EDNS0 - the need for speed Lawrence Conroy Roke Manor Research This draft has been produced by Lawrence Conroy

Slides:



Advertisements
Similar presentations
DNSSEC Support in SOHO CPE OARC Workshop Ottawa 24 th September 2008.
Advertisements

Chapter 16. Windows Internet Name Service(WINS) Network Basic Input/Output System (NetBIOS) N etBIOS over TCP/IP (NetBT) provides commands and support.
Neighbor Discovery for IPv6 Mangesh Kaushikkar. Overview Introduction Terminology Protocol Overview Message Formats Conceptual Model of a Host.
CE363 Data Communications & Networking Chapter 7 Network Layer: Internet Protocol.
Sergei Komarov. DNS  Mechanism for IP hostname resolution  Globally distributed database  Hierarchical structure  Comprised of three components.
DNS Alphabet Soup. IPv6 Increases packet size Both transport and question/answer sections Preference: goes first Fragmentation done by end points (ICMPv6!)
IETF-751 Olafur Gudmundsson Andrew Sullivan.
Chapter 20 Network Layer: Internet Protocol Stephen Kim 20.1.
2.1 Installing the DNS Server Role Overview of the Domain Name System Role Overview of the DNS Namespace DNS Improvements for Windows Server 2008 Considerations.
A Question of Protocol Geoff Huston APNIC. Originally there was RFC791:
Hands-On Microsoft Windows Server 2003 Networking Chapter 6 Domain Name System.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 8: Managing and Troubleshooting DNS.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 7: Planning a DNS Strategy.
TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 19 Domain Name System (DNS)
1 Spring Semester 2007, Dept. of Computer Science, Technion Internet Networking recitation #12 LSNAT - Load Sharing NAT (RFC 2391)
25.1 Chapter 25 Domain Name System Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
Domain Name System ( DNS )  DNS is the system that provides name to address mapping for the internet.
IP/ICMP Translation Algorithm (IIT) Xing Li, Congxiao Bao, Fred Baker
Chapter Overview TCP/IP Protocols IP Addressing.
Ch25 Ameera Almasoud 1 Based on Data Communications and Networking, 4th Edition. by Behrouz A. Forouzan, McGraw-Hill Companies, Inc., 2007.
A question of protocol Geoff Huston APNIC 36. Originally there was RFC791: “All hosts must be prepared to accept datagrams of up to 576 octets (whether.
Basic DNS Course Lecturer: Ron Aitchison. Module 1 DNS Theory.
TCP/IP Networking sections 13.2,3,4,5 Road map: TCP, provide connection-oriented service IP, route data packets from one machine to another (RFC 791) ICMP,
© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 4: Addressing in an Enterprise Network Introducing Routing and Switching in the.
Chapter 16 – DNS. DNS Domain Name Service This service allows client machines to resolve computer names (domain names) to IP addresses DNS works at the.
DHCP: Dual-Stack Issues draft-ietf-dhc-dual-stack-01 Tim Chown dhc WG, IETF 60, San Diego, August 2, 2004.
University of Calgary – CPSC 441.  UDP stands for User Datagram Protocol.  A protocol for the Transport Layer in the protocol Stack.  Alternative to.
Geoff Huston APNIC Labs
Test cases for domain checks – a step towards a best practice Mats Dufberg,.SE Sandoche Balakrichenan, AFNIC.
70-291: MCSE Guide to Managing a Microsoft Windows Server 2003 Network Chapter 7: Domain Name System.
25.1 Chapter 25 Domain Name System Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
Chapter 17 Domain Name System
Tyre Kicking the DNS Testing Transport Considerations of Rolling Roots Geoff Huston APNIC.
ENUM Implementation Experiences Lawrence Conroy Roke Manor Research
TCP/IP Protocol Suite 1 Chapter 17 Upon completion you will be able to: Domain Name System: DNS Understand how the DNS is organized Know the domains in.
Domain Name System CH 25 Aseel Alturki
October 8, 2015 University of Tulsa - Center for Information Security Microsoft Windows 2000 DNS October 8, 2015.
DNS Security Pacific IT Pros Nov. 5, Topics DoS Attacks on DNS Servers DoS Attacks by DNS Servers Poisoning DNS Records Monitoring DNS Traffic Leakage.
TCOM 515 IP Routing. Syllabus Objectives IP header IP addresses, classes and subnetting Routing tables Routing decisions Directly connected routes Static.
Internet and Intranet Protocols and Applications Lecture 5 Application Protocols: DNS February 20, 2002 Joseph Conron Computer Science Department New York.
Internetworking Internet: A network among networks, or a network of networks Allows accommodation of multiple network technologies Universal Service Routers.
Naming March 8, Networks What is naming?  Associations between some elements in a set of names and some elements in a set of values  Binding.
Internetworking Internet: A network among networks, or a network of networks Allows accommodation of multiple network technologies Universal Service Routers.
1 Kyung Hee University Chapter 18 Domain Name System.
DNS SRV and NAPTR Use for SPEERMINT - Tom Creighton, Gaurav Khandpur Comcast SPEERMINT Intermin Meeting Philadelphia Sept
ICMP
1 An Error Reporting Mechanism (ICMP). 2 IP Semantics IP is best-effort Datagrams can be –Lost –Delayed –Duplicated –Delivered out of order –Corrupted.
TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 19 Domain Name System (DNS)
SIP working group IETF#70 Essential corrections Keith Drage.
Firewalls A brief introduction to firewalls. What does a Firewall do? Firewalls are essential tools in managing and controlling network traffic Firewalls.
Project 3 Overview Spring 2010 Recitation #9.
TCP/IP Protocol Suite 1 Chapter 17 Upon completion you will be able to: Domain Name System: DNS Understand how the DNS is organized Know the domains in.
Draft-ietf-pim-port-03 wglc. WGLC responses Thomas suggested a long list of changes, mostly editorial –I believe I addressed all Dimitri also had comments.
Networking (Cont’d). Congestion Control l Is achieved by informing nodes along a route that congestion has occurred and asking them to reduce their packet.
SCVP-28 Tim Polk November 8, Current Status Draft -27 was submitted in June ‘06 –AD requested a revised ID 8/11 –No related discussion on list –Editors.
Open DNS resolvers have to be closed ● Open resolvers respond to recursive queries from any host on the Internet ● Amplification DNS attack 2.
Ch. 23, 25 Q and A (NAT and UDP) Victor Norman IS333 Spring 2015.
Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved DISTRIBUTED SYSTEMS.
IP - Internet Protocol No. 1  Seattle Pacific University IP: The Internet Protocol Kevin Bolding Electrical Engineering Seattle Pacific University.
Monitoring, analyzing and cleaning DNS configuration errors across European NRENs Slavko Gajin University of Belgrade, Serbia
Lecture 13 IP V4 & IP V6. Figure Protocols at network layer.
Monitoring, analyzing and cleaning DNS configuration errors across European NRENs Slavko Gajin University of Belgrade, Serbia
18 January 2006 Copenhagen ERO - TISPAN WG4 meeting
KSK Rollover Update David Conrad, CTO ICANN 59 – ccNSO Members Meeting
Teemu Savolainen (Nokia) MIF WG IETF#75 28-July-2009
Geoff Huston APNIC Labs September 2017
Joao Damas, Geoff Labs March 2018
Subject Name: Computer Communication Networks Subject Code: 10EC71
Issues in Client/Server Programming
IETF 87 DHC WG Berlin, Germany Thursday, 1 August, 2013
Presentation transcript:

EDNS0 - the need for speed Lawrence Conroy Roke Manor Research This draft has been produced by Lawrence Conroy and Jim Reid - please complain to them at these mail addresses, or on the ENUM

8th November 2005Lawrence ConroyIetf64-lwc: 2 Topics  Heads Up! - EDNS0 needed for ENUM  What is in it? - for the hard of reading  Issues  What is Reasonable? - size matters  Why This Matters to You - Actions/Requests

8th November 2005Lawrence ConroyIetf64-lwc: 3 Heads Up!  From experience, there are a number of ENUM zones with data that won’t fit into “RFC1035 basic” messages –This is true for ANY queries, as well as NAPTR-specific ones –For ENUM (a.k.a. “user” ENUM) this is unlikely to go away –For “carrier” or “private ENUM”, this will also be a problem  Supporting a significant chunk of queries using TCP is: –Slow, due to delayed TCP fallback –Generates much more network traffic –Places major load on DNS servers that are not designed for it –For most TCP stacks in servers, limits rate of responses  Solution - use EDNS0 (RFC2671) with Size Option set

8th November 2005Lawrence ConroyIetf64-lwc: 4 What’s In It?  Resolvers (both “Stub” and “Recursive”) will send EDNS0-aware queries with the size option set to a reasonable value –This just consists of tagging 11 fixed octets onto the end of a request, and bumping a counter in the query to 1 - hardly rocket science  All DNS Servers queried in an ENUM resolution need to respond to such EDNS0 “sized” queries –As an aside, the root servers and those responsible for.arpa. and.e164.arpa. do this already, so this means that all ENUM “Tier 1” and “Tier 2” servers must be configured to support the EDNS0 size option - basically, don’t switch off the configuration option

8th November 2005Lawrence ConroyIetf64-lwc: 5 Issues - I  A DNS server holding RRsets larger than will “fit” in an “RFC 1035 basic” UDP response and that does not respond to queries using TCP is broken/misconfigured –The “fallback” mechanism in RFC 1123 and in RFC 2671 (EDNS0) implies that TCP is used - if the server does not support this, there is no way to resolve the query. This is true with or without EDNS0 support  Supporting EDNS0 will avoid using TCP for most queries, and will improve performance for ENUM queries that exceed the “RFC 1035 basic” size, but…

8th November 2005Lawrence ConroyIetf64-lwc: 6 Issues - II  The intervening network may have a small MTU, and so EDNS0-aware responses MAY result in fragments –This is an obscure point, but it is both Bad and Wrong for a DNS server or intermediate node to assume that fragments will never occur for DNS messages carried over UDP transport  Of course, anything “in the middle” should not break valid DNS queries –This is “stating the obvious”, but it does warrant a reminder From painful experience, it is hard to debug such brokenness

8th November 2005Lawrence ConroyIetf64-lwc: 7 What is Reasonable? - size matters  This draft mandates EDNS0 Size Option support and use  It does not specify what the minimum reported size should be in such ENUM queries  In the authors’ humble opinions, this is an operational advice issue, and so is a suitable subject for the BCP (Experiences) draft - i.e. there is no deterministic answer –(our bet is 1280 bytes, but YMMV - comments welcome) –As an aside, over time this may need to increase, as support for the OK bit (and DNSSEC) introduces larger responses

8th November 2005Lawrence ConroyIetf64-lwc: 8 Why This Matters to You - Actions/Requests  Please can this be made an ENUM WG draft and progressed rapidly on the standards track  Please can we get DNSOPS gurus to check this draft, to ensure we haven’t broken anything  IF this is done, THEN we can up-issue the Experiences draft “one more time”: –To remove duplication in its section 6 (referring to this draft) –To insert discussion of appropriate minimum size option values

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.