Recursives in the Wild: Engineering Authoritative DNS Servers
|
|
- Todd Kelley
- 6 years ago
- Views:
Transcription
1 Recursives in the Wild: Engineering Authoritative DNS Servers Moritz Müller 1,2, Giovane C. M. Moura 1, Ricardo de O. Schmidt 1,2, John Heidemann 3 1 SIDN Labs The Netherlands 2 University of Twente The Netherlands 3 USC/Information Sciences Institute U.S. IETF99 - IEPG Prague, CZ, July 16th, /19
2 Introduction ns1 ns2 ns3 ns4 ns5 netnod nic.fr isc unicast anycast resolver user Q: example.nl? Which one to choose? Figure: Resolving a Name under.nl TLD 2/19
3 Introduction ns1 ns2 ns3 ns4 ns5 netnod nic.fr isc Figure: Authoritative Servers by Size (sites) - area proportional to number of sites on.nl (June 2016) 3/19
4 Introduction ns1 ns2 ns3 ns4 ns5 netnod nic.fr isc Figure: Authoritative Servers by Size (sites) - area proportional to number of sites on.nl (June 2016) The larger, the more queries it gets, right? 3/19
5 Introduction ns1 ns2 ns3 ns4 ns5 netnod nic.fr isc Figure: Authoritative Servers by Size (sites) ns1 ns2 ns3 ns4 ns5 netnod nic.fr isc Figure: Authoritative Servers by Query Volume (June 2016) 4/19
6 Introduction Why is this hapenning? Meaning: why recursives choose this way how do they behave in the wild? Study goal: analyze how recursives behaves in the wild with the goal with better enginnering authoritative servers Previous work (Yu et al., [1]) was done in 2012, controlled environment Recursives typically prefered low latency authoritatives 5/19
7 Approach 1. Set up an authoritative server infrastructure at 2LD (ourtestdomain.nl), using 7 Amazon AWS datacenters, IPv4 2. VPs: Ripe Atlas probes VP = probe id + IP of local recursive 3. We vary the number/location of servers (NS records) and measure how VPs choose authoritatives 4. We use TXT records to determine which server responded to each probe/recursive e.g: similar to chaos queries Every 2min, for 1 hour NS record TTL of 5 seconds (to ensure cold cache) 5. We also look at the root and.nl auth data 6/19
8 Setup unicast anycast AT1 AT2 AT3 AT4 R 1 R 2 R 3... R n MI 1 MI 2 MI 3 CL 1 CL 2 CL 3 AT: authoritative MI: middlebox R: recursive CL: client Figure: TLD Setup, Recursives, Middleboxes and Clients. 7/19
9 Setup ID locations (airport code) VPs 2A GRU (São Paulo, BR), NRT (Tokyo, JP) 8,702 2B DUB (Dublin, IE), FRA (Frankfurt, DE) 8,685 2C FRA, SYD (Sydney, AU) 8,658 3A GRU, NRT, SYD 8,684 3B DUB, FRA, IAD (Washington, US) 8,693 4A GRU, NRT, SYD, DUB 8,702 4B DUB, FRA, IAD, SFO (San Francisco, US) 8,689 Table: Combinations of authoritatives we deploy and the number of VPs they see. 8/19
10 Do recursives query all authoritatives? 30 # of queries after first query A (96.0%) 2B (95.5%) 2C (82.4%) 3A (91.3%) 3B (84.8%) 4A (94.7%) authoritative combination 4B (75.2%) Figure: Queries to probe all authoritatives, after the first query. Yes! Most query all! 9/19
11 How are queries distributed over time? RTT (ms) queries share FRA DUB IAD SFO GRU NRT SYD location 2A 2B 2C 3A 3B 4A 4B authoritatives combination Figure: Median RTT (top) and query distribution (bottom) for combinations of authoritatives. Confirming [1], but now in the wild 10/19
12 How do recursives distribute queries? AF AS EU 1.0 NA OC SA 2A fraction of queries 2B NRT GRU DUB FRA 2C SYD FRA Recursives (x100) Figure: Recursive queries distribution for authoritative combinations 2A (top), 2B (center) and 2C (bottom). Solid and dotted horizontal lines mark VPs with weak and strong preference towards an authoritative. 11/19
13 How do recursives distribute queries? 59-69% of resolvers have a a week preference for an auth (60% of queries to one auth) 10-37% have strong pref to one auth (90% of queries to one auth) Distribution is inversily proportional with median RTT 12/19
14 How do recursives distribute queries? What happens when Auth are more less the same? fraction of queries EU NA 0.4 AF AS SA OC 0.2 DUB FRA RTT (ms) Figure: RTT sensitivity of 2B EU VPs get to FRA faster (13ms) Thus they prefer FRA slightly over DUB Asian VPs divide more equaly (despite 20.3ms diff!!) RTT influence decreases for far away resolvers 13/19
15 How query frequency affects the results? 1 fraction of queries query interval (minutes) AF AS EU NA OC SA Figure: Fraction of queries to FRA (remainder go to SYD, configuration 2C), as query interval varies from 2 to 30 minutes. Higher frequency, higher preference (infra-cache) 14/19
16 What about production zones? (root and.nl)? Figure: Distribution of queries of recursives with at least 250 queries across 10 out of 13 Root letters (top) and across 4 out of 8 name servers of.nl (bottom). 15/19
17 Conclusions and Recommendations Main conclusion: Worst-case latency limited by the least anycasted authoritative recursives use all authoritatives, query more often the better performing one (but diversity is important for them) We (.nl) see 23% of incoming traffic in NL-based auth servers from the US, because of this (we re moving to anycast on all NSes) Recommendation: Use Anycast on all your NS, and peer them very well, with multiple sites[2] also important for DDoS[3] 16/19
18 Questions? Contact details Giovane C. M. Moura Download our paper and data at: 17/19
19 Bibliography I Y. Yu, D. Wessels, M. Larson, and L. Zhang, Authority server selection in dns caching resolvers, SIGCOMM Comput. Commun. Rev., vol. 42, no. 2, pp , Mar [Online]. Available: R. d. O. Schmidt, J. Heidemann, and J. H. Kuipers, Anycast latency: How many sites are enough? in Proceedings of the Passive and Active Measurement Workshop. Sydney, Australia: Springer, Mar. 2017, pp [Online]. Available: 18/19
20 Bibliography II G. C. M. Moura, R. de O. Schmidt, J. Heidemann, W. B. de Vries, M. Müller, L. Wei, and C. Hesselman, Anycast vs. DDoS: Evaluating the November 2015 root DNS event, in Proceedings of the ACM Internet Measurement Conference, Nov [Online]. Available: 19/19
Recursives in the Wild:
Recursives in the Wild: Engineering Authoritative DNS Servers IETF 100 IRTF MAPRG 2017-11-13 Singapore Moritz Müller 1,2, Giovane C. M. Moura 1, Ricardo de O. Schmidt 1,2, John Heidemann 3 1 SIDN Labs,
More informationdraft-moura-dnsop-authoritativerecommendations-03
draft-moura-dnsop-authoritativerecommendations-03 Giovane C. M. Moura 1,2, Wes Hardaker 3, John Heidemann 3, Marco Davids 1 DNSOP IETF 104 Prague, CZ 2019-03-26 1 SIDN Labs, 2 TU Delft, 3 USC/ISI 1 Draft
More informationWhen the Dike Breaks: Dissecting DNS Defenses During DDoS
When the Dike Breaks: Dissecting DNS Defenses During DDoS Giovane C. M. Moura 1,2, John Heidemann 3, Moritz Müller 1,4, Ricardo de O. Schmidt 5, Marco Davids 1 OARC 29, Amsterdam, The Netherlands 2018-10-14
More informationAnycast vs. DDoS: Evaluating Nov. 30
Anycast vs. DDoS: Evaluating Nov. 30 Giovane C. M. Moura 1, Ricardo de O. Schmidt 2, John Heidemann 3, Wouter B. de Vries 2, Moritz Müller 1, Lan Wei 3, Cristian Hesselman 1 1 SIDN Labs 2 University of
More informationWhen the Dike Breaks: Dissecting DNS Defenses During DDoS
1/29 When the Dike Breaks: Dissecting DNS Defenses During DDoS Giovane C. M. Moura 1,2, John Heidemann 3, Moritz Müller 1,4, Ricardo de O. Schmidt 5, Marco Davids 1 giovane.moura@sidn.nl 1 SIDN Labs, 2
More informationBROAD AND LOAD-AWARE ANYCAST MAPPING WITH VERFPLOETER
BROAD AND LOAD-AWARE ANYCAST MAPPING WITH VERFPLOETER WOUTER B. DE VRIES, RICARDO DE O. SCHMIDT, WES HARDAKER, JOHN HEIDEMANN, PIETER-TJERK DE BOER AND AIKO PRAS London - November 3, 2017 INTRODUCTION
More informationRecursives in the Wild: Engineering Authoritative DNS Servers
Recursives in the Wild: Engineering Authoritative DNS Servers ABSTRACT Moritz Müller SIDN Labs and University of Twente Ricardo de O. Schmidt SIDN Labs and University of Twente In Internet Domain Name
More informationTwo days in The Life of The DNS Anycast Root Servers
Two days in The Life of The DNS Anycast Root Servers Ziqian Liu Beijing Jiaotong Univeristy Bradley Huffaker, Marina Fomenkov Nevil Brownlee, and kc claffy CAIDA PAM2007 Outline DNS root servers DNS anycast
More informationDay In The Life of the Internet 2008 Data Collection Event.
Day In The Life of the Internet 2008 Data Collection Event http://www.caida.org/projects/ditl Duane Wessels The Measurement Factory/CAIDA k claffy CAIDA NANOG 42 February 19, 2008 NANOG 42 0 The Measurement
More informationA Root DNS Server. Akira Kato. Brief Overview of M-Root. WIDE Project
A Root DNS Server Akira Kato WIDE Project kato@wide.ad.jp Brief Overview of M-Root Assumes basic knowledge on DNS Dr. Tatsuya Jinmei has introduced in Nov 19, 2004 What s Root Servers? Start point of the
More informationIncreasing DNS Security and Stability through a Control Plane for Top-level Domain Operators (paper postprint)
Increasing DNS Security and Stability through a Control Plane for Top-level Domain Operators (paper postprint) Date Page 19 December 2016 1/11 Classification Public Contact T +31 (0)26 352 5500 support@sidn.nl
More informationOpen Resolvers in COM/NET Resolution!! Duane Wessels, Aziz Mohaisen! DNS-OARC 2014 Spring Workshop! Warsaw, Poland!
Open Resolvers in COM/NET Resolution!! Duane Wessels, Aziz Mohaisen! DNS-OARC 2014 Spring Workshop! Warsaw, Poland! Outine! Why do we care about Open Resolvers?! Surveys at Verisign! Characterizing Open
More informationRolling with Confidence: Managing the Complexity of DNSSEC Operations
Rolling with Confidence: Managing the Complexity of DNSSEC Operations Moritz Müller 1,2, Taejoong Chung 3, Roland van Rijswijk-Deij 2, Alan Mislove 3 1 SIDN, 2 University of Twente, 3 Northeastern University
More informationDoes Anycast Hang up on You? (extended)
Does Anycast Hang up on You? (extended) USC/ISI Technical Report ISI-TR-716, February 2017 Lan Wei Information Sciences Institute University of Southern California Email: weilan@isi.edu John Heidemann
More informationf.root-servers.net ISOC cctld Workshop Nairobi, Kenya, 2005
f.root-servers.net ISOC cctld Workshop Nairobi, Kenya, 2005 The Basics DNS The Domain Name System is a huge database of resource records globally distributed, loosely coherent, scaleable, reliable, dynamic
More informationMeasurement of Anycast Effects - from the experience on.jp anycast deployment -
Measurement of Anycast Effects - from the experience on.jp anycast deployment - Shinta Sato Japan Registry Services Co., Ltd. (JPRS) RIPE 54 DNS Working Group Thursday 10 May 2007
More informationBGP Anycast Node Requirements for Authoritative Name Servers
BGP Anycast Node Requirements for Authoritative Name Servers March 19, 2006 IEPG @ 65 th IETF meeting Yasuhiro Orange Morishita Shinta Sato Takayasu Matsuura
More informationCDAR Continuous Data-driven Analysis of Root Stability
CDAR Progress report DNS WG Ripe 73 Jaap Akkerhuis (NLnet Labs) DISCLAIMER: All data subject to change CDAR Study Objective Analyze the technical impact of the introduction of new gtlds on the stability
More informationImpact of security vulnerabilities in timing protocols on Domain Name System (DNS)
November 12 2017 IEPG Open Meeting-IETF100 Impact of security vulnerabilities in timing protocols on Domain Name System (DNS) Aanchal Malhotra 1, Willem Toorop 2, Benno Overeinder 2, Sharon Goldberg 1
More informationInternet Anycast: Performance, Problems and Potential
Internet Anycast: Performance, Problems and Potential Zhihao Li, Dave Levin, Neil Spring, Bobby Bhattacharjee University of Maryland 1 Anycast is increasingly used DNS root servers: All 13 DNS root servers
More informationNo domain left behind
No domain left behind is Let s Encrypt democratizing encryption? M Aertsen 1, M Korzyński 2, G Moura 3 1 National Cyber Security Centre The Netherlands 2 Delft University of Technology The Netherlands
More informationObserving DNSSEC validation in the wild
Observing DNSSEC validation in the wild Ólafur Guðmundsson and Stephen D. Crocker Shinkuro, Inc. 4922 Fairmont Avenue Suite 250 Bethesda MD 20814 U.S.A. Email: ogud@shinkuro.com and steve@shinkuro.com
More informationDDoS on DNS: past, present and inevitable. Töma Gavrichenkov
DDoS on DNS: past, present and inevitable Töma Gavrichenkov DNS DDoS types Volumetric: amplification, other floods Water torture and the likes DNS DDoS problem statement DNS is built on
More informationEnumerating Privacy Leaks in DNS Data Collected above the Recursive
Enumerating Privacy Leaks in DNS Data Collected above the Recursive Basileal Imana 1, Aleksandra Korolova 1 and John Heidemann 2 1 University of Southern California 2 USC/Information Science Institute
More informationWriting Assignment #1. A Technical Description for Two Different Audiences. Yuji Shimojo WRTG 393. Instructor: Claudia M. Caruana
Writing Assignment #1 A Technical Description for Two Different Audiences Yuji Shimojo WRTG 393 Instructor: Claudia M. Caruana November 9, 2016 1 Introduction I work in IT technical support at a web design
More informationDNS/DNSSEC Workshop. In Collaboration with APNIC and HKIRC Hong Kong. Champika Wijayatunga Regional Security Engagement Manager Asia Pacific
DNS/DNSSEC Workshop In Collaboration with APNIC and HKIRC Hong Kong Champika Wijayatunga Regional Security Engagement Manager Asia Pacific 22-24 January 2018 1 Agenda 1 2 3 Introduction to DNS DNS Features
More informationDomain Name System.
Domain Name System http://xkcd.com/302/ CSCI 466: Networks Keith Vertanen Fall 2011 Overview Final project + presentation Some TCP and UDP experiments Domain Name System (DNS) Hierarchical name space Maps
More informationUpdates and Analyses
Archipelago Measurement Infrastructure Updates and Analyses Young Hyun CAIDA ISMA 2009 AIMS Workshop Feb 12, 2009 2 Outline Focus and Architecture Monitor Deployment Measurements Future Work 3 Introduction
More informationIntended status: Informational Expires: January 5, 2015 July 4, 2014
DNSOP Internet-Draft Intended status: Informational Expires: January 5, 2015 G. Deng N. Kong S. Shen CNNIC July 4, 2014 Approach on optimizing DNS authority server placement draft-deng-dns-authority-server-placement-00
More informationPassive Observations of a Large DNS Service: 2.5 Years in the Life of Google
Passive Observations of a Large DNS Service: 2.5 Years in the Life of Google Wouter B. de Vries University of Twente w.b.devries@utwente.nl Roland van Rijswijk-Deij University of Twente and SURFnet bv
More informationSome Lacunae in APNIC DNS Measurement. George Michaelson CAIDA WIDE Workshop Marina Del Ray 2006
Some Lacunae in APNIC DNS Measurement George Michaelson CAIDA WIDE Workshop Marina Del Ray 2006 Backtracking Same DNS measurement since 2001/2.. Re-installation of nameservers forced reinstallation of
More informationCharacterizing a Meta-CDN
Characterizing a Meta-CDN Oliver Hohlfeld, Jan Rüth, Konrad Wolsing, http://comsys.rwth-aachen.de/ Berlin / PAM 2018 Motivation - What is a Meta-CDN? Content Delivery Networks Key component in the Internet,
More informationRoot DNS Anycast in South Asia
Root DNS Anycast in South Asia Anurag Bhatia, Network Researcher JANOG 38 What are root DNS servers? Authoritative DNS servers for top level dot (like com. / net. etc) Knows authoritative DNS server of
More informationMeasurement of BGP Anycast effects experiences in.jp
Measurement of BGP Anycast effects experiences in.jp Adding an anycast node at New York Kazunori Fujiwara Masato Minda, Shinta Sato, Izuru Shirai, Takayasu Matsuura Japan Registry
More informationEnd-user mapping: Next-Generation Request Routing for Content Delivery
Introduction End-user mapping: Next-Generation Request Routing for Content Delivery Fangfei Chen, Ramesh K. Sitaraman, Marcelo Torres ACM SIGCOMM Computer Communication Review. Vol. 45. No. 4. ACM, 2015
More informationHow to Configure Route 53 for F-Series Firewalls in AWS
How to Configure Route 53 for F-Series Firewalls in AWS If you are running multiple stacks in different AWS regions, or multiple deployments in a single region, you must configure AWS Route 53 to access
More informationMeasuring IPv6 Adoption
Measuring IPv6 Adoption Presenter: Johannes Zirngibl Technische Universität München Munich, 18. May 2017 Author: Jakub Czyz (University of Michigan) Mark Allman (International Computer Science Institute)
More informationRIPE Atlas. Viktor Naumov R&D Software Engineer
RIPE Atlas Viktor Naumov R&D Software Engineer vnaumov@ripe.net Introduction RIPE Atlas: There are many Atlases, this is RIPE Atlas next generation Internet measurement network To scale to thousands of
More informationDDoS, Peering, Automation and more
DDoS, Peering, Automation and more Martin J. Levy AfPIF 2015 Maputo, Mozambique 24 th August 2015 Agenda Introduction to the CloudFlare network How and where we deploy, peer, interconnect Why distribute
More informationRunning A Highly Scaled Registry DNS Platform. ICANN 55 Tech Day Anycast Panel Chris Griffiths -
ICANN 55 Tech Day Anycast Panel Chris Griffiths - chris.griffiths@nominet.uk 1 About Nominet WE ARE AN INTERNATIONAL INTERNET COMPANY DELIVERING PUBLIC BENEFIT As an operator of one of the largest Registries
More informationIncrease of Root and JP queries -- Long-term trends of number of queries --
Increase of Root and JP queries -- Long-term trends of number of queries -- Kazunori Fujiwara, JPRS DNS-OARC 2015 Spring Workshop Last Update: 2015/5/10 1945 (UTC) 1 Are DNS queries
More informationThe Evolving Architecture of the Web. Nick Sullivan
The Evolving Architecture of the Web Nick Sullivan Head of Cryptography CFSSL Universal SSL Keyless SSL Privacy Pass Geo Key Manager Recently Standards work TLS 1.3 Competing Goals make browsing more
More informationTHE AUTHORITATIVE GUIDE TO DNS TERMINOLOGY
Ebook: THE AUTHORITATIVE GUIDE TO DNS TERMINOLOGY From A Record & DNS to Zones 603 668 4998 Your Master List of Key DNS Terms As more users and more online services (sites, microservices, connected things,
More informationRock-solid Internet infrastructure. (Yeah, we keep our stuff in bunkers.)
Rock-solid Internet infrastructure. (Yeah, we keep our stuff in bunkers.) WHO DO YOU TRUST TO GET THE JOB DONE? Innovation at the core of the Internet When it comes to Internet services, you need a partner
More informationRe-engineering the DNS One Resolver at a Time. Paul Wilson Director General APNIC channeling Geoff Huston Chief Scientist
Re-engineering the DNS One Resolver at a Time Paul Wilson Director General APNIC channeling Geoff Huston Chief Scientist 1 In this presentation I ll talk about the DNS, and the root server infrastructure
More informationMeasurements of traffic in DITL 2008
Measurements of traffic in DITL 2008 Sebastian Castro secastro@caida.org CAIDA / NIC Chile 2008 OARC Workshop Sep 2008 Ottawa, CA Overview DITL 2008 General statistics Query characteristics Query rate
More informationDS TTL shortening experience in.jp
DS TTL shortening experience in.jp APRICOT2014 DNS Session 27 Feb 2014 Yoshiro YONEYA Copyright 2014 Japan Registry Services Co., Ltd. 1 What is DS? Establish a DNSSEC chain
More informationInfoblox Authenticated DHCP
Infoblox Authenticated DHCP Unified Visitor Management amigopod Technical Note Revision 1.1 5 July 2010 United States of America +1 (888) 590-0882 Europe, Middle East & Asia +34 91 766 57 22 Australia
More informationHow asymmetric is the internet? A study to reinforce the use of Traceroute
How asymmetric is the internet? A study to reinforce the use of Traceroute Wouter de Vries and José Jair Santanna Design and Analysis of Communication Systems Introduction What is the purpose? Toward the
More informationDNS Level 100. Rohit Rahi November Copyright 2018, Oracle and/or its affiliates. All rights reserved.
DNS Level 100 Rohit Rahi November 2018 1 Safe Harbor Statement The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated
More informationMeasuring Global DNS Propagation Times Using RIPE Atlas. Bachelor Thesis by Tim Wattenberg RIPE Regional Meeting Almaty, Kazakhstan
Measuring Global DNS Propagation Times Using RIPE Atlas Bachelor Thesis by Tim Wattenberg RIPE Regional Meeting Almaty, Kazakhstan About me - 25 years old, from Cologne/Germany - graduated from Heinrich
More informationMCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration. Chapter 5 Introduction to DNS in Windows Server 2008
MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 5 Introduction to DNS in Windows Server 2008 Objectives Discuss the basics of the Domain Name System (DNS) and its
More informationThe Design and Implementation of a Next Generation Name Service for the Internet (CoDoNS) Presented By: Kamalakar Kambhatla
The Design and Implementation of a Next Generation Name Service for the Internet (CoDoNS) Venugopalan Ramasubramanian Emin Gün Sirer Presented By: Kamalakar Kambhatla * Slides adapted from the paper -
More informationPacket Traces from a Simulated Signed Root
Packet Traces from a Simulated Signed Root Duane Wessels DNS-OARC DNS-OARC Workshop Beijing, China November 2009 Background We know from active measurements that some DNS resolvers cannot receive large
More informationRIPE NCC Technical Services. Kaveh Ranjbar, Chief Information Officer
RIPE NCC Kaveh Ranjbar, Chief Information Officer MENOG 15 Dubai, UAE 2 April 2015 Overview 2 RIPE Atlas K-root expansion DNS services RIPEstat Research Mostly global services, accessible by everyone -
More informationIs Your Caching Resolver Polluting the Internet?
Is Your Caching Resolver Polluting the Internet? Duane Wessels The Measurement Factory, and CAIDA wessels@measurement-factory.com September 2004 SIGCOMM 2004 NetTs 0 The Measurement Factory A Disclaimer
More informationDomain Name System (DNS) 김현철 ( 화 ) 정보통신융합서울대학교컴퓨터공학부
Domain Name System (DNS) 김현철 2010.09.29 ( 화 ) 정보통신융합서울대학교컴퓨터공학부 Chapter 2 Application Layer A note on the use of these ppt slides: We re making these slides freely available to all (faculty, students,
More informationBERLIN. 2015, Amazon Web Services, Inc. or its affiliates. All rights reserved
BERLIN 2015, Amazon Web Services, Inc. or its affiliates. All rights reserved Building Multi-Region Applications Jan Metzner, Solutions Architect Brian Wagner, Solutions Architect 2015, Amazon Web Services,
More informationDeliverable D2: Root Stability Report
Continuous Data-driven Analysis of Root Stability (CDAR) Deliverable D2: Root Stability Report Revision: Final Delivery date: March 8, 2017 Responsible: TNO (on behalf of NLnet Labs, SIDN, TNO consortium)
More informationDNS(SEC) client analysis
DNS(SEC) client analysis powered by assisted by Bart Gijsen (TNO) DNS-OARC, San Francisco, March 2011 Overview DNS traffic analysis CLIENT [8], [9] Applic. browser Operating system DNS stub [7] Resolver
More informationThe impact of DNSSEC on k.root-servers.net and ns-pri.ripe.net
The impact of DNSSEC on k.root-servers.net and ns-pri.ripe.net Olaf M. Kolkman Question What would be the immediate and initial effect on memory, CPU and bandwidth resources if we were to deploy DNSSEC
More informationNo domain left behind:
No domain left behind: is Let s Encrypt democratizing encryption? Maarten Aertsen 1, Maciej Korczyński 2, Giovane C. M. Moura 3, Samaneh Tajalizadehkhoob 2, Jan van den Berg 2 1 National Cyber Security
More informationA Look at RFC 8145 Trust Anchor Signaling for the 2017 KSK Rollover
A Look at RFC 8145 Trust Anchor Signaling for the 2017 KSK Rollover Duane Wessels DNS-OARC 26 San Jose, CA September 29, 2017 Background 2 2017 Root Zone KSK Rollover October 11, 2017! Root zone DNSKEY
More informationDETECTING RESOLVERS AT.NZ. Jing Qiao, Sebastian Castro DNS-OARC 29 Amsterdam, October 2018
DETECTING RESOLVERS AT.NZ Jing Qiao, Sebastian Castro DNS-OARC 29 Amsterdam, October 2018 BACKGROUND DNS-OARC 29 2 DNS TRAFFIC IS NOISY Despite general belief, not all the sources at auth nameserver are
More informationIEEE JOURNAL ON SELECTED AREAS IN COMMUNICATIONS, VOL. 27, NO. 3, APRIL
IEEE JOURNAL ON SELECTED AREAS IN COMMUNICATIONS, VOL. 27, NO. 3, APRIL 29 275 Impact of Configuration Errors on DNS Robustness Vasileios Pappas, Duane Wessels, Daniel Massey, Songwu Lu, Andreas Terzis,
More informationDNS Sessions. - where next? OARC 27 San Jose, Sep Sep 2017, San Jose. DNS OARC 27
DNS Sessions - where next? Sara Dickinson sara@sinodun.com OARC 27 San Jose, Sep 2017 1 Overview A tour of the evolution of doing DNS over session based protocols Recent use cases for DNS Sessions Trade-offs
More informationWho s Asking? Geoff Huston, Joao Damas APNIC. Roy Arends ICANN
Who s Asking? Geoff Huston, Joao Damas APNIC Roy Arends ICANN Background Experiments that are intended to expose the way in which recursive resolvers interact with the DNS root and its authoritative servers
More informationAnycast Latency: How Many Sites Are Enough?
Anycast Latency: How Many Sites Are Enough? ISI-TR-26-78, May 26 Ricardo de O. Schmidt University of Twente r.schmidt@utwente.nl John Heidemann USC/ISI johnh@isi.edu Jan Harm Kuipers University of Twente
More informationDoes Anycast Hang Up on You (UDP and TCP)? Lan Wei and John Heidemann, Fellow, IEEE
IEEE TRANSACTIONS ON NETWORK AND SERVICE MANAGEMENT, VOL. 15, NO. 2, JUNE 2018 707 Does Anycast Hang Up on You (UDP and TCP)? Lan Wei and John Heidemann, Fellow, IEEE Abstract Anycast-based services today
More informationIn the Domain Name System s language, rcode 0 stands for: no error condition.
12/2017 SIMPLE, FAST, RESILIENT In the Domain Name System s language, rcode 0 stands for: no error condition. If a DNS server answers a query with this result code, the service is running properly. This
More informationCSc 450/550 Computer Networks Domain Name System
CSc 450/550 Computer Networks Domain Name System Jianping Pan Summer 2007 5/28/07 CSc 450/550 1 Review: Web/HTTP Web URI/URL, HTML tags, embedded objects HTTP request and response persistence, statefulness
More informationA peering perspective from a global CDN
A peering perspective from a global CDN Marty Strong GORE15-18th May 2015 - Madrid, Spain Agenda What is CloudFlare? Why do we peer? Where do we peer? Why Madrid? The EspanIX experience What would we like
More informationRSSAC Activities Update. Lars Johan Liman and Tripti Sinha RSSAC Chair ICANN-54 October 2015
RSSAC Activities Update Lars Johan Liman and Tripti Sinha RSSAC Chair ICANN-54 October 2015 Agenda 1 2 3 Overview RSSAC002 Implementation Status Update RSSAC003: RSSAC Report on Root Zone TTLs 4 5 6 RSSAC
More informationManaging Caching DNS Server
This chapter explains how to set the Caching DNS server parameters. Before you proceed with the tasks in this chapter, see Introduction to the Domain Name System which explains the basics of DNS. Configuring
More information(Further) Dispatches from the DNS Frontier. Keith Mitchell DNS-OARC NANOG71 San Jose, Oct 2017
(Further) Dispatches from the DNS Frontier Keith Mitchell DNS-OARC NANOG71 San Jose, Oct 2017 OARC's Mission Statement The Domain Name System Operations Analysis and Research Center (DNS-OARC) is a non-profit,
More informationNetworked systems and their users
Networked systems and their users q The expansion of the Google serving infrastructure q A personalized livestreaming system q A platform for crowdsourcing web QoE measurements Mapping the expansion of
More informationDNSSEC Workshop. Dan York, Internet Society ICANN 53 June 2015
DNSSEC Workshop Dan York, Internet Society ICANN 53 June 2015 First, a word about our host... 2 Program Committee Steve Crocker, Shinkuro, Inc. Mark Elkins, DNS/ZACR Cath Goulding, Nominet Jean Robert
More informationDNS & Iodine. Christian Grothoff.
DNS & Iodine christian@grothoff.org http://grothoff.org/christian/ The Domain Name System is the Achilles heel of the Web. Tim Berners-Lee 1 DNS: Domain Name System Unique Distributed Database Application-layer
More informationDNS. dr. C. P. J. Koymans. September 16, Informatics Institute University of Amsterdam. dr. C. P. J. Koymans (UvA) DNS September 16, / 46
DNS dr. C. P. J. Koymans Informatics Institute University of Amsterdam September 16, 2008 dr. C. P. J. Koymans (UvA) DNS September 16, 2008 1 / 46 DNS and BIND DNS (Domain Name System) concepts theory
More informationA Look at Router Geolocation in Public and Commercial Databases
A Look at Router Geolocation in Public and Commercial Databases Manaf Gharaibeh 1, Anant Shah 1, Bradley Huffaker 2, Han Zhang 1, Roya Ensafi 3, Christos Papadopoulos 1 1 Colorado State University 2 CAIDA
More informationHow to Add Domains and DNS Records
Configure the Barracuda NextGen X-Series Firewall to be the authoritative DNS server for your domains or subdomains to take advantage of Split DNS or dead link detection. Step 1. Make the X-Series Firewall
More informationSOFTWARE ARCHITECTURE 9. NAME RESOLUTION.
1 SOFTWARE ARCHITECTURE 9. NAME RESOLUTION Tatsuya Hagino hagino@sfc.keio.ac.jp lecture URL https://vu5.sfc.keio.ac.jp/slide/ 2 OSI Reference Model Open Systems Interconnect ISO defined around 1984. Application
More informationUncovering IP Traffic Pattern in Saudi Arabia. Latency, Routes, Hop count,...
1 Uncovering IP Traffic Pattern in Saudi Arabia Latency, Routes, Hop count,... Authors 2 Luai E. Hasnawi, PhD Assistant Professor Taibah University Ahmad Showail, PhD Assistant Professor University of
More informationAddressing IPv6 A CDN perspective
Addressing IPv6 A CDN perspective @jta joão taveira araújo RIPE 74 clickbait Addressing IPv6 A CDN perspective @jta joão taveira araújo RIPE 74 Addressing IPv6 A CDN perspective @jta joão taveira araújo
More informationRIPE Network Coordination Centre. IPv6 at RIPE NCC. Mark Dranse Erik Romijn
IPv6 at RIPE NCC Mark Dranse 1 We like statistics 2 People at this meeting who have seen this presentation before RIPE Network Coordination Centre 3 At the RIPE NCC IPv6 is very important
More informationComputer Networks. Domain Name System. Jianping Pan Spring /25/17 CSC361 1
Computer Networks Domain Name System Jianping Pan Spring 2017 1/25/17 CSC361 1 Review: Web/HTTP Web URI/URL, HTML tags embedded/linked objects HTTP request and response persistence, statefulness web caching,
More informationROOT SERVERS MANAGEMENT AND SECURITY
ROOT SERVERS MANAGEMENT AND SECURITY WSIS African regional meeting 01/29/05 ALAIN PATRICK AINA aalain@trstech.net What is DNS(1)? Addresses are used to locate objects Names are easier to remember than
More informationDomain Name Service. DNS Overview. October 2009 Computer Networking 1
Domain Name Service DNS Overview October 2009 Computer Networking 1 Why DNS? Addresses are used to locate objects (contain routing information) Names are easier to remember and use than numbers DNS provides
More informationStrange Things Found in an Open Resolver Survey
Strange Things Found in an Open Resolver Survey Duane Wessels The Measurement Factory/CAIDA WIDE+CAIDA Workshop #9 January 19, 2008 WIDE+CAIDA 0 The Measurement Factory Open Resolvers Defined: A nameserver
More informationProbing Open Recursive Name Servers
Probing Open Recursive Name Servers John Kristoff jtk@ultradns.net NANOG 37 NSP-Security BoF jtk (jtk@ultradns.net) Probing ORNSs June 6, 2006 1 / 16 ORNS Candidate Data Sets 51,196 reflector attack, Feb.
More informationRoot KSK Roll Update Webinar
Root KSK Roll Update Webinar Matt Larson, VP of Research 11 October 2017 1 Who has KSK-2017 configured as a trust anchor? Until recently, there was no way to know which trust anchors validators have configured
More informationProtecting Against DNS Cache Poisoning Attacks
Protecting Against DNS Cache Poisoning Attacks Jonathan Trostle Johns Hopkins University, APL 11100 Johns Hopkins Rd. Laurel, MD 20273 Email: jonathan.trostle@jhuapl.edu Bill Van Besien Johns Hopkins University,
More informationDense Anycast Deployment of DNS Authority Servers
Dense Anycast Deployment of DNS Authority Servers NANOG 55 Vancouver, June 2012 Dave Knight Contents Background Expansion of L root Redesign Further Work Background In the beginning Authority service provided
More informationWhat we did last OARC. Keith Mitchell DNS-OARC RIPE77 DNS WG Amsterdam, Oct 2018
What we did last OARC Keith Mitchell DNS-OARC RIPE77 DNS WG Amsterdam, Oct 2018 OARC's Mission Statement The Domain Name System Operations Analysis and Research Center (DNS-OARC) is a non-profit, membership
More informationQuad9: A Free, Secure DNS Resolver. Nishal Goburdhan Internet Infrastructure Analyst Packet Clearing House
Quad9: A Free, Secure DNS Resolver Nishal Goburdhan Internet Infrastructure Analyst Packet Clearing House nishal@pch.net The Domain Name System (DNS) is the phone book of the Internet. It translates domain
More informationInternet Engineering Task Force (IETF) Request for Comments: Category: Best Current Practice ISSN: March 2017
Internet Engineering Task Force (IETF) Request for Comments: 8109 BCP: 209 Category: Best Current Practice ISSN: 2070-1721 P. Koch DENIC eg M. Larson P. Hoffman ICANN March 2017 Initializing a DNS Resolver
More informationCS101 Lecture 6: Internetworking: Internet Protocol, IP Addresses, Routing, DNS. John Magee 8 July Some images courtesy Wikimedia Commons
CS101 Lecture 6: Internetworking: Internet Protocol, IP Addresses, Routing, DNS John Magee 8 July 2013 Some images courtesy Wikimedia Commons 1 Overview/Questions What does Internet Protocol actually do?
More informationIs Explicit Congestion Notification usable with UDP? Stephen McQuistin and Colin Perkins
Is Explicit Congestion Notification usable with UDP? Stephen McQuistin and Colin Perkins Introduction Explicit congestion notification (ECN) ECN with TCP/IP long established: RFC 3168 Extends IP to mark
More informationUNIVERSITY OF TORONTO FACULTY OF APPLIED SCIENCE AND ENGINEERING
UNIVERSITY OF TORONTO FACULTY OF APPLIED SCIENCE AND ENGINEERING ECE361 Computer Networks Midterm March 06, 2017, 6:15PM DURATION: 80 minutes Calculator Type: 2 (non-programmable calculators) Examiner:
More informationIP ADDRESSES, NAMING, AND DNS
IP ADDRESSES, NAMING, AND DNS George Porter Apr 9, 2018 ATTRIBUTION These slides are released under an Attribution-NonCommercial-ShareAlike 3.0 Unported (CC BY-NC-SA 3.0) Creative Commons license These
More information