dns session 2 dns cache operation and dns debugging
play

DNS Session 2: DNS cache operation and DNS debugging Joe Abley - PowerPoint PPT Presentation

Jul 26, 2023 •278 likes •721 views

DNS Session 2: DNS cache operation and DNS debugging Joe Abley AfNOG 2006 workshop How caching NS works (1) If we've dealt with this query before recently, answer is already in the cache - easy! Query Caching Resolver NS Response What

  1. DNS Session 2: DNS cache operation and DNS debugging Joe Abley AfNOG 2006 workshop

  2. How caching NS works (1) ● If we've dealt with this query before recently, answer is already in the cache - easy! Query Caching Resolver NS Response

  3. What if the answer is not in the cache? ● DNS is a distributed database: parts of the tree (called "zones") are held in different servers ● They are called "authoritative" for their particular part of the tree ● It is the job of a caching nameserver to locate the right authoritative nameserver and get back the result ● It may have to ask other nameservers first to locate the one it needs

  4. How caching NS works (2) Auth NS 2 1 Query Caching Auth 3 Resolver NS NS Response 4 5 Auth NS

  5. How does it know which authoritative nameserver to ask? ● It follows the hierarchical tree structure ● e.g. to query "www.tiscali.co.uk" . (root) 1. Ask here uk 2. Ask here co.uk 3. Ask here 4. Ask here tiscali.co.uk

  6. Intermediate nameservers return "NS" resource records ● "I don't have the answer, but try these other nameservers instead" ● Called a REFERRAL ● Moves you down the tree by one or more levels

  7. Eventually this process will either: ● Find an authoritative nameserver which knows the answer (positive or negative) ● Not find any working nameserver: SERVFAIL ● End up at a faulty nameserver - either cannot answer and no further delegation, or wrong answer! ● Note: the caching nameserver may happen also to be an authoritative nameserver for a particular query. In that case it will answer immediately without asking anywhere else. We will see later why it's a better idea to have separate machines for caching and authoritative nameservers

  8. How does this process start? ● Every caching nameserver is seeded with a list of root servers /etc/namedb/named.conf zone "." { type hint; file "named.root"; } /etc/namedb/named.root . 3600000 NS A.ROOT-SERVERS.NET. A.ROOT-SERVERS.NET. 3600000 A 198.41.0.4 . 3600000 NS B.ROOT-SERVERS.NET. B.ROOT-SERVERS.NET. 3600000 A 128.9.0.107 . 3600000 NS C.ROOT-SERVERS.NET. C.ROOT-SERVERS.NET. 3600000 A 192.33.4.12 ;... etc

  9. Where did named.root come from? ● ftp://ftp.internic.net/domain/named.cache ● Worth checking every 6 months or so for updates

  10. Demonstration ● dig +trace www.tiscali.co.uk. ● Instead of sending the query to the cache, "dig +trace" traverses the tree from the root and displays the responses it gets – dig +trace is a bind 9 feature – useful as a demo but not for debugging

  11. Distributed systems have many points of failure! ● So each zone has two or more authoritative nameservers for resilience ● They are all equivalent and can be tried in any order ● Trying stops as soon as one gives an answer ● Also helps share the load ● The root servers are very busy – There are currently 13 of them (each of which is a large cluster)

  12. Caching reduces the load on auth nameservers ● Especially important at the higher levels: root servers, GTLD servers (.com, .net ...) and ccTLDs ● All intermediate information is cached as well as the final answer - so NS records from REFERRALS are cached too

  13. Example 1: www.tiscali.co.uk (on an empty cache) www.tiscali.co.uk (A) root server referral to 'uk' nameservers www.tiscali.co.uk (A) uk server referral to 'tiscali.co.uk' nameservers www.tiscali.co.uk (A) tiscali.co.uk server Answer: 212.74.101.10

  14. Example 2: smtp.tiscali.co.uk (after previous example) Previous referrals retained in cache smtp.tiscali.co.uk tiscali.co.uk server (A) Answer: 212.74.114.61

  15. Caches can be a problem if data becomes stale ● If caches hold data for too long, they may give out the wrong answers if the authoritative data changes ● If caches hold data for too little time, it means increased work for the authoritative servers

  16. The owner of an auth server controls how their data is cached ● Each resource record has a "Time To Live" (TTL) which says how long it can be kept in cache ● The SOA record says how long a negative answer can be cached (i.e. the non-existence of a resource record) ● Note: the cache owner has no control - but they wouldn't want it anyway

  17. A compromise policy ● Set a fairly long TTL - 1 or 2 days ● When you know you are about to make a change, reduce the TTL down to 10 minutes ● Wait 1 or 2 days BEFORE making the change ● After the change, put the TTL back up again

  18. Any questions? ?

  19. What sort of problems might occur when resolving names in DNS? ● Remember that following referrals is in general a multi-step process ● Remember the caching

  20. (1) One authoritative server is down or unreachable ● Not a problem: timeout and try the next authoritative server – Remember that there are multiple authoritative servers for a zone, so the referral returns multiple NS records

  21. (2) *ALL* authoritative servers are down or unreachable! ● This is bad; query cannot complete ● Make sure all nameservers not on the same subnet (switch/router failure) ● Make sure all nameservers not in the same building (power failure) ● Make sure all nameservers not even on the same Internet backbone (failure of upstream link) ● For more detail read RFC 2182

  22. (3) Referral to a nameserver which is not authoritative for this zone ● Bad error. Called "Lame Delegation" ● Query cannot proceed - server can give neither the right answer nor the right delegation ● Typical error: NS record for a zone points to a caching nameserver which has not been set up as authoritative for that zone ● Or: syntax error in zone file means that nameserver software ignores it

  23. (4) Inconsistencies between authoritative servers ● If auth servers don't have the same information then you will get different information depending on which one you picked (random) ● Because of caching, these problems can be very hard to debug. Problem is intermittent.

  24. (5) Inconsistencies in delegations ● NS records in the delegation do not match NS records in the zone file (we will write zone files later) ● Problem: if the two sets aren't the same, then which is right? – Leads to unpredictable behaviour – Caches could use one set or the other, or the union of both

  25. (6) Mixing caching and authoritative nameservers ● Consider when caching nameserver contains an old zone file, but customer has transferred their DNS somewhere else ● Caching nameserver responds immediately with the old information, even though NS records point at a different ISP's authoritative nameservers which hold the right information! ● This is a very strong reason for having separate machines for authoritative and caching NS ● Another reason is that an authoritative-only NS has a fixed memory usage

  26. (7) Inappropriate choice of parameters ● e.g. TTL set either far too short or far too long

  27. These problems are not the fault of the caching server! ● They all originate from bad configuration of the AUTHORITATIVE name servers ● Many of these mistakes are easy to make but difficult to debug, especially because of caching ● Running a caching server is easy; running authoritative nameservice properly requires great attention to detail

  28. How to debug these problems? ● We must bypass caching ● We must try *all* N servers for a zone (a caching nameserver stops after one) ● We must bypass recursion to test all the intermediate referrals ● "dig +norec" is your friend dig +norec @1.2.3.4 foo.bar. a Server to query Domain Query type

  29. How to interpret responses (1) ● Look for "status: NOERROR" ● "flags ... aa " means this is an authoritative answer (i.e. not cached) ● "ANSWER SECTION" gives the answer ● If you get back just NS records: it's a referral ;; ANSWER SECTION foo.bar. 3600 IN A 1.2.3.4 Domain name TTL Answer

  30. How to interpret responses (2) ● "status: NXDOMAIN" – OK, negative (the domain does not exist). You should get back an SOA ● "status: NOERROR" w ith zero RRs – OK, negative (domain exists but no RRs of the type requested). Should get back an SOA ● Other status may indicate an error ● Look also for Connection Refused (DNS server is not running or doesn't accept queries from your IP address) or Timeout (no answer)

  31. How to debug a domain using "dig +norec" (1) 1. Start at any root server: [a-m].root- servers.net. dig +norec @a.root-servers.net. www.tiscali.co.uk. a Remember the trailing dots! 1. For a referral, note the NS records returned 2. Repeat the query for *all* NS records 3. Go back to step 2, until you have got the final answers to the query

  32. How to debug a domain using "dig +norec" (2) 1. Check all the results from a group of authoritative nameservers are consistent with each other 2. Check all the final answers have "flags: aa" 3. Note that the NS records point to names, not IP addresses. So now check every NS record seen maps to the correct IP address using the same process!!

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

DNS Session 2: DNS cache operation and DNS debugging These materials are licensed under the

DNS Session 2: DNS cache operation and DNS debugging These materials are licensed under the

DNS Session 2: DNS cache operation and DNS debugging These materials are licensed under the Creative Commons Attribution-Noncommercial 3.0 Unported license (http://creativecommons.org/licenses/by-nc/3.0/) DNS Cache Operation How caching NS works

700 views • 45 slides
DNS Session 2: DNS cache operation and DNS debugging TENET NSRC - 2013 DNS Cache Operation

DNS Session 2: DNS cache operation and DNS debugging TENET NSRC - 2013 DNS Cache Operation

DNS Session 2: DNS cache operation and DNS debugging TENET NSRC - 2013 DNS Cache Operation How caching NS works (1) If we've dealt with this query before recently, answer is already in the cache - easy! Query Caching Resolver NS

471 views • 45 slides
DNS Session 2: DNS cache How caching NS works (1) operation and DNS debugging If we've dealt

DNS Session 2: DNS cache How caching NS works (1) operation and DNS debugging If we've dealt

DNS Session 2: DNS cache How caching NS works (1) operation and DNS debugging If we've dealt with this query before recently, answer is already in the cache - easy! Query Caching Joe Abley Resolver NS AfNOG 2006 workshop Response What

373 views • 8 slides
Domain Name System (DNS) Session 2: Resolver Operation and debugging Michuki Mwangi AfNOG

Domain Name System (DNS) Session 2: Resolver Operation and debugging Michuki Mwangi AfNOG

Domain Name System (DNS) Session 2: Resolver Operation and debugging Michuki Mwangi AfNOG Workshop, AIS 2018, Dakar DNS Resolver Operation How Resolvers Work (1) ! If we've dealt with this query before recently, answer is already in the cache

452 views • 41 slides
Domain Name System (DNS) Session 2: Resolver Operation and debugging Joe Abley AfNOG Workshop,

Domain Name System (DNS) Session 2: Resolver Operation and debugging Joe Abley AfNOG Workshop,

Domain Name System (DNS) Session 2: Resolver Operation and debugging Joe Abley AfNOG Workshop, AIS 2017, Nairobi DNS Resolver Operation How Resolvers Work (1) If we've dealt with this query before recently, answer is already in the cache

558 views • 42 slides
Domain Name System (DNS) Session 2: Resolver Operation and debugging Joe Abley AfNOG

Domain Name System (DNS) Session 2: Resolver Operation and debugging Joe Abley AfNOG

Domain Name System (DNS) Session 2: Resolver Operation and debugging Joe Abley AfNOG Workshop, AIS 2014, Djibou> DNS Resolver Operation How Resolvers Work (1) If we've dealt with this query before recently,

838 views • 46 slides
Web Cache Consistency Web Cache Consistency Web Cache Consistency Web Cache Consistency

Web Cache Consistency Web Cache Consistency Web Cache Consistency Web Cache Consistency

Web Cache Consistency Web Cache Consistency Web Cache Consistency Web Cache Consistency Requirements of performance, availability, and disconnected operation require us to relax the goal of semantic transparency. - HTTP 1.1 specification

598 views • 13 slides
1 Locate set Cache Read Example: Direct Mapped Cache (E = 1) Check if any line in set

1 Locate set Cache Read Example: Direct Mapped Cache (E = 1) Check if any line in set

Today Cache memory organization and operation Performance impact of caches Cache Memories The memory mountain Rearranging loops to improve spatial locality Using blocking to improve temporal locality CSci 2021: Machine

102 views • 8 slides
1 Classifying cache misses Cache Organization Classifying misses by causes (3Cs) Cache size,

1 Classifying cache misses Cache Organization Classifying misses by causes (3Cs) Cache size,

Cache Performance Metrics Cache miss rate: number of cache misses divided by number of accesses Lecture 14: Hardware Approaches for Cache Optimizations Cache hit time: the time between sending address and data returning from cache Cache

608 views • 4 slides
1 HTTP 1.1 Expiration and Validation in HTTP 1.1 HTTP 1.1 Expiration and Validation in HTTP 1.1

1 HTTP 1.1 Expiration and Validation in HTTP 1.1 HTTP 1.1 Expiration and Validation in HTTP 1.1

Web Cache Consistency Web Cache Consistency Requirements of performance, availability, and disconnected operation require us to relax the goal of semantic transparency. - HTTP 1.1 specification Web Cache Consistency Web Cache Consistency

280 views • 3 slides
Debugging Debugging with High Level Languages Same goals as low-level debugging Examine and

Debugging Debugging with High Level Languages Same goals as low-level debugging Examine and

Chapter 15 Debugging Debugging with High Level Languages Same goals as low-level debugging Examine and set values in memory Execute portions of program Stop execution when (and where) desired Want debugging tools to operate on

274 views • 9 slides
Debugging Debugging Tools Module Overview Introduction to Debugging Problems in Production

Debugging Debugging Tools Module Overview Introduction to Debugging Problems in Production

Welcome to Advanced .NET Debugging Debugging Tools Module Overview Introduction to Debugging Problems in Production Challenges in debugging Production issues Production Environment Debugging Timeline Tools for .NET Debugging Review 3

622 views • 47 slides
L09: Cache Name: ID: Question: Direct Mapping Cache Hit Rate Consider a 4-block empty Cache,

L09: Cache Name: ID: Question: Direct Mapping Cache Hit Rate Consider a 4-block empty Cache,

L09: Cache Name: ID: Question: Direct Mapping Cache Hit Rate Consider a 4-block empty Cache, and all blocks initially marked as not valid , Given the main memory word addresses 0 1 2 3 4 3 4 15, calculate Cache hit rate. Cache Index

654 views • 9 slides
Parallel Debugging Objective Learn the basics of debugging parallel programs

Parallel Debugging Objective Learn the basics of debugging parallel programs

Parallel Debugging Objective Learn the basics of debugging parallel programs Contents Launching a debug session The Parallel Debug Perspective Controlling sets of processes Controlling individual processes

594 views • 36 slides
What Is Memory Hierarchy A typical memory hierarchy today: Lecture 13: Cache Basics and Cache

What Is Memory Hierarchy A typical memory hierarchy today: Lecture 13: Cache Basics and Cache

What Is Memory Hierarchy A typical memory hierarchy today: Lecture 13: Cache Basics and Cache Performance Proc/Regs L1-Cache Bigger Faster L2-Cache Memory hierarchy concept, cache L3-Cache (optional) design fundamentals, set-associative

303 views • 4 slides
Visual Debugging Software What is Debugging Visualization Visualizing

Visual Debugging Software What is Debugging Visualization Visualizing

Visual Debugging Software What is Debugging Visualization Visualizing Program State Incremental interactive unfolding (DDD) Visual Memory Abstract representations (traversal-based) Debugging Focusing: memory

433 views • 5 slides
Cache la Poudre River National Heritage Area Supported and Managed by the Poudre Heritage

Cache la Poudre River National Heritage Area Supported and Managed by the Poudre Heritage

Cache la Poudre River National Heritage Area Supported and Managed by the Poudre Heritage Alliance What is a national heritage area? A designation, by Congress, that recognizes nationally significant resources and their role in defining a

108 views • 9 slides
An Introduction to An Introduction to Geocaching Geocaching Chris Kracik Chris Kracik aka

An Introduction to An Introduction to Geocaching Geocaching Chris Kracik Chris Kracik aka

An Introduction to An Introduction to Geocaching Geocaching Chris Kracik Chris Kracik aka BBWolf+ 3Pigs aka BBWolf+ 3Pigs & & Calvin Taft Calvin Taft aka Nomad64 aka Nomad64 What is Geocaching? What is Geocaching?

481 views • 20 slides
A System- -on on- -a a- -Chip Lock Chip Lock A System Cache with Task Preemption Cache

A System- -on on- -a a- -Chip Lock Chip Lock A System Cache with Task Preemption Cache

A System- -on on- -a a- -Chip Lock Chip Lock A System Cache with Task Preemption Cache with Task Preemption Support Support By By Bilge S. Bilge S. Akgul Akgul, , Jaehwan Jaehwan Lee and Lee and Vincent J. Mooney Vincent J.

204 views • 19 slides
OPENACC PROGRAMMING MODEL Xiaonan (Daniel) Tian, Brent Leback, and Michael Wolfe PGI GPU

OPENACC PROGRAMMING MODEL Xiaonan (Daniel) Tian, Brent Leback, and Michael Wolfe PGI GPU

CACHE DIRECTIVE OPTIMIZATION IN THE OPENACC PROGRAMMING MODEL Xiaonan (Daniel) Tian, Brent Leback, and Michael Wolfe PGI GPU ARCHITECTURE Threads Register Files Shared L1 Read-Only Memory Cache Data Cache L2 Cache Texture Constant GPU

806 views • 23 slides
Authored by, Suyong Eum, Kiyohide Nakauchi, Yozo Shoji, Nozomu Nishinaga, Masayuki Murata It

Authored by, Suyong Eum, Kiyohide Nakauchi, Yozo Shoji, Nozomu Nishinaga, Masayuki Murata It

Authored by, Suyong Eum, Kiyohide Nakauchi, Yozo Shoji, Nozomu Nishinaga, Masayuki Murata It is estimated that by 2015, 90% of the traffic in the Internet will be multimedia and P2P contents Need for shift from location centric to

483 views • 22 slides
CURB TAIL LATENCY WITH PELIKAN ABOUT ME 6 years at Twitter, on cache maintainer of

CURB TAIL LATENCY WITH PELIKAN ABOUT ME 6 years at Twitter, on cache maintainer of

IN-MEMORY CACHING: CURB TAIL LATENCY WITH PELIKAN ABOUT ME 6 years at Twitter, on cache maintainer of Twemcache & Twitters Redis fork operations of thousands of machines hundreds of (internal) customers Now working on

987 views • 62 slides
GEOCACHING MARKETING THE DESTINATION the sport where YOU are the search engine Link Agenda

GEOCACHING MARKETING THE DESTINATION the sport where YOU are the search engine Link Agenda

GEOCACHING MARKETING THE DESTINATION the sport where YOU are the search engine Link Agenda What is Geocaching? A Brief History How Geocaching Can Work For You Q&A What is Geocaching? From Wikipedia, the free

698 views • 36 slides
A A Comprehensiv ive R Revie iew o of the Chal alle lenges an and Opportunit itie ies

A A Comprehensiv ive R Revie iew o of the Chal alle lenges an and Opportunit itie ies

A A Comprehensiv ive R Revie iew o of the Chal alle lenges an and Opportunit itie ies Con onfronti ting C g Cache M Memor ory System Perfor ormance ce Photograph of Intel Xeon processor 7500 series die showing cache memories [ 1 ]

615 views • 24 slides

More recommend