The Design and Implementation of a Next GenerationName Service for the InternetVenugopalan Ramasubramanian Emin G¨un SirerDept. of Computer Science, Cornell University,Ithaca, NY 14853{ramasv,egs}@cs.cornell.eduABSTRACTName services are critical for mapping logical resource namesto physical resources in large-scale distributed systems. TheDomain Name System (DNS) used on the Internet, however,is slow, vulnerable to denial of service attacks, and does notsupport fast updates. These problems stem fundamentallyfrom the structure of the legacy DNS.This paper describes the design and implementation of theCooperative Domain Name System (CoDoNS), a novel nameservice, which provides high lookup performance through pro-active caching, resilience to denial of service attacks throughautomatic load-balancing, and fast propagation of updates.CoDoNS derives its scalability, decentralization, self-organi-zation, and failure resilience from peer-to-peer overlays, whileit achieves high performance using the Beehive replicationframework. Cryptographic delegation, instead of host-basedphysical delegation, limits potential malfeasance by names-pace operators and creates a competitive market for names-pace management. Backwards compatibility with existingprotocols and wire formats enables CoDoNS to serve as abackup for legacy DNS, as well as a complete replacement.Performance measurements from a real-life deployment ofthe system in PlanetLab shows that CoDoNS provides fastlookups, automatically reconfigures around faults without man-ual involvement and thwarts distributed denial of service at-tacks by promptly redistributing load across nodes.Categories and Subject Descriptors: C.2.4 [Computer-Communication Networks]: Domain Name SystemGeneral Terms: Design, Performance, Reliability.Keywords: DNS, peer to peer, proactive caching.1. INTRODUCTIONTranslation of names to network addresses is an essen-tial predecessor to communication in networked systems.The Domain Name System (DNS) performs this transla-tion on the Internet and constitutes a critical component ofPermission to make digital or hard copies of all or part of this work forpersonal or classroom use is granted without fee provided that copies arenot made or distributed for profit or commercial advantage and that copiesbear this notice and the full citation on the first page. To copy otherwise, torepublish, to post on servers or to redistribute to lists, requires prior specificpermission and/or a fee.SIGCOMM’04, Aug. 30–Sept. 3, 20034, Portland, Oregon, USA.Copyright 2004 ACM 1-58113-862-8/04/0008 ...$5.00.the Internet infrastructure. While the DNS has sustainedthe growth of the Internet through static, hierarchical par-titioning of the namespace and wide-spread caching, recentincreases in malicious behavior, explosion in client popu-lation, and the need for fast reconfiguration pose difficultproblems. The existing DNS architecture is fundamentallyunsuitable for addressing these issues.The foremost problem with DNS is that it is suscepti-ble to denial of service (DoS) attacks. This vulnerabilitystems from limited redundancy in nameservers, which pro-vide name-address mappings and whose overload, failureor compromise can lead to low performance, failed lookupsand misdirected clients. Approximately 80% of the domainnames are served by just two nameservers, and a surprising0.8% by only one. At the network level, all servers for 32%of the domain names are connected to the Internet througha single gateway, and can thus be compromised by a singlefailure. The top levels of the hierarchy are served by a rel-atively small number of servers, which serve as easy targetsfor denial of service attacks [4]. A recent DoS attack [28] onthe DNS crippled nine of the thirteen root servers at thattime, while another recent DoS attack on Microsoft’s DNSservers severely affected the availability of Microsoft’s webservices for several hours [38]. DNS nameservers are easytargets for malicious agents, partly because approximately20% of nameserver implementations contain security flawsthat can be exploited to take over the nameservers.Second, name-address translation in the DNS incurs longdelays. Recent studies [41, 16, 18] have shown that DNSlookup time contributes more than one second for up to30% of web object retrievals. The explosive growth of thenamespace has decreased the effectiveness of DNS caching.The skewed distribution of names under popular domains,such as .com, has flattened the name hierarchy and increasedload imbalance. The use of short timeouts for popular map-pings, as is commonly employed by content distribution net-works, further reduces DNS cache hit rates. Further, manualconfiguration errors, such as lame delegations [29, 27], canintroduce latent performance problems.Finally, widespread caching of mappings in the DNS pro-hibits fast propagation of unanticipated changes. Since theDNS does not keep track of the locations of cached map-pings, but relies on timeout-based invalidations of stale co-pies, it cannot guarantee cache coherency. Lack of cachecoherency in the DNS implies that changes may not be visi-ble to clients for long durations, effectively preventing quickservice relocation in response to attacks or emergencies.Session 9: DNS and Naming331Fresh design of the legacy DNS provides an opportunityto address these shortcomings. A replacement for the DNSshould exhibit the following properties.• High Performance: Decouple the performance ofDNS from the number of nameservers. Achieve lowerlatencies than legacy DNS and improve lookup perfor-mance in the presence of high loads and unexpectedchanges in popularity (“the slashdot effect”).• Resilience to Attacks: Remove vulnerabilities inthe system and provide resistance against denial ofservice attacks through decentralization and dynamicload balancing. Self-organize automatically in responseto host and network failures.• Fast Update Propagation: Enable changes in name-address mappings to quickly propagate to clients. Sup-port secure delegation to preserve integrity of DNSrecords, and prohibit rogue nodes from corrupting thesystem.This paper describes Cooperative Domain Name System(CoDoNS), a backwards-compatible replacement for the le-gacy DNS that achieves these properties. CoDoNS com-bines two recent advances, namely, structured peer-to-peeroverlays and analytically informed proactive caching. Struc-tured peer-to-peer overlays, which create and maintain amesh of cooperating