P2P Internet Name Lookup Service
MeraLabs researchers are developing an architecture that would allow to create a scalable, robust and secure internet name lookup service on the basis of a self-organizing peer-to-peer network.
Background
Internet name lookup services started with hosts.txt file that stored all the hosts’ names. It was administered centrally at the SRI Network Information Center. In the beginning of 1980s the number of hosts grew too big for the file to be updated and disseminated efficiently. To solve this problem Paul Mockapetris and other research workers started the design and implementation of a distributed internet host name database that is now known as the Domain Name System (DNS). Many contemporary internet applications heavily depend on the DNS system (e.g. WWW and email).
DNS introduced administrative hierarchy for names; it also coupled domain ownership with the responsibility of serving data for them. The original concept of DNS had little means of providing security as the service structure mirrored the administrative structure. Due to the increasing concern on security issues the DNS Security Extensions (DNSSEC) were introduced in late 1990s. DNSSEC provided means of checking records’ authenticity. Thus it has been shown that data authentication can be efficiently separated from service of the data.
Motivation
The Internet name lookup service has been historically moving from a centrally administrated and controlled system (hosts.txt) to a system of distributed data and authority (DNS). We think that it is a trend and the logical conclusion would be a completely decentralized name system. Switching to a peer-to-peer network structure sounds like a viable replacement to the tree-like structure being used now.
We believe that creating an internet host name lookup service on the basis of a peer-to-peer network can help to solve some of the problems innate to the classical DNS architecture.
The p2p name service would, in our opinion, be:
- More robust that the original DNS due to the decentralized p2p structure
- Provide low latency; as low as the original DNS (due to caching)
- Provide greater scalability
- Provide data authentication by relying on an external key authentication service
- Extend the definition of an internet name
- Provide more flexible and powerful search mechanisms
Our Solution
Internet hosts are being issued special identity certificates which we call “cyber passports”. These cyber passports contain both technical information (e.g. IP address, Internet Name or MAC address), the information about the hosts’ owner and other additional information.
The data stored in these passports is protected via the mechanisms of digital signature with an external service responsible for verifying public keys (a PKI or a Web of Trust).
The passports are connected by links on the basis of a distance metrics and a set of special rules thus forming a logically integral p2p network, distributed over a multitude of physical storages. We suggest that these host identifiers can be stored on servers belonging to big ISP companies. That way, there is both no central authority to control everyone and no anarchy problem that would arise if every end user could store and add data to the database. Though the solution could be scaled down and provide the possibility for every user to act as part of the cyber passports’ storage. In the extreme case, every host stores its own passport and links to other hosts' passports.
Different mechanisms could be used in creation of the p2p network and routing of queries in it. Distributed Hash Tables is one of them. However MeraLabs company has developed the Metrized Small World, a set of mathematical rules that can be used in creation of p2p data storage networks as well as navigating these networks and finding required data.
We believe that the Metrized Small World (MSW) solution has more advantages over DHT since it has provides greater flexibility, e.g. MSW allows to perform range queries while DHT normally doesn’t have such an ability.
Peer-to-peer name service and DNS comparison
Robustness
The tree-like hierarchy of DNS domains creates a fundamental vulnerability of the system: should a domain’s server(s) be unavailable for some reason, all its sub-domains also become unavailable. And if the root domain servers (theoretically) become unavailable then the whole system becomes unavailable, therefore creating a single point of failure for the whole system and all applications that depend on it.
The robustness of DNS is based on data replication. To make sure that domain data is available it is copied to several servers. Due to its importance, the root domain is supported by over a hundred of servers scattered world-wide. Moreover, many large companies make back-up copies of root domain data to increase the performance and reliability of their resolvers. Thus Domain Name System is pretty robust now, however its robustness is based on extensive data replication.
We believe that an internet name resolution service can be robust through the merit of its design, rather than a multitude of backup copies of data. A peer-to-peer name system would not require hundreds of servers to support the root domain, because there will be no root domain and no single point of failure of the system. Elimination of any single server would not affect other servers in such a system. In this regard the name system architecture will mirror the original concept of the Internet as an indestructible information transmission network.
Latency
Most DNS queries are resolved in a matter of milliseconds. Such efficiency largely depends on aggressive use of data caching. Caching «is a mechanism whereby data acquired in response to a client’s request can be locally stored against future requests by the same or other client» [1].
While providing a tremendous boost to the system’s performance (through decreasing the latency) and to its robustness as well (through decreasing the load on the servers), data caching is not free of problems. Data caching leads to error caching if the information received as the answer was incorrect.
A research team of Russ Cox, Athicha Muthitacharoen and Robert T. Morris from MIT Laboratory for Computer Science has performed a research on creating a p2p name service on the basis of distributed hash tables [2], [3]. Their research showed that uncached response times for DHT-based service were much bigger than the response times of DNS system. This leads the authors to a conclusion that a global name resolution service can’t be implemented on DHT or any kind of p2p networks at all.
However we think that the observed inefficiency of the p2p solution was caused by the structure of DHT graph, which was inadequate to the information discovery problem. MSW graphs can provide the logarithmic search complexity that DHT graphs failed to deliver.
References
[1] Paul Mockapetris, Kevin Dunlap "Development of the Domain Name System"