[ English | Japanese ]
Back to Index Page

ACADEMIC YEAR	2011 (Aug. 24, 2011)
NAME	VIXIE, Paul
TITLE	Design and Implementation of Advanced Domain Name System Infrastructure
ABSTRACT	Just as the world economy and humanity¡Çs curiousity depends on the continued growth and stability of the Internet, so does the Internet depend on the continued growth and stability of its Domain Name System (DNS). While DNS has been successful, only a small part of that success owes to its design strengths. The larger part of DNS¡Çs success has come from continuous evolution of the protocol and continuous implementation of new protocol features in widely used open source software. The research described here led the evolution of DNS from a static, insecure, unscalable system to a dynamic, secure, robust system capable of supporting the world¡Çs information economy and made it possible for DNS and similar distributed systems to be characterized and studied in real time. This research makes contributions for enabling the Internet Domain Name System (DNS) to be used reliably and securely by a global community of billions of users accessing billions of names for commerce, entertainment social networking, and future applications yet undreamt. This was accomplished by extending DNS at the protocol level and by implementing these extensions in widely used open source software. The extensions were: Automation required for large scale Internet (billions of users, billions of names) is now supported by DNS. This includes in band content changes and rapid propagation of changed content while maintaining distributed cache coherency and high transaction rates. DNS can now be trusted and so can be used to carry data whose authenticity is important such as access controls or cryptographic keys. This makes it possible for DNS to be used in sensitive applications such as e-commerce or to be the foundation for new public key infrastructures. The performance, correctness, and load of autonomous distributed systems such as DNS is now an available topic for research. This enables the risk analysis and risk management necessary for the design of systems which are dependent on DNS for their correctness, safety, and availability. In the first part of this thesis, I provide an overview of the history of Internet naming architecture and explain how I extended DNS to support real time notification of content changes and dynamic in-band content changes, and I explore the implementation details of these extensions. In the second part of this thesis, I focus on the most critical needs the DNS faces in the future: improving security, and supporting new applications. I demonstrate an important DNS system metacapability whereby new system level features can be added with no underlying protocol changes. In the last part of this thesis, I describe a new framework for collecting, sharing, and analyzing DNS network traffic in order to help characterize the overall system and improve situational awareness by operators, and I conclude with a discussion of trends in how these contributions have been used thus far, what impact they have had on the Internet community. Keywords: domain name system, distributed cache coherency, distributed system security, passive network sensor, non-stop systems.
CONTACT	To obtain the dissertation, please contact to : Paul Vixie

Back to Project Home Page