Characterization of Collaborative Resolution in Recursive DNS Resolvers Rami Al-Dalky Kyle Schomp 2018 AKAMAI FASTER FORWARD TM

Size: px

Start display at page:

Download "Characterization of Collaborative Resolution in Recursive DNS Resolvers Rami Al-Dalky Kyle Schomp 2018 AKAMAI FASTER FORWARD TM"

Blanche Baldwin
5 years ago
Views:

1 Characterization of Collaborative Resolution in Recursive DNS Resolvers Rami Al-Dalky Kyle Schomp

2 Background on collaborative resolution Recursive Resolver DNS Client 2 PAM 2018

3 Background on collaborative resolution Authoritative Server com Recursive Resolver DNS Client 2 PAM 2018

4 Background on collaborative resolution Authoritative Server com example.com Recursive Resolver DNS Client 2 PAM 2018

5 Background on collaborative resolution Authoritative Server com example.com Recursive Resolver DNS Client 2 PAM 2018

6 Background on collaborative resolution Authoritative Server com example.com Recursive Resolver DNS Client Different Source IPs 2 PAM 2018

7 Background on collaborative resolution Authoritative Server com example.com Recursive Resolver DNS Client Different Source IPs 2 PAM 2018

8 Why study recursive resolvers? DNS resolutions prefaces majority of web transactions But also, resolvers have an outsized role in performance DNS-based Replica Selection 3 PAM 2018

9 Why study recursive resolvers? DNS resolutions prefaces majority of web transactions But also, resolvers have an outsized role in performance DNS-based Replica Selection A B DNS Client 3 PAM 2018

10 Why study recursive resolvers? DNS resolutions prefaces majority of web transactions But also, resolvers have an outsized role in performance DNS-based Replica Selection A Recursive Resolver B IP of A or B DNS Client 3 PAM 2018

11 Why study recursive resolvers? DNS resolutions prefaces majority of web transactions But also, resolvers have an outsized role in performance DNS-based Replica Selection A Recursive Resolver B IP of A or B DNS Client 3 PAM 2018

12 Data Collection Experimental DNS Records n1.example.com 300 IN CNAME n2.example.com n2.example.com 300 IN A / AAAA / 1:2:3:4:: 4 PAM 2018

example.com 300 IN A / AAAA 1.2.3.4 / 1:2:3:4:: n1.

13 Data Collection Experimental DNS Records n1.example.com 300 IN CNAME n2.example.com n2.example.com 300 IN A / AAAA / 1:2:3:4:: n1.example.com n2.example.com Authoritative Server 4 PAM 2018

14 Data Collection Experimental DNS Records n1.example.com 300 IN CNAME n2.example.com n2.example.com 300 IN A / AAAA / 1:2:3:4:: X n1.example.com Y n2.example.com Authoritative Server 4 PAM 2018 Directed Edge (X Y) is a Pair

15 Removing False Positive Edges 1. Happy eyeballs Include query type (A or AAAA) in the tuple when pairing queries 2. Multiple clients resolving the experimental name at the same time Hostnames encode the client subnet 3. Racing recursive resolvers for fastest response 4. Re-resolution of one, but not both, hostnames Window-based noise elimination 5 PAM 2018

16 Removing False Positive Edges 1. Happy eyeballs Include query type (A or AAAA) in the tuple when pairing queries 2. Multiple clients resolving the experimental name at the same time Hostnames encode the client subnet 3. Racing recursive resolvers for fastest response 4. Re-resolution of one, but not both, hostnames Window-based noise elimination N 1 N 2 Time 5 PAM 2018

17 Removing False Positive Edges 1. Happy eyeballs Include query type (A or AAAA) in the tuple when pairing queries 2. Multiple clients resolving the experimental name at the same time Hostnames encode the client subnet 3. Racing recursive resolvers for fastest response 4. Re-resolution of one, but not both, hostnames Window-based noise elimination N 1 5 seconds N 1 Time N 2 5 PAM 2018

18 Removing False Positive Edges 1. Happy eyeballs Include query type (A or AAAA) in the tuple when pairing queries 2. Multiple clients resolving the experimental name at the same time Hostnames encode the client subnet 3. Racing recursive resolvers for fastest response 4. Re-resolution of one, but not both, hostnames Window-based noise elimination N 1 5 seconds N 1 N 2 N 2 5 seconds Time 5 PAM 2018

19 Data 1 week of authoritative DNS query logs DNS Queries 820M 6 PAM 2018

20 Data 1 week of authoritative DNS query logs Filter down to pairs from the queries DNS Queries Pairs 820M 109M 7 PAM 2018

21 Data 1 week of authoritative DNS query logs Filter down to pairs from the queries Cluster same initiator into pools DNS Queries Pairs Clusters 820M 109M 421K 8 PAM 2018

22 Data 1 week of authoritative DNS query logs Filter down to pairs from the queries Cluster same initiator into pools Recursive Resolvers DNS Queries Pairs Clusters 820M 109M 421K X Y Y Pool: X Y, Z X Z X 8 PAM 2018 Z

23 Data 1 week of authoritative DNS query logs Filter down to pairs from the queries Cluster same initiator into pools Recursive Resolvers DNS Queries Pairs Clusters 820M 109M 421K X Y X Z Y Pool: X Y, Z N X Y, M X Z X 8 PAM 2018 Z

24 Data 1 week of authoritative DNS query logs Filter down to pairs from the queries Cluster same initiator into pools 14% of clusters contain more than 1 IP DNS Queries Pairs Clusters Singletons Pools 820M 109M 421K 360K 61K 9 PAM 2018

25 What do the pools look like? Number of recursive IPs per pool 10 PAM 2018

26 What do the pools look like? Number of recursive IPs per pool Pools typically consist of a small number of IP addresses 10 PAM 2018

27 What do the pools look like? Distribution in IP-Space IPv4 representation Binary representation PAM 2018

28 What do the pools look like? Distribution in IP-Space IPv4 representation Binary representation Length of covering prefix is PAM 2018

29 What do the pools look like? Distribution in IP-Space 12 PAM 2018

30 What do the pools look like? Distribution in IP-Space Only 50% of pools are in a single /24 12 PAM 2018

31 What do the pools look like? Distribution in IP-Space Only 50% of pools are in a single /24 65% of pools are mostly within a single /24 12 PAM 2018

32 What do the pools look like? Distribution in IP-Space Only 50% of pools are in a single /24 Many pools are spread across IP- Space 65% of pools are mostly within a single /24 12 PAM 2018

33 What do the pools look like? Autonomous Systems per Pool 85% of pools are within a single AS 14% of pools are in 2 ASs Comparing WHOIS entries of most frequently occurring AS pairs shows same organization 13 PAM 2018

34 What do the pools look like? Autonomous Systems per Pool 85% of pools are within a single AS 14% of pools are in 2 ASs Comparing WHOIS entries of most frequently occurring AS pairs shows same organization Pools very rarely cross organizational boundaries 13 PAM 2018

35 What do the pools look like? Geographic Distance within Pools 14 PAM 2018 Berlin to Paris

36 What do the pools look like? Geographic Distance within Pools Maximum distance between any 2 IPs in pool 14 PAM 2018 Berlin to Paris

37 What do the pools look like? Geographic Distance within Pools Weighted by number of occurrences Maximum distance between any 2 IPs in pool 14 PAM 2018 Berlin to Paris

38 What do the pools look like? Geographic Distance within Pools Weighted by number of occurrences Maximum distance between any 2 IPs in pool Most pools are compact, but a few complicate geolocating the clients behind them 14 PAM 2018 Berlin to Paris

39 How are queries distributed within the pool? Category Pools 100% 15 PAM 2018

40 How are queries distributed within the pool? Category Pools with 1 IPv4 / 1 IPv6 address likely dual-stack resolvers 29% have identifiable patterns: and 89ab::1:2:3:4 10% Pools 100% Dual-Stacks 36% and 89ab::4 19% 16 PAM 2018

41 How are queries distributed within the pool? Category Pools with 1 IPv4 / 1 IPv6 address likely dual-stack resolvers Use! " to test for uniformly distributing queries within pool Pools 100% Dual-Stacks 36% Uniform Load Bal 14% 17 PAM 2018

42 How are queries distributed within the pool? Category Pools with 1 IPv4 / 1 IPv6 address likely dual-stack resolvers Use! " to test for uniformly distributing queries within pool Pools where the initiator rarely offloads queries to other resolvers Pools 100% Dual-Stacks 36% Uniform Load Bal 14% Rare Offloading 27% 18 PAM 2018

43 How are queries distributed within the pool? Category Pools with 1 IPv4 / 1 IPv6 address likely dual-stack resolvers Use! " to test for uniformly distributing queries within pool Pools where the initiator rarely offloads queries to other resolvers Other / unknown Pools 100% Dual-Stacks 36% Uniform Load Bal 14% Rare Offloading 27% Other/Unknown 23% 19 PAM 2018

44 How are queries distributed within the pool? Category Pools with 1 IPv4 / 1 IPv6 address likely dual-stack resolvers Use! " to test for uniformly distributing queries within pool Pools 100% Dual-Stacks 36% Uniform Load Bal 14% Rare Offloading 27% Other/Unknown 23% Pools where the Wide initiator range rarely of behaviors offloads suggest that queries to other recursive resolversresolver pools are used for a Other / unknown variety of purposes 19 PAM 2018

45 Questions? Grow revenue opportunities with fast, personalized web experiences and manage complexity from peak demand, mobile devices and data collection. Kyle Schomp

Characterization of Collaborative Resolution in Recursive DNS Resolvers

Characterization of Collaborative Resolution in Recursive DNS Resolvers Rami Al-Dalky 1 and Kyle Schomp 2(B) 1 Case Western Reserve University, Cleveland, USA rami.al-dalky@case.edu 2 Akamai Technologies,