130 likes | 145 Views
Explore Domain Name System (DNS) and NDNDNS in the context of networking. Learn about NDNS features, DNSSEC benefits, digital signatures, and NDNS query mechanisms.
E N D
Domain name service for Named Data Networking In proceedings of the 26th International Conference on Computer Communications and Networks (ICCCN), July 2017 Alexander Afanasyev, Xiaoke Jiang, Yingdi Yu, Jiewen Tan, Yumin Xia, Allison Mankin, and LixiaZhang
Outline • Background • DomainNameSystem(DNS) • NDNDNS(NDNS) • Conclusion
Background • DNS • ThemainpurposeofDNSistoresolvehuman-readablehostnameintoIPaddress. • NDNS • NDNScouldsupporttheconsumertogettheforwardinghint. • Forwardinghint–Iftheconsumersendaninterestwhichisunreachable,theforwardinghintcoulddirecttheinteresttotheprefixwhichcouldreachtheproducer.
(Iterativequery) 1.Whereiswww.google.com 2.Whereiswww.google.com . Client LocalDNS 3.Idon’tknow,buthereisthenameserverof“com” (Recursivequery) 4.Whereiswww.google.com com Cached NoRecord 5.Idon’tknow,buthereisthenameserverof“google” 2.(8)TheIPaddressis172.217.27.132 6.Whereiswww.google.com google 7.Iknow,theIPaddressis172.217.27.132
DNSSecurityExtensions(DNSSEC) • WhydoweneedDNSSEC?Ifyouqueryfor“www.google.com”,thecorrectIPaddressshouldbe172.217.27.132,butitreturntheotheronewhichmaystealsomepersonalinformation. • DNSSECpurpose: • Dataintegrity • OriginauthenticationofDNSdata • Authenticateddenialofexistence
DigitalSignature Signing RSA–PrivateKey MD5,SHA HashValue Data DigitallySignedData Verification MD5,SHA Check HashValue1 Data RSA–PublicKey DigtallySignedData HashValue2
DNSKEY(KSK) DNSKEY(ZSK) RRSIGZSK RRSIGRRset DS KeySigningKeys(KSK) ZoneSigningKeys(ZSK) ResourceRecordSigature(RRSIG) DelegationSigner(DS) com DNSKEY(KSK) DNSKEY(ZSK) RRSIGZSK RRSIGRRset RRset google.com MD5,SHA MD5,SHA MD5,SHA Check Check Check KSK ZSK HashValue1 HashValue1 RRset HashValue1 KSK–PublicKey ZSK–PublicKey RRSIGZSK DS HashValue2 HashValue2 RRSIGRRset HashValue2
NDNS • Recursivequery–Ifthedataiscached,theconsumercouldusetheprefix“NDNS-R”topresentarecursivequery. “/NDNS-R/net/ndnsim/www/TXT”(TheclosestNDNS) “/com/google/NDNS-R/net/ndnsim/www/TXT”(TheNDNSofgoogle) • Iterativequery–Ifthedataisnotcached,theiterativequerywouldbelookedlike“/NDNS/zone_name/NS”.
Label Itcouldberepresentasservices(ex:WebService)orapplications. Type TXTFree-formed text record NSForwarding hints CERTNDNS public key certificates APPCERTApplications certificate
/ucla/cs+/net/ndnsim… /net/ndnsim /ucla/cs /net/ndnsim+…
Conclusion • NDNScanmakethattheproducerswhoarenotintheglobalnetworkcouldbereachable. • NDNSisaexamplethatevenweportthesimilarmechanismfromIPtoNDN,it’susecouldbedifferentfromtraditionalmethod.