'Institute of Electrical and Electronics Engineers (IEEE)'
Abstract
This paper presents DNS++, a re-design of the Internet's name resolution system that addresses dynamic information and privacy. DNS++ uses a pub/sub overlay to send updates about a given service to interested clients, allowing them to (re)select between replicas according to their requirements, as updates about services and their features dynamically change. Since third-party brokers in the overlay are not always trusted for the confidentiality of the content flowing through them, clients' privacy is preserved in DNS++ through homomorphic encryption. Brokers are prevented from accessing encrypted service information but can perform homomorphic match and forward service updates to relevant clients through the overlay accordingly. Assuming that forwarding tables in each broker are implemented via ordered data structures, the time required for adding a new client's subscription, and to perform homomorphic match between existing subscriptions and service updates, would grow logarithmically with the number of entries within a table. This is shown by our performance evaluation, which confirms that DNS++ is feasible to be deployed with an acceptable performance overhead
