Author : J Uma Mahesh 1
Date of Publication :7th March 2017
Abstract: This paper proposes to use data mining methods implemented via R in order to analyze the Domain Name System (DNS) traffic and to develop innovative techniques for balancing the DNS traffic according to Fully Qualified Domain Names (FQDN) rather than according to the Internet Protocol (IP) addresses. With DNS traffic doubling every year and the deployment of its secure extension DNSSEC, DNS resolving platforms require more and more CPU and memory resources. After characterizing the DNS(SEC) traffic thanks to reduction in dimension and clustering methods implemented with R functions and packages, we propose techniques to balance the DNS traffic among the DNS platform servers based on the FQDN. Several methods are considered to build the FQDN-based routing table: K- means clustering algorithm, mixed integer linear programming, and a heuristic scheme. These load balancing approaches are run, and evaluated with R on real DNS traffic data extracted from an operational network of an Internet Service Provider. They result in reducing the platform CPU resources by 30% with a difference of less than 2% CPU between the servers of a platform.
Reference :
-
- Arends, R., Austein, R., Larson, M., Massey, D., Rose, S., 2005a. DNS Security Introduction and Requirements. RFC 4033 (Proposed Standard). Updated by RFC 6014.
- Arends, R., Austein, R., Larson, M., Massey, D., Rose, S., 2005b. Protocol Modifications for the DNS Security Extensions. RFC 4035 (Proposed Standard). Updated by RFCs 4470, 6014.
- Arends, R., Austein, R., Larson, M., Massey, D., Rose, S., 2005c. Resource Records for the DNS Security Extensions. RFC 4034 (Proposed Standard). Updated by RFCs 4470, 6014.
- Cox TF, Cox MAA. Multidimensional Scaling. Boca Raton, FL: Chapman and Hall; 2001.
- Development Core Team R. R: A Language and Environment for Statistical Computing. Vienna, Austria: R Foundation for Statistical Computing; 2010.
- Francfort S, Migault D, Senecal S. A bi-objective Mixed Integer Linear Program for load balancing DNS(SEC) requests. In: Proceedings of DNS EASY 2011, extended version in International Journal of Critical Infrastructure Protection, Elsevier, 2012.
- Griffiths, C., 2009. Comcast DNSSEC Trail Test Bed. North American Network Operator Group (NANOG45). [8]. Hastie T, Tibshirani R, Friedman J. The Elements of Statistical Learning: Data Mining, Inference and Prediction. In: second ed. Springer 2008.
- Kogan J. Introduction to Clustering Large and HighDimensional Data. New York: Cambridge University Press; 2007.
- Maechler, M., Rousseeuw, P., Struyf, A., Hubert, M., 2005. Cluster analysis basics and extensions. Rousseeuw et al provided the S original which has been ported to R by Kurt Hornik and has since been enhanced by Martin Maechler: speed improvements, silhouette() functionality, bug fixes, etc. See the n‗Changelog‗ file (in the package source).
- Migault, D., 2010. Performance measurements on bind9/nsd/unbound. In IETF79. IEPG.
- Migault D, Laurent M. How DNSSEC resolution platforms benefit from load balancing traffic according to fully qualified domain name. In: Proceedings of CSNA. 2011
- Migault D, Girard C, Laurent M. A performance view on DNSSEC migration. In: Proceedings of CNSM 2010.
-
- Arends, R., Austein, R., Larson, M., Massey, D., Rose, S., 2005a. DNS Security Introduction and Requirements. RFC 4033 (Proposed Standard). Updated by RFC 6014.
- Arends, R., Austein, R., Larson, M., Massey, D., Rose, S., 2005b. Protocol Modifications for the DNS Security Extensions. RFC 4035 (Proposed Standard). Updated by RFCs 4470, 6014.
- Arends, R., Austein, R., Larson, M., Massey, D., Rose, S., 2005c. Resource Records for the DNS Security Extensions. RFC 4034 (Proposed Standard). Updated by RFCs 4470, 6014.
- Cox TF, Cox MAA. Multidimensional Scaling. Boca Raton, FL: Chapman and Hall; 2001.
- Development Core Team R. R: A Language and Environment for Statistical Computing. Vienna, Austria: R Foundation for Statistical Computing; 2010.
- Francfort S, Migault D, Senecal S. A bi-objective Mixed Integer Linear Program for load balancing DNS(SEC) requests. In: Proceedings of DNS EASY 2011, extended version in International Journal of Critical Infrastructure Protection, Elsevier, 2012.
- Griffiths, C., 2009. Comcast DNSSEC Trail Test Bed. North American Network Operator Group (NANOG45). [8]. Hastie T, Tibshirani R, Friedman J. The Elements of Statistical Learning: Data Mining, Inference and Prediction. In: second ed. Springer 2008.
- Kogan J. Introduction to Clustering Large and HighDimensional Data. New York: Cambridge University Press; 2007.
- Maechler, M., Rousseeuw, P., Struyf, A., Hubert, M., 2005. Cluster analysis basics and extensions. Rousseeuw et al provided the S original which has been ported to R by Kurt Hornik and has since been enhanced by Martin Maechler: speed improvements, silhouette() functionality, bug fixes, etc. See the n‗Changelog‗ file (in the package source).
- Migault, D., 2010. Performance measurements on bind9/nsd/unbound. In IETF79. IEPG.
- Migault D, Laurent M. How DNSSEC resolution platforms benefit from load balancing traffic according to fully qualified domain name. In: Proceedings of CSNA. 2011.
- Migault D, Girard C, Laurent M. A performance view on DNSSEC migration. In: Proceedings of CNSM 2010.