Routing Tables Building Methods for Increasing DNS(SEC) Resolving Platforms Efficiency

Abstract-This paper proposes to use optimization and machine learning methods in order to develop innovative techniques for balancing the DNS(SEC) traffic according to Fully Qualified Domain Names (FQDN), rather than according to the IP addresses. With DNS traffic doubling every year and the deployment of its secure extension DNSSEC, DNS resolving platforms require more and more resources. A way to cope with these increasing resources demands is to balance the DNS traffic among the DNS platform servers based on the queried FQDN. Several methods are considered to build a FQDN based routing table: mixed integer linear programming (MILP), a Kmeans clustering algorithm and a heuristic scheme. These load balancing approaches are run and evaluated on real DNS traffic data extracted from the operational IP network of an Internet Service Provider (ISP) and they result in a difference of less than 2% CPU between the servers of a platform

A performance view on DNSSEC migration

International audienceIn July 2008, the Kaminsky attack showed that DNS is sensitive to cache poisoning, and DNSSEC is considered the long term solution to mitigate this attack. A lot of technical documents provide configuration and security guide lines to deploy DNSSEC on organization's servers. However, such documents do not provide ISP or network administrators inputs to plan or evaluate the cost of the migration. This paper describes current deployment of DNSSEC and provides key elements to consider when planning DNSSEC deployment. Then we focus our work on performance aspects and provide experimental measurements for both DNS and DNSSEC architecture. Experimental results evaluate the cost of DNSSEC for authoritative and recursive server with different implementation