CAREER: Debugging the Fragmented DNS Infrastructure at Scale

Domain Name System (DNS) is one of the most critical Internet infrastructures. It underpins nearly every Internet activity, translating user-friendly names like www.google.com to computer-friendly IP addresses. Though designed as a highly reliable infrastructure in its blueprint, DNS failures are not rare, sometimes even leading to the network outage of a country.

Debugging DNS failures is undoubtedly important but also challenging. Though DNS can be seen as a distributed system, it is open-ended and fragmented, containing numerous service providers and being interfered by powerful network adversaries. Though the basic logic of DNS is conceptually simple, its implementation is highly customized on the client-side devices and DNS bugs can be caused by the complex interactions between code and non-code resources. These unique settings make DNS failures and bugs complex and difficult to be diagnosed.

This project is to develop novel platforms, techniques, and tools to enable holistic debugging for the DNS Infrastructure. This work is organized through two research thrusts: debugging DNS failures at the network layer, and debugging client-side DNS bugs at the software layer. For the first thrust, a comprehensive reference to the real-world DNS failures and bugs are to be created first by mining the public text with DMiner, a tool powered by Natural Language Processing (NLP) techniques.

To reproduce a DNS failure, a new measurement platform, DTrap+, will be developed with innovative usage of peer-to-peer proxies to crowd-source the debugging tasks. To enable cross-layer and adversary-resilient debugging for DNS, DTrace, an end-to-end tracing framework for DNS, and DARTrace, a secured tracing protocol, will be developed. The second thrust focuses on the DNS bugs embedded in the Internet of Things (IoT) devices.

The DNS implementations will be extracted from the IoT firmware with DFirm, a tool powered by symbolic execution and library matching. The DNS bugs will be uncovered by DScope, a tool enforcing multi-component analysis on the DNS implementations.

The proposed project will have significant societal impacts in the following aspects. First, ensuring reliable network services for the Internet users is one core mission of the Internet community. By enabling effective fault discovery and root-cause analysis of DNS services and clients, this project makes an important contribution to this mission.

Second, through a set of educational tasks, this project will democratize DNS and the general network debugging for students, researchers, industry partners, and the public. Third, this project will prioritize research opportunities for the underrepresented population through programs like UCI ASPIRE and OC STEM.

The data, code, and knowledge base developed under this project will be released at dns-debug.github.io.

This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.