Friday, June 5, 2009

Some more on Deadwood and DNS compression

The way I have designed the "dictionary" (string-index array) in Deadwood is one where we only allow one datatype for the index: A binary string, and one datatype for the value: A binary string.

This is mind, the only data structure I can use for the decompressed DNS packet is a binary string.

So, the real question is: What kind of things do we want to do with a deep packet inspection of the DNS packet. Well, there's:
  • TTL aging
  • RR rotation
  • Converting a NS referral packet in to one where we say "The NS servers for names ending in whatever consist of the following IPs, the following IPv6 IPs, and the following names which we still need to look up"
  • Converting an incomplete CNAME referral packet in to one where we say "This is a dangling CNAME answer that points to this name"
  • If the A record points to a given IP, we may want to make this a "not there" packet (working around ISPs with NXDOMAIN redirects)
  • If we get a "not found", we may want to make this an A or AAAA answer (so we can be an ISP with a NXDOMAIN redirect)
  • Finding the TTL of the packet (already done)
I should probably talk about TTL aging a little more. To keep things simple, if the user wishes TTL aging for their DNS records, we have a single 8-byte (64-bit) expire timestamp in the record, and convert all TTLs in the record to (expire time - current time). Actually, we already keep track of when records expire, so TTL aging is just a matter of converting the TTLs to (expire time - current time).

OK, so the next thought for the next blog entry: What kind of metadeta do we put in the DNS record as we're decompressing it?