NSF Award
1815876
One does not need to look beyond many real-world advertising campaigns to appreciate that naming is one of the foundational elements upon which most higher layer Internet services are built. For example, we use names as rendezvous points between users and services: www.twitter.com, www.youtube.com, www.google.com, to name a few. Yet, names are not directly used to move traffic across the Internet; rather, names are turned into Internet addresses via the Domain Name System (DNS). Internet addresses are then used to direct traffic around networks around the world. A DNS lookup is therefore a prerequisite for most Internet transactions. This means that the DNS is not only crucial to the operation of the Internet, but DNS is in fact a single point of failure for most Internet transactions. Unfortunately, the DNS ecosystem has slowly evolved from a simple system at its inception to a vastly distributed, complex, brittle and at times insecure system today. When the DNS does not respond to a query due to overload, or returns incorrect data, this can impact large amounts of Internet traffic. This project aims to address this critical problem by (i) developing a stronger empirical understanding of the operation of the current DNS ecosystem and (ii) developing new mechanisms to harden the system against both benign issues that inevitably crop up and malicious attacks on the DNS. If successful, this research would significantly improve the robustness of the DNS system, and thus the resilience of the Internet. <br/><br/>This project will accelerate the process of hardening the DNS ecosystem in several ways. First, it will make use of the wealth of DNS data collected at myriad points in the system, from the clients to the authoritative DNS servers, to concretely understand the weaknesses of the system. For example, this project has access to DNS-Operations Analysis and Research Center data, DNS Scanning Data, and CCZ traffic (Case Western's Case Connection Zone of 100 homes). As with much Internet technology, measurement is key to driving the evolution of protocols, services and operations. The second thrust involves proactively adding robustness to the DNS. The approach in this thrust is to design innovative mechanisms that anticipate problems by identifying where and when to share more information with more actors in the ecosystem. The final thrust leverages insight from previous measurement efforts and design mechanisms to improve intrinsic system robustness. As an example, the project considers restructuring the ecosystem by removing reliance on recursive DNS resolvers. New mechanisms developed in this project will be released to the community as extensions to current DNS tools (e.g., the bind DNS server).<br/><br/>This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.
