40
CoDoNS: Replacing the DNS Hierarchy with Peers Venugopalan Ramasubramanian (Rama) Emin Gün Sirer Computer Science Dept., Cornell University

CoDoNS: Replacing the DNS Hierarchy with Peers

  • Upload
    others

  • View
    5

  • Download
    0

Embed Size (px)

Citation preview

Page 1: CoDoNS: Replacing the DNS Hierarchy with Peers

CoDoNS: Replacing the DNS Hierarchy with Peers

Venugopalan Ramasubramanian (Rama)Emin Gün Sirer

Computer Science Dept., Cornell University

Page 2: CoDoNS: Replacing the DNS Hierarchy with Peers

Why change the DNS?

• DNS is largely successful– Two decades of operation– High scalability

• Requirements have increased– Constant availability– High performance– Security

Page 3: CoDoNS: Replacing the DNS Hierarchy with Peers

DNS: Problems

• Poor availability– 80% of domain names bottle-necked at 2 servers– 30% of domain names bottle-necked at 1 gateway

• High latencies– Long tail in response time– Stale bindings remain for a long time

• Vulnerable to attacks– Cache poisoning, transitive trust– Denial of Service (DoS)

Page 4: CoDoNS: Replacing the DNS Hierarchy with Peers

Insight and Solution

X Hierarchical, delegation-based name resolution

Separate namespace management from name resolution

• Hierarchical, decentralized namespace– Scalable, easy to manage

• Efficient name resolution service – High availability, performance, and security

Page 5: CoDoNS: Replacing the DNS Hierarchy with Peers

CoDoNS: Vision

• Peer-to-peer DNS

• Composed of DNS resolvers and name servers

• Self-certifying data– DNSSEC

Name owners

Page 6: CoDoNS: Replacing the DNS Hierarchy with Peers

Homenode

CoDoNS: Structured Overlays

hash(“www.cornell.edu”)

Localresolver

• Self-organization– Failure resilience– Scalability

• Well-defined structure– Bounded lookup time

– logbN hops

– 4 hops for a million node network

Page 7: CoDoNS: Replacing the DNS Hierarchy with Peers

CoDoNS: Informed Caching

• Proactive caching– Bindings pushed in

anticipation

• Proactive updates– No timeouts– Immediate

propagation of updates

Localresolver

Home

Page 8: CoDoNS: Replacing the DNS Hierarchy with Peers

CoDoNS: Informed Caching

• System-wide performance goals become mathematical optimization problems

Min. Overhead s.t. Performance = Target

Max. Performance s.t. Overhead ≤ Capacity

• Performance = lookup latency

• Overhead = bandwidth or memory

Page 9: CoDoNS: Replacing the DNS Hierarchy with Peers

CoDoNS: Deployment

• Incrementally deployable– Uses legacy DNS to populate resource records on

demand– Signs and introduces bindings so that CoDoNS

nodes do not corrupt data (stop-gap)

• Retains DNS management infrastructure– DNS registries, Root authority

• Supports legacy clients

Page 10: CoDoNS: Replacing the DNS Hierarchy with Peers

CoDoNS: Miscellaneous

• Negative responses– Cached temporarily

• Local names treated specially– Queries resolved locally without introducing load

into the ring

• Server-side computation supported– Low-TTL records not cached, replaced with

forwarding pointers– Supports Akamai and other CDN trickery

Page 11: CoDoNS: Replacing the DNS Hierarchy with Peers

CoDoNS: Lookup Latency

213 ms337 ms90th %

199 ms382 msmean

2 ms39 msmedian

CoDoNSLegacy DNS

Page 12: CoDoNS: Replacing the DNS Hierarchy with Peers

Summary

• Separate namespace management from name resolution

• Use peer-to-peer architecture for name resolution– High availability, performance, and scalability

http://www.cs.cornell.edu/people/egs/beehive/

Page 13: CoDoNS: Replacing the DNS Hierarchy with Peers
Page 14: CoDoNS: Replacing the DNS Hierarchy with Peers

DNS: overview

beehive.cornell.edu

dns1.cornell.edudns2.cornell.edu

128.84.154.74

dns1

.cor

nell.

edu

dns2

.cor

nell.

edu

?beehive.cs.cornell.edu?

128.84.154.74?beehive.cornell.e

du?

localresolver

?cor

nell.

edu?

.edunameservers

Page 15: CoDoNS: Replacing the DNS Hierarchy with Peers

delegation bottlenecks (1/2)• survey: 593160 domain names, 164089 nameservers• 75% of names have a bottleneck of two nameservers

Nameserver Bottlenecks

0.82%

78.44%

9.96%

4.64%

1.43%

0.32%

0.10%

0.06%

0.10%

0.00%

0.02%

0.00%

4.12%

0%

25%

50%

75%

100%

1 2 3 4 5 6 7 8 9 10 11 12 13+number of nameservers

nam

es (

%)

Page 16: CoDoNS: Replacing the DNS Hierarchy with Peers

delegation bottlenecks (2/2)

• 60% of top-500 web sites have small bottlenecks

Nameserver Bottlenecks

0.80%

62.80

%

13.20

%

13.00

%

6.40%

2.60%

0.20%

0.40%

0%

25%

50%

75%

100%

1 2 3 4 5 6 7 8+number of nameservers

nam

es (

%)

Page 17: CoDoNS: Replacing the DNS Hierarchy with Peers

physical bottlenecks

• 30% of domains bottlenecked at one network link

1 2 3 4 5 6 7 8 9 10+0%

25%

50%

75%

100%

32% 32%

17%

9%3% 2% 1% 2% 0% 1%

Network Bottlenecks

number of bottleneck links

dom

ains

(%)

Page 18: CoDoNS: Replacing the DNS Hierarchy with Peers

DoS attacks

• delegation and network bottlenecks make DoS attacks feasible– january 2001 attack on Microsoft nameservers

• DoS attacks high up in the hierarchy can affect the whole system– october 2002 attack on root servers– roots are already disproportionately loaded

[Brownlee et al. 01a, 01b]

• root anycast helps but does not solve the fundamental problem

Page 19: CoDoNS: Replacing the DNS Hierarchy with Peers

performance

• dns lookups affect web latency– ~20-40% of web object retrieval time spent on DNS– ~20-30% of DNS lookups take more than 1s– [Jung et al. 01, Huitema et al. 00, Wills & Shang 00, Bent & Voelker 01]

• lame delegations– manual administration leads to inconsistencies– 15% of domains have lame delegations [Pappas et. al. 01]– introduces latency up to 30 sec

• server selection– disables caching with small timeouts (30 sec)– increases latency up to 2 orders of magnitude [Shaikh et. al. 01]

Page 20: CoDoNS: Replacing the DNS Hierarchy with Peers

consistency

• DNS caching is timeout-driven– conflict in choosing timeouts

• fundamental tradeoff between lookup and update performance

• large timeouts– an emergency remapping/redirection cannot be performed

unless anticipated– 86% of records have TTLs longer than 0.5 hours

• small timeouts (< 10 min)– increased lookup latency [Jung et. al. 01, Cohen et. al. 01]

Page 21: CoDoNS: Replacing the DNS Hierarchy with Peers

CoDoNS: Structured Overlays

• supplement and/or replacement for legacy DNS

• based on distributed hash tables (DHTs)– self-organizing– failure resilient– scalable– worst-case performance bounds

• naïve application of DHTs fails to provide performance comparable to legacy DNS

Page 22: CoDoNS: Replacing the DNS Hierarchy with Peers

prefix-matching DHTs with caching

• cache along the lookup path– may improve lookups

• simulations [NSDI 04] show limited impact– heavy-tailed query

distribution

– TTL expiration

0122

object 0121 =hash(“beehive.cornell.edu”)

2012

0021

0112

Page 23: CoDoNS: Replacing the DNS Hierarchy with Peers

0 8 16 24 32 400

0.5

1

1.5

2

2.5

3

time (hours)

late

ncy

(h

op

s)

PastryPC-PastryBeehive

Beehive: lookup performance

passive caching is not very effective because

of heavy tail query distribution and mutable objects.

beehive converges to the target of 1 hop

Page 24: CoDoNS: Replacing the DNS Hierarchy with Peers

CoDoNS: lookup performance (1/2)

2.26348st. dev.12.2 KBps4217mean

BandwidthStorageCoDoNS

Page 25: CoDoNS: Replacing the DNS Hierarchy with Peers

CoDoNS: flash crowds

reverse popularity injected

Page 26: CoDoNS: Replacing the DNS Hierarchy with Peers

Beehive: zipf parameter change

Page 27: CoDoNS: Replacing the DNS Hierarchy with Peers

structured DHTs (1/2)

de Bruijn graphsO(log N)O(log N/loglog N)Koorde, [Wieder & Naor 03]

butterflyO(1)O(log N)Viceroy

skip listO(log N)O(log N)Skipnet

finger tablesO(log N)O(log N)Chord

prefix-matchingO(log N)O(log N)Pastry, Tapestry, Kademlia

d-dimenstional Torus

O(d)O(d N1/d)CAN

StructureStorageLookupName

Page 28: CoDoNS: Replacing the DNS Hierarchy with Peers

O(1) structured DHTs (2/2)

O(√N)1-2 hops[Mizrak, Cheng, Kumar, Savage]

O(N)1 hop[Gupta, Liskov, Rodrigues]

O(d N1/d)d hopsFarsite

StorageLookupName

O(√N)1-2 hopsKelips

Page 29: CoDoNS: Replacing the DNS Hierarchy with Peers

CoDoNs security

• not an issue in a single administration domain– e.g. akamai, google, msn, etc.

• attacks targeted at the DHT– Castro et al. ’02 work on secure DHTs

• attacks targeted at Beehive– outlier elimination– limited impact

• attacks targeted at CoDoNs– DNSSEC signatures– threshold cryptography

Page 30: CoDoNS: Replacing the DNS Hierarchy with Peers

proactive, analysis-driven caching

• optimization problemminimize: total overhead, s.t.,

average lookup performance ≤ C• O(1) lookup latency

– configurable target– continuous range, better than one-hop

• leverages object popularity to achieve high performance

• DNS follows zipf-like popularity distribution [Jung et. al. 01]

Page 31: CoDoNS: Replacing the DNS Hierarchy with Peers

optimization problem

• level of replication (l): – object replicated at all nodes with l matching prefix

digits– incurs at the most l hops per lookup

•min: Σ si / b

li s.t., Σ qi.li ≤ C

si: per object overhead

– object size, update frequency, or number of replicas (si = 1)

qi: relative query rate of object i

b: base of DHT

Page 32: CoDoNS: Replacing the DNS Hierarchy with Peers

minimize: (number of replicas)x0 + x1/b + x2/b2 + … + xK-1/bK-1

s.t., K – (x01-α + x1

1-α + x21-α + … + xK-1

1-α) ≤ C

xi: fraction of objects replicated at level iα: parameter of zipf distribution

K: highest level of replication

analytical solution: Zipf

b’i (K – C)

1 + b’ + … + b’K-1

11 - α[ ]x*i = where b’ = b(1- α) /α

Page 33: CoDoNS: Replacing the DNS Hierarchy with Peers

computational solution

• relax integrality on variables– use linear-programming or steepest-descent to find

optimal solution– fast O(M logM) time for M objects

• round-up solution to nearest integer– at the most replicates one extra object per node

• handle any popularity distribution• include fine-grained overhead

– object size, update frequency

Page 34: CoDoNS: Replacing the DNS Hierarchy with Peers

CoDoNS operation (1/2)

• home node initially populates CoDoNS with binding from legacy DNS– upper-bound (K) on replication level ensures

resilience against home-node failure

• proactive caching in the background replicates binding based on analytical model– local measurement and limited aggregation to

estimate popularity of names and zipf parameter– discards bindings or pushes bindings only to

neighbors

Page 35: CoDoNS: Replacing the DNS Hierarchy with Peers

CoDoNS operation (2/2)

• dynamic adaptation– continuously monitor popularity of names and

increase replication to meet unanticipated demand– handles DoS attacks and flash-crowds

• fast update propagation– replication level indicates the locations of all the

replicas– the home node initiates a multicast using entries in

DHT routing tables

Page 36: CoDoNS: Replacing the DNS Hierarchy with Peers

CoDoNS name security

• all records carry cryptographic signatures– if the nameowner has a DNSSEC nameserver, CoDoNS will

preserve the original signature– if not, CoDoNS will sign the DNS record with its own master

key

• malicious peers cannot introduce fake bindings

• delegations are cryptographic– names not bound to servers

Page 37: CoDoNS: Replacing the DNS Hierarchy with Peers

CoDoNS implications

• name delegations can be purchased and propagated independently of server setup

• naming hierarchy independent of physical server hierarchy

• domains may be served by multiple namespace operators– competitive market for delegation services

Page 38: CoDoNS: Replacing the DNS Hierarchy with Peers

evaluation

• MIT trace– 12 hour trace, 4th December 2000– 281,943 queries– 47,230 domain names

• Beehive: Simulation– 1024 nodes, 40960 objects

• CoDoNS: Planetlab deployment– 75 nodes

• Lookup performance• Adaptation to changes in popularity• Load balance, Update propagation [SIGCOMM 04]

Page 39: CoDoNS: Replacing the DNS Hierarchy with Peers

latency vs. overhead tradeoff

0 0.25 0.5 0.75 1 1.25 1.5 1.75 20

10000000

20000000

30000000

40000000

50000000

Zipf 0.8

Zipf 0.9

Zipf 1.0

target lookup performance (hops)

op

tim

al

nu

mb

er

of

rep

lic

as

pe

r n

od

e

x106

100 x 106 bindings

Page 40: CoDoNS: Replacing the DNS Hierarchy with Peers

advantages of CoDoNS

• resilient– self configures around host and network failures– resilient against denial of service attacks– load balances around hotspots

• high performance– low lookup latency– updates can be propagated at any time

• autonomic– no manual configuration, no lame delegations