hyDNS: Acceleration of DNS Through Kernel Space Resolution
Authors: 
Joshua Bardinelli, Yifan Zhang, Jianchang Su, Linpu Huang, Aidan Parilla, Rachel Jarvi, Sameer G. Kulkarni, Wei ZhangAuthors Info & Claims
Joshua Bardinelli, Yifan Zhang, Jianchang Su, Linpu Huang, Aidan Parilla, Rachel Jarvi, Sameer G. Kulkarni, Wei ZhangAuthors Info & ClaimsPages 58 - 64
Abstract
The Domain Name System (DNS) is a core component of Internet infrastructure, mapping domain names to IP addresses. The recursive resolver plays a critical role in this process, requiring high performance due to multiple request-response exchanges. However, its performance is hindered by costly message copying, user-kernel space transitions, and kernel stack traversal. Kernel bypass techniques can mitigate these issues but often result in resource waste or deployment challenges.
To overcome these limitations, We present hyDNS, a hybrid recursive resolver that combines eBPF offloading in the kernel with a user-space resolver. The DNS kernel cache allows most requests to be served before reaching the kernel network stack. To manage limited DMA memory, excess requests are passed to user space once a threshold is reached, enabling the system to handle high query loads. hyDNS uses programmable NICs to create a scalable kernel cache, implementing a lockless per-core eBPF hash map. Filters on the NIC direct requests to each core. Preliminary results show significant performance improvements with eBPF offloading, achieving up to 4.4× the throughput and a 65% reduction in latency compared to user space implementations.
References
[1]
[n.d.]. DPDK. https://www.dpdk.org/.
[2]
Yehuda Afek, Anat Bremler-Barr, and Lior Shafir. 2020. {NXNSAttack}: Recursive {DNS} Inefficiencies and Vulnerabilities. In 29th USENIX Security Symposium (USENIX Security 20). 631--648.
[3]
Bernhard Ager, Wolfgang Mühlbauer, Georgios Smaragdakis, and Steve Uhlig. 2010. Comparing DNS resolvers in the wild. In Proceedings of the 10th ACM SIGCOMM conference on Internet measurement. 15--21.
[4]
Rami Al-Dalky, Michael Rabinovich, and Mark Allman. 2018. Practical challenge-response for DNS. ACM SIGCOMM Computer Communication Review 48, 3 (2018), 20--28.
[5]
Thomas Callahan, Mark Allman, and Michael Rabinovich. 2013. On modern DNS behavior and properties. ACM SIGCOMM Computer Communication Review 43, 3 (2013), 7--15.
[6]
Cilium. [n. d.]. Cilium - Cloud Native, eBPF-based Networking, Observability, and Security --- cilium.io. https://cilium.io/. [Accessed 22-05-2024].
[7]
Facebook. [n.d.]. Katran. [EB/OL]. https://github.com/facebookincubator/katran Accessed Oct 25, 2020.
[8]
Hongyu Gao, Vinod Yegneswaran, Yan Chen, Phillip Porras, Shalini Ghosh, Jian Jiang, and Haixin Duan. 2013. An empirical reexamination of global DNS behavior. In Proceedings of the ACM SIGCOMM 2013 conference on SIGCOMM. 267--278.
[9]
Hongyu Gao, Vinod Yegneswaran, Jian Jiang, Yan Chen, Phillip Porras, Shalini Ghosh, and Haixin Duan. 2014. Reexamining DNS from a global recursive resolver perspective. IEEE/ACM Transactions on Networking 24, 1 (2014), 43--57.
[10]
Elazar Gershuni, Nadav Amit, Arie Gurfinkel, Nina Narodytska, Jorge A Navas, Noam Rinetzky, Leonid Ryzhyk, and Mooly Sagiv. 2019. Simple and precise static analysis of untrusted linux kernel extensions. In Proceedings of the 40th ACM SIGPLAN Conference on Programming Language Design and Implementation. 1069--1084.
[11]
Yoann Ghigoff, Julien Sopena, Kahina Lazri, Antoine Blin, and Gilles Muller. 2021. {BMC}: Accelerating Memcached using Safe In-kernel Caching and Pre-stack Processing. In 18th USENIX Symposium on Networked Systems Design and Implementation (NSDI 21). 487--501.
[12]
Chuanxiong Guo, Haitao Wu, Zhong Deng, Gaurav Soni, Jianxi Ye, Jitu Padhye, and Marina Lipshteyn. 2016. RDMA over commodity ethernet at scale. In Proceedings of the 2016 ACM SIGCOMM Conference. 202--215.
[13]
Hadrien Hours, Ernst Biersack, Patrick Loiseau, Alessandro Finamore, and Marco Mellia.2016. A study of the impact of DNS resolvers on CDN performance using a causal approach. Computer Networks 109 (2016), 200--210.
[14]
Jaeyeon Jung, Emil Sit, Hari Balakrishnan, and Robert Morris. 2001. DNS performance and the effectiveness of caching. In Proceedings of the 1st ACM SIGCOMM Workshop on Internet Measurement. 153--167.
[15]
Jussi Kangasharju and Keith W Ross. 2000. A replicated architecture for the domain name system. In Proceedings IEEE INFOCOM 2000. Conference on Computer Communications. Nineteenth Annual Joint Conference of the IEEE Computer and Communications Societies (Cat. No. 00CH37064), Vol. 2. IEEE, 660--669.
[16]
Kate Keahey, Jason Anderson, Zhuo Zhen, Pierre Riteau, Paul Ruth, Dan Stanzione, Mert Cevik, Jacob Colleran, Haryadi S. Gunawi, Cody Hammock, Joe Mambretti, Alexander Barnes, François Halbach, Alex Rocha, and Joe Stubbs. 2020. Lessons Learned from the Chameleon Testbed. In Proceedings of the 2020 USENIX Annual Technical Conference (USENIX ATC '20). USENIX Association.
[17]
Xinhao Kong, Yibo Zhu, Huaping Zhou, Zhuo Jiang, Jianxi Ye, Chuanxiong Guo, and Danyang Zhuo. 2022. Collie: Finding Performance Anomalies in {RDMA} Subsystems. In 19th USENIX Symposium on Networked Systems Design and Implementation (NSDI 22). 287--305.
[18]
Haifeng Liu, Shugang Chen, Yongcheng Bao, Wanli Yang, Yuan Chen, Wei Ding, and Huasong Shan. 2018. A high performance, scalable dns service for very large scale container cloud platforms. In Proceedings of the 19th International Middleware Conference Industry. 39--45.
[19]
Zhuoqing Morley Mao, Charles D Cranor, Fred Douglis, Michael Rabinovich, Oliver Spatscheck, and Jia Wang. 2002. A Precise and Efficient Evaluation of the Proximity Between Web Clients and Their Local DNS Servers. In USENIX Annual Technical Conference, General Track. 229--242.
[20]
Andrea Mayer, Pierpaolo Loreti, Lorenzo Bracciale, Paolo Lungaroni, Stefano Salsano, and Clarence Filsfils. 2021. Performance monitoring with h^2: Hybrid kernel/ebpf data plane for srv6 based hybrid sdn. Computer Networks 185 (2021), 107705.
[21]
Steven McCanne and Van Jacobson. 1993. The BSD Packet Filter: A New Architecture for User-level Packet Capture. In USENIX winter, Vol. 46. 259--270.
[22]
Paul V Mockapetris. 1987. RFC1034: Domain names-concepts and facilities.
[23]
KyoungSoo Park, Vivek S Pai, Larry L Peterson, and Zhe Wang. 2004. CoDNS: Improving DNS Performance and Reliability via Cooperative Lookups. In OSDI, Vol. 4. 14--14.
[24]
Nick Peng. 2024. SmartDNS. https://github.com/pymumu/smartdns.
[25]
Shixiong Qi, Leslie Monis, Ziteng Zeng, Ian-chin Wang, and KK Ramakrishnan. 2022. SPRIGHT: extracting the server from serverless computing! high-performance eBPF-based event-driven, shared-memory processing. In Proceedings of the ACM SIGCOMM 2022 Conference. 780--794.
[26]
Venugopalan Ramasubramanian and Emin Gün Sirer. 2004. The design and implementation of a next generation name service for the internet. ACM SIGCOMM Computer Communication Review 34, 4 (2004), 331--342.
[27]
Bas Schalbroeck. 2021. Xpress DNS - Experimental XDP DNS server. https://github.com/zebaz/xpress-dns.
[28]
Kyle Schomp, Onkar Bhardwaj, Eymen Kurdoglu, Mashooq Muhaimen, and Ramesh K Sitaraman. 2020. Akamai dns: Providing authoritative answers to the world's queries. In Proceedings of the Annual conference of the ACM Special Interest Group on Data Communication on the applications, technologies, architectures, and protocols for computer communication. 465--478.
[29]
David Soldani, Petrit Nahi, Hami Bour, Saber Jafarizadeh, Mohammed Soliman, Leonardo Di Giovanna, Francesco Monaco, Giuseppe Ognibene, and Fulvio Risso. 2023. ebpf: A new approach to cloud-native observability, networking and security for current (5g) and future mobile networks (6g and beyond). IEEE Access (2023).
[30]
Erik Sy. 2019. Enhanced Performance and Privacy via Resolver-Less DNS. arXiv preprint arXiv:1908.04574 (2019).
[31]
Tantalor93. [n. d.]. dnspyre. https://github.com/Tantalor93/dnspyre.
[32]
Marcos AM Vieira, Matheus S Castanho, Racyus DG Pacífico, Elerson RS Santos, Eduardo PM Câmara Júnior, and Luiz FM Vieira. 2020. Fast packet processing with ebpf and xdp: Concepts, code, challenges, and applications. ACM Computing Surveys (CSUR) 53, 1 (2020), 1--36.
[33]
Xingda Wei, Zhiyuan Dong, Rong Chen, and Haibo Chen. 2018. Deconstructing {RDMA-enabled} distributed transactions: Hybrid is better!. In 13th USENIX Symposium on Operating Systems Design and Implementation (OSDI 18). 233--251.
[34]
Tianjun Weng, Wanqi Yang, Guangba Yu, Pengfei Chen, Jieqi Cui, and Chuanfu Zhang. 2021. Kmon: An in-kernel transparent monitoring system for microservice systems with ebpf. In 2021 IEEE/ACM International Workshop on Cloud Intelligence (CloudIntelligence). IEEE, 25--30.
[35]
C Wills and Hao Shang. 2000. The contribution of DNS lookup costs to web object retrieval. Technical Report. Citeseer.
[36]
Rui Yang and Marios Kogias. 2023. HEELS: A Host-Enabled eBPF-Based Load Balancing Scheme. In Proceedings of the 1st Workshop on eBPF and Kernel Extensions. 77--83.
[37]
Guangba Yu, Pengfei Chen, Pairui Li, Tianjun Weng, Haibing Zheng, Yuetang Deng, and Zibin Zheng. 2023. Logreducer: Identify and reduce log hotspots in kernel on the fly. In 2023 IEEE/ACM 45th International Conference on Software Engineering (ICSE). IEEE, 1763--1775.
[38]
Timothy D Zavarella. 2022. A methodology for using eBPF to efficiently monitor network behavior in Linux Kubernetes clusters. Ph. D. Dissertation. Massachusetts Institute of Technology.
[39]
Qianyu Zhang, Gongming Zhao, Hongli Xu, and Peng Yang. 2023. XAgg: Accelerating Heterogeneous Distributed Training Through XDP-Based Gradient Aggregation. IEEE/ACM Transactions on Networking (2023).
[40]
Yiwen Zhang, Yue Tan, Brent Stephens, and Mosharaf Chowdhury. 2022. Justitia: Software {Multi-Tenancy} in Hardware {Kernel-Bypass} Networks. In 19th USENIX Symposium on Networked Systems Design and Implementation (NSDI 22). 1307--1326.
[41]
Yuhong Zhong, Haoyu Li, Yu Jian Wu, Ioannis Zarkadas, Jeffrey Tao, Evan Mesterhazy, Michael Makris, Junfeng Yang, Amy Tai, Ryan Stutsman, et al. 2022. {XRP}:{In-Kernel} Storage Functions with {EBPF}. In 16th USENIX Symposium on Operating Systems Design and Implementation (OSDI 22). 375--393.
[42]
Yang Zhou, Zezhou Wang, Sowmya Dharanipragada, and Minlan Yu. 2023. Electrode: Accelerating Distributed Protocols with {eBPF}. In 20th USENIX Symposium on Networked Systems Design and Implementation (NSDI 23). 1391--1407.
[43]
Yibo Zhu, Haggai Eran, Daniel Firestone, Chuanxiong Guo, Marina Lipshteyn, Yehonatan Liron, Jitendra Padhye, Shachar Raindel, Mohamad Haj Yahia, and Ming Zhang. 2015. Congestion control for large-scale RDMA deployments. ACM SIGCOMM Computer Communication Review 45, 4 (2015), 523--536.
Index Terms
- hyDNS: Acceleration of DNS Through Kernel Space Resolution
Recommendations
T-DNS: connection-oriented DNS to improve privacy and security (poster abstract)
SIGCOMM '14: Proceedings of the 2014 ACM conference on SIGCOMMDNS is the canonical protocol for connectionless UDP. Yet DNS today is challenged by eavesdropping that compromises privacy, source-address spoofing that results in denial-of-service (DoS) attacks on the server and third parties, injection attacks that ...
Proactive caching of DNS records: addressing a performance bottleneck
The resolution of a host name to an IP-address is a necessary predecessor to connection establishment and HTTP exchanges. Nonetheless, domain name system (DNS) resolutions often involve multiple remote name-servers and prolong Web response times. To ...
On measuring the client-side DNS infrastructure
IMC '13: Proceedings of the 2013 conference on Internet measurement conferenceThe Domain Name System (DNS) is a critical component of the Internet infrastructure. It allows users to interact with Web sites using human-readable names and provides a foundation for transparent client request distribution among servers in Web ...
Comments
Information & Contributors
Information
Published In
August 2024
77 pages
ISBN:9798400707124
DOI:10.1145/3672197
Copyright © 2024 ACM.
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].
Sponsors
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 04 August 2024
Check for updates
Author Tags
Qualifiers
- Research-article
- Research
- Refereed limited
Conference
ACM SIGCOMM '24
Sponsor:
Acceptance Rates
Overall Acceptance Rate 12 of 21 submissions, 57%
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 176Total Downloads
- Downloads (Last 12 months)176
- Downloads (Last 6 weeks)36
Reflects downloads up to 09 Nov 2024
Other Metrics
Citations
View Options
Get Access
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in