Check out the new USENIX Web site. next up previous
Next: Continuous Monitoring Up: Overview Previous: Threat Model & Attacks

Applicability


If DNS was used exactly as originally envisioned, with only one result per name no matter where the client resolves it, ConfiDNS would be a trivial and obvious solution to the problems mentioned. We suspect that the reason something like it does not already exist is not that the problem is small, but that researchers (including us) had assumed that the use of content distribution networks (CDNs) and DNS-based load balancers would make such a system unworkable. These systems redirect clients to nearby data centers, and often use very short DNS response TTLs to more aggressively balance load and locality. Particularly for CDNs such as Akamai (1), the number of possible IPs returned per domain name can number in the hundreds in these systems, since they will try to place servers at most large ISPs.

The questions that determine the applicability and effective of ConfiDNS is what fraction of content providers are using these techniques, and how do these systems behave in practice. While the answers to these questions may change over time, we expect that the Web will continue to have a mix of sites hosted at single locations, sites at a small number of data centers, and some sites hosted by commercial large-scale CDNs.

Figure 1: TTL and lookup time statistics for names in the DNS trace.
\begin{figure*}
\subfigure[TTL Breakdown]{\psfig {file=graphs/ttl_values_all_sit...
...s/failure_thresh39.eps,width=2.16in,height=1.44in}}
\vspace{-.15in}\end{figure*}



next up previous
Next: Continuous Monitoring Up: Overview Previous: Threat Model & Attacks
L. Poole
2006-09-08