Presentation is loading. Please wait.

Presentation is loading. Please wait.

Impact of Configuration Errors on DNS Robustness Vasileios Pappas, Zhiguo Xu, Songwu Lu, Daniel Massey, Andreas Terzis, Lixia Zhang SIGCOMM 2004 Presented.

Published by Modified over 8 years ago

Similar presentations

Presentation on theme: "Impact of Configuration Errors on DNS Robustness Vasileios Pappas, Zhiguo Xu, Songwu Lu, Daniel Massey, Andreas Terzis, Lixia Zhang SIGCOMM 2004 Presented."— Presentation transcript:

1 Impact of Configuration Errors on DNS Robustness Vasileios Pappas, Zhiguo Xu, Songwu Lu, Daniel Massey, Andreas Terzis, Lixia Zhang SIGCOMM 2004 Presented by: Keith Mayoral

2 What this paper is about Analysis of different types of configuration errors in DNS. How they affect DNS performance, availability, robustness

3 Motivation Jan. 2001: All Authoritative servers for Microsoft DNS domain became inaccessible. Unforeseen effect: # of DNS queries for Microsoft domain seen at F root server went from 0.003% of all queries to greater than 25%.

4 caching server client bar zone foo zone com zone root zone asking for www.bar.foo.com answer: www.bar.foo.com A 10.10.10.10 referral: com NS RRs com A RRs referral: foo NS RRs foo A RRs referral: bar NS RRs bar A RRs Slide taken from V. Pappas ppt on paper

5 Methodology Combination of passive and active measurements over a 6 month period – Observe extent of misconfigurations in global DNS infrastructure – See how they affect response times and availability Passive: collected DNS traces of over 3 million queries as seen from UCLA CS network Active: queried random sample set of DNS zones

6 Count only the DNS traffic exchanges with external sites Measure the delay between first query packet and final response Possible bias incurred since all data taken in University setting Passive Measurements

7 Active Measurements Purpose to overcome bias in passive measurements Implemented specialized DNS resolver Queried randomly selected subset of DNS namespace Also used BGP tables, geo-location info to estimate server locations.

8 What constitutes a misconfiguration? Reliable DNS operations depend on the following: – Appropriate placement of redundant servers for high availability – Manual input of each zone’s database for correct setting – Coordination between parent and child zones for consistency Any of the above is considered a configuration error

9 3 Measured Misconfigurations Lame Deligation – 70% of lame deligation zones reduced avail NSs for a Zone in half Diminished Server Redundancy Cyclic Zone Dependency First two were previously known of, the third was discovered by this paper. – No previous quantitative study to gauge performance impact or extent on internet

10 Lame Delegation Cause: operator of zone C makes changes to authoritative servers, but fails to coordinate with operator for parent zone P to update P accordingly Remember: zone P must store the list of NS RRs pertaining to it’s child zone C.

11 Lame Delegation (cont) Decreases zone availability – Both previous examples only had 1 server to give response even though RRs showed a seemingly redundant set of servers Increases query response time – Example 1: a useless referral is sent – Example 2: need to timeout before trying another Best case: lame server gives non-auth. answer if name has been cached

12 Lame Delegation Types of L.D. – Type I: non-responding server – Type II: DNS error indication – Type III: non-authoritative answer

13 Lame Delegation Results results

14

15 Diminished Server Redundancy If all replicated servers are connected to same local network, redundancy is lost when network fails. If al servers are assigned addresses from same prefix, they will all be unavailable when prefix is unreachable due to routing problems. If all servers are in same location, natural disasters can cause failure.

16 Diminished Server Redundancy Example

17 Diminished Server Redundancy Results

18 Diminished Server Redundancy Impact

19 Cyclic Zone Dependency Happens when two or more zones’ DNS services depend on each other in a circular way Can happen due to configuration errors in either or both of the zones, but more usually all involved zones don’t have noticeable config. errors when viewed separately.

20 Cyclic Zone Dependency Examples Examples

21 Cyclic Zone Dependency Results

22 Detecting Misconfigs Lame Delegation: detect by simple protocol between parent and child zones to periodically check the consistency of NS records Cyclic Zone Dependency: detect via automatic checking by trying to resolve a name through each of the authoritative servers in the zone. Diminished Server Redundancy: different case Also wrote another paper on a tool to proactively detect DNS configuration errors.

23 Secret Sauce First paper to quantitatively measure Lame Delegation and Diminished Server Redundancy First paper to discover Cyclic Zone Dependency ??? Anything else?

24 Conclusion We should realize how important a role human errors play in the systems that we build. – DNS – BGP Future protocol designs should take into account the impact of misconfigurations.

25 THANKS FOR YOUR TIME!

Download ppt "Impact of Configuration Errors on DNS Robustness Vasileios Pappas, Zhiguo Xu, Songwu Lu, Daniel Massey, Andreas Terzis, Lixia Zhang SIGCOMM 2004 Presented."

Similar presentations

Next Generation Internet by R.S. Chang, Dept. CSIE, NDHU1 Configuring Hosts through DHCP Configuring Hosts through DHCP.

Next Generation Internet by R.S. Chang, Dept. CSIE, NDHU1 Configuring Hosts through DHCP Configuring Hosts through DHCP.
Chapter 8 Managing Windows Server 2008 Network Services

Chapter 8 Managing Windows Server 2008 Network Services
Sweeping lame DNS reverse delegations APNIC16 – DNS Operations SIG Seoul, Korea, 20 August 2003.

Sweeping lame DNS reverse delegations APNIC16 – DNS Operations SIG Seoul, Korea, 20 August 2003.
2.1 Installing the DNS Server Role Overview of the Domain Name System Role Overview of the DNS Namespace DNS Improvements for Windows Server 2008 Considerations.

2.1 Installing the DNS Server Role Overview of the Domain Name System Role Overview of the DNS Namespace DNS Improvements for Windows Server 2008 Considerations.
Implementing Domain Name System

Implementing Domain Name System
Routing Basics By Craig Lindstrom. Overview Routing Process Routing Process Default Routing Default Routing Static Routing Static Routing Dynamic Routing.

Routing Basics By Craig Lindstrom. Overview Routing Process Routing Process Default Routing Default Routing Static Routing Static Routing Dynamic Routing.
Domain Name System. DNS is a client/server protocol which provides Name to IP Address Resolution.

Domain Name System. DNS is a client/server protocol which provides Name to IP Address Resolution.
1 Internet Networking Spring 2006 Tutorial 8 DNS and DHCP as UDP applications.

1 Internet Networking Spring 2006 Tutorial 8 DNS and DHCP as UDP applications.
DNS Session 4: Delegation and reverse DNS Joe Abley AfNOG 2006 workshop.

DNS Session 4: Delegation and reverse DNS Joe Abley AfNOG 2006 workshop.
Impact of Configuration Errors on DNS Robustness CSCI 780, Fall 2005.

Impact of Configuration Errors on DNS Robustness CSCI 780, Fall 2005.
Internet Networking Spring 2006 Tutorial 12 Web Caching Protocols ICP, CARP.

Internet Networking Spring 2006 Tutorial 12 Web Caching Protocols ICP, CARP.
1 DNS Tutorial Randy H. Katz CS 294-4: NetRADS Network-oriented Reliable Adaptive Distributed Systems.

1 DNS Tutorial Randy H. Katz CS 294-4: NetRADS Network-oriented Reliable Adaptive Distributed Systems.
Application Layer At long last we can ask the question - how does the user interface with the network?

Application Layer At long last we can ask the question - how does the user interface with the network?
Impact of Configuration Errors on DNS Robustness V. Pappas * Z. Xu *, S. Lu *, D. Massey **, A. Terzis ***, L. Zhang * * UCLA, ** Colorado State, *** John.

Impact of Configuration Errors on DNS Robustness V. Pappas * Z. Xu *, S. Lu *, D. Massey **, A. Terzis ***, L. Zhang * * UCLA, ** Colorado State, *** John.
Hands-On Microsoft Windows Server 2003 Networking Chapter 6 Domain Name System.

Hands-On Microsoft Windows Server 2003 Networking Chapter 6 Domain Name System.
Protecting the BGP Routes to Top Level DNS Servers NANOG-25, June 11, 2002 UCLA Lan Wang Dan Pei Lixia Zhang USC/ISI Xiaoliang Zhao Dan Massey Allison.

Protecting the BGP Routes to Top Level DNS Servers NANOG-25, June 11, 2002 UCLA Lan Wang Dan Pei Lixia Zhang USC/ISI Xiaoliang Zhao Dan Massey Allison.
MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 5 Introduction to DNS in Windows Server 2008.

MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 5 Introduction to DNS in Windows Server 2008.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 7: Planning a DNS Strategy.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 7: Planning a DNS Strategy.
TCP/IP.

TCP/IP.
Understanding Active Directory

Understanding Active Directory

Similar presentations

Ads by Google