What adjustments is the Domain Name System (DNS) facing under the powerful impetus of the artificial intelligence (AI) wave? The current composition of internet traffic, application forms, and resource demands are all changing, posing profound and severe new challenges to the traditional DNS system in terms of performance, security, protocols, and even its core functions.

The primary challenge stems from the enormous performance and scale pressure that the explosion of AI applications places on DNS infrastructure. Statistics show that AI contributes approximately 42%-48% to the current increase in global internet traffic. This is not a simple linear increase in traffic, but rather a qualitative change: real-time interaction with AI assistants, leads to a sharp increase in short-term DNS query density; applications based on microservice architectures may call dozens of independent service domains on a single page, multiplying the resolution demand; in scenarios such as autonomous driving, the dynamic scheduling of service nodes further increases the frequency of local DNS queries. A deeper impact lies in the fact that the explosion of IoT devices and the real-time location requirements of distributed computing nodes for AI training tasks are pushing DNS query volume to trillions per second, placing unprecedented demands on the concurrent processing capabilities and low-latency response of the resolution system.

Meanwhile, the large-scale deployment of IPv6 necessitates dynamic and frequent refreshes of the address pool, potentially increasing the update frequency of DNS records by more than tenfold, placing immense pressure on dynamic IP resource management.

Secondly, the security threats facing DNS are becoming increasingly complex and intelligent, with defense difficulties continuously escalating. These threats are not confined to a single layer but are systemic. On one hand, attacks targeting the DNS service itself are constantly evolving. Attackers exploit the open nature of the DNS protocol to launch more covert distributed denial-of-service (DDoS) attacks, such as using a large number of botnet nodes to conduct low-frequency but massive random subdomain queries (DNS Water Torture attacks). These attacks have low single-point rates, easily bypassing traditional fixed-threshold-based defense strategies, yet can aggregate into a torrent of millions of QPS to overwhelm authoritative servers. On the other hand, the risk of DNS serving as an attack springboard and covert channel is increasing.

Ransomware groups and nation-state hacking organizations widely employ Fast Flux technology, rapidly rotating the IP addresses and even name servers associated with domain names to hide the true location of malware distribution, phishing websites, and command and control servers, significantly increasing the difficulty of tracking and blocking. More seriously, AI technology itself is being used to generate more realistic phishing website domains or automated attack patterns, making threat detection and blocking require equally intelligent countermeasures.

Furthermore, the evolution of internet architecture and historical events have exposed deep-seated challenges to DNS in terms of protocol dependence and systemic resilience. Many major cyber incidents in recent years can often be traced back to the DNS环节 (DNS link/stage). For example, a cloud service provider experienced a large-scale service outage due to an anomaly in the resolution of its core management domain name. Although the fault was quickly repaired, the business recovery cycle was prolonged by a long tail effect due to the global DNS caching mechanism. Such incidents highlight the inherent chain risk of the DNS system: from domain name registration management agencies and registration service agencies to recursive resolution and authoritative resolution, a failure at any link in the chain (such as operational errors, policy compliance issues, or technical failures) can lead to a complete loss of connectivity for downstream internet services. Furthermore, traditional DNS protocols lack support for state and context in their design, making it difficult to directly meet the needs of new scenarios such as dynamic interconnection between agents and real-time discovery of computing resources. Their passive "stateless query-response" model is becoming a bottleneck for performance and functional evolution.

Finally, the core challenge for DNS services lies in the fundamental evolution of its functional positioning from an "address translator" to a "global resource scheduling center," requiring a systematic upgrade and reconstruction. In the past, the core functions of DNS were domain name resolution, load balancing, and disaster recovery. In the AI ​​era, however, its core functions have expanded to service scheduling, data management, resource authentication, device connectivity, and even message transmission. Network resources have expanded from static physical server IP addresses to dynamic, heterogeneous logical resources, such as a computing container, a data service, or an AI agent. This means that the next generation of DNS must be able to "name everything" and achieve efficient discovery. To address this fundamental shift, the industry consensus is to systematically build "resilient DNS." This is not a simple technological upgrade, but a multi-dimensional framework encompassing technology, resources, and governance: At the technological level, it requires achieving end-to-end controllability, observability, and second-level self-healing capabilities from authoritative to recursive approaches; at the resource level, it encourages control over critical internet infrastructure resources to enhance autonomy; and at the standards and governance level, it requires active participation in international rule-making to build a shared future for cyberspace.

The challenges facing DNS services in 2026 are multi-dimensional and intertwined. It has withstood the performance shock of AI-driven traffic paradigm shifts, exposed the chain-like weaknesses of traditional architectures, and needs to leapfrog into the role of a central hub for global resource scheduling in the intelligent era. Addressing these challenges cannot rely solely on piecemeal technical patches; a systematic approach is essential to drive DNS towards a more secure, efficient, and intelligent "next-generation DNS," thereby solidifying the network foundation of the intelligent world.