Cloud DNS: Challenges, Security Risks, and Future Directions Discussed at the Alibaba Cloud & Tsinghua University Forum

The Domain Name System (DNS) is a fundamental Internet infrastructure and the entry point for addressing and traffic routing, whose significance has risen with China's digital transformation and the trend toward platform‑based, large‑scale DNS services.

On June 20, 2023, Alibaba Cloud co‑hosted a technical forum in Beijing with Tsinghua University and Qi An Xin, titled "Internet Domain Name Resolution and Challenges in the Cloud Service Era." Alibaba Cloud senior technical expert Ma Yong delivered a presentation on Alibaba Cloud's integrated cloud DNS challenges and practices, while Tsinghua University speaker Zhang Fenglu shared joint research on DNS load‑balancing security risks.

Ma Yong explained that DNS has evolved from a traditional network‑centric resolution protocol to a PaaS/SaaS service supporting multiple scenarios, compute scheduling, and digital asset governance. Using Alibaba Cloud DNS as an example, he noted that cloud‑based DNS traffic now exceeds external Internet user DNS traffic, and he highlighted technical challenges in flexibility, stability, and scalability across multi‑cloud and traditional IDC environments, offering best‑practice recommendations.

Zhang Fenglu described a collaborative study on security risks of DNS load balancing on cloud platforms. The research uncovered that some authoritative name servers employ a "silent" response strategy to certain queries, which can be exploited to manipulate the load‑balancing algorithms of mainstream recursive DNS software (e.g., BIND9, PowerDNS, Microsoft DNS), affecting both domestic and international DNS vendors.

The same day, Alibaba Cloud and various industry experts organized a "Next‑Generation DNS+" symposium to co‑create DNS+ development trends, hotspots, and challenges. Participants discussed platform‑type DNS trends, DNS security research, identifier innovation, and inclusive ecosystem building.

Professor Duan Haixin’s team from Tsinghua University presented research on DNS security under cloud computing, focusing on novel cache‑poisoning attacks, authorization mechanism threats, and large‑scale traffic manipulation, emphasizing that despite DNS’s simple protocol, its widespread deployment creates new attack surfaces.

Professor Ma Yan of Beijing University of Posts and Telecommunications argued that next‑generation intelligent agents and terminals should possess inherent security, management, and intelligence capabilities, and that analyzing DNS network behavior and traffic models will better guide future systems.

Liang Zhuo, head of Alibaba Cloud DNS product research, stated that in the multi‑cloud heterogeneous era, DNS is no longer just a traditional network service. To meet future communication infrastructure security, enterprise digital transformation, and identifier innovation, DNS is evolving into a "DNS+" public service system that offers solutions across industries, leveraging cloud computing, ecosystem governance, and secure, controllable operations.

Dr. Yao Jiankang of CNNIC Research Institute compared DNS+ to the "IPv6+" initiative, suggesting that DNS+ will drive new scenarios and applications, including integration with IoT and digital collectibles, as highlighted by Dr. Wang Wei of Guangzhou IoT Research Institute.

In conclusion, experts reached a consensus that internet domain and identifier resolution involve commercial, technical, and governance issues, and that DNS requires a "+ ecosystem co‑construction" approach through strengthened academia‑industry collaboration, monitoring, and feedback mechanisms to ensure secure, stable, and inclusive DNS services for China’s digital development.