540 likes | 746 Views
Applications: Domain Name System. Mitra Nasri ECE Department, University of Tehran Fall 2009. Table of Content. Internet Applications (Application Mix) DNS Measurement Properties Challenges Tools DNS in Other Applications State of the Art. Application Mix. Internet Applications.
E N D
Applications:Domain Name System Mitra Nasri ECE Department, University of Tehran Fall 2009
Table of Content • Internet Applications (Application Mix) • DNS Measurement • Properties • Challenges • Tools • DNS in Other Applications • State of the Art Mitra Nasri, Internet Measurement, Applications (Chapter 7), DNS
Application Mix Internet Applications • Why do we study Internet applications? • Applications are the visible part of the Internet • Infrastructure supportes the flow of the traffic of different applications User We want to examines the flow of Application’sTrafficover the Infrastructure Mitra Nasri, Internet Measurement, Applications (Chapter 7), DNS
Application Mix Application we will study P2P N Peers Online Games Clients and some central servers Web 1 client <-> 1 Server D N S Mitra Nasri, Applications (Chapter 7), DNS
Application Mix Application Mix • FTP (1980s) • It was transporting files in an Anonymous mode (unknown clients). • Clients should know the server address. • In 1980s, Email and Telnet was based on FTP. • Network News Groups (1980s a bit after FTP) • WWW over HTTP protocol (1990) • Became the majority of traffic after 1998. • P2P (end of 1990s) • Napster had an Attractive content and young clients Mitra Nasri, Applications (Chapter 7), DNS
Table of Content • Internet Applications (Application Mix) • DNS Measurement • Properties • Challenges • Tools • DNS in Other Applications • State of the Art Mitra Nasri, Internet Measurement, Applications (Chapter 7), DNS
DNS | Introduction DNS Measurement Introduction • Definition • DNS is a database distributed across servers that handles name and address resolution on a hierarchical basis. • DNS uses UDP protocol • Traffic in DNS is a query and a response both can fit in a single datagram. • UDP scales much better for DNS app. • Note that zone transfers use TCP. Mitra Nasri, Applications (Chapter 7), DNS
DNS | Introduction Mitra Nasri, Applications (Chapter 7), DNS
DNS | Introduction DNS Routing (by Iteration) Mitra Nasri, Applications (Chapter 7), DNS
Table of Content • Internet Applications (Application Mix) • DNS Measurement • Properties • Challenges • Tools • DNS in Other Applications • State of the Art Mitra Nasri, Internet Measurement, Applications (Chapter 7), DNS
DNS | Properties DNS Properties of Interest to Measure Mitra Nasri, Applications (Chapter 7), DNS
DNS | Properties Fraction of Internet Traffic • Traffic Type for DNS • Queries, Responses, Forwarding of queries and responses. • Fraction of Internet traffic of an application. • DNS is below 5% of current Internet traffic. Mitra Nasri, Applications (Chapter 7), DNS
DNS | Properties Availability • Availability is Critical for DNS servers • DNS servers are in the front line of Attack on the Internet. • They are the weakest link in the chain! Mitra Nasri, Applications (Chapter 7), DNS
DNS | Properties Number of Entities • Entities: • Clients and Local DNS servers: most of them are hidden due to DNS caching. • Authoritative DNS servers and Root Servers: Root servers are usually static and well-known. Mitra Nasri, Applications (Chapter 7), DNS
DNS | Properties Response Latency • Response Latency is the time between the issuance of a DNS request and the receipt of the response. • It is related to availability of DNS servers and DNS caching. • Studies have explored the distribution of delays for popular servers or authoritative servers of popular domains. Request Issuance Response Receipt Time Response Latency Mitra Nasri, Applications (Chapter 7), DNS
DNS | Properties TTL and Extent of Caching • A Time-To-Live value is the validity duration of the mapping returned by authoritative DNS server and caching DNS server. • Web browsers do their own caching of DNS mappings. • TTLs represent a trade-off between: • Speed (to avoid repeated issuance of the same query) • Overall number of DNS messages Mitra Nasri, Applications (Chapter 7), DNS
DNS | Properties Software Configuration • Bad Configuration result in: • Performance Problems • Internal Information leak • Violating privacy of clients • Providing information for competitors • Measuring such property requires to be aware of software implementation variants. Mitra Nasri, Applications (Chapter 7), DNS
DNS | Properties Location of DNS Server • Physical and Topological locations of DNS servers on the internet can provide a rough map of where the clients are. • Clients tend to be close to their local DNS servers Mitra Nasri, Applications (Chapter 7), DNS
DNS | Properties Characteristics of Queries • The most common query type is the “name to address translation”. • But how much are there other types of queries? • Address to name translation Mitra Nasri, Applications (Chapter 7), DNS
DNS | Properties Validity of Queries • Security -> limited access for some users through Access Control Lists (ACLs). • An estimation of the amount of failed queries (e.g. for sites in ACLs) is an interesting property. Mitra Nasri, Applications (Chapter 7), DNS
DNS | Properties Frequency and Count of Lookups • Site Popularity view point: • The number of lookups for an address may be an indication of its popularity. • From the traffic view point: • The amount of traffic that stays within a network as opposed to the fraction that is visible outside, indicates the extent of caching. Mitra Nasri, Applications (Chapter 7), DNS
Table of Content • Internet Applications (Application Mix) • DNS Measurement • Properties • Challenges • Tools • DNS in Other Applications • State of the Art Mitra Nasri, Internet Measurement, Applications (Chapter 7), DNS
DNS | Challenges DNS Measurement Challenges • Degree of control exercised by local administrators is considerable makes hard the measurement from outside. • Lots of hidden entities • Lots of cached data Mitra Nasri, Applications (Chapter 7), DNS
DNS | Challenges Hidden Data (1) • There is no information about • Clients behind a local DNS • No published directory of local or authoritative DNS servers • Configuration parameters of local DNS servers and its effect of more hidden data Mitra Nasri, Applications (Chapter 7), DNS
DNS | Challenges Hidden Data (2) • From traffic view point: • local DNS servers hide information (e.g. traffic data) of their clients from the outside world. • Access Control Lists prevent lookups behind a network. • Firewalls typically don’t allow UDP packets on the DNS port. • Some organizations handle their internal DNS requests on their own. Mitra Nasri, Applications (Chapter 7), DNS
DNS | Challenges More Challenges • Hidden Layer • As “any cast” is not implemented in many of DNS servers one can not measure all nodes from single or a few locations. • “Any cast” allows delivery of a datagram to one server in a set of servers. • Hidden Entities • Although “iterative mode” for DNS lookup allows a client to contact directly to some servers, DNS caching may hide outside world from it and vice versa. Mitra Nasri, Applications (Chapter 7), DNS
Table of Content • Internet Applications (Application Mix) • DNS Measurement • Properties • Challenges • Tools • DNS in Other Applications • State of the Art Mitra Nasri, Internet Measurement, Applications (Chapter 7), DNS
DNS | Tools DNS Measurement Tools Mitra Nasri, Applications (Chapter 7), DNS
DNS | Tools Passive Measurement for Characterization(1) • Types of offline useful data here: • DNS Logs • Usually available at root servers • Rareat clients or local servers • Good for Intrusion Detection at servers • Traffic Data (in the form of Netflow) • Just by examining UDP/TCP traffic at port 53 • Usually is presented by a directional graph • Packet Traces • Can be done by mirroring DNS port and running tcpdump on another host (not interfering root servers!) Mitra Nasri, Applications (Chapter 7), DNS
DNS | Tools Passive Measurement for Characterization (2) • NeTraMet (Network Traffic Flow Management Tool) • NeTraMet has passive access to packets. • It is good to examine traffic at a narrow set of machines (13 root servers). • It is capable of logging time of request/response, the source and destination IP address, the type of DNS query, and optional information. • TCPDrip • Can capture packet traces and/or anonymize traces. • A flow is an arbitrary collection of bi-directional packets with a large number of attributes (+40). Mitra Nasri, Applications (Chapter 7), DNS
DNS | Tools Active Monitoring for Characterization (1) • dnsstat (CADIA group) • Monitors port 53 and presents statistics about DNS queries. • It has to be able to see all DNS related traffic to the monitored entity (client or server), because it works in the same LAN. • Some dnsstat’s results on root servers: • 75% of DNS queries are Name to Address translation. • 8% are IP to Name conversions. • It helped to optimizing the placement of DNS root servers. Mitra Nasri, Applications (Chapter 7), DNS
DNS | Tools Active Monitoring for Characterization (2) • dnstop(Measurement Factory group) • Uses the libpcap library on top of tcpdump generated traces to display DNS-Related information similar to dnsstat(with some additional info). • It can show buggy DNS server implementations which allows bad queries such as IP to IP translation. Mitra Nasri, Applications (Chapter 7), DNS
DNS | Tools Active Monitoring for Characterization(3) • dsc (an extension on dnstop) • Collects statistics at busy DNS servers into XML format files and displays them graphically. • It can gather data on an alternate machine to which the DNS server is connected over a switch and using port mirroring. It is good for busy servers. • It can generate a graphical representation of rate of DNS replies and their length in byte. Mitra Nasri, Applications (Chapter 7), DNS
DNS | Tools Active Measurement for Characterization (1) • They impose additional load to DNS servers so should be used carefully. • fpdns (a Perl script) • It is capable of generating a rough fingerprint of DNS servers. • It checks a variety of hypotheses much like a reverse engineering tool by sending queries remotely. • Results obtained using fpdns show that: • 70% of name servers use BIND. • BIND (Berkeley Internet Name Domain) is an implementation of the DNS protocols and provides an openly redistributable reference implementation of the major components. Mitra Nasri, Applications (Chapter 7), DNS
DNS | Tools Active Measurement for Characterization (1) • Fpdns Results: • 70% of name servers use BIND. • BIND (Berkeley Internet Name Domain) is an implementation of the DNS protocols and provides an openly redistributable reference implementation of the major components. • 98% of errors were query time out. • In German DNSs, more than 55000 DNS servers exists while 87% of them use BIND. Mitra Nasri, Applications (Chapter 7), DNS
DNS | Tools Active Measurement for Characterization (3) • dnschecker • Lists all servers involved in a query resolution. • Checks correctness of response, changes in DNS records, paths taken by a DNS query and etc. • Gives an indication of server load balancing done and fraction of queries that would be answered by authoritative server. Mitra Nasri, Applications (Chapter 7), DNS
DNS | Tools Performance Measurement Tools (1) • Goals: • How the query is spread over the root and top-level DNS servers • How well the queries are handled • The actual impact of DNS on clients • The role plaid by caching and its effectiveness Mitra Nasri, Applications (Chapter 7), DNS
DNS | Tools Performance Measurement Tools (2) • Methods: • Passive: • Metrics are Availability, latency, number and rate of queries handled at a busy server and extent of caching. • It involves examining DNS logs at the application level. • Active: • The goal is to get apparent latency felt by clients. • It has been done via distributed tools to different client locations. Mitra Nasri, Applications (Chapter 7), DNS
Table of Content • Internet Applications (Application Mix) • DNS Measurement • Properties • Challenges • Tools • DNS in Other Applications • State of the Art Mitra Nasri, Internet Measurement, Applications (Chapter 7), DNS
DNS | DNS in Other Applications Use of DNS in other Applications Mitra Nasri, Applications (Chapter 7), DNS
DNS | DNS in Other Applications How Akamai (A Content Distribution Network) Works cnn.com (content provider) DNS root server Akamai server Get foo.jpg 12 11 Get index.html Akamai high-level DNS server 5 1 2 3 6 4 Akamai low-level DNS server 7 8 Nearby matchingAkamai server 9 10 End-user Get /cnn.com/foo.jpg Mitra Nasri, Applications (Chapter 7), DNS
Table of Content • Internet Applications (Application Mix) • DNS Measurement • Properties • Challenges • Tools • DNS in Other Applications • State of the Art Mitra Nasri, Internet Measurement, Applications (Chapter 7), DNS
DNS | State of the Art State of the Art • Results in DNS Characterization • Results in DNS Performance • Using DNS for Other Applications Mitra Nasri, Internet Measurement, Applications (Chapter 7), DNS
DNS | State of the Art Results in DNS Characterization • DNS was introduced in 1984 when there were barely 1000 hosts. • -> in 1992, 14% of Internet traffic • -> in 2001, 23% of queries had no result • -> in 2003, 100 million query per day • Two types of research in the area: • Techniques to solve previous challenges • Demonstration of the problem of unreachability of some data. DNS Mitra Nasri, Internet Measurement, Applications (Chapter 7), DNS
DNS | State of the Art | Results in DNS characterization Graph-based characterization of DNS Entities
DNS | State of the Art | Results in DNS characterization Closer Look at DNS Root Servers • In late 2002, 150 million query was gathered in one day from a Root Server using port mirroring. • Nearly 400,000 unique source IP addresses were seen during that day. • They found that one organization was responsible for more than 15% of the traffic because of its bad configurations. • 70% of queries was Identical Name to Address translations which were generated by Robots! • They also found that only 2% of the queries were really legitimate.
DNS | State of the Art Results in DNS Performance • 2002: a wide area research modified BIND (for auto logging capability) and installed the new version on 75 machines. • Performance Measures were • Time to complete a lookup, RTT to server, number of retries, average response time and etc. • Results: • While success of results were consistent, response time varied significantly. • 20-30% of time spent in top-level domain name servers while root servers had no delay. • ¼ of the queries were aliases. • Root servers will be able to handle the load of Denial of Service whereas top-level domain servers can not. Mitra Nasri, Internet Measurement, Applications (Chapter 7), DNS
DNS | State of the Art Results in DNS Performance • 2003: NeTraMet were used for two days. • Performance Measures were • Response time, The choice of server that were selected, repeated queries and query rates. • Results: • Distribution of response times had a long tail and were correlated to the geographical distance from measurement point to the root server. • They found a server that was sending a query for .net every two minutes! Mitra Nasri, Internet Measurement, Applications (Chapter 7), DNS
DNS | State of the Art Using DNS for Other Applications (1) • Using nearness of DNS Servers to Clients • “King Tool Set” Assumptions: • A large number of IP hosts are topologically close to their authoritative name servers. • Latency between any two name servers can be accurately measured by using Recursive DNS queries. • Latency between end hosts can be approximated as the latency between their name servers Mitra Nasri, Internet Measurement, Applications (Chapter 7), DNS
DNS | State of the Art Using DNS for Other Applications (2) • piggybacking on DNS (in DNS-Enhanced Web [2003]) • Use of available space in DNS queries and DNS responses. • 40 byte in DNS query, 512 byte in UDP response. • Embed a HTTP request into available spaces in UDP packet. Good for Content Distribution Networks Delivering small images in DNS packets Mitra Nasri, Internet Measurement, Applications (Chapter 7), DNS