GGrantIndex
← Search

CCRI: Medium: DNS, Identity, and Internet Naming for Experimentation and Research (DIINER)

$1,458,440FY2019CSENSF

University Of Southern California, Los Angeles CA

Investigators

Abstract

Naming and identification in the Internet is essential to find websites (e.g. www.nsf.gov) and other services. The Domain Name System (DNS), Identity, and Internet Naming for Experimentation and Research (DIINER) project proposes to accelerate research on Internet naming, identification, and the DNS by providing research infrastructure, data, and community building. The project will provide (1) a testbed and tools to allow experimentation on DNS data and to support gradual transition of new approaches from research into experimental use and ultimately to operation. (2) The project will provide data about how DNS is used and how the DNS system and servers perform, in the context of a framework for privacy-sensitive anonymization and controlled data sharing. The DIINER project will also work to (3) foster a collaborative research community by tightening the feedback loop between the creativity and perspectives of academia and the knowledge and real-world problems and data of operation of critical infrastructure, holding workshops about these topics and about these tools and new research methods. The DIINER project builds on the University of Southern California (USC) Information Sciences Institute (ISI) experiences both running operational DNS services such as B-Root and working with the research community to share data and provide research infrastructure. The anticipated outcome of DIINER is scientific progress on how to carry out research on Internet naming, identity, and DNS; improvements to the performance, reliability, security, and privacy of how Internet naming, identity, and DNS are done today; and support of education and research at the USC and in the community. The Internet's DNS most commonly maps names to addresses (e.g. www.nsf.gov to 128.150.4.107), and its use has grown to include applications like anti-spam and Content Delivery Networks. With DNSSEC (Domain Name System Security Extensions), DNS protects data integrity and can ground trust systems, X.509 communications and Certificate Authorities. But Internet naming, identification, and DNS face many challenges. Security has changed as the Internet has moved from a low-risk academic experiment to a trillion-dollar marketplace, bringing threats from organized crime and nation states. DNS has also gathered great inertia, with a huge, change-resistant installed base, from millions of home routers to sophisticated commercial clusters. Its identification as "critical infrastructure" adds both technical and political inertia. These requirements compound technical challenges, such as minimizing latency, and often leave the research community distant from operational reality, without the data and infrastructure they need to make credible contributions. The DIINER project proposes to meet these challenges and reverse DNS ossification by enabling new research in Internet naming and trust, and easing transition from research to operational deployment, while preserving stability. Its goal is to unite isolated researchers by growing an Internet naming and identification community around DIINER, a new shared research infrastructure providing: (1) parallel DNS resolution evaluation (PRE) to support safe testing of experiments within live, real-world deployed DNS, and (2) live instrumentation and measurement to share real-world DNS query and performance data, with responsibility supported by technical and legal methods. Today researchers are under-supported, with only limited DNS data available, often long after collection and with limited ability to share, and no support exists for real-world experiments at scale. USC ISI is uniquely prepared to lead this effort with operational responsibility for the B-Root DNS server, long-term involvement in networking research and graduate education, and independence from commercial interests. The DIINER approach spans the DNS ecosystem, from end-computers (stub resolvers), to organization-level recursive resolvers, and to authoritative DNS servers. The proposed infrastructure will integrate with B-Root, second-level-domain authoritative resolvers, and with a recursive resolver. Stakeholders include end users, Internet services providers (ISPs), and other kinds of service providers, from operators of public DNS services, to commercial DNS providers. The DIINER project will release tools it develops as open source, augmenting research-infrastructure-as-service with third-party deployments. This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

View original record on NSF Award Search →