DNS Milestones

1969–2025: the life of a protocol

DNS is older than the World Wide Web, older than commercial internet access, and older than most of the people who use it. This timeline covers the key events that shaped the system — from a crashed two-letter message to a trillion-query-per-day global infrastructure.

The ARPANET era (1969–1982)

October 29, 1969 — The first host-to-host message was sent on the ARPANET, from UCLA to the Stanford Research Institute. Student programmer Charley Kline attempted to type login from UCLA’s SDS Sigma 7 to SRI’s SDS 940. The system crashed after two characters, making the first message ever transmitted on the ARPANET simply: “lo”. About an hour later, the full login succeeded.

Early 1970s — The SRI-NIC begins maintaining HOSTS.TXT, the centralized file mapping every hostname to a network address. Elizabeth “Jake” Feinler leads the effort.

1974 — RFC 606 formalizes the HOSTS.TXT system. Feinler’s group also creates WHOIS, the first network directory service.

Early 1980s — Feinler’s group develops the top-level domain naming scheme: .com, .edu, .gov, .mil, .org, .net.

January 1, 1983 — The ARPANET switches from NCP to TCP/IP in the famous “flag day” transition. The scaling pressure this creates makes a distributed naming system urgent.

DNS is born (1983–1987)

November 1983 — Paul Mockapetris publishes RFC 882 and RFC 883, defining the Domain Name System. He also writes Jeeves, the first DNS server.

1984 — BIND (Berkeley Internet Name Domain) is written at UC Berkeley — the DNS server that will dominate for four decades.

March 15, 1985 — Symbolics.com becomes the first .com domain ever registered. Symbolics, Inc. was a Lisp machine manufacturer in Cambridge, Massachusetts.

1985 — The first six .com domains are registered: symbolics.com, bbn.com, think.com, mcc.com, dec.com, northrop.com.

November 1987 — Mockapetris publishes the revised RFC 1034 and RFC 1035, which remain the definitive DNS specifications.

November 1987 — The first 100 .com domains have been registered.

The web changes everything (1991–1998)

August 6, 1991 — Tim Berners-Lee publicly announces the World Wide Web on internet newsgroups. The web transforms DNS from a technical utility into critical consumer infrastructure — every URL typed into a browser triggers a DNS lookup.

1992 — Fewer than 15,000 .com domains exist.

1993 — The Mosaic browser is released, becoming the first browser with widespread public adoption. Network Solutions, Inc. wins an exclusive contract to manage .com, .net, and .org registrations — a monopoly that lasts until 1998.

1995 — Network Solutions begins charging $100 for a two-year registration (previously free). By year’s end, approximately 120,000 domains are registered.

January 1997 — The first DNSSEC specification is published as RFC 2065.

September 30, 1998 — ICANN (Internet Corporation for Assigned Names and Numbers) is incorporated in California, with Esther Dyson as founding chairwoman. ICANN takes over domain name governance from the US government and ends the Network Solutions monopoly.

October 16, 1998 — Jon Postel dies of complications from heart surgery — 16 days after ICANN’s founding.

The domain boom (1999–2007)

2000 — Over 20 million domains are registered — a 167x increase from 1995.

2000 — VeriSign acquires Network Solutions for $21 billion in stock at the peak of the dot-com bubble.

March 2005 — The “DNSSEC-bis” standards are published as RFC 4033, 4034, and 4035, providing the practical foundation for DNSSEC deployment after years of false starts.

Security awakens (2008–2011)

July 8, 2008 — Dan Kaminsky publicly discloses a fundamental DNS cache poisoning vulnerability (CVE-2008-1447), the “Kaminsky bug.” Vendors release coordinated patches the same day — one of the largest simultaneous vulnerability disclosures in history.

December 3, 2009 — Google launches Public DNS at 8.8.8.8, becoming the first major tech company to offer a free public resolver.

July 15, 2010 — The DNS root zone is signed with DNSSEC for the first time. The deployment was gradual: one root server per month was signed starting December 2009.

Expansion and disruption (2012–2017)

January 2012 — ICANN opens the New gTLD Program application window. 1,930 applications are received at $185,000 each, resulting in over 1,200 new top-level domains (.xyz, .app, .blog, .shop, brand TLDs like .google and .amazon).

May 2016 — DNS-over-TLS (DoT) is standardized in RFC 7858, using dedicated port 853 for encrypted DNS queries.

October 21, 2016 — The Dyn DDoS attack. The Mirai botnet, powered by hundreds of thousands of compromised IoT devices, launches three waves of attacks against DNS provider Dyn. Twitter, Reddit, Netflix, Amazon, Spotify, PayPal, and dozens of other services go offline. The attack demonstrates the fragility of centralized DNS infrastructure.

November 2017 — Quad9 launches at 9.9.9.9, offering the first major public resolver with built-in malware blocking.

The encryption era (2018–2025)

April 1, 2018 — Cloudflare launches 1.1.1.1, emphasizing privacy (no query logging, independent audits) and speed. It quickly becomes the fastest public DNS resolver.

October 2018 — DNS-over-HTTPS (DoH) is standardized in RFC 8484. Unlike DoT, DoH blends DNS queries with regular HTTPS traffic on port 443, making them indistinguishable to network observers.

October 2018 — The first-ever root zone KSK rollover is completed — changing the cryptographic key that anchors all of DNSSEC, after a year-long delay for resolver readiness.

February 2020 — Firefox enables DoH by default for US users, using Cloudflare as the default resolver. Over 90% of US Firefox users now have encrypted DNS.

May 2022 — DNS-over-QUIC (DoQ) is standardized in RFC 9250, offering encryption with near-UDP latency — only 2% slower than plain DNS despite full encryption.

February 2024 — The KeyTrap vulnerability (CVE-2023-50387) is disclosed, demonstrating that DNSSEC’s complexity can itself become an attack vector. A single crafted DNS packet could exhaust a validating resolver’s CPU.

2025 — Global encrypted DNS adoption reaches approximately 14%. The DNS root server system handles 130+ billion queries per day across ~1,900 instances. Total domain registrations reach 368 million, with 157.2 million in .com alone.

The arc of DNS

From a text file at Stanford to a trillion-query-per-day encrypted global infrastructure, DNS has evolved continuously while maintaining backward compatibility with its 1987 specification. The core protocol — hierarchical names, delegated zones, cached records with TTLs — is the same. Everything else has been bolted on: security (DNSSEC), privacy (DoH, DoT, DoQ), scalability (anycast, aggressive caching), and resilience (serve-stale, multi-provider DNS).

The result is a system that is simultaneously one of the oldest and most modern pieces of internet infrastructure — a protocol from 1983 that handles the demands of 2025.