CoDoNS review

The Design and Implementation of a Next Generation Name Service for the
Internet Review
Review by: Troy Ronda

The domain name system (DNS) has been essential for the sustained growth
of the Internet. The translation of names to addresses is a predecessor to
communications in networked systems. DNS, however, is susceptible to
denial of service. The second problem with the existing DNS is long delays
for lookups. This is exasperated by a skewed distribution of names, such
as .com, and short TTL values from content distribution networks. The
third problem is that large-scale caching poses problems for the
consistency of records across the system. A new DNS system requires high
performance, resilience to attacks, and fast update propagation. The
technique discussed in this paper is called the Cooperative Domain Name
System (CoDoNS). Distributed hash tables (DHTs) provide self-organization,
scalability, and feature resilience but have high lookup costs. CoDoNS,
however, provides a proactive caching layer, called BeeHive, on top of the
Pastry DHT. BeeHive enables prefix-matching DHTs, such as Pastry, to
achieve an average lookup time of O(1). BeeHive automatically replicates
records throughout the network in response to anticipated demand. It works
by replicating an object from its home node to each node that is X hops
prior to it on the request path. The variable X is determined
automatically by locally measuring demand. This has two major benefits:
reducing lookup time to an acceptable level and providing redundancy.
CoDoNS supports legacy DNS by querying it when a record is not found.
CoDoNS does not use TTL to specify cache consistency. Instead it actively
pushes changes to all replicas in the system. CoDoNS uses self-verifying
records through cryptographic certificates. The system is evaluated using
the PlanetLab servers and DNS traces collected in 2000. The results show
that, first, CoDoNS outperforms legacy DNS, second, proactive caching
allows many lookups to incur no delay, and third, propagation time also
has low latency. CoDoNS, in summary, can provide name service at low
latency.

This is a strong, well-written paper. It mitigates the problems of the
previous paper, namely the large number of look-ups to O(1). A major
strength of the paper is the empirical study. It shows real, somewhat
surprising, evidence that the system outperforms DNS. It is compatible
with legacy DNS so that both can be deployed simultaneously. It has fast
update propagation making it a desirable system for providing mobile host
name-IP mappings (i.e. through indirection). It provides replication,
eliminating the need for updating backup servers. The certificate system
in this paper is stronger than the previous paper. The authors recognizes
the need to add version information to the certificate. The downside of
malicious hosts is briefly discussed and mitigated. In short, it is a
desirable system, not only for DNS, but for providing much needed
indirections. It would be interesting to explore other forms of
cooperative caching, such as web or data chunks, using the same technique.

A major reason for using a peer-to-peer system is scalability. I did not
see a complete discussion on how caching will affect scalability on a
full-scale deployment across the Internet. The problem, for example, is
the large number of nodes that will be in a request path (and therefore
may hold replicas). It seems that update propagation could become slower
than is shown in this paper. It does, however, seem better than the
current situation of TTL. It is unfortunate that a single point of failure
cryptographic service is necessary for legacy DNS records. It seems a
larger scale deployment should be considered for this system. The only
problem is providing incentive for hosts to cooperate.
Received on Thu Nov 10 2005 - 10:35:49 EST