REVIEW: "The Desing and Implementation of a Next Generation Name Service for the Internet"

REVIEW: "The Desing and Implementation of a Next Generation Name Service
for the Internet"

The paper proposes CoDoNS, a peer-to-peer name service. CoDoNS is a high
performance name service as it uses proactive caching, provides security
against denial of service attacks by means of load balancing, and also
supports fast updates. It consists of globally distributed nodes that
self-organize to form a peer-to-peer network. The paper also identifies
problems with the existing DNS: its hierarchical structure mean the top
level name servers are easy targets for DoS attacks, access to DNS
services are slow increasing user's experienced latencies, caching is
ineffective because of the skewed distribution of domains and widespread
use of short timeouts, and the lack of support for fast updates. Because
of the hierarchical structure of DNS few servers need to be compromised
(through exploitation software bugs, for example) in order to gain control
of an entire domain. As well few routers need to be compromised to achieve
the same effect.

CoDoNS is able to achieve high lookup performance by using an analytically
driven and proactive overlay caching layer, the Beehive. Behive enables
perfix-matching DHTs to achieve O(1) lookup performance and is implemented
on top of Pastry. In this system, domain names can be looked up using
128-bti SHA1 hashed keys. Home nodes (i.e. nodes with IDs numerically
close to the key) store the domain record, and push updates to replicas.

Experimental results on 75 geographically distributed nodes show that 50%
of CoDoNS queries incur no latency as they are answered by the local node,
as a result of proactive replication. Results also demonstrate that it
distributes loads evenly accross nodes. CoDoNS is backward compatible
allowing it work concurrently with the legacy DNS or as a replacement.
Records can be validated by using cryptographic delegations and
self-verifying records based on DNSSEC public key cryptography.

Since institutions do not maintain their domain records, they can hardly
be expected to contribute nodes to the cooperative system. Thus the free
rider syndrome, often discussed in economics, can hinder the success of
such system. Although authority of servers can be veryfied by comparing
certificates with those of servers higher up in the hierarchy of the
domain name, this requires increased latency from clients, and if all
clients must check authority every time they perform a new query, this
will result in as slow and bottlenecked system much like the legacy DNS.
Received on Thu Nov 10 2005 - 10:06:55 EST