2007 Day In The Life DNS Root Server Analysis
|
|
- Todd Benson
- 5 years ago
- Views:
Transcription
1 27 Day In The Life DNS Root Server Analysis Duane Wessels Haven Hash The Measurement Factory/CAIDA WIDE+CAIDA Workshop #8 July 21, 27 WIDE+CAIDA #8 The Measurement Factory
2 DITL 27 Day In The Life of The Internet. Okay, two days. 48 hour period: Jan 9 :: to Jan 1 23:59:59 UTC Primary focus is DNS and root servers, but other data was collected as well. We have data from C-, F-, K-, and M-roots, which is the subject of this presentation. Data is 74 GB compressed pcap files. 1,,, DNS queries. WIDE+CAIDA #8 1 The Measurement Factory
3 Terminology Server: a collection of DNS nameservers operating under the same IP address. c.root-servers.net is a server Instance: an anycast instance of a server. k-milan is an instance of k.root-servers.net. Load-balanced nodes are combined into a single instance. c-lax1a and c-lax1b are load-balanced members of the c-root LAX instance. Client: an IP address sending DNS queries. WIDE+CAIDA #8 2 The Measurement Factory
4 Merging Pcaps First step was to create a single, merged pcap stream with all packets in chronological order. Created hour-long chunks for all instances, using tcpdumpjoin and tcpdump-split. Keep only data within the 48-hour DITL period. Queries only. Changed pcap timestamps for instances with known clock skew. Rewrote server IP addresses to encode server and instance. e.g., becomes to represent the 11th instance of F-root. Merged all hour-long instance files into timestamp-sorted files with mergecap. WIDE+CAIDA #8 3 The Measurement Factory
5 Analysis Software C++ program reads pcap files and keeps various counters. Runs at about 4, packets/second, or about 8% the rate of pcap time. i.e., takes 6 hours to analyze 48 hours of data. Needs about 3GB RAM. Data goes into Postgres SQL SELECT statements and perl scripts produce data for ploting with ploticus. WIDE+CAIDA #8 4 The Measurement Factory
6 II 1) Average rates of requests. c ord1a c jfk1a c lax1a c iad1c f ccs1a f dac1a f nbo1a f bcn1a f khi1a f jnb1a f akl1a f yow1a f lcy1a f dxb1a f lax1a f svo1a f eze1a f tlv1a f ord1a f cgk1a f maa1a f prg1a f lga1a f scl1a f bne1a f sel1y f kix1a f yyz1b f cdg1a f lis1a f mty1a f mad1a f tpe1a f hkg1a f gru1a f muc1a f ams1a f pek1a f sfo2 f pao1 k moscow k milan k reykjavik k poznan k geneva k athens k budapest k brisbane k helsinki k delhi k tokyo k frankfurt k miami k amsterdam k london m icn m nrt jpix m sfo m nrt jpnap m nrt dixie m cdg Queries Per Second
7 II 1) Average rates of requests Queries Per Second : 9Jan : 1Jan : 11Jan C F K M
8 2 II 2) The average number of clients per second seen at each instance. 15 c ord1a c jfk1a c lax1a c iad1c f ccs1a f dac1a f nbo1a f bcn1a f khi1a f jnb1a f akl1a f yow1a f lcy1a f dxb1a f lax1a f svo1a f eze1a f tlv1a f ord1a f cgk1a f maa1a f prg1a f lga1a f scl1a f bne1a f sel1y f kix1a f yyz1b f cdg1a f lis1a f mty1a f mad1a f tpe1a f hkg1a f gru1a f muc1a f ams1a f pek1a f sfo2 f pao1 k moscow k milan k reykjavik k poznan k geneva k athens k budapest k brisbane k helsinki k delhi k tokyo k frankfurt k miami k amsterdam k london m icn m nrt jpix m sfo m nrt jpnap m nrt dixie m cdg Clients Seen 1 5
9 16 II 2) The number of clients per second seen at each C root instance Clients Per Second : 9Jan : 1Jan : 11Jan c jfk1a c lax1a c ord1a c iad1c
10 II 2) Zoom in on c ord1a : 9Jan 9: Clients/Sec Queries/Sec
11 The cause?? Date: Thu, 11 Jan 27 1:3:47 + From: Paul Vixie <paul@vix.com> To: wessels@oarc.isc.org Subject: oops #ord1a.c:i386# jobs [1] + Running./tcpdump -s -n -w oarc.tcpd. -z gzip -P 5 host c.root-servers.net #ord1a.c:i386# kill % packets captured packets received by filter packets dropped by kernel [1] Done./tcpdump -s -n -w oarc.tcpd. -z gzip -P 5 host c.root-servers.net i had two tcpdumps running on one of the c-root boxes... WIDE+CAIDA #8 1 The Measurement Factory
12 II 2) The number of clients per second seen at each F root instance Clients Per Second : 9Jan : 1Jan : 11Jan f mty1a f maa1a f ord1a f lax1a f lga1a f pek1a f mad1a f lcy1a f sfo2 f scl1a f tpe1a f cgk1a f dac1a f muc1a f dxb1a f tlv1a f khi1a f lis1a f cdg1a f hkg1a f svo1a f yyz1b f gru1a f sel1y f kix1a f prg1a f eze1a f ccs1a f bne1a f akl1a f ams1a f pao1 f yow1a f jnb1a f bcn1a f nbo1a
13 5 II 2) The number of clients per second seen at each K root instance. 4 Clients Per Second : 9Jan : 1Jan : 11Jan k miami k moscow k poznan k amsterdam k delhi k helsinki k brisbane k geneva k athens k london k milan k budapest k tokyo k frankfurt k reykjavik
14 II. 2) Zoom in on K amsterdam node Clients Per Second : 9Jan 13: K amsterdam
15 3 II 2) The number of clients per second seen at each M root instance Clients Per Second : 9Jan : 1Jan : 11Jan m icn m nrt dixie m sfo m nrt jpnap m nrt jpix m cdg
16 II 3) Topological coverage by ASes. c ord1a c lax1a c jfk1a c iad1c f ccs1a f dxb1a f dac1a f bcn1a f nbo1a f khi1a f jnb1a f lis1a f tpe1a f scl1a f akl1a f maa1a f yow1a f eze1a f tlv1a f lcy1a f mty1a f pek1a f cgk1a f prg1a f ord1a f kix1a f svo1a f gru1a f lax1a f yyz1b f bne1a f hkg1a f mad1a f sel1y f cdg1a f lga1a f ams1a f muc1a f sfo2 f pao1 k reykjavik k moscow k athens k poznan k budapest k milan k helsinki k brisbane k geneva k tokyo k delhi k frankfurt k miami k amsterdam k london m icn m nrt jpix m nrt jpnap m sfo m nrt dixie m cdg Fraction of ASes
17 II 4) Topological coverage by prefixes..5.4 Fraction of prefixes.3 c ord1a c lax1a c jfk1a c iad1c f ccs1a f dxb1a f dac1a f bcn1a f nbo1a f khi1a f jnb1a f lis1a f tpe1a f scl1a f akl1a f maa1a f yow1a f eze1a f tlv1a f lcy1a f mty1a f pek1a f cgk1a f prg1a f ord1a f kix1a f svo1a f gru1a f lax1a f yyz1b f bne1a f hkg1a f mad1a f sel1y f cdg1a f lga1a f ams1a f muc1a f sfo2 f pao1 k reykjavik k moscow k athens k poznan k budapest k milan k helsinki k brisbane k geneva k tokyo k delhi k frankfurt k miami k amsterdam k london m icn m nrt jpix m nrt jpnap m sfo m nrt dixie m cdg.2.1
18 III 1) Clients distribution by RIR for each instance 1.8 Fraction of Clients.6.4 c jfk1a c iad1c c lax1a c ord1a f eze1a f mty1a f gru1a f scl1a f ccs1a f dxb1a f lis1a f svo1a f lcy1a f bcn1a f prg1a f mad1a f ams1a f muc1a f tlv1a f cdg1a f dac1a f khi1a f maa1a f cgk1a f pek1a f akl1a f bne1a f tpe1a f hkg1a f sel1y f kix1a f lax1a f sfo2 f lga1a f pao1 f nbo1a f jnb1a f yyz1b f ord1a f yow1a k frankfurt k athens k budapest k reykjavik k poznan k milan k helsinki k geneva k moscow k brisbane k amsterdam k tokyo k london k delhi k miami m cdg m icn m nrt jpnap m nrt jpix m nrt dixie m sfo.2 RIPE ARIN APNIC LACNIC AFRNIC IANA Unknown
19 IV 1) Distribution of users binned by query rate intervals for C root. 1^7 1^9 1^6 1^5 Number of Clients 1^4 1^3 1^8 Number of Queries ^7 Clients Queries Queries/sec
20 IV 1) Distribution of users binned by query rate intervals for F root. 1^7 1^9 1^6 1^5 Number of Clients 1^4 1^3 1^8 Number of Queries ^7 Clients Queries Queries/sec
21 IV 1) Distribution of users binned by query rate intervals for K root. 1^7 1^9 1^6 1^5 Number of Clients 1^4 1^3 1^8 Number of Queries ^7 Clients Queries Queries/sec
22 IV 1) Distribution of users binned by query rate intervals for M root. 1^7 1^9 1^6 1^5 Number of Clients 1^4 1^3 1^8 Number of Queries ^7 Clients Queries Queries/sec
23 IV 3) Breakdown by query types 1.8 Fraction of Queries C F K M A NS CNAME SOA PTR MX TXT AAA SRV A6 OTHER
24 IV 4) Breakdown by query types for users binned by rate intervals for C root 1.8 Fraction of Queries in each bin Queries/sec A NS CNAME SOA PTR MX TXT AAA SRV A6 OTHER
25 IV 4) Breakdown by query types for users binned by rate intervals for F root 1.8 Fraction of Queries in each bin Queries/sec A NS CNAME SOA PTR MX TXT AAA SRV A6 OTHER
26 IV 4) Breakdown by query types for users binned by rate intervals for K root 1.8 Fraction of Queries in each bin Queries/sec A NS CNAME SOA PTR MX TXT AAA SRV A6 OTHER
27 IV 4) Breakdown by query types for users binned by rate intervals for M root 1.8 Fraction of Queries in each bin Queries/sec A NS CNAME SOA PTR MX TXT AAA SRV A6 OTHER
28 The End
Day In The Life of the Internet 2008 Data Collection Event.
Day In The Life of the Internet 2008 Data Collection Event http://www.caida.org/projects/ditl Duane Wessels The Measurement Factory/CAIDA k claffy CAIDA NANOG 42 February 19, 2008 NANOG 42 0 The Measurement
More informationTwo days in The Life of The DNS Anycast Root Servers
Two days in The Life of The DNS Anycast Root Servers Ziqian Liu Beijing Jiaotong Univeristy Bradley Huffaker, Marina Fomenkov Nevil Brownlee, and kc claffy CAIDA PAM2007 Outline DNS root servers DNS anycast
More informationUnderstanding and preparing for DNS evolution
Understanding and preparing for DNS evolution Sebastian Castro 1,2, Min Zhang 1, Wolfgang John 1,3, Duane Wessels 1,4 and kc claffy 1 {secastro,mia,johnwolf,kc}@caida.org wessels@dns-oarc.net 1 CAIDA,
More informationIs Your Caching Resolver Polluting the Internet?
Is Your Caching Resolver Polluting the Internet? Duane Wessels The Measurement Factory, and CAIDA wessels@measurement-factory.com September 2004 SIGCOMM 2004 NetTs 0 The Measurement Factory A Disclaimer
More informationReport from the RIPE NCC. Axel Pawlik. RIPE 50, 2-6 May 2005, Stockholm.
Report from the RIPE NCC 1 Overview Registration Services Training Engineering New Projects Coordination Communications Membership Relations External Relations 2 Registration Services Documentation update
More informationA Root DNS Server. Akira Kato. Brief Overview of M-Root. WIDE Project
A Root DNS Server Akira Kato WIDE Project kato@wide.ad.jp Brief Overview of M-Root Assumes basic knowledge on DNS Dr. Tatsuya Jinmei has introduced in Nov 19, 2004 What s Root Servers? Start point of the
More informationIncrease of Root and JP queries -- Long-term trends of number of queries --
Increase of Root and JP queries -- Long-term trends of number of queries -- Kazunori Fujiwara, JPRS DNS-OARC 2015 Spring Workshop Last Update: 2015/5/10 1945 (UTC) 1 Are DNS queries
More informationTracing a DNS Reflection Attack via Anycast Routing Changes. Duane Wessels October, 2011
Tracing a DNS Reflection Attack via Anycast Routing Changes Duane Wessels October, 2011 1 A Brief History Big Bang The Earth cooled Internet (TCP/IP) invented Domain Name System invented People realize
More informationStrange Things Found in an Open Resolver Survey
Strange Things Found in an Open Resolver Survey Duane Wessels The Measurement Factory/CAIDA WIDE+CAIDA Workshop #9 January 19, 2008 WIDE+CAIDA 0 The Measurement Factory Open Resolvers Defined: A nameserver
More informationMeasurements of traffic in DITL 2008
Measurements of traffic in DITL 2008 Sebastian Castro secastro@caida.org CAIDA / NIC Chile 2008 OARC Workshop Sep 2008 Ottawa, CA Overview DITL 2008 General statistics Query characteristics Query rate
More informationWhat is all that crap? Analysis of DNS root server bogus queries
What is all that crap? Analysis of DNS root server bogus queries Daniël Sánchez daniel.sanchez@os3.nl Joost Pijnaker joost.pijnaker@os3.nl University of Amsterdam February 4, 2007 Abstract What is all
More informationK-Root Name Server Operations
K-Root Name Server Operations Andrei Robachevsky andrei@ripe.net 1 Outline Root Server System brief update Architecture Current locations Anycast deployment K.root-servers.net Server Major milestones Current
More informationDNS Level 100. Rohit Rahi November Copyright 2018, Oracle and/or its affiliates. All rights reserved.
DNS Level 100 Rohit Rahi November 2018 1 Safe Harbor Statement The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated
More informationDomain Statistics Collector Tutorial
Domain Statistics Collector Tutorial Duane Wessels DNS-OARC Advanced cctld Workshop September 16, 2008 ams-cctld-advanced 0 DNS-OARC What is DSC? A system for collecting, transferring, viewing, and storing
More informationCSc 450/550 Computer Networks Domain Name System
CSc 450/550 Computer Networks Domain Name System Jianping Pan Summer 2007 5/28/07 CSc 450/550 1 Review: Web/HTTP Web URI/URL, HTML tags, embedded objects HTTP request and response persistence, statefulness
More informationDNS Type Query Support Added to the DNS Analyzer
DNS Type Query Support Added to the DNS Analyzer This chapter describes the following topics: Feature Summary and Revision History, page 1 Feature Changes, page 2 Command Changes, page 4 Performance Indicator
More informationComputer Networks. Domain Name System. Jianping Pan Spring /25/17 CSC361 1
Computer Networks Domain Name System Jianping Pan Spring 2017 1/25/17 CSC361 1 Review: Web/HTTP Web URI/URL, HTML tags embedded/linked objects HTTP request and response persistence, statefulness web caching,
More informationf.root-servers.net ISOC cctld Workshop Nairobi, Kenya, 2005
f.root-servers.net ISOC cctld Workshop Nairobi, Kenya, 2005 The Basics DNS The Domain Name System is a huge database of resource records globally distributed, loosely coherent, scaleable, reliable, dynamic
More informationOperations, Analysis and Research Center for the Internet Co-ordination centre to protect Global DNS infrastructure Trusted, neutral environment for
Recent DNS Events and OARC Activities Keith Mitchell OARC Programme Manager Internet Systems Consortium RIPE54 DNS WG Tallinn, Estonia May 2007 What is OARC? Operations, Analysis and Research Center for
More informationAn Update on Anomalous DNS Behavior
An Update on Anomalous DNS Behavior Duane Wessels, and CAIDA wessels@measurement-factory October 23 Motivation Why are root servers getting slammed? Are caching/forwarding DNS servers doing the right thing?
More informationMeasuring IPv6 Deployment
Measuring IPv6 Deployment The story so far IANA Pool Exhaustion In this model, IANA allocates its last IPv4 /8 to an RIR on the 18 th January 2011 Ten years ago we had a plan Oops! We were meant to have
More informationRDAP: A Primer on the Registration Data Access Protocol
RDAP: A Primer on the Registration Data Access Protocol Andy Newton, Chief Engineer, ARIN Registration Operations Workshop IETF 93 Prague, CZ 19 July 2015 Background WHOIS (Port 43) Old, very old Lot s
More informationDNS. David Malone. 19th October 2004
DNS David Malone 19th October 2004 1 Names vs. Addresses Computers like addresses eg. 134.226.81.11. People prefer names salmon.maths.tcd.ie. Need a way to translate. walton.maths.tcd.ie close to salmon.maths.tcd.ie.
More informationRIR delegation reports and address-by-economy measurements. DNS-OARC Workshop 25 July 2005 George Michaelson APNIC
RIR delegation reports and address-by-economy measurements DNS-OARC Workshop 25 July 2005 George Michaelson APNIC ggm@apnic.net Summary All RIR produce daily reports on resource allocations and assignments
More informationRFC1918 updates on servers near M and F roots C A I D A. Andre Broido, work in progress. CAIDA WIDE Workshop ISI, CAIDA / SDSC / UCSD
RFC1918 updates on servers near M and F roots Andre Broido, work in progress C A I D A CAIDA / SDSC / UCSD http://www.caida.org CAIDA WIDE Workshop ISI, 2005-03-12 Previous projects IPv4 list (Young, Brad)
More informationCS615 - Aspects of System Administration
CS615 - Aspects of System Administration Slide 1 CS615 - Aspects of System Administration DNS; HTTP Department of Computer Science Stevens Institute of Technology Jan Schaumann jschauma@stevens-tech.edu
More informationBegin forwarded message:
Begin forwarded message: From: Axel Pawlik Date: 23 November 2010 6:13:22 am To: Elise Gerich Cc: Leo Vegoda Subject: Various Registry address space, update message-id: user-agent: Mozilla/5.0 (Macintosh;
More informationHow to Configure the DNS Server
Make the Barracuda Link Balancer an Authoritative DNS host and configure the DNS Server for inbound load balancing. Step 1. Enable Authoritative DNS Enable Authoritative DNS on the Barracuda Link Balancer
More informationRecursives in the Wild: Engineering Authoritative DNS Servers
Recursives in the Wild: Engineering Authoritative DNS Servers Moritz Müller 1,2, Giovane C. M. Moura 1, Ricardo de O. Schmidt 1,2, John Heidemann 3 1 SIDN Labs The Netherlands 2 University of Twente The
More informationCurrent Policy Topics A World Wide View
Current Policy Topics A World Wide View filiz@ripe.net Overview RIPE Policy Update World Wide Look by Topic - IPv4 - IPv6 - ASNs RIPE Policy Update - Archived Withdrawn - Contact e-mail Address Requirements
More informationGeorge Kuo ARIN XXIII
APNIC Update George Kuo Member Services Manager ARIN XXIII 28 APR 2009 Overview APNIC 27 policy outcomes APNIC Member and Stakeholder Survey IPv6 Program Research and development activities New APNIC website
More informationDNS/DNSSEC Workshop. In Collaboration with APNIC and HKIRC Hong Kong. Champika Wijayatunga Regional Security Engagement Manager Asia Pacific
DNS/DNSSEC Workshop In Collaboration with APNIC and HKIRC Hong Kong Champika Wijayatunga Regional Security Engagement Manager Asia Pacific 22-24 January 2018 1 Agenda 1 2 3 Introduction to DNS DNS Features
More informationNetworking Applications
Networking Dr. Ayman A. Abdel-Hamid College of Computing and Information Technology Arab Academy for Science & Technology and Maritime Transport 1 Outline Introduction Name Space concepts Domain Name Space
More informationRecursives in the Wild:
Recursives in the Wild: Engineering Authoritative DNS Servers IETF 100 IRTF MAPRG 2017-11-13 Singapore Moritz Müller 1,2, Giovane C. M. Moura 1, Ricardo de O. Schmidt 1,2, John Heidemann 3 1 SIDN Labs,
More informationNew Topic: Naming. Approaches
New Topic: Naming Names are used to share resources, uniquely identify entities and refer to locations Need to map from name to the entity it refers to E.g., Browser access to www.cnn.com Use name resolution
More informationIPv4 depletion & IPv6 deployment in the RIPE NCC service region. Kjell Leknes - June 2010
IPv4 depletion & IPv6 deployment in the RIPE NCC service region Kjell Leknes - June 2010 Outline About RIPE and RIPE NCC IPv4 depletion IPv6 deployment Engaging the community - RIPE NCC and the RIPE community
More informationAnalysis of query traffic to.com/.net name servers! Duane Wessels, Matt Larson, Allison Mankin! Verisign Labs! APRICOT 2013!
Analysis of query traffic to.com/.net name servers! Duane Wessels, Matt Larson, Allison Mankin! Verisign Labs! APRICOT 2013! 1! Our Infrastructure! Operator of A root (6 sites), J root (70) Registry for.com/.net
More informationMeasuring IPv6 Deployment
Measuring IPv6 Deployment Geoff Huston George Michaelson research@apnic.net The story so far In case you hadn t heard by now, we appear to be running quite low on IPv4 addresses! IANA Pool Exhaustion Prediction
More informationDense Anycast Deployment of DNS Authority Servers
Dense Anycast Deployment of DNS Authority Servers MENOG 10 Dubai, April 2012 Dave Knight Contents Background Expansion of L root Redesign Further Work Background In the beginning Authority service provided
More informationRIPE NCC Routing Information Service (RIS)
RIPE NCC Routing Information Service (RIS) Overview Colin Petrie 14/12/2016 RON++ What is RIS? What is RIS? Worldwide network of BGP collectors Deployed at Internet Exchange Points - Including at AMS-IX
More informationDNS Anomaly Detection
DNS Anomaly Detection superdad Nick Barendregt Hidde van der Heide Agenda Introduction Methods Results Conclusion Questions and Discussion 3 / 25 Introduction "Examine the feasibility of detecting malware
More informationIPv4 Address Report. This report generated at 12-Mar :24 UTC. IANA Unallocated Address Pool Exhaustion: 03-Feb-2011
IPv4 Address Report This report generated at 12-Mar-2018 08:24 UTC. IANA Unallocated Address Pool Exhaustion: 03-Feb-2011 Projected RIR Address Pool Exhaustion Dates: RIR Projected Exhaustion Remaining
More informationNew Topic: Naming. Differences in naming in distributed and non-distributed systems. How to name mobile entities?
New Topic: Naming Names are used to share resources, uniquely identify entities and refer to locations Need to map from name to the entity it refers to E.g., Browser access to www.cnn.com Use name resolution
More informationThe impact of DNSSEC on k.root-servers.net and ns-pri.ripe.net
The impact of DNSSEC on k.root-servers.net and ns-pri.ripe.net Olaf M. Kolkman Question What would be the immediate and initial effect on memory, CPU and bandwidth resources if we were to deploy DNSSEC
More informationMeasurement of Anycast Effects - from the experience on.jp anycast deployment -
Measurement of Anycast Effects - from the experience on.jp anycast deployment - Shinta Sato Japan Registry Services Co., Ltd. (JPRS) RIPE 54 DNS Working Group Thursday 10 May 2007
More informationTesting IPv6 address records in the DNS root
Testing IPv6 address records in the DNS root February 2007 Geoff Huston Chief Scientist APNIC Priming a DNS name server 1. Take the provided root hints file 2. Generate a DNS query for resource records
More informationIPv6 Addressing. Pedro Lorga - WALC 2006 (Quito, Ecuador July 06)
IPv6 Addressing Pedro Lorga - lorga@fccn.pt Addressing scheme RFC 3513 defines IPv6 addressing scheme RFC 3587 defines IPv6 global unicast address format 128 bit long addresses Allow hierarchy Flexibility
More informationDNS and CDNs : Fundamentals of Computer Networks Bill Nace
DNS and CDNs 14-740: Fundamentals of Computer Networks Bill Nace Material from Computer Networking: A Top Down Approach, 6 th edition. J.F. Kurose and K.W. Ross Administrivia HW #1 is posted Mission: Learn
More informationRIPE NCC DNS Update. Wolfgang Nagele DNS Services Manager
RIPE NCC DNS Update Wolfgang Nagele DNS Services Manager DNS Department Services Reverse DNS for RIPE NCC zones Secondary for other RIRs K-root F-reverse (in-addr.arpa & ip6.arpa) Secondary DNS for cctlds
More informationARIN Support for DNSSEC and RPKI. ION San Diego 11 December 2012 Pete Toscano, ARIN
ARIN Support for DNSSEC and ION San Diego 11 December 2012 Pete Toscano, ARIN 2 DNS and BGP They have been around for a long time. DNS: 1982 BGP: 1989 They are not very secure. Methods for securing them
More informationHow to Add Domains and DNS Records
Configure the Barracuda NextGen X-Series Firewall to be the authoritative DNS server for your domains or subdomains to take advantage of Split DNS or dead link detection. Step 1. Make the X-Series Firewall
More informationK-Root Nameserver Operations
K-Root Nameserver Operations Andrei Robachevsky Chief Technical Officer andrei@ripe.net 1 Outline Root Server System What is a root server? Where is the root? Anycast Routing The basics Advantages of using
More informationComputing Parable. New Topic: Naming
Computing Parable The Cow Courtesy: S. Keshav Lecture 10, page 1 New Topic: Naming Names are used to share resources, uniquely identify entities and refer to locations Need to map from name to the entity
More informationIs Your Caching Resolver Polluting the Internet?
Is Your Caching Resolver Polluting the Internet? Duane Wessels CAIDA & The Measurement Factory, Inc. wessels@measurement-factory.com ABSTRACT Previous research has shown that most of the DNS queries reaching
More informationRIPE NCC Technical Services. Kaveh Ranjbar, Chief Information Officer
RIPE NCC Kaveh Ranjbar, Chief Information Officer MENOG 15 Dubai, UAE 2 April 2015 Overview 2 RIPE Atlas K-root expansion DNS services RIPEstat Research Mostly global services, accessible by everyone -
More informationRIPE NCC DNS Update. Anand Buddhdev Oct 2016 RIPE 73
RIPE NCC DNS Update Anand Buddhdev Oct 2016 RIPE 73 The DNS team Anand Colin Iñigo Paul Florian Romeo Anand Buddhdev RIPE 73 27 Oct 2016 2 K-root AS 25152 Status Active at 44 sites - Five core sites -
More informationCS615 - Aspects of System Administration
CS615 - Aspects of System Administration Slide 1 CS615 - Aspects of System Administration DNS; HTTP Department of Computer Science Stevens Institute of Technology Jan Schaumann jschauma@stevens-tech.edu
More informationIs Your Caching Resolver Polluting the Internet?
Is Your Caching Resolver Polluting the Internet? Duane Wessels CAIDA & The Measurement Factory, Inc. wessels@measurement-factory.com ABSTRACT Previous research has shown that most of the DNS queries reaching
More informationRoot DNS Anycast in South Asia
Root DNS Anycast in South Asia Anurag Bhatia, Network Researcher JANOG 38 What are root DNS servers? Authoritative DNS servers for top level dot (like com. / net. etc) Knows authoritative DNS server of
More informationAPNIC allocation and policy update. JPNIC OPM July 17, Tokyo, Japan Guangliang Pan
APNIC allocation and policy update JPNIC OPM July 17, 2007 - Tokyo, Japan Guangliang Pan 1 Overview Internet registry structure Number resource allocation statistics APNIC recent policy implementations
More informationRIPE NCC Status Report at ARIN. leo vegoda. ARIN X, Oct. 30 Nov. 1, 2002, Eugene, OR.
RIPE NCC Status Report at ARIN X 1 Who s Who? Axel Pawlik Managing Director Jochem de Ruig Chief Financial Officer Paul Rendek Communications Manager Mirjam Kühne Director of External Relations Andrei
More informationInternet Addressing and Naming. CS 7260 Nick Feamster January 10, 2007
Internet Addressing and Naming CS 7260 Nick Feamster January 10, 2007 Announcements Course mailing list cs7260-course at mailman.cc.gatech.edu https://mailman.cc.gatech.edu/mailman/listinfo/cs7260-course
More informationAre We Growing Fast Enough?
IPv6 routing table Introduction 1 Are We Growing Fast Enough? A snapshot of the global IPv6 routing table Gert Döring, SpaceNet AG, Munich, Germany Jan 31, 2011 NANOG 51, Miami presented by CJ Aronson
More information2016 Infoblox Inc. All rights reserved. Implementing AWS Route 53 Synchronization Infoblox-DG January 2016 Page 1 of 8
2016 Infoblox Inc. All rights reserved. Implementing AWS Route 53 Synchronization Infoblox-DG-0136-00 January 2016 Page 1 of 8 Contents Introduction... 3 Infoblox and Route 53 Synchronization... 3 Prerequisites...
More informationPacket Traces from a Simulated Signed Root
Packet Traces from a Simulated Signed Root Duane Wessels DNS-OARC DNS-OARC Workshop Beijing, China November 2009 Background We know from active measurements that some DNS resolvers cannot receive large
More informationAPNIC Update. Guangliang Pan Resource Services Manager. RIPE 58 6 May 2009
APNIC Update Guangliang Pan Resource Services Manager RIPE 58 6 May 2009 Overview APNIC 27 policy outcomes New IPv4 blocks from IANA APNIC IPv6 Survey and Program Research and development activities Preview
More informationManaging Caching DNS Server
This chapter explains how to set the Caching DNS server parameters. Before you proceed with the tasks in this chapter, see Introduction to the Domain Name System which explains the basics of DNS. Configuring
More informationBROAD AND LOAD-AWARE ANYCAST MAPPING WITH VERFPLOETER
BROAD AND LOAD-AWARE ANYCAST MAPPING WITH VERFPLOETER WOUTER B. DE VRIES, RICARDO DE O. SCHMIDT, WES HARDAKER, JOHN HEIDEMANN, PIETER-TJERK DE BOER AND AIKO PRAS London - November 3, 2017 INTRODUCTION
More informationRIPE Network Coordination Centre. K-root and DNSSEC. Wolfgang Nagele RIPE NCC.
K-root and DNSSEC Wolfgang Nagele RIPE NCC RIPE NCC One of the five Regional Internet Registries Provides IP address and AS number resources to Europe and Middle-East regions DNS related work - Parent
More informationToday: Naming. Example: File Names
Today: Naming Names are used to share resources, uniquely identify entities and refer to locations Need to map from name to the entity it refers to E.g., Browser access to www.cnn.com Use name resolution
More informationCSC 5930/9010 Offensive Security: OSINT
CSC 5930/9010 Offensive Security: OSINT Professor Henry Carter Spring 2019 Recap Designing shellcode requires intimate knowledge of assembly, system calls, and creative combinations of operations But allows
More informationCSE 486/586 Distributed Systems
CSE 486/586 Distributed Systems The Domain Name System Slides by Steve Ko Computer Sciences and Engineering University at Buffalo CSE 486/586 Domain Name System (DNS) Proposed in 1983 by Paul Mockapetris
More informationIXPs Traffic Statistics summary
IXPs Traffic Statistics 2013 summary CONTENTS 1. Traffic Growth worldwide in 2013... 3 2. Traffic growth in the Euro-IX region... 4 3. Traffic growth in the APIX region... 5 4. Traffic growth in the Af-IX
More informationDNS Anycast Statistic Collection
DNS Anycast Statistic Collection RIPE 61 Measurement Analysis and Tools Working Group 18 Nov 2010 Edward Lewis Neustar 1 What s so hard about reporting? 2 Collecting DNS Statistics (Generic) The Technical
More informationDNS root server deployments. George Michaelson DNS operations SIG APNIC17/APRICOT 2004 Feb KL, Malaysia
DNS root server deployments George Michaelson DNS operations SIG APNIC17/APRICOT 2004 Feb 23-27 2004 KL, Malaysia Why deploy an anycast node? Increase resistance against DDoS Attacks on the root Improve
More informationAPNIC elearning: DNS Concepts
APNIC elearning: DNS Concepts 27 MAY 2015 11:00 AM AEST Brisbane (UTC+10) Issue Date: Revision: Introduction Presenter Sheryl Hermoso Training Officer sheryl@apnic.net Specialties: Network Security IPv6
More informationDNS. Karst Koymans & Niels Sijm. Friday, September 14, Informatics Institute University of Amsterdam
DNS Karst Koymans & Niels Sijm Informatics Institute University of Amsterdam Friday, September 14, 2012 Karst Koymans & Niels Sijm (UvA) DNS Friday, September 14, 2012 1 / 32 1 DNS on the wire 2 Zone transfers
More informationDomain Name System (DNS)
Domain Name System (DNS) Computer Networks Lecture 9 http://goo.gl/pze5o8 Domain Name System Naming service used in the Internet Accomplishes mapping of logical ("domain") names to IP addresses (and other
More informationInternet Protocol Addresses What are they like and how are the managed?
Internet Protocol Addresses What are they like and how are the managed? Paul Wilson APNIC On the Internet, nobody knows you re a dog by Peter Steiner, from The New Yorker, (Vol.69 (LXIX) no. 20) On the
More informationDNS Concepts. Acknowledgements July 2005, Thimphu, Bhutan. In conjunction with SANOG VI. Bill Manning Ed Lewis Joe Abley Olaf M.
16-20 July 2005, Thimphu, Bhutan In conjunction with SANOG VI DNS Concepts Acknowledgements Bill Manning Ed Lewis Joe Abley Olaf M. Kolkman NeuStar 1 Purpose of naming Addresses are used to locate objects
More informationAre We Growing Fast Enough?
IPv6 routing table Introduction 1 Are We Growing Fast Enough? A snapshot of the global IPv6 routing table Gert Döring, SpaceNet AG, Munich, Germany May 5, 2009 RIPE 58, Amsterdam IPv6 routing table Overview
More informationCloud DNS Phone: (877)
Cloud DNS Phone: (877) 937-4236 Email: info@cdnetworks.com CDNetworks Inc., 1500 Valley Vista Dr. Diamond Bar, CA 91765, USA Table of Content Introduction... 3 Cloud DNS Global Points of Presence...3 CDNetworks
More informationAgha Mohammad Haidari General ICT Manager in Ministry of Communication & IT Cell#
Install a DNS server in Windows Server 2008 IT administrators who have little or no experience with Domain Name System (DNS), can learn to install, configure and troubleshoot a Windows Server 2008 DNS
More informationIPv6 Deployment and Distribution in the RIPE NCC Service Region. Marco Schmidt IP Resource Analyst Monday, 23 April 2012
IPv6 Deployment and Distribution in the RIPE NCC Service Region Marco Schmidt IP Resource Analyst Monday, 23 April 2012 Topics: RIPE NCC IPv4 - review and last /8 IPv6 - current status How to get IPv6
More informationNews from RIPE and RIPE NCC
News from RIPE and RIPE NCC FRNOG, Paris 11 December 2009 Vesna Manojlovic RIPE / RIPE NCC RIPE Operators community Develops addressing policies Working group mailing lists 2010 meetings: Prague 3-7 May
More informationDPU TDC 463. Scanning, Probing, and Surveying for Internet Hosts and Services. TDC463 Fall 2017 John Kristoff DePaul University 1
DPU TDC 463 Scanning, Probing, and Surveying for Internet Hosts and Services TDC463 Fall 2017 John Kristoff DePaul University 1 The Probing Challenge To quickly, periodically, safely and accurately discover
More informationRIPE NCC Introduction. Jochem de Ruig Chief Financial Officer
RIPE NCC Introduction Chief Financial Officer RIPE NCC Contents Basics what are Internet Number Resources (INR)? The INR world The registration Legal aspects of INR RIPE NCC and Law Enforcement Basics
More informationAn Amsterdam Update. RIPE Network Coordination Centre. Nick Hyrka. APNIC 25, 29 April 2008, Taiwan 1. ArtistServer.
An Amsterdam Update ArtistServer.com/Brillman ArtistServer.com/Brillman APNIC 25, 29 April 2008, Taiwan http://www.ripe.net 1 Personnel Changes New key staff Anand Buddhdev Database Manager Andrea Cima
More informationIPv6 Addressing Status and Policy Report. Paul Wilson Director General, APNIC
IPv6 Addressing Status and Policy Report Paul Wilson Director General, APNIC Overview IPv6 deployment status Allocations, Registration and Routing Asia Pacific and Global comparison IPv6 policy status
More informationRIPE NCC Status Update
RIPE NCC Status Update IPv4 and more Marco Hogewoning, Trainer IPv4 Run Out IPv4 Distribution IANA 3 February 2011 15 April 2011 AfriNIC ARIN RIPE NCC APNIC LACNIC? 7,000 LIRs End Users 3 Business As Usual
More informationHD Ratio for IPv4. RIPE 48 May 2004 Amsterdam
HD Ratio for IPv4 RIPE 48 May 2004 Amsterdam 1 Current status APNIC Informational presentation at APNIC 16 Well supported, pending presentation at other RIRs ARIN Similar proposal made at ARIN XIII Not
More informationModule 10. (Reconnaissance Whois and DNS)
(Reconnaissance Whois and DNS) At the end of this module, you should what Domain Names and IPv4 Address are and how they are related by the Domain Name Service. You should also have an idea of what kind
More informationDNS. dr. C. P. J. Koymans. September 16, Informatics Institute University of Amsterdam. dr. C. P. J. Koymans (UvA) DNS September 16, / 46
DNS dr. C. P. J. Koymans Informatics Institute University of Amsterdam September 16, 2008 dr. C. P. J. Koymans (UvA) DNS September 16, 2008 1 / 46 DNS and BIND DNS (Domain Name System) concepts theory
More informationRIPE Atlas. Viktor Naumov R&D Software Engineer
RIPE Atlas Viktor Naumov R&D Software Engineer vnaumov@ripe.net Introduction RIPE Atlas: There are many Atlases, this is RIPE Atlas next generation Internet measurement network To scale to thousands of
More informationNaming in Distributed Systems
Naming in Distributed Systems Dr. Yong Guan Department of Electrical and Computer Engineering & Information Assurance Center Iowa State University Outline for Today s Talk Overview: Names, Identifiers,
More informationIPv6 Support in the DNS. Athanassios Liakopoulos 6DEPLOY IPv6 Training, Skopje, June 2011
IPv6 Support in the DNS Athanassios Liakopoulos (aliako@grnet.gr) 6DEPLOY IPv6 Training, Skopje, June 2011 Copy Rights This slide set is the ownership of the 6DEPLOY project via its partners The Powerpoint
More informationIPv6 Allocation and Policy Update. Global IPv6 Summit in China 2007 April 12, 2007 Guangliang Pan
IPv6 Allocation and Policy Update Global IPv6 Summit in China 2007 April 12, 2007 Guangliang Pan 1 Overview IPv6 allocation status update Global IPv6 allocations APNIC allocation and assignment details
More informationRIPE Network Coordination Centre. An Amsterdam Update. Axel Pawlik
An Amsterdam Update ArtistServer.com/Brillman ARIN XXI, 6-9 April 2008, Denver http://www.ripe.net 1 Personnel Changes New key staff Anand Buddhdev Database Manager Andrea Cima Acting Customer Services
More informationCovert channel detection using flow-data
Covert channel detection using flow-data Guido Pineda Reyes MSc. Systems and Networking Engineering University of Amsterdam July 3, 2014 Guido Pineda Reyes (UvA) Covert channel detection using flow-data
More informationWhat s new at the RIPE NCC?
What s new at the RIPE NCC? PLNOG, Kraków, 28 September 2011 Ferenc Csorba Trainer, RIPE NCC ferenc@ripe.net Topics - overview The Registry System IPv4 depletion IPv6 policy update and statistics RIPEstat,
More information