130 likes | 138 Views
Domain name service for Named Data Networking. In proceedings of the 26th International Conference on Computer Communications and Networks (ICCCN), July 2017 Alexander Afanasyev , Xiaoke Jiang, Yingdi Yu, Jiewen Tan, Yumin Xia, Allison Mankin , and Lixia Zhang. Outline. Background
E N D
Domain name service for Named Data Networking In proceedings of the 26th International Conference on Computer Communications and Networks (ICCCN), July 2017 Alexander Afanasyev, Xiaoke Jiang, Yingdi Yu, Jiewen Tan, Yumin Xia, Allison Mankin, and LixiaZhang
Outline • Background • DomainNameSystem(DNS) • NDNDNS(NDNS) • Conclusion
Background • DNS • ThemainpurposeofDNSistoresolvehuman-readablehostnameintoIPaddress. • NDNS • NDNScouldsupporttheconsumertogettheforwardinghint. • Forwardinghint–Iftheconsumersendaninterestwhichisunreachable,theforwardinghintcoulddirecttheinteresttotheprefixwhichcouldreachtheproducer.
(Iterativequery) 1.Whereiswww.google.com 2.Whereiswww.google.com . Client LocalDNS 3.Idon’tknow,buthereisthenameserverof“com” (Recursivequery) 4.Whereiswww.google.com com Cached NoRecord 5.Idon’tknow,buthereisthenameserverof“google” 2.(8)TheIPaddressis172.217.27.132 6.Whereiswww.google.com google 7.Iknow,theIPaddressis172.217.27.132
DNSSecurityExtensions(DNSSEC) • WhydoweneedDNSSEC?Ifyouqueryfor“www.google.com”,thecorrectIPaddressshouldbe172.217.27.132,butitreturntheotheronewhichmaystealsomepersonalinformation. • DNSSECpurpose: • Dataintegrity • OriginauthenticationofDNSdata • Authenticateddenialofexistence
DigitalSignature Signing RSA–PrivateKey MD5,SHA HashValue Data DigitallySignedData Verification MD5,SHA Check HashValue1 Data RSA–PublicKey DigtallySignedData HashValue2
DNSKEY(KSK) DNSKEY(ZSK) RRSIGZSK RRSIGRRset DS KeySigningKeys(KSK) ZoneSigningKeys(ZSK) ResourceRecordSigature(RRSIG) DelegationSigner(DS) com DNSKEY(KSK) DNSKEY(ZSK) RRSIGZSK RRSIGRRset RRset google.com MD5,SHA MD5,SHA MD5,SHA Check Check Check KSK ZSK HashValue1 HashValue1 RRset HashValue1 KSK–PublicKey ZSK–PublicKey RRSIGZSK DS HashValue2 HashValue2 RRSIGRRset HashValue2
NDNS • Recursivequery–Ifthedataiscached,theconsumercouldusetheprefix“NDNS-R”topresentarecursivequery. “/NDNS-R/net/ndnsim/www/TXT”(TheclosestNDNS) “/com/google/NDNS-R/net/ndnsim/www/TXT”(TheNDNSofgoogle) • Iterativequery–Ifthedataisnotcached,theiterativequerywouldbelookedlike“/NDNS/zone_name/NS”.
Label Itcouldberepresentasservices(ex:WebService)orapplications. Type TXTFree-formed text record NSForwarding hints CERTNDNS public key certificates APPCERTApplications certificate
/ucla/cs+/net/ndnsim… /net/ndnsim /ucla/cs /net/ndnsim+…
Conclusion • NDNScanmakethattheproducerswhoarenotintheglobalnetworkcouldbereachable. • NDNSisaexamplethatevenweportthesimilarmechanismfromIPtoNDN,it’susecouldbedifferentfromtraditionalmethod.