handle dns integration project report l.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Handle-DNS Integration Project Report PowerPoint Presentation
Download Presentation
Handle-DNS Integration Project Report

Loading in 2 Seconds...

play fullscreen
1 / 20

Handle-DNS Integration Project Report - PowerPoint PPT Presentation


  • 125 Views
  • Updated on

Handle-DNS Integration Project Report. Handle-DNS Working Group CNNIC/CNRI. Project Objective. Take Advantage of the Handle System to provide security service for DNS namespace, including: Secured DNS resolution (whenever needed) Discretionary Administration & dynamic update

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

Handle-DNS Integration Project Report


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
    Presentation Transcript
    1. Handle-DNS Integration Project Report Handle-DNS Working Group CNNIC/CNRI

    2. Project Objective • Take Advantage of the Handle System to provide security service for DNS namespace, including: • Secured DNS resolution (whenever needed) • Discretionary Administration & dynamic update • Access control & privacy protection • Delegation of credential validation • Co-exist with existing DNS operation, no change needed to DNS client.

    3. Project Background • CNRI • Non-profit research institute • Developed Handle System in Java, specified in RFC3650,3651,3652. • Open source distribution at http://www.handle.net • CNNIC • “.cn” TLD registry in China • Developed Handle System in C • Integrated with DNS BIND9 • Project web page: http://hdl.cnnic.cn

    4. Handle System Overview • A global identifier service, to provide identifier service for any digital resource over the Internet. • Distributed, scalable service infrastructure similar to DNS. • Efficient name-resolution and administration protocol supports both TCP/UDP connection. • Build-in security options for both name resolution and administration.

    5. Client LHS LHS LHS LHS Site 1 Site 2 #1 #2 #1 #2 #3 #4 #n Handle System Service Framework GHR The Handle System is a collection of handle services, each of which consists of one or more replicated sites, each of which may have one or more servers. Site 2 Site 1 Site 3 Site n …... ... 4 123.456/abc URL http://www.acme.com/ URL 8 http://www.ideal.com/

    6. Handle System Security • Security handle resolution, including option for data confidentiality and service integrity checking • Discretionary namespace and identifier attribute administration, independent from host-admin, that allows creation, deletion, and modification of identifier and/or identifier attributes. • Standard access control model per individual identifier attribute, essential for privacy protection. • Standard mechanism for credential validation per individual handle attribute.

    7. Handle-DNS Implementation • Basic Implementation • Handle Server in C/C++ (server/client) • BIND 9 standard distribution • Additional Modules • DNS Interface integrated with handle server • Cache/Preload Module • Database Connection Pools • C-Version Handle-DNS Admin Toolkit • Support DNS resolution and Zone load • Performance Improvements • Exceptional Processing • Memory Leak Protection • Thread Pool Management

    8. Design & Implementation • Integrated Handle-DNS server DNS Protocol BIND 9.3.0 DNS interface 53 Handle Server Handle Protocol 8000 Handle interface 2641

    9. Handle-DNS Admin Toolkit • C-Version Handle-DNS Admin Toolkit • Supporting DNS Resource Record Query & Management • Supporting DNS Zone File Upload

    10. Client: Dell PowerEdge Server Machine 2.8G CPU / 1G RAM / 38GB HardDisk Benchmark • Benchmark Configuration • Client and Server in same LAN 100 Mbps Server: Same configuration as the client. 100 Mbps Cisco Switch

    11. Benchmark • Testing Method • Compare resolution performance among the C-Version Handle-DNS Server and Java-Version Handle Server under the same hardware configuration. • Handle Protocol • Test Software written by CNNIC • DNS Protocol • QueryPerf, benchmark software supplied by BIND • Database • MySQL, 1M Handle Records Handle-DNS Client Handle-DNS Server(C-Version) Java-Version Handle Server

    12. Benchmark (Java/C) • TCP Interface for Handle-DNS server • Comparison between Java-Version and C-Version • Resolution speed • 5~10 ms C-Version, 25~35 ms Java-Version • 2.5~7 Times Performance Improvement for Java-Version • # of concurrent request • 40,000 queries (Handle-DNS) • 4,000 queries (Java) • CPU usage • 90%, Java • Below 10%, C

    13. Benchmark (Handle-DNS/BIND) • UDP Interface for DNS Protocol • Compared to BIND 9.3.0 • Comparable Resolution Performance • Larger size than DNS Records

    14. Prototype Applications • ENUM • ENUM Puts Telephone Numbers in DNS • Mapping PSTN Phone Number to URLs • One Number For All Services on Internet • Based on DNS Protocol • ENUM Zones, “e164.arpa.” • Using DNS “NAPTR” Resource Records • Using DNS Resolution NAPTR RRs tel:+15712205650 +17036208990 sip:samsum@cnri.reston.va.us http://www.cnri.reston.va.us 0.9.9.8.0.2.6.3.0.7.1.e164.arpa mailto:samsum@cox.net

    15. Prototype Application (ENUM) • A Simple ENUM Call Flow

    16. Prototype Application (ENUM) • Handle-ENUM Secure Resolution & Administration • Secure Resolution • Authentication • Access Control • Private ENUM records • Distributed Admin

    17. Prototype Application (Secure Resolution) • Secured DNS resolution via Handle Protocol Interface • Secure DNS Resolution • Man-in-middle attack • Privacy Protect • DNS Administration

    18. Future Plan • Package the Handle-DNS software for public release. • Deploy Handle-DNS server in “.cn” TLD registry and its subsidiaries. • Establish ENUM service and client software based on Handle-DNS interface.

    19. Thanks!

    20. DEMO