defragmenting dns
play

Defragmenting DNS Determining the optimal maximum UDP response size - PowerPoint PPT Presentation

Apr 27, 2023 •114 likes •438 views

Defragmenting DNS Determining the optimal maximum UDP response size for DNS Research Project 2 Security and Network Engineering University of Amsterdam Axel Koolhaas & Tjeerd Slokker, July 2020 Background The Domain Name System (DNS)

  1. Defragmenting DNS Determining the optimal maximum UDP response size for DNS Research Project 2 Security and Network Engineering University of Amsterdam Axel Koolhaas & Tjeerd Slokker, July 2020

  2. Background ● The Domain Name System (DNS) translates host names into IP addresses ● DNS works with Resource Records A, AAAA, DNAME, etc... Source: Wikipedia.org 2

  3. Background ● EDNS(0) are extension mechanisms for DNS, and the current default ○ EDNS has UDP Message Size, communicating response size capability ● The Internet is a network of networks ○ Not every network has the same Maximum Transmission Unit (MTU) 3

  4. Background ● Path MTU Discovery (PMTUD) discovers Path MTU between two nodes ○ PMTUD is flawed, due to conservativity and failing ICMP messages ● Fragmentation occurs when a packet exceeds the PMTU ○ IP fragmentation introduces fragility to DNS ○ ICMP messages cause problems for DNS servers since they are stateless 4

  5. Recap ● PMTUD is unreliable ● DNS is connectionless which causes problems with fragmentation of DNS packets We aim to suggest an optimal maximum EDNS message size for DNS ❖ 5

  6. Research Questions ● What is the optimal EDNS message size to avoid IP fragmentation? ○ Is there a difference between IPv4 and IPv6 regarding PMTU sizes? ○ Which EDNS message size is best in terms of support for DNS stub resolvers? ○ Which EDNS message size is best in terms of support for DNS open resolvers? 6

  7. Related Work How many problems does fragmentation cause? ● Weaver, et al. showed that 9% of DNS resolvers don’t receive fragmented UDP datagrams [1] ● Van Den Broek, et al. expanded on this, showing that as much as 10.5% of all resolvers suffer from fragmentation-related connectivity issues [2] 7

  8. Related Work How can you measure the PMTU? ● Toorop used custom name servers experiment with different EDNS message sizes [3] ○ Different sub-domains produce different sized responses ● DNS-OARC used a custom DNS server and chained CNAME responses [4] ○ Server sends multiple replies, where each reply decreases in size. ❖ Both use custom name servers, decreasing reproducibility 8

  9. Related Work How can fragmentation in DNS be prevented? ● Fujiwara & Vixie wrote a RFC draft on fragmentation avoidance in DNS [5] ○ A suggestion is made on a possible maximum EDNS message size 9

  10. Related Work How can fragmentation in DNS be prevented? ● Fujiwara & Vixie wrote a RFC draft on fragmentation avoidance in DNS [5] ○ A suggestion is made on a possible maximum DNS/UDP payload size Topical subject! ❖ 10

  11. Methodology 11

  12. Platform to perform measurements with Methodology 12

  13. Four separate Atlas measurements Methodology 13

  14. Methodology The paths we measure 14

  15. Our DNS server Methodology 15

  16. Solution to universal query Methodology 16

  17. We aggregate our results from the Atlas API and dnstap Methodology logs 17

  18. Results IPv4 Stub Resolver Note: this is the EDNS message size, so MTU minus IP and UDP headers Stub Resolver IPv4 1452 IPv6 18

  19. Results IPv6 Stub Resolver Stub Resolver IPv4 1452 IPv6 1364 19

  20. Results open IPv4 Resolver Stub Resolver IPv4 1452 1232 IPv6 1364 20

  21. Results open IPv6 Resolver Stub Resolver IPv4 1452 1232 IPv6 1364 1232 21

  22. Discussion - Results ● MTUs 1500 & 1492 stand out ● IPv6 Stub ● IPv4/6 Resolvers 22

  23. Results IPv6 Stub Resolver Stub Resolver IPv4 1452 IPv6 1364 23

  24. Discussion - Results ● MTUs 1500 & 1492 ● IPv6 Stub ● IPv4/6 Resolvers 24

  25. Results open IPv6 Resolver Stub Resolver IPv4 1452 1232 IPv6 1364 1232 25

  26. Discussion - Limitations ● MTU support Digital Ocean ● Dynamic paths ● Failing probes ● RIPE Atlas bias 26

  27. Conclusion ● Created publicly available reproducible environment [6] ● EDNS(0) message sizes Stub Resolver IPv4 1452 1232 IPv6 1364 1232 27

  28. Conclusion ● Created publicly available reproducible environment [6] ● EDNS(0) message sizes Stub Resolver IPv4 1452 1232 IPv6 1232 1232 28

  29. Conclusion ● Created publicly available reproducible environment [6] ● EDNS(0) message sizes Stub Resolver IPv4 1452 1452 IPv6 1364 1412 29

  30. Future Work ● Spread of probes within ASs ● Failing probes ● Continuation 30

  31. There is no single “magical” EDNS(0) message size for all DNS resolver implementations. Special thanks to Willem Toorop from NLnet Labs for all his help. 31

  32. References [1] - Weaver, N., Kreibich, C., Nechaev, B., & Paxson, V. (2011, April). Implications of Netalyzr’s DNS measurements. In Proceedings of the First Workshop on Securing and Trusting Internet Names (SATIN), Teddington, United Kingdom . [2] - Van Den Broek, G., van Rijswijk-Deij, R., Sperotto, A., & Pras, A. (2014). DNSSEC meets real world: dealing with unreachability caused by fragmentation. IEEE communications magazine , 52 (4), 154-160. [3] - Toroop. (2013) https://medium.com/nlnetlabs/using-pmtud-for-a-higher-dns-responsiveness-60e129917665 [4] - OARC. https://www.dns-oarc.net/oarc/services/replysizetest [5] - Fujiwara & Vixie. (2020) Fragmentation Avoidance in DNS [6] - https://github.com/shoaloak/defragDNS 32

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Water Efficiency as a Partner to Energy Efficiency Mary Ann Dickinson President and CEO

Water Efficiency as a Partner to Energy Efficiency Mary Ann Dickinson President and CEO

Water Efficiency as a Partner to Energy Efficiency Mary Ann Dickinson President and CEO November 19, 2019 AWE: A Voice for Water Efficiency Our mission is to promote an efficient and sustainable water future A unique network and forum

331 views • 22 slides
MCA Market Research Consumer perception survey: fixed broadband November 2019 Purpose The MCA

MCA Market Research Consumer perception survey: fixed broadband November 2019 Purpose The MCA

MCA Market Research Consumer perception survey: fixed broadband November 2019 Purpose The MCA Consumer Perception Surveys are carried out every two years to get insight on the preferences of household consumers when purchasing electronic

763 views • 35 slides
QoS in PPPoE Quality of Service in the Point-to-Point Protocol over Ethernet Masters Thesis

QoS in PPPoE Quality of Service in the Point-to-Point Protocol over Ethernet Masters Thesis

QoS in PPPoE Quality of Service in the Point-to-Point Protocol over Ethernet Masters Thesis Patrik Lahti KTH, Telia Research AB Outline Introduction Quality of Service Point-to-Point Protocol over Ethernet Background and

795 views • 28 slides
ARDA: Technology for Distributed Analysis http://cern.ch/arda Jakub Moscicki ARDA Project

ARDA: Technology for Distributed Analysis http://cern.ch/arda Jakub Moscicki ARDA Project

ISGC 2004 Taipei ARDA: Technology for Distributed Analysis http://cern.ch/arda Jakub Moscicki ARDA Project Jakub.Moscicki@cern.ch www.eu-egee.org cern.ch/lcg EGEE is a project funded by the European Union under contract IST-2003-508833

698 views • 32 slides
Xt 101 Eola Drive, Orlando, FL Justin Raducha Structural Option April 15 th , 2008 Senior

Xt 101 Eola Drive, Orlando, FL Justin Raducha Structural Option April 15 th , 2008 Senior

Xt 101 Eola Drive, Orlando, FL Justin Raducha Structural Option April 15 th , 2008 Senior Thesis Presentation Outline Building Statistics Introduction & Building Overview Building Statistics Location : 101 South Eola Dr.

351 views • 20 slides
Computer Science Class XII ( As per CBSE Board) Visit : python.mykvs.in for regular updates Web

Computer Science Class XII ( As per CBSE Board) Visit : python.mykvs.in for regular updates Web

New syllabus 2020-21 Chapter 9 Web services Computer Science Class XII ( As per CBSE Board) Visit : python.mykvs.in for regular updates Web services Web service - is a standardized medium,protocol or language to propagate communication

219 views • 19 slides
Oral Evaluation Rubric Criteria Distinguished Proficient Basic Unacceptable Extremely well

Oral Evaluation Rubric Criteria Distinguished Proficient Basic Unacceptable Extremely well

Oral Evaluation Rubric Criteria Distinguished Proficient Basic Unacceptable Extremely well Generally well Somewhat organized. Poor or non existent organized. organized. organization. Introduces the purpose Introduces the Introduces the

331 views • 3 slides
Releases Trang Deluca Sr Change and Release Planner Independent 2017 Releases Market Simulation

Releases Trang Deluca Sr Change and Release Planner Independent 2017 Releases Market Simulation

Market Simulation Independent 2017 Releases Trang Deluca Sr Change and Release Planner Independent 2017 Releases Market Simulation October 16, 2017 Agenda ISO Market Simulation Support Market Simulation Issue Management

326 views • 17 slides
Linking the downtown tunnel to the Eastside June 2019 East Link Overview To Northgate 10

Linking the downtown tunnel to the Eastside June 2019 East Link Overview To Northgate 10

Linking the downtown tunnel to the Eastside June 2019 East Link Overview To Northgate 10 stations 14 miles Opens 2023 To Angle Lake 2 Why we are here T o share draft construction timelines, our operating plan, and our Connect 2020

391 views • 22 slides
Response Consistency between the Ancestry Question and the Detailed Race and Ethnicity Questions

Response Consistency between the Ancestry Question and the Detailed Race and Ethnicity Questions

Response Consistency between the Ancestry Question and the Detailed Race and Ethnicity Questions from the 2016 American Community Survey Content Test Gregory J. Mills American Community Survey Office Sarah K. Heimel Decennial Statistical

796 views • 31 slides
Interaction of Flotation Cell Operating Variables Henry Peters and Tom Remigio Tim Evans and

Interaction of Flotation Cell Operating Variables Henry Peters and Tom Remigio Tim Evans and

Interaction of Flotation Cell Operating Variables Henry Peters and Tom Remigio Tim Evans and Marc Dagenais Purpose of Study Previous Abitibi-Consolidated deinking plant benchmarking had shown large variation in ink removal performance

613 views • 21 slides
OrderMergeDedup: Efficient, Failure-Consistent Deduplication on Flash Zhuan Chen and Kai Shen

OrderMergeDedup: Efficient, Failure-Consistent Deduplication on Flash Zhuan Chen and Kai Shen

OrderMergeDedup: Efficient, Failure-Consistent Deduplication on Flash Zhuan Chen and Kai Shen University of Rochester Background } I/O deduplication } Eliminate I/O writes with redundant content } Reduce the storage space usage } Write

703 views • 14 slides
Home Accessibility Adaptations For the Supported Living Services (SLS) and Childrens

Home Accessibility Adaptations For the Supported Living Services (SLS) and Childrens

Home Accessibility Adaptations For the Supported Living Services (SLS) and Childrens Extensive Support (CES) Waivers Presented by: Diane Byrne December 2018 1 Our Mission Improving health care access and outcomes for the people we serve

120 views • 11 slides
Fee Amendments Proposed Appendix Q Updates Outreach and Feedback Sessions Fall 2019 Modernizing

Fee Amendments Proposed Appendix Q Updates Outreach and Feedback Sessions Fall 2019 Modernizing

Land Development Services Fee Amendments Proposed Appendix Q Updates Outreach and Feedback Sessions Fall 2019 Modernizing our Fee Structure Focused on Cost Recovery, Simplicity and Consistency 2 Consistency Among All ll Build ildin ing

466 views • 8 slides
A path to improve operational delivery, sustainable growth, consistent earnings and cash flow

A path to improve operational delivery, sustainable growth, consistent earnings and cash flow

A path to improve operational delivery, sustainable growth, consistent earnings and cash flow generation. June 2019 1. Simplifying Key our business themes 2. Focusing for driving on our capabilities where we excel improvements

298 views • 15 slides
DATA CONSISTENCY TEST TOWARDS SYSTEMATIC REQUIREMENTS ELICITATION IN AUTOMOTIVE MULTI-CORE

DATA CONSISTENCY TEST TOWARDS SYSTEMATIC REQUIREMENTS ELICITATION IN AUTOMOTIVE MULTI-CORE

DATA CONSISTENCY TEST TOWARDS SYSTEMATIC REQUIREMENTS ELICITATION IN AUTOMOTIVE MULTI-CORE APPLICATIONS ERTS 2020 Toulouse, 30.01.2020 Ralph Mader Vitesco Technologies GmbH Wolfgang Pree University of Salzburg and Chrona.com Public DATA

917 views • 44 slides
Regulation Redesign Simplifying Rules for City Building Fall 2018 Overview 1. Introduction to

Regulation Redesign Simplifying Rules for City Building Fall 2018 Overview 1. Introduction to

Regulation Redesign Simplifying Rules for City Building Fall 2018 Overview 1. Introduction to the Regulation Redesign 2. Challenges of Current Land Use Regulations 3. Objectives of Regulation Redesign 4. Timeline 5. Engagement 6. Your

370 views • 14 slides
On consistency of community detection in networks Yunpeng Zhao Department of Statistics, George

On consistency of community detection in networks Yunpeng Zhao Department of Statistics, George

On consistency of community detection in networks Yunpeng Zhao Department of Statistics, George Mason University Joint work with: Elizaveta Levina and Ji Zhu Outline 1 Consistency of community detection criteria under degree-corrected block

886 views • 57 slides
Universe of Alternatives and Initial Screening Results Initial Screening Results Public Open

Universe of Alternatives and Initial Screening Results Initial Screening Results Public Open

M IDTOWN C ORRIDOR A LTERNATIVES A NALYSIS M IDTOWN C ORRIDOR A LTERNATIVES A NALYSIS Universe of Alternatives and Initial Screening Results Initial Screening Results Public Open Houses p May 21 and 23, 2013 Todays Presentation Open house

543 views • 27 slides
How to Use Layout and Visual Presentation Webinar 2 Live webcast: Monday, April 27, 2015

How to Use Layout and Visual Presentation Webinar 2 Live webcast: Monday, April 27, 2015

Best Practices for Official Voter Guides How to Use Layout and Visual Presentation Webinar 2 Live webcast: Monday, April 27, 2015 Jennifer Pae and Melissa Breach, League of Women Voters of California Education Fund Drew Davies, Oxide Design

529 views • 30 slides
Presentation Policy Presentation Policy Date of Policy: November 2012 Date of Review : March

Presentation Policy Presentation Policy Date of Policy: November 2012 Date of Review : March

Presentation Policy Presentation Policy Date of Policy: November 2012 Date of Review : March 2018 Member of staff with overall responsibility: Miss E. Wood Gov. Body Sub-Committee with reviewing responsibility: Standards & Curriculum Aim

36 views • 3 slides
Framework Project Stakeholder Listening Sessions Officers of Administration May 1, 2019 1

Framework Project Stakeholder Listening Sessions Officers of Administration May 1, 2019 1

OA Job Family Framework Project Stakeholder Listening Sessions Officers of Administration May 1, 2019 1 Agenda 1. Overview of the OA Job Family Framework project 2. Hearing from you . To provide additional feedback, please go to:

548 views • 8 slides
Highlands Highlands Council Meeting June 16 2011 June 16, 2011 P bli H P bli H Public

Highlands Highlands Council Meeting June 16 2011 June 16, 2011 P bli H P bli H Public

Highlands Highlands Council Meeting June 16 2011 June 16, 2011 P bli H P bli H Public Hearing Public Hearing i i Bloomingdale Borough Bloomingdale Borough Petition for Plan Petition for Plan Conformance Petition for Plan Petition for

379 views • 34 slides
Regulation Update Emma Gilpin, Head of Regulatory Policy Judith Joy, Regulatory Lawyer

Regulation Update Emma Gilpin, Head of Regulatory Policy Judith Joy, Regulatory Lawyer

Regulation Update Emma Gilpin, Head of Regulatory Policy Judith Joy, Regulatory Lawyer Association of Consulting Actuaries: Sessional Meeting 13 September 2018 Headlines from Regulation Revised Actuaries Code Quality Assurance

403 views • 21 slides

More recommend