Sunday, February 3, 2013

The Design and Implementation of a Next Generation Name Service for the Internet


Traditional DNS, according to this paper, is susceptible to denial of service (DoS) attacks, has long delays in name-address translation, and does not support fast updates. These problems stem fundamentally from the structure of the legacy DNS. This paper proposed as an alternative for DNS,  Cooperative Domain Name System (CoDoNS), whose goals is to overcome such limitations. It consists of globally distributed nodes that self organize to form a peer-to-peer network and is aimed at high lookup performance, resilience to denial of service attacks, and fast propagation of updates.

Very large-scale performance measurements suggests that CoDoNS can provide lower latencies for query lookups. Several features of CoDoNS are particularly attracting:

1. Dropping hierarchical structure of DNS and dentralizing load dynamically to distributed peers to avoid susceptibility of DoS attacks.

2. Better performance without higher expense by varying replication scale according to query popularity: more popular records are replicated at a larger scale, while reduced amount of replications are performed for less popular records.

3. Better adaptation to flash crowds/bottlenecks. Peer nodes are organize themselves continuously make adaptive replicates .

4. Proactive update propagation enables that unexpected changes can be circulated quickly and cached in the system.

last but not least, this system has several compatibility issues with current DNS infrastructure, which may be inhibit its deployment in the real environment.
Posted by at

7 comments:

  1. Marcel FloresFebruary 3, 2013 at 7:26 PM

    So one thing that I noted for this one: are flash crowds really a problem for DNS? Certainly some of the other discussed issues I can buy as being problems (bottlenecks that depend on 2 resolvers, etc. etc.), but flash crowds seemed out of place. My understanding was that when a site gets slashdotted, it's usually because they had cacheing turned off in their wordpress host, not because of DNS trouble.

    Maybe my perception is incorrect though?

    ReplyDelete
  2. Marcel FloresFebruary 3, 2013 at 7:27 PM

    Also, why are there still two summaries being posted?

    ReplyDelete
  3. UnknownFebruary 4, 2013 at 7:16 AM

    Another thing I noted for this one is that while Beehive definitely helps with the flash crowds, the increase in latency is much higher initially than for legacy DNS. Similarly, they designed CoDonS to fix DoS attacks, but then they say that "Well, since it sits on top of legacy DNS, it could still be a problem. Also, you could get into the routing tables and REALLY screw things up. Also, a lot of the security issues come from bad implementation." So I'm wondering exactly what security issues they fixed.

    ReplyDelete
  4. John HudsonFebruary 4, 2013 at 8:43 AM

    I think one of the most critical shortcomings of CoDoNS which is required before it could be considered a viable alternative to DNS is the dynamic server selection mechanism that CDN's rely on. And considering how much of the most popular content on the internet is served by CDN's employing these methods, it seems like a significant point. They mention in the paper that CoDoNS simply forwards DNS queries that are for low TTL records to the legacy DNS name-server. This means that DNS based server selection will still work for the user (albeit with the added latency of being forwarded to the NS by CoDoNS), however, it means CoDoNS can't be considered a viable total replacement for legacy DNS. With the highly replicated nature of CoDoNS, I'm not sure how dynamic server selection could easily be implemented.

    ReplyDelete

Subscribe to: Post Comments (Atom)