Public Review for Exploring Domain Name Based Features on the E↵ectiveness of DNS Caching
نویسندگان
چکیده
DNS cache plays a critical role in domain name resolution, providing (1) high scalability at Root and Top-level-domain (TLD) name servers with reduced workloads and (2) low response latency to clients when the resource records of the queried domains are cached. However, the pervasive misuses of domain names, e.g., the domains of “one-time-use” pattern, have a negative impact on the effectiveness of DNS caching because the cache has been filled with entries that are highly unlikely to be retrieved. In this paper, we investigate such misuse and identify domain name-based features to characterize those one-time domains. By leveraging the features that are explicitly available from the domain name itself, we build a classifier to combine these features, propose simple policy modifications on caching resolvers for improving DNS cache performance, and validate their efficacy using real traces.
منابع مشابه
Internet - Draft Dns
[RFC1034] provided a description of how to cache negative responses. It however had a fundamental flaw in that it did not allow a name server to hand out those cached responses to other resolvers, thereby greatly reducing the effect of the caching. This document addresses issues raise in the light of experience and replaces [RFC1034 Section 4.3.4]. Negative caching was an optional part of the D...
متن کاملAnalysis of DNS Cache Effects on Query Distribution
This paper studies the DNS cache effects that occur on query distribution at the CN top-level domain (TLD) server. We first filter out the malformed DNS queries to purify the log data pollution according to six categories. A model for DNS resolution, more specifically DNS caching, is presented. We demonstrate the presence and magnitude of DNS cache effects and the cache sharing effects on the r...
متن کاملUse Cases and Requirements for DNS-Based Authentication of Named Entities (DANE)
Many current applications use the certificate-based authentication features in Transport Layer Security (TLS) to allow clients to verify that a connected server properly represents a desired domain name. Typically, this authentication has been based on PKIX certificate chains rooted in well-known certificate authorities (CAs), but additional information can be provided via the DNS itself. This ...
متن کاملDNS Trace Replay at Scale (abstract)
The Domain Name System (DNS) has grown to play various of broader roles in the Internet, beyond nameto-address mapping. It provides query engine for antispam [2] and replica selection for content delivery networks (CDNs) [3]. DANE [1] provides additional source of trust by leveraging the integrity verification of DNSSEC. The wide use and critical role of DNS prompt its continuous evolution. How...
متن کاملDomain Name System Security Extensions
Extensions to the Domain Name System (DNS) are described that provide data integrity and authentication to security aware resolvers or applications through the use of cryptographic digital signatures. These digital signatures are included in secured zones as resource records. Security can still be provided even through non-security aware DNS servers in many cases. The extensions also provide fo...
متن کامل