SAINT ‘01

Proactive DNS Caching:Addressing a Performance Bottleneck

Edith CohenAT&T Labs-Research

Haim KaplanTel-Aviv University

Talk OverviewOverview and MotivationDNS architectureDNS lookup latency

Proactive DNS cachingRenewal PoliciesSimultaneous Validation

Conclusion

Domain Name System

Essential for Internet name-based communicationEssential for Internet name-based communicationMany-to-many mapping (virtual hosting, mirrors, Many-to-many mapping (virtual hosting, mirrors, aliases)aliases)Distributed database maintained by a hierarchy of Distributed database maintained by a hierarchy of name-serversname-servers

hostname IP-addresswww.research.att.com 135.207.23.30

ns-1.amazon.comamazon.com

ns.research.att.comresearch.att.com

dnsprime.att.comatt.com

root.

DNS Hierarchy

LocalName-Server

resolving www.research.att.com

DNS Lookup

Root DNS server returns NS for att.com

dnsprime.att.com returns NS for

research.att.com

ns0.research.att.com returns IP-address for

www.research.att.com

Resolution may involve multiple remote name-serversResolution may involve multiple remote name-servers

Resolving Hostnames

Browser: if no answer in browser cache, query is sent to the

local DNS server.

Name-server: use own cache. For missing info, iteratively

query remote name-servers, while following referrals/

delegations.

DNS Caching Mechanism

Data is stored in Resource Records (RR) Data is stored in Resource Records (RR)

Each record has a Each record has a TTL value TTL value (Time To Live)(Time To Live)

TTL values are assigned by respective domain TTL values are assigned by respective domain administrators.administrators.

Record may be cached and used only for TTL duration.Record may be cached and used only for TTL duration.

Latency of DNS Lookups All requests > 60 sec after previous, ATT log

Latency of DNS Lookups AltaVista referrals requests, ATT proxy log

Issues with DNS LatencyRTTs to (several) remote name servers Not addressed by fatter pipes, faster high-capacity content servers.

Highly sensitive to packet loss Inconsistent - fraction of lookups suffer long/pathological delaysAs Internet service improves, will increasingly become more noticeable.

Passive DNS caching

Query remote NS only to answer a Query remote NS only to answer a current client requestcurrent client request

Cache (use) results till TTL expiresCache (use) results till TTL expires

Used by BIND name-server software

Proactive DNS caching

Renewal Policies: auto-refresh entries just before TTL expires Simultaneous Validation:Simultaneous Validation: Concurrently validate & use Concurrently validate & use “expired” address“expired” address

Our Proposals:Our Proposals:

Guidelines:Respect TTL values (be transparent to client)Respect TTL values (be transparent to client)Minimize overhead to DNS serversMinimize overhead to DNS servers

Methodology and Logs Proxy logs

Simulate associated DNS cache

Separately-issued DNS queries obtain: Separately-issued DNS queries obtain: TTL values, rate-of-change of IP-address.TTL values, rate-of-change of IP-address.

Requests (1000)

Hosts(1000)

period

AT&T489 10.5 11/8/96-

11/19/96

UC(NLANR)

10837 91 5/18/99-6/5/99

Renewal Policies

R-LRUR-LRU renew r times past the most-recent cache hitrenew r times past the most-recent cache hitR-LFUR-LFU grant r additional renewals per hit ( TTL interval)grant r additional renewals per hit ( TTL interval)R-FIFOR-FIFO grant r renewals at entry time to the cachegrant r renewals at entry time to the cacheR-OPTR-OPT optimal omniscient offline renewal policyoptimal omniscient offline renewal policy

- Issue a renewal query upon expiration.- Issue a renewal query upon expiration.- Policy determines when to renew.- Policy determines when to renew.- Tradeoff of overhead/reduced-latency.- Tradeoff of overhead/reduced-latency.

Performance of Renewal Policies ATT proxy log

Performance of Renewal Policies UC (NLANR) log

Renewal Policies: Conclusions

R-LRU and R-LFU performed equally well across logs R-LRU and R-LFU performed equally well across logs R-FIFO did not perform as wellR-FIFO did not perform as wellReduction in misses corresponds to reduction in long Reduction in misses corresponds to reduction in long DNS query timesDNS query timesMore effective for more clients More effective for more clients

Renewal Policies: Implementation issues

Preferred Implementation:Preferred Implementation: within the name-serverwithin the name-server

Overhead control:Overhead control:pre-expiration renewals (~1 RTT)pre-expiration renewals (~1 RTT)off-peak renewalsoff-peak renewals

TTL vs. Rate-of-change

TTL values are set conservatively: Rate-of-change TTL values are set conservatively: Rate-of-change of addresses is significantly lower than TTL value.of addresses is significantly lower than TTL value.

So, when “expired” records are discarded, we So, when “expired” records are discarded, we often lose valuable and valid informationoften lose valuable and valid information

Challenge:How do we benefit from valid expired addresses while still respecting TTL values.

Simultaneous Validation

Keep expired address records.Keep expired address records.When a client request arrives, When a client request arrives, concurrentlyconcurrently:: Initiate a connection to host, using expired IP-address, Initiate a connection to host, using expired IP-address,

and start fetching contentand start fetching content Issue a validating DNS queryIssue a validating DNS queryIf validation is successful, serve the content to the clientIf validation is successful, serve the content to the client

SV Latency Gain

DNS lookupsession with Web server: Establishing TCP connection(s),

sending HTTP request(s), ...

Simultaneous Validationsuccess rate

SV success rate (out of DNS misses on

epreviously-seen hostnames)AT&T 97.9%

UC(NLANR)

99.1%

Simultaneous Validation:deployment issues

browser or proxybrowser or proxy requires maintenance of a separate name-to-requires maintenance of a separate name-to-

address cacheaddress cache single-entity implementationsingle-entity implementation

name-server (using its internal cache)name-server (using its internal cache) requires protocol support for 2-phase resolutionsrequires protocol support for 2-phase resolutions requires separate proxy or browser support requires separate proxy or browser support

SV is more effective for a larger user base.SV is more effective for a larger user base.

Summary

DNS lookup delays can be addressed by increasing the local availability of RRsRenewal Policies incur overhead of additional queries limited deployment is effective inter-request-time < c * TTL

Simultaneous Validation minimal overhead more involved implementation inter-request-time < IP-address-lifetime

Future Work

Large, local, hostname database + SV

Co-operative DNS caching

SV and Renewal at the RR level

Combine SV and Renewal