Related Work

DNS Research
A new IETF draft out of ZST University proposing a P2P based query strategy to deal with IPV6 DNS space.
- L. Huang. Distributed DNS Implementation in IPV6. ZST University, Hangzhou, China, Jan 2007.
The National Academic Research Council has a new report on DNS, and sites security problems with DNS, specifically denial-of-service attacks on servers, as problems that need to be addressed.
- National Academic Research Council. Signposts in Cyberspace: Domain Name System and Internet Navigation. National Academies Press, Washington, DC, 2005.
DNS Security
There are many known vulnerabilities in many widely-deployed DNS servers. In our survey in June 2004, we found that ~17% of all nameservers had vulnerabilities identified as critical by the Internet Systems Consortium.
- DNS Vulnerabilities. DNS Threats and DNS Weaknesses. http://www.dnssec.net/dns-threats.php, Mar 2006.
Attacks on DNS

Attackers frequently target the DNS. It is relatively easy to launch attacks against DNS servers, and 0wning the Internet is a significant event.

Peter G. Neumann. DNS roots attacked, Risks Digest Volume 24: Issue 57, Feb 6 2007.
New York's Oldest ISP Gets Domain Hijacked, 2005.
Welsh Tory party website hijacked, 12 Jan 2005.
R. Naraine. Massive DDoS Attack Hit DNS Root Servers. www.internetnews.com/dev-news/article.php/1486981, Oct 2002.
Massive denial of service attack targets DNS root servers.
P. Thurrott. Microsoft Suffers Another DoS Attack. www.winnetmag.com/WindowsSecurity/Article/ArticleID/19770/WindowsSecurity_19770.html, Jan 2001.
Denial of service attack against Microsoft's DNS servers knock Microsoft services off the Internet.
M. J. Edwards. Something Old, Something New: DNS Hijacking. www.winnetmag.com/Article/ArticleID/8170/8170.html, Feb 2000.
DNS spoofing attack misdirects clients seeking to contact RSA, Inc. to a fake website instead.
DNS standards and RFCs:

The following RFCs define the common protocols for name resolution on the Internet.

P. Mockapetris. Domain Names: Concepts and Facilities. RFC 1034, Nov 1987.
P. Mockapetris. Domain Names: Implementation and Specification. RFC 1035, Nov 1987.
A. Kumar, J. Postel, C. Neuman, P. Danzig, and S. Miller. Common DNS Implementation Errors and Suggested Fixes. RFC 1536, Oct 1993.
T. Brisco. DNS Support for Load Balancing. RFC 1794, Apr 1995.
P. Vixie, S. Thomson, Y. Rekhter, J. Bound. Dynamic Updates in the Domain Name System. RFC 2136, April 1997.
R. Elz and R. Bush. Clarifications to the DNS Specification. RFC 2181, July 1997.
M. Andrews. Negative Caching of DNS Queries. RFC 2308, Mar 1998.
D. Eastlake. Domain Name System Security Extensions. RFC 2535, Mar 1999.
Namedroppers Archive
Structured Peer to Peer Systems
DNS Measurement Studies

The following papers find that DNS resolution latency is a significant (10-30%) component of whole page download and display latency.

C. Huitema and S. Weerahandi. Internet Measurements: the Rising Tide and the DNS Snag., ITC Specialist Seminar on Internet Traffic Measurement and Modeling, Monterey CA, Sep 2000.
C. Wills and H. Shang. The Contribution of DNS Lookup Costs to Web Object Retrieval. Worcester Polytechnic Institute Technical Report TR-00-12, Jul 2000.
L. Bent and G. M. Voelker. Whole Page Performance. Workshop on Web Content Caching and Distribution, Boulder CO, August 2002.

The following papers show that the DNS root servers are subjected to high loads.

N. Brownlee, kc Claffy, and E. Nemeth. DNS Measurements at a Root Server. GlobeCom, San Antonio, TX, Nov 2001.
N. Brownlee, kc Claffy, and E. Nemeth. DNS Root/gTLD Performance Measurements. Systems Administration Conference, San Diego CA, Dec 2001.
P. Danzig, K. Obraczka, and A. Kumar. An Analysis of Wide-Area Nameserver Traffic: A study of the Internet Domain Name System. SIGCOMM, Baltimore MD, 1992.

Configuration errors are common and impact DNS robustness:

V. Pappas, Z. Xu, S. Lu, D. Massey, A. Terzis, and L. Zhang. Impact of Configuration Errors on DNS Robustness. SIGCOMM, Portland OR, Aug 2004.
P. Mockapetris and K. Dunlop. Development of the Domain Name System. SIGCOMM, Stanford CA, 1988.
Power Laws

Power laws are surprisingly common in practice - DNS query distributions follow a power law. A side-effect of power law distributions is that ordinary caching does not work well, due to the heavy tail of the distribution. The following paper examines power-law distributions and their ramifications:

L. Breslau, P. Cao, L. Fan, G. Phillips, and S. Shenker. Web Caching and Zipf-like Distributions: Evidence and Implications. International Conference on Computer Communications, New York NY, Mar 1999.
J. Jung, E. Sit, H. Balakrishnan, and R. Morris. DNS Performance and Effectiveness of Caching. SIGCOMM Internet Measurement Workshop, San Francisco CA, Nov 2001.

This work examines a way to periodically refresh caches to improve hit rates. But the Zipf distribution of DNS queries make it really difficult for heuristics to be effective, while they can exert undue load on the infrastructure. In contrast, Beehive uses an analytical solution that is guaranteed to achieve a targeted level of performance optimally.

E. Cohen and H. Kaplan. Proactive Caching of DNS Records: Addressing a Performance Bottleneck. Symposium on Applications and the Internet, San Diego-Mission Valley CA, Jan 2001.
Name Services

CoDNS. CoDNS is a thin wrapper for name lookup which redirects lookup queries to a healthy peer node when the local nameserver starts to reveal failures. This masks off the long latency in name lookups.
Intentional Naming System. INS enables clients to query for services based on complex predicates that capture the intentions of the users.
Overlook. Overlook is part of the Herald project, which is building a publish/subscribe event notification service deployed as a self-configuring federation of peers designed to scale to Internet size and to provide timely delivery of notifications.
DNS Implementations

These servers implement legacy DNS services. CoDoNS is compatible with all RFC-compliant implementations and can work in conjunction with them. Some of them have known security/functionality problems; read the associated caveats before installing.

BIND: The most commonly used DNS server.
DJBDNS: A robust DNS server and resolver implementation.
NSD: Name server daemon, for authoritative nameservers only.
LBNAMED: A load-balancing DNS server written in Perl.
Eddie: A load-balancing DNS server written in Erlang.
OAK: A DNS server written in Python.
MaraDNS: A general-purpose DNS server.
Planetlab
We are grateful to the PlanetLab infrastructure for enabling us to deploy our initial prototype of CoDoNS across the planet.

Related Work

Computer Science Department Cornell University

Computer Science Department
Cornell University