Naming and Internet Protocol Experimentation Testbed (NIPET)

Naming and Internet Protocol Experimentation Testbed (NIPET)

DNS operations are a critical part of Internet infrastructure, yet they are largely closed to researchers today, with no formal path to fielding new technology or even observing current status. These challenges are particularly accurate for root nameservers and important top-level domains.

As a result, evolution is slow and operational information is very limited. Innovation is limited to a very few organizations, and often superseded by commercial interests or operational limitations.

We are working to investigate new approaches to DNS operations, to investigate how DNS operations can safely interact with researchers, and developing approaches for privacy-preserving data analysis and controlled testing. Requirements of this research are protecting the privacy of DNS users and the integrity of operational systems, while allowing meaningful research.

Proposed Testbed Architecture

(Click for details)

Support and Collaborations

This work is partially supported by NSF (CI-P: Planning for Identity and Naming Experimentation Shared Testbed, NSF award 1513213, 2015-2016).

NIPET has received prior support through the USC/ISI New Research Initiatives Council (link is ISI internal) and USC/ITS, June 2012-2013.

This research is done in cooperation with USC/ITS and the B Root DNS server (operated by USC).

Faculty, Researchers and Students

Current

Alumni

Software

  • dnsanon extract DNS traffic from pcap to text with optionally anonymization
  • dnsanon_rssac Dnsanon_rssac is an implementation of RSSAC-002v2 processing for DNS statistics
  • dns-replay-client dns-replay-client reads DNS query stream, replays them against a real DNS server with correct timing and outputs the latency for each query (optional). Multiple dns-replay-client instances can work coordinately to generate aggregated DNS query replay stream, with a separated program: dns-replay-controller.
  • dns-replay-controller dns-replay-controller reads DNS query stream and distributes queries to replay clients

See the see the ANT distribution web page.

  • dnsanon extract DNS traffic from pcap to text with optionally anonymization
  • dnsanon_rssac Dnsanon_rssac is an implementation of RSSAC-002v2 processing for DNS statistics
  • dns-replay-client dns-replay-client reads DNS query stream, replays them against a real DNS server with correct timing and outputs the latency for each query (optional). Multiple dns-replay-client instances can work coordinately to generate aggregated DNS query replay stream, with a separated program: dns-replay-controller.
  • dns-replay-controller dns-replay-controller reads DNS query stream and distributes queries to replay clients

See the see the ANT distribution web page.

We are developing DNS anonymization software.

Datasets

  • Dataset development in progress.

ANT: the Analysis of Network Traffic research group

We Want To Hear From You!

You have the opportunity to influence the design of this testbed, as our goal is to build a facility and network that you can make the best use of in your research. The architecture above is in its early stages of design, and we want your feedback about:

  • What requirements would you like our infrastructure to meet?
  • What research projects would this architecture let you study?
  • What changes would you like to suggest to the architecture?
  • What tools would you like to make sure we offer?
  • How would you like to collaborate with us?

Publications

  • Ricardo de O. Schmidt, John Heidemann and Jan Harm Kuipers 2017. Anycast Latency: How Many Sites Are Enough? Proceedings of the Passive and Active Measurement Workshop (Sydney, Australia, Mar. 2017), to appear. [PDF] ["Details"]
  • Liang Zhu and John Heidemann 2017. Infrastructure for Experimental Replay and Mutation of DNS Queries. Talk at Active Internet Measurement Workshop. [PDF] ["Details"]
  • John Heidemann 2017. DNS Privacy, Service Management, and Research: Friends or Foes. Talk at ISOC NDSS Workshop on DNS Privacy . [PDF] ["Details"]
  • Lan Wei and John Heidemann 2017. Does Anycast Hang up on You? (extended). Technical Report ISI-TR-716. USC/Information Sciences Institute. [PDF] ["Details"]
  • John Heidemann 2016. Distributed Denial-of-Service: What Datasets Can Help? Invited talk at ACM Annual Computer Security Applications Conference. [PDF] ["Details"]
  • Giovane C. M. Moura, Ricardo de O. Schmidt, John Heidemann, Wouter B. de Vries, Moritz Müller, Lan Wei and Christian Hesselman 2016. Anycast vs. DDoS: Evaluating the November 2015 Root DNS Event. Proceedings of the ACM Internet Measurement Conference (Nov. 2016). [DOI] [PDF] ["Details"]
  • John Heidemann, Ricardo de O. Schmidt and Jan Harm Kuipers 2016. Anycast Latency: How Many Sites are Enough? Presentation at DNS-OARC Meeting. [PDF] ["Details"]
  • John Heidemann, Giovane C. M. Moura, Ricardo de O. Schmidt, and Wouter B. de Vries, Moritz Muller, Lan Wei and Christian Hesselman 2016. Anycast vs. DDoS: Evaluating Nov. 30. Presentation at DNS-OARC Meeting. [PDF] ["Details"]
  • Giovane C. M. Moura, Ricardo de O. Schmidt, John Heidemann, Wouter B. de Vries, Moritz Müller, Lan Wei and Christian Hesselman 2016. Anycast vs. DDoS: Evaluating the November 2015 Root DNS Event (extended). Technical Report ISI-TR-2016-709b. USC/Information Sciences Institute. [PDF] ["Details"]
  • Ricardo de O. Schmidt, John Heidemann and Jan Harm Kuipers 2016. Anycast Latency: How Many Sites Are Enough? Technical Report ISI-TR-2016-708. USC/Information Sciences Institute. [PDF] ["Details"]
  • John Heidemann 2016. New Opportunities for Research and Experiments in Internet Naming And Identification. Talk at Active Internet Measurement Workshop. [PDF] ["Details"]
  • John Heidemann 2012. Broadening DNS Research: beyond just DNS anonymization (work in progress). Talk at ISC/CAIDA Data Collaboration Workshop. [PDF] ["Details"]

For related publications, please see the ANT publications web page.