DNSComplexity-Vixie - DECEMBER 2009 | VOL. 52 | NO. 12 |...

Info iconThis preview shows pages 1–3. Sign up to view the full content.

View Full Document Right Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: DECEMBER 2009 | VOL. 52 | NO. 12 | COMMUNICATIONS OF THE ACM 43 DOI:10.1145/1610252.1610269 Article development led by queue.acm.org DNS is many things to many people perhaps too many things to too many people. BY PAUL VIXIE What DNS Is Not A DOMAIN NAME SYSTEM (DNS) is a hierarchical, distributed, autonomous, reliable database. The first and only of its kind, it offers real-time performance levels to a global audience with global contributors. Every TCP/IP traffic flow including every Web page view begins with at least one DNS transaction. DNS is, in a word, glorious. To underline our understanding of what DNS is , we must differentiate it from what it is not . The Internet econ- omy rewards unlimited creativity in the monetization of human action, and fairly often this takes the form of some kind of intermediation. For DNS, mon- etized intermediation means lying. The innovators who bring us such mon- etized intermediation do not call what they sell lies, but in this case it walks like a duck and quacks like one, too. Not all misuses of DNS take the form of lying. Another frequently seen abuse is to treat DNS as a directory system, which it is not. In a directory system one can ask approximate questions and get approximate answers. Think of a printed telephone white pages directo- ry here: users often find what they want in the printed directory not by knowing exactly what the listing is but by start- ing with a guess or a general idea. DNS has nothing like that: all questions and all answers are exact. But DNS has at least two mechanisms that can be mis- used to support approximate matching at some considerable cost to everybody else, and a lot of that goes on. Stupid DNS Tricks The first widespread form of a DNS 44 COMMUNICATIONS OF THE ACM | DECEMBER 2009 | VOL. 52 | NO. 12 practice lie was to treat DNS lookups as map- ping requests. Content distribution networks (CDNs), such as Akamai, and Web optimizer products, such as Cisco Distributed Director, treat incoming DNS lookups as opportunities to direct the activities of Web browsers. Using the IP source address of a DNS request, these products and services try to guess the proximity of the requester to each of many replicated content servers. Based on the measured load of each content servers system and network, and on an estimate of each content servers prox- imity to that requester, a DNS response is crafted to direct that requester to the closest or best content server for that URI domain. Problems abound from this ap- proach, but none affects the CDN op- erators revenue. First and foremost it is necessary to defeat or severely limit caching and reuse of this policy-based data (DNS lies). Caching and reuse, which once were considered essential to the performance and scalability of DNS, would allow a policy-based re- sponse intended for requester A also to be seen by requester B, which might not otherwise receive the same an- swerfor example, when server loads have changed and theres a new bal-...
View Full Document

Page1 / 5

DNSComplexity-Vixie - DECEMBER 2009 | VOL. 52 | NO. 12 |...

This preview shows document pages 1 - 3. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online