This preview has intentionally blurred sections. Sign up to view the full version.View Full Document
Unformatted text preview: DECEMBER 2009 | VOL. 52 | NO. 12 | COMMUNICATIONS OF THE ACM 43 DOI:10.1145/1610252.1610269 Article development led by queue.acm.org DNS is many things to many people— perhaps too many things to too many people. BY PAUL VIXIE What DNS Is Not A DOMAIN NAME SYSTEM (DNS) is a hierarchical, distributed, autonomous, reliable database. The first and only of its kind, it offers real-time performance levels to a global audience with global contributors. Every TCP/IP traffic flow including every Web page view begins with at least one DNS transaction. DNS is, in a word, glorious. To underline our understanding of what DNS is , we must differentiate it from what it is not . The Internet econ- omy rewards unlimited creativity in the monetization of human action, and fairly often this takes the form of some kind of intermediation. For DNS, mon- etized intermediation means lying. The innovators who bring us such mon- etized intermediation do not call what they sell lies, but in this case it walks like a duck and quacks like one, too. Not all misuses of DNS take the form of lying. Another frequently seen abuse is to treat DNS as a directory system, which it is not. In a directory system one can ask approximate questions and get approximate answers. Think of a printed telephone white pages directo- ry here: users often find what they want in the printed directory not by knowing exactly what the listing is but by start- ing with a guess or a general idea. DNS has nothing like that: all questions and all answers are exact. But DNS has at least two mechanisms that can be mis- used to support approximate matching at some considerable cost to everybody else, and a lot of that goes on. Stupid DNS Tricks The first widespread form of a DNS 44 COMMUNICATIONS OF THE ACM | DECEMBER 2009 | VOL. 52 | NO. 12 practice lie was to treat DNS lookups as map- ping requests. Content distribution networks (CDNs), such as Akamai, and Web optimizer products, such as Cisco Distributed Director, treat incoming DNS lookups as opportunities to direct the activities of Web browsers. Using the IP source address of a DNS request, these products and services try to guess the proximity of the requester to each of many replicated content servers. Based on the measured load of each content server’s system and network, and on an estimate of each content server’s prox- imity to that requester, a DNS response is crafted to direct that requester to the closest or best content server for that URI domain. Problems abound from this ap- proach, but none affects the CDN op- erator’s revenue. First and foremost it is necessary to defeat or severely limit caching and reuse of this policy-based data (“DNS lies”). Caching and reuse, which once were considered essential to the performance and scalability of DNS, would allow a policy-based re- sponse intended for requester A also to be seen by requester B, which might not otherwise receive the same an- swer—for example, when server loads have changed and there’s a new bal-...
View Full Document
This note was uploaded on 07/30/2011 for the course COP 4600 taught by Professor Montagne during the Spring '08 term at University of Central Florida.
- Spring '08
- Operating Systems