AtesN-DS: Acelerando o DNS com eBPF
Resumo
O Sistema de Nomes de Domínio (DNS) é fundamental para a Internet, traduzindo nomes de domínio em endereços IP. No entanto, a maioria dos resolvedores modernos opera em espaço de usuário, o que gera alta latência devido à travessia da pilha de rede e trocas de contexto com o kernel. Soluções que evitam essa travessia geralmente dependem de espera ocupada, desperdiçando recursos sob baixa carga. Este artigo apresenta o AtesN-DS, um resolvedor DNS recursivo híbrido baseado em eBPF, que opera no kernel antes da pilha de rede, no gancho XDP, reduzindo a latência com uso eficiente de CPU. O AtesN-DS resolve nomes e gerencia cache diretamente no kernel. Consultas pendentes são armazenadas em mapas eBPF, e, à medida que esses mapas se aproximam da capacidade máxima, novas consultas são delegadas ao resolvedor em espaço de usuário. Tarefas mais complexas, como renovação proativa de cache e prevenção de erros via consultas redundantes, são encaminhadas ao espaço de usuário via ring buffers. Experimentos mostram que o AtesN-DS reduz em até 51% a latência e aumenta a vazão em até 213%, comparado com soluções como o hyDNS, mantendo o uso de CPU abaixo de 2%.
Palavras-chave:
Sistema de domínio de nomes (DNS), eBPF (extended Berkeley Packet Filter), XDP (eXpress Data Path), In-Kernel Cache
Referências
Marcelo Abranches, Oliver Michel, Eric Keller, and Stefan Schmid. 2021. Efficient Network Monitoring Applications in the Kernel with eBPF and XDP. In 2021 IEEE Conference on Network Function Virtualization and Software Defined Networks (NFV-SDN). 28–34. DOI: 10.1109/NFV-SDN53031.2021.9665095
Yehuda Afek, Anat Bremler-Barr, and Lior Shafir. 2020. NXNSAttack: Recursive DNS inefficiencies and vulnerabilities. In 29th USENIX Security Symposium (USENIX Security 20). 631–648.
Ioannis Arapakis, Souneil Park, and Martin Pielot. 2021. Impact of response latency on user behaviour in mobile web search. In Proceedings of the 2021 Conference on Human Information Interaction and Retrieval. 279–283.
Christiane Attig, Nadine Rauh, Thomas Franke, and Josef F Krems. 2017. System latency guidelines then and now–is zero latency really considered necessary?. In International Conference on Engineering Psychology and Cognitive Ergonomics. Springer, 3–14.
Joshua Bardinelli, Yifan Zhang, Jianchang Su, Linpu Huang, Aidan Parilla, Rachel Jarvi, Sameer G. Kulkarni, and Wei Zhang. 2024. hyDNS: Acceleration of DNS Through Kernel Space Resolution. In Proceedings of the ACM SIGCOMM 2024 Workshop on EBPF and Kernel Extensions (Sydney, NSW, Australia) (eBPF ’24). Association for Computing Machinery, New York, NY, USA, 58–64. DOI: 10.1145/3672197.3673439
Thomas Brisco. 1995. DNS support for load balancing. Technical Report.
Marco Spaziani Brunella, Giacomo Belocchi, Marco Bonola, Salvatore Pontarelli, Giuseppe Siracusano, Giuseppe Bianchi, Aniello Cammarano, Alessandro Palumbo, Luca Petrucci, and Roberto Bifulco. 2022. hXDP: Efficient software packet processing on FPGA NICs. Commun. ACM 65, 8 (jul 2022), 92–100.
Qizhe Cai, Shubham Chaudhary, Midhul Vuppalapati, Jaehyun Hwang, and Rachit Agarwal. 2021. Understanding host network stack overheads. In Proceedings of the 2021 ACM SIGCOMM 2021 Conference. 65–77.
Ruining Chen and Guoao Sun. 2018. A Survey of Kernel-Bypass Techniques in Network Stack. In Proceedings of the 2018 2nd International Conference on Computer Science and Artificial Intelligence (Shenzhen, China) (CSAI ’18). Association for Computing Machinery, New York, NY, USA, 474–477. DOI: 10.1145/3297156.3297242
Stuart Cheshire and Marc Krochmal. 2013. DNS-based service discovery. Technical Report.
Mark Claypool and David Finkel. 2014. The effects of latency on player performance in cloud-based games. In 2014 13th Annual Workshop on Network and Systems Support for Games. IEEE, 1–6.
Edith Cohen and Haim Kaplan. 2003. Proactive caching of DNS records: Addressing a performance bottleneck. Computer Networks 41, 6 (2003), 707–726.
Hongyu Gao, Vinod Yegneswaran, Jian Jiang, Yan Chen, Phillip Porras, Shalini Ghosh, and Haixin Duan. 2016. Reexamining DNS From a Global Recursive Resolver Perspective. IEEE/ACM Transactions on Networking 24, 1 (2016), 43–57. DOI: 10.1109/TNET.2014.2358637
Yoann Ghigoff, Julien Sopena, Kahina Lazri, Antoine Blin, and Gilles Muller. 2021. BMC: Accelerating Memcached using Safe In-kernel Caching and Pre-stack Processing. In 18th USENIX Symposium on Networked Systems Design and Implementation (NSDI 21). USENIX Association, 487–501.
Hadrien Hours, Ernst Biersack, Patrick Loiseau, Alessandro Finamore, and Marco Mellia. 2016. A study of the impact of DNS resolvers on CDN performance using a causal approach. Computer Networks 109, 200–210.
Michail-Alexandros Kourtis, Georgios Xilouris, Vincenzo Riccobene, Michael J McGrath, Giuseppe Petralia, Harilaos Koumaras, Georgios Gardikis, and Fidel Liberal. 2015. Enhancing VNF performance by exploiting SR-IOV and DPDK packet processing acceleration. In 2015 IEEE Conference on Network Function Virtualization and Software Defined Network. IEEE, 74–78.
Ilias Marinos, Robert N.M. Watson, and Mark Handley. 2014. Network stack specialization for performance. SIGCOMM Comput. Commun. Rev. 44, 4 (Aug. 2014), 175–186. DOI: 10.1145/2740070.2626311
Paul Mockapetris. 1987. Domain names-concepts and facilities. Technical Report.
Racyus D. G. Pacífico, Matheus S. Castanho, Luiz F. M. Vieira, Marcos A. M. Vieira, Lucas F. S. Duarte, and José A. M. Nacif. 2021. Application Layer Packet Classifier in Hardware. In 2021 IFIP/IEEE International Symposium on Integrated Network Management (IM). IEEE, Bordeaux, France, 515–522.
Racyus D. G. Pacífico, Lucas F. S. Duarte, Luiz F. M. Vieira, Barath Raghavan, José A. M. Nacif, and Marcos A. M. Vieira. 2024. eBPFlow: A Hardware/Software Platform to Seamlessly Offload Network Functions Leveraging eBPF. IEEE/ACM Transactions on Networking 32, 2 (2024), 1319–1332. DOI: 10.1109/TNET.2023.3318251
Hao Shang and Craig E Wills. 2006. Piggybacking related domain names to improve DNS performance. Computer Networks 50, 11 (2006), 1733–1748.
Ankit Singla, Balakrishnan Chandrasekaran, P Brighten Godfrey, and Bruce Maggs. 2014. The internet at the speed of light. In Proceedings of the 13th ACM Workshop on Hot Topics in Networks. 1–7.
Tantalor93. [n. d.]. dnspyre: A DNS benchmarking tool. [link]. Acessado em 17 de julho de 2025.
Marcos AM Vieira, Matheus S Castanho, Racyus DG Pacífico, Elerson RS Santos, Eduardo PM Câmara Júnior, and Luiz FM Vieira. 2020. Fast packet processing with ebpf and xdp: Concepts, code, challenges, and applications. ACM Computing Surveys (CSUR) 53, 1 (2020), 1–36.
Yehuda Afek, Anat Bremler-Barr, and Lior Shafir. 2020. NXNSAttack: Recursive DNS inefficiencies and vulnerabilities. In 29th USENIX Security Symposium (USENIX Security 20). 631–648.
Ioannis Arapakis, Souneil Park, and Martin Pielot. 2021. Impact of response latency on user behaviour in mobile web search. In Proceedings of the 2021 Conference on Human Information Interaction and Retrieval. 279–283.
Christiane Attig, Nadine Rauh, Thomas Franke, and Josef F Krems. 2017. System latency guidelines then and now–is zero latency really considered necessary?. In International Conference on Engineering Psychology and Cognitive Ergonomics. Springer, 3–14.
Joshua Bardinelli, Yifan Zhang, Jianchang Su, Linpu Huang, Aidan Parilla, Rachel Jarvi, Sameer G. Kulkarni, and Wei Zhang. 2024. hyDNS: Acceleration of DNS Through Kernel Space Resolution. In Proceedings of the ACM SIGCOMM 2024 Workshop on EBPF and Kernel Extensions (Sydney, NSW, Australia) (eBPF ’24). Association for Computing Machinery, New York, NY, USA, 58–64. DOI: 10.1145/3672197.3673439
Thomas Brisco. 1995. DNS support for load balancing. Technical Report.
Marco Spaziani Brunella, Giacomo Belocchi, Marco Bonola, Salvatore Pontarelli, Giuseppe Siracusano, Giuseppe Bianchi, Aniello Cammarano, Alessandro Palumbo, Luca Petrucci, and Roberto Bifulco. 2022. hXDP: Efficient software packet processing on FPGA NICs. Commun. ACM 65, 8 (jul 2022), 92–100.
Qizhe Cai, Shubham Chaudhary, Midhul Vuppalapati, Jaehyun Hwang, and Rachit Agarwal. 2021. Understanding host network stack overheads. In Proceedings of the 2021 ACM SIGCOMM 2021 Conference. 65–77.
Ruining Chen and Guoao Sun. 2018. A Survey of Kernel-Bypass Techniques in Network Stack. In Proceedings of the 2018 2nd International Conference on Computer Science and Artificial Intelligence (Shenzhen, China) (CSAI ’18). Association for Computing Machinery, New York, NY, USA, 474–477. DOI: 10.1145/3297156.3297242
Stuart Cheshire and Marc Krochmal. 2013. DNS-based service discovery. Technical Report.
Mark Claypool and David Finkel. 2014. The effects of latency on player performance in cloud-based games. In 2014 13th Annual Workshop on Network and Systems Support for Games. IEEE, 1–6.
Edith Cohen and Haim Kaplan. 2003. Proactive caching of DNS records: Addressing a performance bottleneck. Computer Networks 41, 6 (2003), 707–726.
Hongyu Gao, Vinod Yegneswaran, Jian Jiang, Yan Chen, Phillip Porras, Shalini Ghosh, and Haixin Duan. 2016. Reexamining DNS From a Global Recursive Resolver Perspective. IEEE/ACM Transactions on Networking 24, 1 (2016), 43–57. DOI: 10.1109/TNET.2014.2358637
Yoann Ghigoff, Julien Sopena, Kahina Lazri, Antoine Blin, and Gilles Muller. 2021. BMC: Accelerating Memcached using Safe In-kernel Caching and Pre-stack Processing. In 18th USENIX Symposium on Networked Systems Design and Implementation (NSDI 21). USENIX Association, 487–501.
Hadrien Hours, Ernst Biersack, Patrick Loiseau, Alessandro Finamore, and Marco Mellia. 2016. A study of the impact of DNS resolvers on CDN performance using a causal approach. Computer Networks 109, 200–210.
Michail-Alexandros Kourtis, Georgios Xilouris, Vincenzo Riccobene, Michael J McGrath, Giuseppe Petralia, Harilaos Koumaras, Georgios Gardikis, and Fidel Liberal. 2015. Enhancing VNF performance by exploiting SR-IOV and DPDK packet processing acceleration. In 2015 IEEE Conference on Network Function Virtualization and Software Defined Network. IEEE, 74–78.
Ilias Marinos, Robert N.M. Watson, and Mark Handley. 2014. Network stack specialization for performance. SIGCOMM Comput. Commun. Rev. 44, 4 (Aug. 2014), 175–186. DOI: 10.1145/2740070.2626311
Paul Mockapetris. 1987. Domain names-concepts and facilities. Technical Report.
Racyus D. G. Pacífico, Matheus S. Castanho, Luiz F. M. Vieira, Marcos A. M. Vieira, Lucas F. S. Duarte, and José A. M. Nacif. 2021. Application Layer Packet Classifier in Hardware. In 2021 IFIP/IEEE International Symposium on Integrated Network Management (IM). IEEE, Bordeaux, France, 515–522.
Racyus D. G. Pacífico, Lucas F. S. Duarte, Luiz F. M. Vieira, Barath Raghavan, José A. M. Nacif, and Marcos A. M. Vieira. 2024. eBPFlow: A Hardware/Software Platform to Seamlessly Offload Network Functions Leveraging eBPF. IEEE/ACM Transactions on Networking 32, 2 (2024), 1319–1332. DOI: 10.1109/TNET.2023.3318251
Hao Shang and Craig E Wills. 2006. Piggybacking related domain names to improve DNS performance. Computer Networks 50, 11 (2006), 1733–1748.
Ankit Singla, Balakrishnan Chandrasekaran, P Brighten Godfrey, and Bruce Maggs. 2014. The internet at the speed of light. In Proceedings of the 13th ACM Workshop on Hot Topics in Networks. 1–7.
Tantalor93. [n. d.]. dnspyre: A DNS benchmarking tool. [link]. Acessado em 17 de julho de 2025.
Marcos AM Vieira, Matheus S Castanho, Racyus DG Pacífico, Elerson RS Santos, Eduardo PM Câmara Júnior, and Luiz FM Vieira. 2020. Fast packet processing with ebpf and xdp: Concepts, code, challenges, and applications. ACM Computing Surveys (CSUR) 53, 1 (2020), 1–36.
Publicado
24/11/2025
Como Citar
S., João V. Soares; VIEIRA, André G.; VIEIRA, Luiz F. M.; VIEIRA, Marcos A. M..
AtesN-DS: Acelerando o DNS com eBPF. In: ARTIGOS COMPLETOS - SIMPÓSIO BRASILEIRO DE ENGENHARIA DE SISTEMAS COMPUTACIONAIS (SBESC), 15. , 2025, Campinas/SP.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2025
.
p. 31-36.
ISSN 2763-9002.
DOI: https://doi.org/10.5753/sbesc_estendido.2025.15177.
