while at UCI. We proposed network research focused on real-time application support, probably ahead of its time.
Can you talk a bit about your current work?
I’m on the board of two companies that use DNS to improve network security: ThreatSTOP in Carlsbad, and Farsight Security in the Bay Area. I’m also chief scientist at ThreatSTOP. Both of these companies work on threat intelligence — knowing which domain names and IP addresses the bad guys are using, both for forensics after an attack and blocking to prevent attacks. Farsight creates threat intelligence and ThreatSTOP deploys it in your organization.
Your first line of network defense should be to simply block known bad actors from accessing your computer and network. But the problem is keeping up with the ever-changing set of threats. ThreatSTOP makes it easy — and “easy” is not usually associated with network security products. The problem here is changing a lot as more and more Internet of Things (IoT) devices connect: printers, robotic surgery devices, cameras, access control systems, automobiles. The bad guys are waiting.
Computer science is a lot like math: there are some pure mathematicians and some pure computer scientists, but the real excitement comes from applications. Look for opportunities where two fields intersect. I once got a consulting gig because I was the only person the client could find who could work with both their device physicists and modify circuit simulation programs to run correctly on a parallel architecture. Biology and computer science is a great example, but not if you are following a crowd.
Look for opportunity where the prevailing wisdom says there is none, but you see things differently.
— Shani Murray