- DNS Research
- A new IETF draft out of ZST University proposing a P2P based query strategy to deal with IPV6 DNS space.
- The National Academic Research Council has a new report on DNS, and
sites security problems with DNS, specifically denial-of-service
attacks on servers, as problems that need to be addressed.
- DNS Security
- There are many known vulnerabilities in many widely-deployed DNS
servers. In our survey in June 2004, we found that ~17% of all nameservers
had vulnerabilities identified as critical by the Internet Systems Consortium.
- Attacks on DNS
- Attackers frequently target the DNS. It is relatively
easy to launch attacks against DNS servers, and 0wning the Internet is a
- DNS standards and RFCs:
- The following RFCs define the common protocols for name resolution
on the Internet.
- P. Mockapetris. Domain Names: Concepts and Facilities. RFC 1034, Nov 1987.
- P. Mockapetris. Domain Names: Implementation and Specification. RFC 1035, Nov 1987.
- A. Kumar, J. Postel, C. Neuman, P. Danzig, and S. Miller. Common DNS Implementation Errors and Suggested Fixes. RFC 1536, Oct 1993.
- T. Brisco. DNS Support for Load Balancing. RFC 1794, Apr 1995.
- P. Vixie, S. Thomson, Y. Rekhter, J. Bound. Dynamic Updates in the Domain Name System. RFC 2136, April 1997.
- R. Elz and R. Bush. Clarifications to the DNS Specification. RFC 2181, July 1997.
- M. Andrews. Negative Caching of DNS Queries. RFC 2308, Mar 1998.
- D. Eastlake. Domain Name System Security Extensions. RFC 2535, Mar 1999.
- Namedroppers Archive
- Structured Peer to Peer Systems
- DNS Measurement Studies
- The following papers find that DNS resolution latency is a significant (10-30%) component of whole page download and display latency.
- C. Huitema and S. Weerahandi. Internet Measurements: the Rising Tide and the DNS Snag., ITC Specialist Seminar on Internet Traffic Measurement and Modeling, Monterey CA, Sep 2000.
- C. Wills and H. Shang. The Contribution of DNS Lookup Costs to Web Object Retrieval. Worcester Polytechnic Institute Technical Report TR-00-12, Jul 2000.
- L. Bent and G. M. Voelker. Whole Page Performance. Workshop on Web Content Caching and Distribution, Boulder CO, August 2002.
- The following papers show that the DNS root servers are subjected to high loads.
- N. Brownlee, kc Claffy, and E. Nemeth. DNS Measurements at a Root Server. GlobeCom, San Antonio, TX, Nov 2001.
- N. Brownlee, kc Claffy, and E. Nemeth. DNS Root/gTLD Performance Measurements. Systems Administration Conference, San Diego CA, Dec 2001.
- P. Danzig, K. Obraczka, and A. Kumar. An Analysis of Wide-Area Nameserver Traffic: A study of the Internet Domain Name System. SIGCOMM, Baltimore MD, 1992.
- Configuration errors are common and impact DNS robustness:
- V. Pappas, Z. Xu, S. Lu, D. Massey, A. Terzis, and L. Zhang. Impact of Configuration Errors on DNS Robustness. SIGCOMM, Portland OR, Aug 2004.
- P. Mockapetris and K. Dunlop. Development of the Domain Name System. SIGCOMM, Stanford CA, 1988.
- Power Laws
- Power laws are surprisingly common in practice - DNS query distributions
follow a power law. A side-effect of power law distributions is that
ordinary caching does not work well, due to the heavy tail of the distribution.
The following paper examines power-law distributions and their ramifications:
- L. Breslau, P. Cao, L. Fan, G. Phillips, and S. Shenker. Web Caching and Zipf-like Distributions: Evidence and Implications. International Conference on Computer Communications, New York NY, Mar 1999.
- J. Jung, E. Sit, H. Balakrishnan, and R. Morris. DNS Performance and Effectiveness of Caching. SIGCOMM Internet Measurement Workshop, San Francisco CA, Nov 2001.
- This work examines a way to periodically refresh caches to improve hit
rates. But the Zipf distribution of DNS queries make it really difficult
for heuristics to be effective, while they can exert undue load on
the infrastructure. In contrast, Beehive uses an analytical
solution that is guaranteed to achieve a targeted level of performance
- E. Cohen and H. Kaplan. Proactive Caching of DNS Records: Addressing a Performance Bottleneck. Symposium on Applications and the Internet, San Diego-Mission Valley CA, Jan 2001.
- Name Services
- CoDNS. CoDNS is a thin wrapper for name lookup which redirects lookup queries to a healthy peer node when the local nameserver starts to reveal failures. This masks off the long latency in name lookups.
- Intentional Naming System. INS enables clients to query for services based on complex predicates that capture the intentions of the users.
- Overlook. Overlook is part of the Herald project, which is building a publish/subscribe event notification service deployed as a self-configuring federation of peers designed to scale to Internet size and to provide timely delivery of notifications.
- DNS Implementations
- These servers implement legacy DNS services. CoDoNS is compatible
with all RFC-compliant implementations and can work in conjunction
with them. Some of them have known security/functionality problems;
read the associated caveats before installing.
- BIND: The most
commonly used DNS server.
- DJBDNS: A robust
DNS server and resolver implementation.
- NSD: Name server daemon, for authoritative nameservers only.
- LBNAMED: A load-balancing DNS server written in Perl.
- Eddie: A load-balancing DNS server written in Erlang.
- OAK: A DNS server written in Python.
- MaraDNS: A general-purpose DNS server.
- We are grateful to the PlanetLab infrastructure for enabling us to
deploy our initial prototype of CoDoNS across the planet.