Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Decoupling DNS Update Timing from TTL Values

Yehuda Afek, Ariel Litmanovich

TL;DR

This paper shows that the DNSRU design is backward compatible, supports gradual deployment, secure, efficient, and feasible, and reduces the traffic load on authoritative servers while enhancing the system's fault tolerance.

Abstract

A relatively simple safety-belt mechanism for improving DNS system availability and efficiency is proposed here. While it may seem ambitious, a careful examination shows it is both feasible and beneficial for the DNS system. The mechanism called "DNS Real-time Update" (DNSRU), a service that facilitates real-time and secure updates of cached domain records in DNS resolvers worldwide, even before the expiration of the corresponding Time To Live (TTL) values. This service allows Internet domain owners to quickly rectify any erroneous global IP address distribution, even if a long TTL value is associated with it. By addressing this critical DNS high availability issue, DNSRU eliminates the need for short TTL values and their associated drawbacks. Therefore, DNSRU DNSRU reduces the traffic load on authoritative servers while enhancing the system's fault tolerance. In this paper we show that our DNSRU design is backward compatible, supports gradual deployment, secure, efficient, and feasible.

Decoupling DNS Update Timing from TTL Values

TL;DR

This paper shows that the DNSRU design is backward compatible, supports gradual deployment, secure, efficient, and feasible, and reduces the traffic load on authoritative servers while enhancing the system's fault tolerance.

Abstract

A relatively simple safety-belt mechanism for improving DNS system availability and efficiency is proposed here. While it may seem ambitious, a careful examination shows it is both feasible and beneficial for the DNS system. The mechanism called "DNS Real-time Update" (DNSRU), a service that facilitates real-time and secure updates of cached domain records in DNS resolvers worldwide, even before the expiration of the corresponding Time To Live (TTL) values. This service allows Internet domain owners to quickly rectify any erroneous global IP address distribution, even if a long TTL value is associated with it. By addressing this critical DNS high availability issue, DNSRU eliminates the need for short TTL values and their associated drawbacks. Therefore, DNSRU DNSRU reduces the traffic load on authoritative servers while enhancing the system's fault tolerance. In this paper we show that our DNSRU design is backward compatible, supports gradual deployment, secure, efficient, and feasible.
Paper Structure (29 sections, 2 equations, 9 figures, 1 table)

This paper contains 29 sections, 2 equations, 9 figures, 1 table.

Table of Contents

  1. Introduction
  2. Motivation
  3. Background
  4. DNS RU: resolution for concerns
  5. Related work
  6. DNS RU
  7. DNS RU: Adding a large TTL
  8. Measurements and Evaluation
  9. Percentage of domains suitable for DNS RU
  10. Determining $\Delta$
  11. Futile traffic
  12. Analysis
  13. DNS RU: Domain recovery time
  14. Load on authoritative servers
  15. DNS RU: Feasibility and scalability
  16. ...and 14 more sections

Figures (9)

  • Figure 1: DNS RU system overview
  • Figure 2: DNS RU events and messages flow: 1. InsertDomain - Upon updating a record, the authoritative server sends the new record to the UpdateDB. 2. UpDNS request - The recursive resolver queries the UpdateDB every $\Delta$ time units. 3. UpDNS response - The resolver receives the list of domains that have been updated in the last $\Delta$ time. 4. DeleteDNS - The recursive resolver deletes the domains in the list from its local cache. 5. A cache miss occurs when a client sends a request to resolve a domain name that has been recently updated. 6. The recursive resolver issues a request to resolve the domain in the standard DNS system. 7. The DNS system resolves the request with two different TTLs in a backward compatible way (Section \ref{['sec:new-ttl']}). 8. The recursive resolver inserts the new domain name into its cache and sends it to the client.
  • Figure 3: CDF of $T_{update}$ in hours. The x-axis of each point represents the $T_{update}^D$ for domain name $D$ while the y-axis represents the CDF.
  • Figure 5: Distribution of the TTLs of the stable domains
  • Figure 6: $traffic\text{-}ratio$ of the stable domains on a logarithmic scale. The $traffic\text{-}ratio$ is considerably larger than the lower bound, which equals $1$.
  • ...and 4 more figures