D-mystifying the D-Root Address Change

Size: px

Start display at page:

Download "D-mystifying the D-Root Address Change"

Johnathan Miller
5 years ago
Views:

1 D-mystifying the D-Root Address Change Matthew Lentz, Dave Levin, Jason Castonguay, Neil Spring, Bobby Bhattacharjee University of Maryland

2 Domain Name System (DNS). Root arpa edu com gov... Top-Level Domains umd... 2

3 Domain Name System (DNS). Root arpa edu com gov... Top-Level Domains Resolver umd... Q: 2

4 Domain Name System (DNS). arpa edu com gov... Resolver umd... Q: 3

5 Domain Name System (DNS) Root Zone A B C D E F G H I J K L M 3

6 Root Server Anycasting Root Zone A B C D E F G H I J K L M # of Instances 4

7 Root Server Anycasting Root Zone A B C D E F G H I J K L M # of Instances Anycasting enables global server replication 4

8 Root Server Anycasting Root Zone A B C D E F G H I J K L M Anycasting enables global server replication 5

9 Root Server Anycasting New Old A M D-Root Anycasting enables global server replication 5

10 Root Server Anycasting New A M D-Root Anycasting enables global server replication D-Root required IP address change 5

11 Root Server Anycasting New A M D-Root 5

12 Updating Resolvers: Out-of-Band New M Resolver A D-Root Resolver 6

13 Updating Resolvers: Out-of-Band 1. Obtain the root hints file NS D.ROOT-SERVERS.NET. D.ROOT-SERVERS.NET A D.ROOT-SERVERS.NET.! AAAA 2001:500:2D::D... New M Resolver A D-Root Resolver 6

14 Updating Resolvers: In-Band 2. Issue priming query to known root server ;; ANSWER SECTION: IN NS d.root-servers.net. ;; ADDITIONAL SECTION: d.root-servers.net IN A New Resolver A M D-Root Q:. IN NS 7

15 Updating Resolvers: In-Band New A M D-Root 7

16 D-Root Address Change New A... D-Root... M 8

17 D-Root Address Change New Old A... D-Root... M Serves queries on both addresses 8

18 Experimental Setup New Old D-Root 9

19 Experimental Setup Internet Queries/Responses New Old D-Root Detect Resolver Update Capture Traffic Samples 9

20 The Changeover 10

21 Expected Behavior 11

22 Expected Behavior 11

23 Expected Behavior 11

24 Expected Behavior 11

25 Reality 12

26 Reality 12

27 Reality 13

28 Reality 13

29 Reality Overall query volume increases 13

30 Reality Overall query volume increases Resolvers still query old address 13

31 Reality Overall query volume increases Resolvers still query old address 13

32 Reality Overall query volume increases Resolvers still query old address 14

33 Reality Overall query volume increases Resolvers still query old address Queries to old address fail less often 14

34 Why...? Overall query volume increases Resolvers still query old address Queries to old address fail less often 15

35 Why...? Overall query volume increases Resolvers still query old address Queries to old address fail less often 15

36 Why does query volume increase? New Resolvers and/or More Queries 16

37 Why does query volume increase? New Resolvers and/or More Queries Actually, unique resolvers decreased 16

38 QPS - 24 Hours Before/After 17

39 QPS - 24 Hours Before/After 18

40 Excitables 19

41 Excitables Accounts for the increase in query volume 19

42 Excitables Explained by...? 20

43 Excitables Explained by...? Couldn t Fingerprint 20

44 Excitables Explained by...? Couldn t Fingerprint Popular in Europe 20

45 Excitables Explained by...? Spike Query Distribution Couldn t Fingerprint Popular in Europe 20

46 Excitables Explained by...? Spike Query Distribution Couldn t Fingerprint Frequently Re-Primes Popular in Europe 20

47 Why...? Overall query volume increases Resolvers still query old address Queries to old address fail less often 21

48 Why...? Overall query volume increases Excitables pointed to bug in PowerDNS Resolvers still query old address Queries to old address fail less often 21

49 Why...? Overall query volume increases Excitables pointed to bug in PowerDNS Resolvers still query old address Queries to old address fail less often 21

50 Who s still using the old address? Expect most resolvers to update correctly Old 22

51 Who s still using the old address? Expect most resolvers to update correctly New 22

52 Who s still using the old address? Expect most resolvers to update correctly 63% 9% 28% Old Both New 22

53 Who s still using the old address? Expect most resolvers to update correctly 63% 9% 28% Old Both New Barnacles Swappers 22

54 Barnacles: Feature Selection kp8goqfsz2skj.sukaxdmziq gfpb4fimbreso.qlbkgxsnue bl.spamcop.net zen.spamhaus.org... 23

55 Barnacles: Feature Selection kp8goqfsz2skj.sukaxdmziq gfpb4fimbreso.qlbkgxsnue... Random Always Fail bl.spamcop.net zen.spamhaus.org... 23

56 Barnacles: Feature Selection kp8goqfsz2skj.sukaxdmziq gfpb4fimbreso.qlbkgxsnue... Random Always Fail bl.spamcop.net zen.spamhaus.org... DNSBLs Always Succeed 23

57 Barnacles: Feature Selection kp8goqfsz2skj.sukaxdmziq gfpb4fimbreso.qlbkgxsnue... Random Always Fail bl.spamcop.net zen.spamhaus.org... DNSBLs Always Succeed Query Diversity Failure Rate 23

58 What should root servers expect? Expected area if correctly caching 24

59 Classifying Normals 25

60 Classifying Normals 25

61 Classifying Barnacles 26

62 Classifying Barnacles Majority have <10% failures 26

63 Classifying Barnacles Majority have <10% failures Like Normals, but do not prime 26

64 Classifying Barnacles Majority have <10% failures Like Normals, but do not prime Queries from a small set 26

65 Why...? Overall query volume increases Excitables pointed to bug in PowerDNS Resolvers still query old address Queries to old address fail less often 27

66 Why...? Overall query volume increases Excitables pointed to bug in PowerDNS Resolvers still query old address Queries to old address fail less often Barnacles due to misconfigurations, bugs, scanners, etc 27

67 Summary Overall query volume increases Excitables pointed to bug in PowerDNS Resolvers still query old address Queries to old address fail less often Barnacles due to misconfigurations, bugs, scanners, etc 27

68 Resolver Query Ratio 28

69 Classifying Swappers 29

Internet Anycast: Performance, Problems and Potential

Internet Anycast: Performance, Problems and Potential Zhihao Li, Dave Levin, Neil Spring, Bobby Bhattacharjee University of Maryland 1 Anycast is increasingly used DNS root servers: All 13 DNS root servers