Abstract:
DNSSEC deployment for large Internet Service Provider (ISP) is an important issue. With the current architecture, the migration of current DNS resolving platforms require...Show MoreMetadata
Abstract:
DNSSEC deployment for large Internet Service Provider (ISP) is an important issue. With the current architecture, the migration of current DNS resolving platforms requires 5 times more nodes. This paper introduces alternative architectures where the DNS traffic is split between the nodes of the platform according to the queried Fully Qualified Domain Names (FQDN), rather than the IP addresses of the queries. We show that such type of architecture requires up to 30% less nodes. However, this load balancing techniques results in a non-uniform distribution of the resources among the nodes of the platform. Furthermore, operational teams are reluctant to modify the existing load balancing infrastructure. Thus, we investigate how pro-active caching over a Distributed Hash Table (DHT) protocol, can optimize the resources of an ISP operational DNSSEC resolving platform. We find out that it can reduce the number of nodes by 3.5.
Date of Conference: 27-31 May 2013
Date Added to IEEE Xplore: 01 August 2013
ISBN Information:
Print ISSN: 1573-0077
Conference Location: Ghent, Belgium