DNS Measurements, Monitoring & Quality Control Universität Bielefeld pk@techfak.uni-bielefeld.de CENTR General Assembly Budapest, 2003-06-02 CENTR GA 2003-06-02 DNS Monitoring 1 of 18
The Monitor Some Bad News (headlines, at least) Facts behind the News How to investigate Thoughts on prevention CENTR GA 2003-06-02 DNS Monitoring 2 of 18
News at eleven More than 80% of all TLD and Root nameservers are vulnerable! (anonymous) CENTR GA 2003-06-02 DNS Monitoring 3 of 18
DNS Why bother? DNS is critical infrastructure often overlooked, but easy to understand more visible and accessible than other parts of that infrastructure proven scalability and redundancy many new tasks out there Overloading the Saddlebags of an Old Horse (Randy Bush) CENTR GA 2003-06-02 DNS Monitoring 4 of 18
New Challenges IDN Internationalisation expect more queries for non compliant hostnames, longer names DNSSEC Data Origin Authentication larger packets, more latency ENUM Phone Numbers hierarchy, again IPv6 A6 RRs and IP6.ARPA query volume, namespace fragmentation CENTR GA 2003-06-02 DNS Monitoring 5 of 18
What to look at? Server availability, responsiveness Server response times Query volume and patterns Zone quality CENTR GA 2003-06-02 DNS Monitoring 6 of 18
Availability Monitoring Are your servers alive? Do all your slave servers still exist? Do servers respond (locally)? Are their answers authoritative? Are they in sync? ( DNS zone convergence times) CENTR GA 2003-06-02 DNS Monitoring 7 of 18
Who s out there? Cooperative Association for Internet Data Analysis (CAIDA) RIPE NCC TTM RIPE DNS Hostcount TLD led initiatives, e.g. AFNIC s zonecheck DNS ISAC (Information Sharing and Analysis Center) The Matrix, Men & Mice,... CENTR GA 2003-06-02 DNS Monitoring 8 of 18
CAIDA s passive measurements NeTraMet listening to DNS packets only Meter sites: Auckland, Colorado, San Diego ( far end of the net) Measures RTT Compared cctlds with Root and gtlds cctld s servers receive less queries than gtlds Servers covering multiple cctlds Busiest cctlds inspected Nevil Brownlee looking for more meter sites CENTR GA 2003-06-02 DNS Monitoring 9 of 18
Single server monitoring Watch query patterns (and maybe responses) at single server... including all anycast instances CENTR GA 2003-06-02 DNS Monitoring 10 of 18
Server Anycasting multiple instances, topologically distributed server load distribution increased DDoS resilience documented in RFC 3258 deployed for certain Root Nameservers... and some TLD servers also attractive for cctld servers CENTR GA 2003-06-02 DNS Monitoring 11 of 18
Operational advantages by measurement & monitoring Both recent F measurements (Nemeth, Wessels) suggest limited number of high volume culprits find out which sloppy software and/or configuration costs your money microsoft.com problems first noted at COM servers reachability in remote parts of the network is service not only to remote users but also to your customers CENTR GA 2003-06-02 DNS Monitoring 12 of 18
DNS quality in and around RIPE NCC: Active measurements, stay tuned for next slide show DNS WG technical DNS quality on sub TLD levels collect, compile and evaluate set of tests for pre-delegation checks DNS Hostcount long standing data collection growth statistics some postprocessing looking for error patterns and habits CENTR GA 2003-06-02 DNS Monitoring 13 of 18
DNS checks AFNIC has published zonecheck Service freely available on the web: http://zonecheck.nic.fr/v2/ Hostcount data shows lots of problems Responsibilities for technical quality below TLD Problems at 2nd or 3rd level may affect innocent third parties Additional service vs. necessary monitoring Participate in test collection and evaluation CENTR GA 2003-06-02 DNS Monitoring 14 of 18
What is all this measuring good for? Registry resource planning Registry operations and incident response Customer service QoS documentation Deployment support Directions for future DNS work CENTR GA 2003-06-02 DNS Monitoring 15 of 18
Example (DE): Effects of Server Deployment http://www.denic.de/images/nameserver.pdf CENTR GA 2003-06-02 DNS Monitoring 16 of 18
A Plea do (support) research (have someone) monitor your servers and service share and publish results coordinate measurements CENTR GA 2003-06-02 DNS Monitoring 17 of 18
?! CENTR GA 2003-06-02 DNS Monitoring 18 of 18