A Comparative Study of the DNS Design with DHT-Based Alternatives 95/08/31 Chen Chih-Ming
2 Outline Problem Background Methodology Analytical model Evaluation Discussion Related work Conclusion
3 Problem description Current DNS operational issues DHT-Based System Does DHT-Based system have comparative performance
4 Background – DNS Tree RR NS Authoritative server Caching resolver Stub resolver
5 Background – DNS Tree. jpcntw org nctunthuntu educom
6 Background – Chord Ring Base b One dimensional cyclic identifier space [0, …,b m ], N=b m +1 Distance is calculated as the clockwise numeric distance Each node maintain (b-1)log b N neighbors i th neighbor of X is the node closest to X+2 i on the circle Map DNS by hash to 0~b m, then assigning the RR to the node v with the next larger ID Node = AS & Caching resolver
7 Background – Chord Ring X X+4 X+2 X+8 X+16
8 Background – Impact in Redundancy DNS Multiple servers serve a zone Chose any of them to answer query P = ΠR i Utilizing all the existing redundancy Always the same logical path Chord A set of neighbors A subset of one ’ s neighbors leads towards each destination P = (b-1)(log b N)!, it has been shown DHTs don ’ t fully explore the underlying redundancy May have vary path from different server
9 Background – Impact in Caching DNS Caching query Caching NS RR Improving data availability Improving path availability DHT Caching query for each intermediate nodes Improving data availability Don ’ t shorten the query path Different behavior when a cache miss occur.
10 Methodology Metrics Data failure rate Path failure rate Path lengths DNS trace Trace-driven simulation DNS Reconstruct DNS tree and each zone Cache enable/disable DHT Different size & base Deploy RR to appropriate node Replicate to neighboring nodes Cache enable/disable Place additional clients Failure Physical failure Malicious attack
11 Discussion Recovery mechanisms For static resilient Simply compare two system Node failure model Not capture configuration errors Available again after a short period Only want to measure relative advantages Client record popularity
12
13 Analytical model Availability analysis Path Failure rate Average path failure rate
14
15 Cache performance analysis Table II DNS (Experiment result) Type I – reply a record Type II – reply non-existing Type III – reply referral to a child zone Query distribution generated by a caching server & exact subpart of the DNS tree structure
16 Cache performance analysis DHT (Simulate result) record only in one node Li is probability mass function of path length I Ci is the number of client of a specific record that are I or more hops away from the record Pi is the probability of two clients having a common node at distance I on the path to the record Si is two independent paths merge at distance I from the destination record Hi is the number of cache hits at distance I form the destination record Size of network N, base b, total number of client C
17
18
19 Evaluation Availability DNS: servers DHT: 8192 nodes Data replication & Path Redundancy Availability & Caching Availability & Malicious attacks Summary of Results Cache performance Caching in DNS Caching in DHTs Summary of Results
20
21 圖不了
22
23 圖不了
24 Cache in DNS
25
26
27
28
29 圖不了
30 Cache in DHT
31
32
33
34 Discussion Engineering flexibility Selective engineering worthwhile Deliberated attack System complexity DNS & DHTs Performance v.s. complexity Generality of our conclusions DNS is more resilient to random failure DNS have higher performance on passive caching
35 Related work Long path lengths of DHT network[3] Proactive caching Hybrid system[18][14][4],[2][6]
36 Conclusion DNS have better performance on random node failure & cache performance DHT can provide withstanding orchestrated attacks & normal performance with high degree Improving the resilience of current system against malicious attack is a more appealing solution.