Cooperative Domain Name System

CoDoNS is a high-performance, failure-resilient, and scalable name service for the Internet. It serves as both an alternative and a safety-net for the legacy Domain Name System (DNS). Built on top of Beehive, it provides clients low latencies for name resolution, automatic load-balancing during flash-crowds and denial of service attacks, and quick dissemination of changes in DNS mappings. It is currently deployed across the globe on Planet-Lab. A list of live CoDoNS servers and their current performance is provided here.

The legacy domain name system (DNS) that powers the Internet has several critical shortcomings. In a recent survey of the legacy DNS which spanned 535000 domains and 164000 name servers, we found that 79% of domainnames rely on two or fewer servers. Worse, 33% of domains have a single bottleneck link whose failure would result in disappearance of that domain. These bottlenecks in DNS make it trivial to launch DoS attacks against selected targets. Further, 20% of DNS servers contain security vulnerabilities that enable attackers to spoof records or block their distribution entirely. The static nameserver hierarchy that forms the foundation of the the legacy DNS system is fragile and vulnerable.

CoDoNs relies on a set of cooperating peer name caches that dynamically adapt to the query stream. It has several unique properties:

CoDoNS decouples server location from server authority, and hence any server can serve any binding. DNSSEC-compliant signatures ensure that the verity of the records served by CoDoNS servers can be checked. CoDoNs automatically adjusts the system respond to sudden changes in object popularity, as in the so called "slashdot effect."

With CoDoNs, users can purchase names and distribute them throughout the Internet without having to maintain dedicated nameservers. CoDoNS securely disseminates DNS information (e.g. name to IP address bindings, MX records, etc.) to participating name caches. When a client issues a name query, the name caches will, on average, locate the required data in a small number of hops.

Overall, CoDoNS is backwards-compatible with the legacy DNS. It can serve as a safety net for DNS, acting as a high-performance cache, and can take over DNS services entirely if the legacy DNS is attacked. CoDoNS requires no changes to client resolvers.

->  CoDoNS Overview of CoDoNS.
->  Frequently Asked Questions Frequently asked questions about DNS, its vulnerabilities, Beehive and CoDoNS.
->  Structured Replication How CoDoNS achieves high performance, DoS-resilience and load balance.
->  CoDoNS Deployment A list of nodes running CoDoNS at the moment. You can point your resolver to any of these nodes - pick the closest for the best service.
->  DNS Survey We performed a survey of vulnerabilities in traditional DNS. The web of trust that traditional DNS relies on is very fragile; approximately one third of all names are vulnerable.
->  Recent DNS Attacks Emerging information about the widespread DNS attacks of 2/6/07.
->  Related Work Pointers to work on DNS.
->  People Project members.
->  Papers Papers and Talks on CoDoNS and related projects.
->  Support Project support and funding.


Computer Science Department
Cornell University