A Comparative Study of the DNS Design with DHT-Based Alternatives

95/08/31Chen Chih-Ming

2

Outline Problem Background Methodology Analytical model Evaluation Discussion Related work Conclusion

3

Problem description

Current DNS operational issues DHT-Based System Does DHT-Based system have

comparative performance

4

Background – DNS Tree

RR NS

Authoritative server Caching resolver Stub resolver

5

Background – DNS Tree

.

jpcntw

org

nctu nthuntu

educom

6

Background – Chord Ring Base b One dimensional cyclic identifier space [0,…,bm], N

=bm+1 Distance is calculated as the clockwise numeric dis

tance Each node maintain (b-1)logbN neighbors ith neighbor of X is the node closest to X+2i on the ci

rcle Map DNS by hash to 0~bm, then assigning the RR to

the node v with the next larger ID Node = AS & Caching resolver

7

Background – Chord Ring

X

X+4

X+2

X+8

X+16

8

Background – Impact in Redundancy DNS

Multiple servers serve a zone Chose any of them to answer query P = ΠRi Utilizing all the existing redundancy Always the same logical path

Chord A set of neighbors A subset of one’s neighbors leads towards each destinat

ion P = (b-1)(logbN)!, it has been shown DHTs don’t fully explore the underlying redundancy May have vary path from different server

9

Background – Impact in Caching DNS

Caching query Caching NS RR Improving data availability Improving path availability

DHT Caching query for each intermediate nodes Improving data availability Don’t shorten the query path

Different behavior when a cache miss occur.

10

Methodology Metrics

Data failure rate Path failure rate Path lengths

DNS trace Trace-driven simulation

DNS Reconstruct DNS tree and each zone Cache enable/disable

DHT Different size & base Deploy RR to appropriate node Replicate to neighboring nodes Cache enable/disable

Place additional clients Failure

Physical failure Malicious attack

11

Discussion Recovery mechanisms

For static resilient Simply compare two system

Node failure model Not capture configuration errors Available again after a short period Only want to measure relative advantages

Client record popularity

12

13

Analytical model

Availability analysis Path Failure rate

Average path failure rate

14

15

Cache performance analysis Table II DNS (Experiment result)

Type I – reply a record Type II – reply non-existing Type III – reply referral to a child zone Query distribution generated by a caching se

rver & exact subpart of the DNS tree structure

16

Cache performance analysis DHT (Simulate result)

record only in one node Li is probability mass function of path length I Ci is the number of client of a specific record that are I

or more hops away from the record Pi is the probability of two clients having a common n

ode at distance I on the path to the record Si is two independent paths merge at distance I from t

he destination record Hi is the number of cache hits at distance I form the d

estination record Size of network N, base b, total number of client C

17

18

19

Evaluation Availability

DNS: 95000 servers DHT: 8192 nodes Data replication & Path Redundancy Availability & Caching Availability & Malicious attacks Summary of Results

Cache performance Caching in DNS Caching in DHTs Summary of Results

20

21

圖不了

22

23

圖不了

24

Cache in DNS

25

26

27

28

29

圖不了

30

Cache in DHT

31

32

33

34

Discussion Engineering flexibility

Selective engineering worthwhile Deliberated attack

System complexity DNS & DHTs Performance v.s. complexity

Generality of our conclusions DNS is more resilient to random failure DNS have higher performance on passive cachin

g

35

Related work

Long path lengths of DHT network[3]

Proactive caching Hybrid system[18][14][4],[2][6]

36

Conclusion DNS have better performance on

random node failure & cache performance

DHT can provide withstanding orchestrated attacks & normal performance with high degree

Improving the resilience of current system against malicious attack is a more appealing solution.