The Measuring Naming System (MeNSa) project
DNS security and stability have a direct and strong impact on the performance and dependability of nearly all aspects of interactions on the Internet, including Web applications, SOA based systems, Cloud infrastructure and distributed applications in general, which constitute a foundation for high performance and scalable services computing, putting always more demands on the DNS infrastructure, by increasing requirements for higher performance and improved dependability.
To achieve the goal of understanding and benchmarking DNS security and stability, it is fundamental to develop new and standard metrics for what stability of the DNS actually means. While the DNS system has operated in a generally reliable and robust fashion for decades, this notion of stability is not empirically specified, and no way currently exists to specifically assess the stability impacts of application-driven query volume increases, or technology changes such as DNSSEC.
The goal of this proposed study is to identify and propose a modular framework of metrics and KPI’s to support the design, engineering and policy making of the DNS infrastructure, ensuring transparency with respect to DNS research community in inspecting the measurement data, challenging any results, and build further analyses.
The GCSEC envisions that it would be beneficial for the DNS community to have a broadly adopted, cooperatively achieved model for DNS SSR measurement and benchmarking based on the notion of DNS health.
GCSEC proposes to design a layered and multi-perspective framework for the measurement and benchmarking of the DNS SSR level. This framework is intended to support risk analysis, what-if analysis and impact analysis of changes to the DNS infrastructure as well as DNS policy-making.
GCSEC work will build on and evolve from the strong foundation already established by interested community members in ICANN – sponsored fora. The goal of the GCSEC work is to refine the current concept of DNS SSR and to enhance the awareness among the “critical” end-users of the DNS (e.g., the private and public actors that operate critical infrastructures) and among the private DNS operators (e.g., operators of the DNS at medium/small enterprise level).
MeNSa framework’s building blocks & vision
Igor Nai Fovino (project leader, firstname.lastname@example.org)
Salvatore Di Blasi
E. Casalicchio, I. Nai Fovino eds. Proceedings of “DNS-EASY: The first workshop on DNS Health and Security”, GCSEC, ICANN, DNS-OARC, Oct. 2011, Rome, Italy
E. Casalicchio, M. Caselli, A. Coletta. S. Di Blasi, I. Nai Fovino “Measuring Name System Health”, Sixth IFIP WG 11.10 International Conference on Critical Infrastructure Protection to be held at the National Defense University, Washington, DC on March 19-21, 2012
E. Casalicchio, M. Caselli, I. Nai Fovino, “The Mensa project Measuring DNS Health and Security” DNSSEC workshop at ICANN-42, October 2011, Dakar, Senegal
I. Nai Fovino, E. Casalicchio, A. RIgoni, S. Di Blasi, “Worldwide Security and Resiliency of Cyber Infrastructures: the Role of the Domain Name System”, 2nd Worldwide Cyber Security Summit, IEEE Computer Society, June 2011, London
I. Nai Fovino, E. Casalicchio, A. Rigoni, S. Di Blasi, “DNS protection in critical infrastructures”, Cyber Crime magazine, March-April 2011
E. Casalicchio, M. Caselli, A. Coletta and I. Nai Fovino, “Aggregation of DNS health indicators: issues, expectations and results, Securing and Trusting Internet Names”, SATIN 2012, Teddington, London
DNS-Easy: The first workshop on DNS Health and Security”, sponsored by GCSEC, ICANN and DNS-OARC, Oct. 2011, Rome, Italy
Final Report of the 3rd Global DNS Stability, Security and Resiliency Symposium