a comparative study of the dns design with dht-based alternatives 95/08/31 chen chih-ming
TRANSCRIPT
A Comparative Study of the DNS Design with DHT-Based Alternatives
95/08/31Chen Chih-Ming
2
Outline Problem Background Methodology Analytical model Evaluation Discussion Related work Conclusion
3
Problem description
Current DNS operational issues DHT-Based System Does DHT-Based system have
comparative performance
4
Background – DNS Tree
RR NS
Authoritative server Caching resolver Stub resolver
5
Background – DNS Tree
.
jpcntw
org
nctu nthuntu
educom
6
Background – Chord Ring Base b One dimensional cyclic identifier space [0,…,bm], N
=bm+1 Distance is calculated as the clockwise numeric dis
tance Each node maintain (b-1)logbN neighbors ith neighbor of X is the node closest to X+2i on the ci
rcle Map DNS by hash to 0~bm, then assigning the RR to
the node v with the next larger ID Node = AS & Caching resolver
7
Background – Chord Ring
X
X+4
X+2
X+8
X+16
8
Background – Impact in Redundancy DNS
Multiple servers serve a zone Chose any of them to answer query P = ΠRi Utilizing all the existing redundancy Always the same logical path
Chord A set of neighbors A subset of one’s neighbors leads towards each destinat
ion P = (b-1)(logbN)!, it has been shown DHTs don’t fully explore the underlying redundancy May have vary path from different server
9
Background – Impact in Caching DNS
Caching query Caching NS RR Improving data availability Improving path availability
DHT Caching query for each intermediate nodes Improving data availability Don’t shorten the query path
Different behavior when a cache miss occur.
10
Methodology Metrics
Data failure rate Path failure rate Path lengths
DNS trace Trace-driven simulation
DNS Reconstruct DNS tree and each zone Cache enable/disable
DHT Different size & base Deploy RR to appropriate node Replicate to neighboring nodes Cache enable/disable
Place additional clients Failure
Physical failure Malicious attack
11
Discussion Recovery mechanisms
For static resilient Simply compare two system
Node failure model Not capture configuration errors Available again after a short period Only want to measure relative advantages
Client record popularity
12
13
Analytical model
Availability analysis Path Failure rate
Average path failure rate
14
15
Cache performance analysis Table II DNS (Experiment result)
Type I – reply a record Type II – reply non-existing Type III – reply referral to a child zone Query distribution generated by a caching se
rver & exact subpart of the DNS tree structure
16
Cache performance analysis DHT (Simulate result)
record only in one node Li is probability mass function of path length I Ci is the number of client of a specific record that are I
or more hops away from the record Pi is the probability of two clients having a common n
ode at distance I on the path to the record Si is two independent paths merge at distance I from t
he destination record Hi is the number of cache hits at distance I form the d
estination record Size of network N, base b, total number of client C
17
18
19
Evaluation Availability
DNS: 95000 servers DHT: 8192 nodes Data replication & Path Redundancy Availability & Caching Availability & Malicious attacks Summary of Results
Cache performance Caching in DNS Caching in DHTs Summary of Results
20
21
圖不了
22
23
圖不了
24
Cache in DNS
25
26
27
28
29
圖不了
30
Cache in DHT
31
32
33
34
Discussion Engineering flexibility
Selective engineering worthwhile Deliberated attack
System complexity DNS & DHTs Performance v.s. complexity
Generality of our conclusions DNS is more resilient to random failure DNS have higher performance on passive cachin
g
35
Related work
Long path lengths of DHT network[3]
Proactive caching Hybrid system[18][14][4],[2][6]
36
Conclusion DNS have better performance on
random node failure & cache performance
DHT can provide withstanding orchestrated attacks & normal performance with high degree
Improving the resilience of current system against malicious attack is a more appealing solution.