Overcoming DNSSEC performance issues with DHT-based architectures

Daniel Migault; Stanislas Francfort; Stephane Senecal; Emmanuel Herbert; Maryline Laurent

Overcoming DNSSEC performance issues with DHT-based architectures

Daniel Migault
, Stanislas Francfort
, Stephane Senecal
, Emmanuel Herbert
, Maryline Laurent

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

Abstract

DNSSEC deployment for large Internet Service Provider (ISP) is an important issue. With the current architecture, the migration of current DNS resolving platforms requires 5 times more nodes. This paper introduces alternative architectures where the DNS traffic is split between the nodes of the platform according to the queried Fully Qualified Domain Names (FQDN), rather than the IP addresses of the queries. We show that such type of architecture requires up to 30% less nodes. However, this load balancing techniques results in a non-uniform distribution of the resources among the nodes of the platform. Furthermore, operational teams are reluctant to modify the existing load balancing infrastructure. Thus, we investigate how pro-active caching over a Distributed Hash Table (DHT) protocol, can optimize the resources of an ISP operational DNSSEC resolving platform. We find out that it can reduce the number of nodes by 3.5.

Original language	English
Title of host publication	Proceedings of the 2013 IFIP/IEEE International Symposium on Integrated Network Management, IM 2013
Pages	816-819
Number of pages	4
Publication status	Published - 10 Sept 2013
Externally published	Yes
Event	2013 IFIP/IEEE International Symposium on Integrated Network Management, IM 2013 - Ghent, Belgium Duration: 27 May 2013 → 31 May 2013

Publication series

Name	Proceedings of the 2013 IFIP/IEEE International Symposium on Integrated Network Management, IM 2013

Conference

Conference	2013 IFIP/IEEE International Symposium on Integrated Network Management, IM 2013
Country/Territory	Belgium
City	Ghent
Period	27/05/13 → 31/05/13

Cite this

Migault, D., Francfort, S., Senecal, S., Herbert, E., & Laurent, M. (2013). Overcoming DNSSEC performance issues with DHT-based architectures. In Proceedings of the 2013 IFIP/IEEE International Symposium on Integrated Network Management, IM 2013 (pp. 816-819). Article 6573086 (Proceedings of the 2013 IFIP/IEEE International Symposium on Integrated Network Management, IM 2013).

@inproceedings{f03efe8ea5e246a98551d57f7055ff3e,

title = "Overcoming DNSSEC performance issues with DHT-based architectures",

abstract = "DNSSEC deployment for large Internet Service Provider (ISP) is an important issue. With the current architecture, the migration of current DNS resolving platforms requires 5 times more nodes. This paper introduces alternative architectures where the DNS traffic is split between the nodes of the platform according to the queried Fully Qualified Domain Names (FQDN), rather than the IP addresses of the queries. We show that such type of architecture requires up to 30\% less nodes. However, this load balancing techniques results in a non-uniform distribution of the resources among the nodes of the platform. Furthermore, operational teams are reluctant to modify the existing load balancing infrastructure. Thus, we investigate how pro-active caching over a Distributed Hash Table (DHT) protocol, can optimize the resources of an ISP operational DNSSEC resolving platform. We find out that it can reduce the number of nodes by 3.5.",

author = "Daniel Migault and Stanislas Francfort and Stephane Senecal and Emmanuel Herbert and Maryline Laurent",

year = "2013",

month = sep,

day = "10",

language = "English",

isbn = "9783901882517",

series = "Proceedings of the 2013 IFIP/IEEE International Symposium on Integrated Network Management, IM 2013",

pages = "816--819",

booktitle = "Proceedings of the 2013 IFIP/IEEE International Symposium on Integrated Network Management, IM 2013",

note = "2013 IFIP/IEEE International Symposium on Integrated Network Management, IM 2013 ; Conference date: 27-05-2013 Through 31-05-2013",

}

Migault, D, Francfort, S, Senecal, S, Herbert, E & Laurent, M 2013, Overcoming DNSSEC performance issues with DHT-based architectures. in Proceedings of the 2013 IFIP/IEEE International Symposium on Integrated Network Management, IM 2013., 6573086, Proceedings of the 2013 IFIP/IEEE International Symposium on Integrated Network Management, IM 2013, pp. 816-819, 2013 IFIP/IEEE International Symposium on Integrated Network Management, IM 2013, Ghent, Belgium, 27/05/13.

Overcoming DNSSEC performance issues with DHT-based architectures. / Migault, Daniel; Francfort, Stanislas; Senecal, Stephane et al.
Proceedings of the 2013 IFIP/IEEE International Symposium on Integrated Network Management, IM 2013. 2013. p. 816-819 6573086 (Proceedings of the 2013 IFIP/IEEE International Symposium on Integrated Network Management, IM 2013).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Overcoming DNSSEC performance issues with DHT-based architectures

AU - Migault, Daniel

AU - Francfort, Stanislas

AU - Senecal, Stephane

AU - Herbert, Emmanuel

AU - Laurent, Maryline

PY - 2013/9/10

Y1 - 2013/9/10

N2 - DNSSEC deployment for large Internet Service Provider (ISP) is an important issue. With the current architecture, the migration of current DNS resolving platforms requires 5 times more nodes. This paper introduces alternative architectures where the DNS traffic is split between the nodes of the platform according to the queried Fully Qualified Domain Names (FQDN), rather than the IP addresses of the queries. We show that such type of architecture requires up to 30% less nodes. However, this load balancing techniques results in a non-uniform distribution of the resources among the nodes of the platform. Furthermore, operational teams are reluctant to modify the existing load balancing infrastructure. Thus, we investigate how pro-active caching over a Distributed Hash Table (DHT) protocol, can optimize the resources of an ISP operational DNSSEC resolving platform. We find out that it can reduce the number of nodes by 3.5.

AB - DNSSEC deployment for large Internet Service Provider (ISP) is an important issue. With the current architecture, the migration of current DNS resolving platforms requires 5 times more nodes. This paper introduces alternative architectures where the DNS traffic is split between the nodes of the platform according to the queried Fully Qualified Domain Names (FQDN), rather than the IP addresses of the queries. We show that such type of architecture requires up to 30% less nodes. However, this load balancing techniques results in a non-uniform distribution of the resources among the nodes of the platform. Furthermore, operational teams are reluctant to modify the existing load balancing infrastructure. Thus, we investigate how pro-active caching over a Distributed Hash Table (DHT) protocol, can optimize the resources of an ISP operational DNSSEC resolving platform. We find out that it can reduce the number of nodes by 3.5.

UR - https://www.scopus.com/pages/publications/84883467541

M3 - Conference contribution

AN - SCOPUS:84883467541

SN - 9783901882517

T3 - Proceedings of the 2013 IFIP/IEEE International Symposium on Integrated Network Management, IM 2013

SP - 816

EP - 819

BT - Proceedings of the 2013 IFIP/IEEE International Symposium on Integrated Network Management, IM 2013

T2 - 2013 IFIP/IEEE International Symposium on Integrated Network Management, IM 2013

Y2 - 27 May 2013 through 31 May 2013

ER -

Overcoming DNSSEC performance issues with DHT-based architectures

Abstract

Publication series

Conference

Other files and links

Fingerprint

Cite this