Presentation is loading. Please wait.

Presentation is loading. Please wait.

Impact of Configuration Errors on DNS Robustness CSCI 780, Fall 2005.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Impact of Configuration Errors on DNS Robustness CSCI 780, Fall 2005."— Presentation transcript:

1 Impact of Configuration Errors on DNS Robustness CSCI 780, Fall 2005

2 Motivation DNS: part of the Internet core infrastructure Applications: web, e-mail, e164, CDNs … DNS: considered as a very reliable system Works almost always Question: is DNS a robust system? User-perceived robustness System robustness are they the same?

3 Thousands or even millions of users affected All due to a single DNS configuration error Motivation Short Answer: “Microsoft's websites were offline for up to 23 hours -- the most dramatic snafu to date on the Internet -- because of an equipment misconfiguration” -- Wired News, Jan 2001

4 Related Work Traffic & implementation errors studies: Danzig et al. [ SIGCOMM92 ]: bugs CAIDA : traffic & bugs Performance studies: Jung et al. [ IMW01 ]: caching Cohen et al. [ SAINT01 ]: proactive caching Liston et al. [ IMW02 ]: diversity Server availability : in [ OSDI04, IMC04 ]

5 Study DNS Robustness Classify DNS operational errors: Study known errors Identify new types of errors Measure their pervasiveness Quantify their impact on DNS availability performance

6 Outline DNS Overview Measurement Methodology DNS Configuration Errors Example Cases Measurement Results Discussion & Summary

7 netcomukcajp foo buzbar bar1bar2bar3 Zone: Occupies a continues subspace Served by the same nameservers bar.foo.com. NS ns1.bar.foo.com. bar.foo.com. NS ns3.bar.foo.com. bar.foo.com. NS ns2.bar.foo.com. bar.foo.com. MX mail.bar.foo.com. www.bar.foo.com. A 10.10.10.10 bar name servers resource records Background

8 local DNS server client bar zone foo zone com zone root zone asking for www.bar.foo.com answer: www.bar.foo.com A 10.10.10.10 referral: com NS RRs com A RRs referral: foo NS RRs foo A RRs referral: bar NS RRs bar A RRs

9 Infrastructure RRs foo.com. NS ns1.foo.com. foo.com. NS ns2.foo.com. foo.com. NS ns3.foo.com. foo.com. NS ns1.foo.com. foo.com. NS ns2.foo.com. foo.com. NS ns3.foo.com. foo.com com ns1.foo.com. A 1.1.1.1 ns2.foo.com. A 2.2.2.2 ns3.foo.com. A 3.3.3.3 ns1.foo.com. A 1.1.1.1 ns2.foo.com. A 2.2.2.2 ns3.foo.com. A 3.3.3.3 NS Resource Record : –Provides the names of a zone’s authoritative servers –Stored both at the parent and at the child zone A Resource Record –Associated with a NS resource record –Stored at the parent zone (glue A record)

10 What Affects DNS Availability Name Servers: Software failures Network failures Scheduled maintenance tasks Infrastructure Resource Records: Availability of these records Configuration errors focus of our work

11 Classification of Measured Errors InconsistencyDependency Lame Delegation Inconsistency Diminished Redundancy Cyclic Dependency The configuration of infrastructure RRs does not correspond to the actual authoritative name-servers. More than one name-servers share a common point of failure.

12 What is Measured? Frequency of configuration errors: System parameters: TLDs, DNS level, zone size (i.e. the number of delegations) Impact on availability: Number of servers: lost due to these errors Zone ’ s availability: probability of resolving a name Impact on performance: Total time to resolve a query Starting from the query issuing time Finishing at the query final answer time

13 Measurement Methodology Error frequency and availability impact: 3 sets of active measurements Random set of 50K zones 20K zones that allow zone transfers 500 popular zones Performance impact: 2 sets of passive measurements:1-week DNS packet traces

14 Lame Delegation com foo foo.com. NS A.foo.com. foo.com. NS B.foo.com. A.foo.com A.foo.com. A 1.1.1.1 B.foo.com. A 2.2.2.2 2) DNS error code -- 1 RTT perf. penalty 3) Useless referral -- 1 RTT perf. penalty 4) Non-authoritative answer (cached) 1) Non-existing server -- 3 seconds perf. penalty B.foo.com

15 Lame Delegation Results

16 0.06 sec 0.4 sec 3 sec 50%

17 Lame Delegation Results Error Frequency: 15% of the zones 8% for the 500 most popular zones independent of the zone ’ s location (level), varies a lot per TLD Impact: 70% of the zones with errors lose half or more of the authoritative servers 8% of the queries experience increased response times (up to an order of magnitude) due to lame delegation

18 C) Geographic location level: - belong to the same city B) Autonomous system level: - belong to the same AS Diminished Server Redundancy com foo foo.com. NS A.foo.com. foo.com. NS B.foo.com. A.foo.comB.foo.com A.foo.com. A 1.1.1.1 B.foo.com. A 2.2.2.2 A) Network level: - belong to the same subnet

19 Diminished Server Redundancy Results Error Frequency: 45% of all zones have all servers in the same /24 subnet 75% of all zones have servers in the same AS large & popular zones: better AS and geo diversity Impact: less than 99.9% availability: all servers in the same /24 subnet more than 99.99% availability: 3 servers at different ASs or different cities

20 Cyclic Zone Dependency (1) com foo foo.com. NS A.foo.com. foo.com. NS B.foo.com. A.foo.comB.foo.com A.foo.com. A 1.1.1.1 B.foo.com depends on A.foo.com The A glue RR for B.foo.com missing B.foo.com. A 2.2.2.2 If A.foo.com is unavailable then B.foo.com is too

21 Cyclic Zone Dependency (2) com foo foo.com. NS A.foo.com. foo.com. NS B.bar.com. A.foo.com B.bar.com A.foo.com. A 1.1.1.1 bar B.foo.comA.bar.com bar.com. NS A.bar.com. bar.com. NS B.foo.com. A.bar.com. A 2.2.2.2 The foo.com zone seems correctly configured The combination of foo.com and bar.com zones is wrongly configured The B servers depend on A servers If A.foo and A.bar are unavailable, B addr. are unresolvable

22 Cyclic Zone Dependency Results Error Frequency: 2% of the zones None of the 500 most popular zones Impact: 90% of the zones with cyclic dependency errors lose 25% (or even more) of their servers 2 or 4 zones are involved in most errors

23 Discussion: User-Perceived != System Robustness User-perceived robustness: Data replication: only one server is needed Data caching: temporary masks infrastructure failures Popular zones: fewer configuration errors System robustness: Fewer available servers: due to inconsistency errors Fewer redundant servers: due to dependency errors

24 Discussion: Why so many errors? Superficially: are due to operators: Unaware of these errors Lack of coordination parent-child zone, secondary servers hosting Fundamentally: are due to protocol design: Lack of mechanisms to handle these errors proactively or reactively Design choices that embrace some of them: Name-servers are recognized with names Glue NS & A records necessary to set up the DNS tree

25 Summary DNS operational errors are widespread DNS operational errors affect availability: 50% of the servers lost less than 99.9% availability DNS operational errors affect performance: 1 or even 2 orders of magnitude DNS system robustness lower than user perception Due to protocol design, not just due to operator errors

Download ppt "Impact of Configuration Errors on DNS Robustness CSCI 780, Fall 2005."

Similar presentations

IDN TLD Variants Implementation Guideline draft-yao-dnsop-idntld-implementation-01.txt Yao Jiankang.

IDN TLD Variants Implementation Guideline draft-yao-dnsop-idntld-implementation-01.txt Yao Jiankang.
Review iClickers. Ch 1: The Importance of DNS Security.

Review iClickers. Ch 1: The Importance of DNS Security.
1 Addition of IPv6 servers to in-addr.arpa tree DNS Operations Sig APNIC 18 2 September 2004, Fiji.

1 Addition of IPv6 servers to in-addr.arpa tree DNS Operations Sig APNIC 18 2 September 2004, Fiji.
Sergei Komarov. DNS  Mechanism for IP hostname resolution  Globally distributed database  Hierarchical structure  Comprised of three components.

Sergei Komarov. DNS  Mechanism for IP hostname resolution  Globally distributed database  Hierarchical structure  Comprised of three components.
Sweeping lame DNS reverse delegations APNIC16 – DNS Operations SIG Seoul, Korea, 20 August 2003.

Sweeping lame DNS reverse delegations APNIC16 – DNS Operations SIG Seoul, Korea, 20 August 2003.
Domain Name System. DNS is a client/server protocol which provides Name to IP Address Resolution.

Domain Name System. DNS is a client/server protocol which provides Name to IP Address Resolution.
Computer Networks: Domain Name System. The domain name system (DNS) is an application-layer protocol for mapping domain names to IP addresses Vacation.

Computer Networks: Domain Name System. The domain name system (DNS) is an application-layer protocol for mapping domain names to IP addresses Vacation.
1 DNS. 2 BIND DNS –Resolve names to IP address –Resolve IP address to names (reverse DNS) BIND –Berkeley Internet Name Domain system Version 4 is still.

1 DNS. 2 BIND DNS –Resolve names to IP address –Resolve IP address to names (reverse DNS) BIND –Berkeley Internet Name Domain system Version 4 is still.
The Domain Name System Overview Introduction DNS overview How DNS helps us? Summary.

The Domain Name System Overview Introduction DNS overview How DNS helps us? Summary.
70-294: MCSE Guide to Microsoft Windows Server 2003 Active Directory, Enhanced Chapter 2: Name Resolution and DNS.

70-294: MCSE Guide to Microsoft Windows Server 2003 Active Directory, Enhanced Chapter 2: Name Resolution and DNS.
Hitesh Ballani, Paul Francis(Cornell University) Presenter: Zhenhua Liu Date: Mar. 16 th, 2009.

Hitesh Ballani, Paul Francis(Cornell University) Presenter: Zhenhua Liu Date: Mar. 16 th, 2009.
1 DNS Tutorial Randy H. Katz CS 294-4: NetRADS Network-oriented Reliable Adaptive Distributed Systems.

1 DNS Tutorial Randy H. Katz CS 294-4: NetRADS Network-oriented Reliable Adaptive Distributed Systems.
IMC 2004Jeff Pang 1 Availability, Usage, and Deployment Characteristics of the Domain Name System Jeffrey Pang *, James Hendricks *, Aditya Akella *, Roberto.

IMC 2004Jeff Pang 1 Availability, Usage, and Deployment Characteristics of the Domain Name System Jeffrey Pang *, James Hendricks *, Aditya Akella *, Roberto.
Impact of Configuration Errors on DNS Robustness V. Pappas * Z. Xu *, S. Lu *, D. Massey **, A. Terzis ***, L. Zhang * * UCLA, ** Colorado State, *** John.

Impact of Configuration Errors on DNS Robustness V. Pappas * Z. Xu *, S. Lu *, D. Massey **, A. Terzis ***, L. Zhang * * UCLA, ** Colorado State, *** John.
Impact of Configuration Errors on DNS Robustness Vasileios Pappas, Zhiguo Xu, Songwu Lu, Daniel Massey, Andreas Terzis, Lixia Zhang SIGCOMM 2004 Presented.

Impact of Configuration Errors on DNS Robustness Vasileios Pappas, Zhiguo Xu, Songwu Lu, Daniel Massey, Andreas Terzis, Lixia Zhang SIGCOMM 2004 Presented.
11.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 11: Introducing WINS, DNS,

11.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 11: Introducing WINS, DNS,
A Study of DNS Lameness Edward Lewis. July 14, 2002 IETF 54 Slide 2 Agenda Lameness Why (Surprise:) Spotty(?) results Approach Plans.

A Study of DNS Lameness Edward Lewis. July 14, 2002 IETF 54 Slide 2 Agenda Lameness Why (Surprise:) Spotty(?) results Approach Plans.
MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 5 Introduction to DNS in Windows Server 2008.

MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 5 Introduction to DNS in Windows Server 2008.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 7: Planning a DNS Strategy.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 7: Planning a DNS Strategy.
Lecturer : Ms.Trần Thị Ngọc Hoa Chapter 2 Methods Configuring Name Resolution Methods.

Lecturer : Ms.Trần Thị Ngọc Hoa Chapter 2 Methods Configuring Name Resolution Methods.

Similar presentations

Ads by Google