DNS Measurements, Monitoring & Quality Control

Transcription

1 DNS Measurements, Monitoring & Quality Control Universität Bielefeld CENTR General Assembly Budapest, CENTR GA DNS Monitoring 1 of 18

2 The Monitor Some Bad News (headlines, at least) Facts behind the News How to investigate Thoughts on prevention CENTR GA DNS Monitoring 2 of 18

3 News at eleven More than 80% of all TLD and Root nameservers are vulnerable! (anonymous) CENTR GA DNS Monitoring 3 of 18

4 DNS Why bother? DNS is critical infrastructure often overlooked, but easy to understand more visible and accessible than other parts of that infrastructure proven scalability and redundancy many new tasks out there Overloading the Saddlebags of an Old Horse (Randy Bush) CENTR GA DNS Monitoring 4 of 18

5 New Challenges IDN Internationalisation expect more queries for non compliant hostnames, longer names DNSSEC Data Origin Authentication larger packets, more latency ENUM Phone Numbers hierarchy, again IPv6 A6 RRs and IP6.ARPA query volume, namespace fragmentation CENTR GA DNS Monitoring 5 of 18

6 What to look at? Server availability, responsiveness Server response times Query volume and patterns Zone quality CENTR GA DNS Monitoring 6 of 18

7 Availability Monitoring Are your servers alive? Do all your slave servers still exist? Do servers respond (locally)? Are their answers authoritative? Are they in sync? ( DNS zone convergence times) CENTR GA DNS Monitoring 7 of 18

8 Who s out there? Cooperative Association for Internet Data Analysis (CAIDA) RIPE NCC TTM RIPE DNS Hostcount TLD led initiatives, e.g. AFNIC s zonecheck DNS ISAC (Information Sharing and Analysis Center) The Matrix, Men & Mice,... CENTR GA DNS Monitoring 8 of 18

9 CAIDA s passive measurements NeTraMet listening to DNS packets only Meter sites: Auckland, Colorado, San Diego ( far end of the net) Measures RTT Compared cctlds with Root and gtlds cctld s servers receive less queries than gtlds Servers covering multiple cctlds Busiest cctlds inspected Nevil Brownlee looking for more meter sites CENTR GA DNS Monitoring 9 of 18

10 Single server monitoring Watch query patterns (and maybe responses) at single server... including all anycast instances CENTR GA DNS Monitoring 10 of 18

11 Server Anycasting multiple instances, topologically distributed server load distribution increased DDoS resilience documented in RFC 3258 deployed for certain Root Nameservers... and some TLD servers also attractive for cctld servers CENTR GA DNS Monitoring 11 of 18

12 Operational advantages by measurement & monitoring Both recent F measurements (Nemeth, Wessels) suggest limited number of high volume culprits find out which sloppy software and/or configuration costs your money microsoft.com problems first noted at COM servers reachability in remote parts of the network is service not only to remote users but also to your customers CENTR GA DNS Monitoring 12 of 18

13 DNS quality in and around RIPE NCC: Active measurements, stay tuned for next slide show DNS WG technical DNS quality on sub TLD levels collect, compile and evaluate set of tests for pre-delegation checks DNS Hostcount long standing data collection growth statistics some postprocessing looking for error patterns and habits CENTR GA DNS Monitoring 13 of 18

14 DNS checks AFNIC has published zonecheck Service freely available on the web: Hostcount data shows lots of problems Responsibilities for technical quality below TLD Problems at 2nd or 3rd level may affect innocent third parties Additional service vs. necessary monitoring Participate in test collection and evaluation CENTR GA DNS Monitoring 14 of 18

15 What is all this measuring good for? Registry resource planning Registry operations and incident response Customer service QoS documentation Deployment support Directions for future DNS work CENTR GA DNS Monitoring 15 of 18

16 Example (DE): Effects of Server Deployment CENTR GA DNS Monitoring 16 of 18

17 A Plea do (support) research (have someone) monitor your servers and service share and publish results coordinate measurements CENTR GA DNS Monitoring 17 of 18

18 ?! CENTR GA DNS Monitoring 18 of 18