analysis of dns resolver performance measurements
play

Analysis of DNS Resolver Performance Measurements Introduction - PowerPoint PPT Presentation

Dec 16, 2023 •276 likes •566 views

Hamza Boulakhrif hamza.boulakhrif@os3.nl Your Logo Here System and Network Engineering Supervisors: Willem Toorop - willem@nlnetlabs.nl Yuri Schaeffer - yuri@nlnetlabs.nl Analysis of DNS Resolver Performance Measurements Introduction LOGO

  1. Hamza Boulakhrif hamza.boulakhrif@os3.nl Your Logo Here System and Network Engineering Supervisors: Willem Toorop - willem@nlnetlabs.nl Yuri Schaeffer - yuri@nlnetlabs.nl Analysis of DNS Resolver Performance Measurements

  2. Introduction LOGO ● Domain Name System ● Internet Building Block ● Distributed Tree structure ● Delegations ● Responsibility ● Ownership Amsterdam, 03/07/15

  3. Introduction LOGO ● DNS Authoritatives ● DNS Resolvers Figure 1: http://www.technicalinfo.net/ Amsterdam, 03/07/15

  4. Related Work LOGO B. Ager, W. Mhlbauer, Comparing DNS Resolvers in the Wild , IMC’10, November 1-3, 2010, Melbourne, Australia. J. Jung, E. Sit, H. Balakrishnan, R. Morris, DNS Performance and the Efgectiveness of Caching , IMW’01, November 1-2, 2001, San Francisco, CA, USA. Y. Sekiya, K. Cho, A. Kato, J. Murai, Research of Method for DNS Performance Measurement and Evaluation Based on Benchmark DNS Servers , Wiley Periodicals, Vol. 89, No. 10, 2006. Wouter C.A. Wijngaards, Benno J. Overeinder, Securing DNS: Extending DNS Servers with a DNSSEC Validator , IEEE Security & Privacy, vol.7, no. 5, pp. 36- 43, September/October 2009. Secure64 Software Corporation, White paper: Lies, Damn Lies and DNS Performance Statistics , Greenwood Village, CO, USA. Amsterdam, 03/07/15

  5. Research Question LOGO What is the performance of difgerent DNS resolver implementations? Can a method be devised to measure the performance of DNS resolver implementations objectively? What are corner cases of the DNS resolver implementations measured? Amsterdam, 03/07/15

  6. Scope LOGO ● Measurement on Open Source Resolvers ● Devise method to perform measurements ● Setup environment with difgerent resolvers ● Write code to extract data from measurements ● Measurements will not be performed on hardware ● Analysis of DNS Resolver code is also not performed Amsterdam, 03/07/15

  7. Approach LOGO ● Devise method for measurements ● Setup environment (in OS3 lab) ● Resolvers ● Tools ● Code ● Perform measurements ● Analyse results ● Uncover (possible) corner cases Amsterdam, 03/07/15

  8. Measurement Method LOGO ● Challenges devising a method for measuring DNS Resolvers ● Recursiveness ● Extraction of information ● Benchmarking Amsterdam, 03/07/15

  9. Measurement Method LOGO ● Measure in terms of time (time per query) ● Real World, in other words, the Internet ● Not biased ● Diversity of queries ● Changing nature of the Internet ● Unbound ● NLnet Labs ● BIND ● Internet Systems Consortium ● PowerDNS ● PowerDNS.COM Amsterdam, 03/07/15

  10. Measurement Method LOGO Amsterdam, 03/07/15

  11. Measurement Method LOGO ● PCAP for storing DNS traffjc ● All data you need ● Easy to parse ● Nominum Query Trace ● Python to Analyse ● DPKT library ● Matplotlib library Amsterdam, 03/07/15

  12. Results of Measurements LOGO ● Analysis by comparison ● Analysis by division ● Dataset: Dataset Measurements 227 57315 A Records AAAA Records 31432 MX Records PTR Records 29782 SRV Recrods 255167 Total: 373,923 Amsterdam, 03/07/15

  13. Results of Measurements DNS LOGO Amsterdam, 03/07/15

  14. Unbound LOGO Amsterdam, 03/07/15

  15. BIND LOGO Amsterdam, 03/07/15

  16. PowerDNS LOGO Amsterdam, 03/07/15

  17. Results of Measurements DNSSEC LOGO ● Changed packets to perform DNSSEC ● Dataset: Dataset Measurements ● 4.5% is DNSSEC 16271 Non-DNSSEC DNSSEC 357652 Total: 373,923 Amsterdam, 03/07/15

  18. Results of Measurements DNSSEC LOGO Amsterdam, 03/07/15

  19. Results of Measurements Unbound LOGO Amsterdam, 03/07/15

  20. Results of Measurements BIND LOGO Amsterdam, 03/07/15

  21. Corner Cases LOGO ● Cases where resolvers act difgerently ● Same Query ● Difgerent response ● Most corner cases ● No Error No data ● ServFail Amsterdam, 03/07/15

  22. Corner Case Examples LOGO ● PowerDNS result in ServFail ● Unbound and BIND result in NoError NoData dig italiancookingandliving.com MX ● Not entirely clear who is right ● If the same domain name exists with difgerent type ● If no other records exists Amsterdam, 03/07/15

  23. Corner Case Examples LOGO ● BIND results in ServFail ● Unbound and PowerDNS result in NoError dig 102.163.171.69.in-addr.arpa PTR ● It is a mistery why Unbound and PowerDNS are able to resolve. Amsterdam, 03/07/15

  24. Corner Case Examples LOGO ● Unbound results in ServFail ● BIND and PowerDNS result in NoError dig s38.ck.koramgame.com A ● There are 10 CNAMEs Amsterdam, 03/07/15

  25. Conclusion LOGO ● PowerDNS ● Performance ● Short timers ● Sometimes too lenient ● BIND ● Performance ● A bit longer timers ● Strict ● Unbound ● Performance ● Variable timers (can be very long) ● Lenient ● DNS Resolvers are not always about performance ● Other variables Amsterdam, 03/07/15

  26. Future Work LOGO ● Devise other methods for measuring DNS resolvers ● Measure using difgerent dataset ● Investigate corner cases Amsterdam, 03/07/15

  27. LOGO Questions Amsterdam, 03/07/15

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

A flexible DNSSEC-validating Resolver Ondej Sur ondrej.sury@nic.cz 7.3.2016 What

A flexible DNSSEC-validating Resolver Ondej Sur ondrej.sury@nic.cz 7.3.2016 What

A flexible DNSSEC-validating Resolver Ondej Sur ondrej.sury@nic.cz 7.3.2016 What is Knot DNS Resolver? Platform for building recursive DNS service Open-source DNS Resolver (GPLv3+) Full DNSSEC support: RFC 6650

265 views • 12 slides
Query Log Analysis Detecting Anomalies in DNS Tra ffi c at a TLD Resolver Pieter Robberechts

Query Log Analysis Detecting Anomalies in DNS Tra ffi c at a TLD Resolver Pieter Robberechts

Query Log Analysis Detecting Anomalies in DNS Tra ffi c at a TLD Resolver Pieter Robberechts Promotor: Prof. Hendrik Blockeel Thesis Defence Co-promoter: Ronald Geens Jun 30, 2017 Goal and Context Goal and Context The QLAD System Results

359 views • 31 slides
Query Log Analysis Detecting Anomalies in DNS Tra ffi c at a TLD Resolver Pieter Robberechts ,

Query Log Analysis Detecting Anomalies in DNS Tra ffi c at a TLD Resolver Pieter Robberechts ,

Query Log Analysis Detecting Anomalies in DNS Tra ffi c at a TLD Resolver Pieter Robberechts , Maarten Bosteels, Jesse Davis and Wannes Meert Goal and Context Goal and Context The QLAD System Results Conclusion DNS The Domain Name System

659 views • 26 slides
GaudiMP GaudiMP performance performance- and and KSM KSM- measurements measurements

GaudiMP GaudiMP performance performance- and and KSM KSM- measurements measurements

GaudiMP GaudiMP performance performance- and and KSM KSM- measurements measurements Nathalie Rauschmayr 1 Overview Overview 2 Speedup Speedup Reconstruction of 10000 Events 3 Speedup Speedup Simulation of 100 Events 4

344 views • 15 slides
How to get a trustworthy DNS Privacy enabling recursive resolver an analysis of authentication

How to get a trustworthy DNS Privacy enabling recursive resolver an analysis of authentication

How to get a trustworthy DNS Privacy enabling recursive resolver an analysis of authentication mechanisms for DNS Privacy enabling recursive resolvers Benno Overeinder Melinda Shore Willem Toorop Fastly NLnet Labs NLnet Labs (presenter)

321 views • 21 slides
Internet traffic measurements Renata Teixeira (Inria) Why measure traffic? Performance

Internet traffic measurements Renata Teixeira (Inria) Why measure traffic? Performance

Internet traffic measurements Renata Teixeira (Inria) Why measure traffic? Performance analysis Anomaly and intrusion detec=on Network engineering Traffic at different granulari=es IP-level packets Capture per-packet

539 views • 40 slides
Privacy analysis of DNS resolver solutions J.H.C. van Heugten University of Amsterdam MSc System

Privacy analysis of DNS resolver solutions J.H.C. van Heugten University of Amsterdam MSc System

Privacy analysis of DNS resolver solutions J.H.C. van Heugten University of Amsterdam MSc System and Network Engineering July 3, 2018 J.H.C. van Heugten (UvA) DNS privacy July 3, 2018 1 / 14 Introduction Weve updated our privacy

162 views • 14 slides
Analysis of errors in measurements and inversion By Philippe LE MASSON & Morgan DAL

Analysis of errors in measurements and inversion By Philippe LE MASSON & Morgan DAL

METTI IV Thermal Measurements and Inverse Techniques, Roscoff, France, June 13-18, 2011 Tutorial 12 : Analysis of errors in measurements and inversion By Philippe LE MASSON & Morgan DAL Laboratoire dIngnierie des

753 views • 47 slides
Domain Name System (DNS) Session 2: Resolver Operation and debugging Joe Abley AfNOG

Domain Name System (DNS) Session 2: Resolver Operation and debugging Joe Abley AfNOG

Domain Name System (DNS) Session 2: Resolver Operation and debugging Joe Abley AfNOG Workshop, AIS 2014, Djibou> DNS Resolver Operation How Resolvers Work (1) If we've dealt with this query before recently,

838 views • 46 slides
Domain Name System (DNS) Session 2: Resolver Operation and debugging Michuki Mwangi AfNOG

Domain Name System (DNS) Session 2: Resolver Operation and debugging Michuki Mwangi AfNOG

Domain Name System (DNS) Session 2: Resolver Operation and debugging Michuki Mwangi AfNOG Workshop, AIS 2018, Dakar DNS Resolver Operation How Resolvers Work (1) ! If we've dealt with this query before recently, answer is already in the cache

452 views • 41 slides
Domain Name System (DNS) Session 2: Resolver Operation and debugging Joe Abley AfNOG Workshop,

Domain Name System (DNS) Session 2: Resolver Operation and debugging Joe Abley AfNOG Workshop,

Domain Name System (DNS) Session 2: Resolver Operation and debugging Joe Abley AfNOG Workshop, AIS 2017, Nairobi DNS Resolver Operation How Resolvers Work (1) If we've dealt with this query before recently, answer is already in the cache

558 views • 42 slides
PRELIMINARY ANALYSIS RESULTS S S S S OF N-DOSYS DOSIMETERS MEASUREMENTS OF N DOSYS DOSIMETERS

PRELIMINARY ANALYSIS RESULTS S S S S OF N-DOSYS DOSIMETERS MEASUREMENTS OF N DOSYS DOSIMETERS

Tenth Symposium on Neutron Dosimetry Uppsala, Sweden, 12 16 June 2006 PRELIMINARY ANALYSIS RESULTS S S S S OF N-DOSYS DOSIMETERS MEASUREMENTS OF N DOSYS DOSIMETERS MEASUREMENTS F. Groppi, M. L. Bonardi, L. Gini F. pp , . L. , L.

462 views • 13 slides
Verification Verification, Performance Performance Analysis Performance Performance Analysis

Verification Verification, Performance Performance Analysis Performance Performance Analysis

Verification Verification, Performance Performance Analysis Performance Performance Analysis Analysis and Analysis and Synthesis Synthesis of Embedd f E E b dd d S b dded Sys ystems t ems Kim G. Larsen Kim G. Larsen Aalborg

1.44k views • 116 slides
Analysis of variance and regression 2009-3-11 Lene Theil Skovgaard Repeated measurements May

Analysis of variance and regression 2009-3-11 Lene Theil Skovgaard Repeated measurements May

Repeated Measurements, lts, 7-5-09 Analysis of variance and regression 2009-3-11 Lene Theil Skovgaard Repeated measurements May 7, 2009 lts Repeated Measurements, lts, 7-5-09 Repeated measurements over time Introduction. Presentation of

1.41k views • 114 slides
Power Analysis an overview Agenda Analysis Measurements Benedikt Gierlichs KU Leuven

Power Analysis an overview Agenda Analysis Measurements Benedikt Gierlichs KU Leuven

Power Analysis an overview Agenda Analysis Measurements Benedikt Gierlichs KU Leuven COSIC, Belgium benedikt.gierlichs@esat.kuleuven.be Pre-processing Attacks Summer School on Evaluation Design and security of cryptographic

228 views • 11 slides
MySpeedTest: Active and Passive Measurements of Cellular Data Network Performance Sachit

MySpeedTest: Active and Passive Measurements of Cellular Data Network Performance Sachit

MySpeedTest: Active and Passive Measurements of Cellular Data Network Performance Sachit Muckaden Georgia Institute of Technology Motivation To study the effect of several possible parameters on performance Understand if and how

284 views • 10 slides
DNS Session 2: DNS cache operation and DNS debugging TENET NSRC - 2013 DNS Cache Operation

DNS Session 2: DNS cache operation and DNS debugging TENET NSRC - 2013 DNS Cache Operation

DNS Session 2: DNS cache operation and DNS debugging TENET NSRC - 2013 DNS Cache Operation How caching NS works (1) If we've dealt with this query before recently, answer is already in the cache - easy! Query Caching Resolver NS

471 views • 45 slides
DNS Session 4: Delegation and reverse DNS Joe Abley AfNOG 2006 workshop How do you delegate a

DNS Session 4: Delegation and reverse DNS Joe Abley AfNOG 2006 workshop How do you delegate a

DNS Session 4: Delegation and reverse DNS Joe Abley AfNOG 2006 workshop How do you delegate a subdomain? In principle straightforward: just insert NS records for the subdomain, pointing at someone else's servers If you are being

228 views • 18 slides
Neutron Port Binding and Impact of Unbound Ports on DVR Routers with Floating IPs Presenters

Neutron Port Binding and Impact of Unbound Ports on DVR Routers with Floating IPs Presenters

Neutron Port Binding and Impact of Unbound Ports on DVR Routers with Floating IPs Presenters Brian Haley - Red Hat Swaminathan Vasudevan - SUSE Agenda Introduction Proposed Approach to handle the Neutron Port Binding Unbound

272 views • 23 slides
COMPANY PRESENTATION FEBRUARY 2019 Le ar n The only sustainable competitive advantage over time

COMPANY PRESENTATION FEBRUARY 2019 Le ar n The only sustainable competitive advantage over time

COMPANY PRESENTATION FEBRUARY 2019 Le ar n The only sustainable competitive advantage over time is the speed at which companies learn. Large companies don't beat small companies. Small companies don't beat large companies. Fast companies beat

487 views • 48 slides
The ties that bind: Dynamics in open adoption Naomi Hesseling-Green Open Adoption The planned

The ties that bind: Dynamics in open adoption Naomi Hesseling-Green Open Adoption The planned

The ties that bind: Dynamics in open adoption Naomi Hesseling-Green Open Adoption The planned and conscious maintaince of links between those who are adopted and their original family networks (Ryburn, 1994, p.3) Sharing of Ongoing

294 views • 25 slides
That Bind a Nation: Union Pacific Paul Marcinko Network, Economic & Industrial Development

That Bind a Nation: Union Pacific Paul Marcinko Network, Economic & Industrial Development

The Ties That Bind a Nation: Union Pacific Paul Marcinko Network, Economic & Industrial Development Group 1 Building America for more than 150 Years 2 Seattle Eastport Duluth Portland Twin Cities 2017 Chicago Fast Facts Omaha

89 views • 7 slides
Bioaccessibility studies using in vitro extraction methods on soils vitro extraction methods on

Bioaccessibility studies using in vitro extraction methods on soils vitro extraction methods on

Bioaccessibility studies using in vitro extraction methods on soils vitro extraction methods on soils of North America Suzette A. Morman, RN, MSc., MPH smorman@usgs.gov (303) 236-1205 David B. Smith, PhD gplumlee@usgs.gov (303) 236-1204 U.S.

863 views • 20 slides
Sc ope of Wor k to F ac ilitate Comple tion of the Human He alth Risk Asse ssme nt to Suppor

Sc ope of Wor k to F ac ilitate Comple tion of the Human He alth Risk Asse ssme nt to Suppor

Sc ope of Wor k to F ac ilitate Comple tion of the Human He alth Risk Asse ssme nt to Suppor t MV2007L8-0031 the Pr opose d Re me diation of Giant Mine G. Mark Ric hardson, Ph.D., L indsay Smith-Munoz, M.Sc . & Ale xis F ast,

384 views • 9 slides

More recommend