Presentation is loading. Please wait.

Presentation is loading. Please wait.

DNS Performance – Areas of improvement? Request for Discussion APNIC 20, DNS SiG, September 8 th, 2005 Mathias Körber Nominum, Inc.

Published byJason Duane Griffith Modified over 8 years ago

Similar presentations

Presentation on theme: "DNS Performance – Areas of improvement? Request for Discussion APNIC 20, DNS SiG, September 8 th, 2005 Mathias Körber Nominum, Inc."— Presentation transcript:

1 DNS Performance – Areas of improvement? Request for Discussion APNIC 20, DNS SiG, September 8 th, 2005 Mathias Körber Nominum, Inc

2 Format 7 2 Introduction Mathias Körber Senior Consulting Engineer Nominum, Inc Mathias.Koerber@nominum.com –based in Singapore –Support and Consulting, mostly Asia Background –1995-2000SingNet –1996-2002affiliated with SGNIC –2000-2002 Nominum, Inc –2003-2004Lightspeed Technologies, Singapore –2004-presentNominum,Inc

3 Format 7 3 Nominum Overview History Focus Commercial–grade IP name and asset management –DNS, DHCP, and IP management products For medium to large deployments –Telco, service providers, finance, retail, government, etc. Technology leadership –Performance –Security –High availability Founded in 1999 Located in Silicon Valley –Growing presence in EMEA and APAC Venture funded by top-tier investors –ATV, Bessemer, Globespan, Morgenthaler, VeriSign, Juniper Networks

4 Format 7 4 Operations Unsurpassed Domain Expertise People Products Developed BIND 9 and ISC-DHCP v3 Operational support for Root Servers E and F RFC Authored by Nominum Employees RFC 882 RFC 883 RFC 973 RFC 1034 RFC 1035 RFC 1101 RFC 1183 RFC 1413 RFC 1414 RFC 1693 RFC 2050 RFC 2154 RFC 2669 RFC 2670 RFC 2786 RFC 2845 RFC 3007 RFC 3008 RFC 3074 RFC 3127 RFC 3225 RFC 3315 RFC 3396 RFC 3442 RFC 3597 RFC 3639 RFC 3655 Dr. Paul Mockapetris, Chief Scientist and Chairman –Inventor of DNS David Conrad, Chief Technical Officer and Founder Ted Lemon, Senior Architect

5 Format 7 5 The Problems we Solve Next Generation Attacks (Security) Always On (Reliability/ Manageability) Dynamic Networks (Flexibility) Traffic Explosion (Scalability) IP Name and Address (DNS/DHCP)

6 Format 7 6 Sample Customers

7 Format 7 7 Product Family ANSDCSCNS FMC DHCP Servers (ISC) Nominum Foundation Product Family Servers Management Console DNS Servers (BIND) Local Manager Supervisor ANS: Authoritative Name Server CNS: Caching Name Server DCS: Dynamic Configuration Server FMC: Foundation Management Center

8 Format 7 8 Increased Demands on DNS Recent (and not so recent) developments are posing increased demands on the DNS eg: –Higher query loads –Larger data sizes –More frequent updates/changes –Need for faster processing

9 Format 7 9 Higher Query loads The internet is experiencing ever increasing DNS traffic Part of it is due to legitimate reasons Part is due to mistakes/accidents and part due to malicious (ab)use

10 Format 7 10 Higher Query loads - Some causes: malicious –Spreading viruses/trojans –Phishing/pharming –(D)DOS attacks »Against nameservers themselves »other parts of networks accidental/unintended »misconfigurations »windows ‘SRV’ updates etc escaping »unnecessarily low TTLs legitimate –Web: »more/diverse links per page »access verification/logging –Automation »RSS feeds –Email »RBL checks »Spam-checks

11 Format 7 11 Higher Query loads (cont) Eg Spam checks –Spam is a “killer” DNS application 75% of ISP DNS requests are MX Lookups (Mail Routing); Non-existent domains increase load –Spam itself is ‘malicious’ –Spam checks are legitimate –Many spam checks require frequent DNS lookups (RBL, valid sender domain etc)

12 Format 7 12 Effects or higher query loads on Caching nameservers –increased memory usage –increased CPU usage –low cache efficiencies Higher rate of dropped queries –clients will retry -> ever higher loads Higher latencies –interactive experience suffers –non-interactive processes slow down Less available overhead to deal with –additionally high traffic situations

13 Format 7 13 More data in the DNS Increased domain registrations –Multilingual domains in addition to ‘English’ ones New Technologies –IPv6 Larger RR sizes Larger zone depth (more zone cuts)? –DNSSEC Highly increased zone sizes –ENUM At least 2 NS per telephone number –Likely many more depending on customer usage and ENUM scheme

14 Format 7 14 More data in the DNS - Effects Larger zones Larger RRsets Deeper hierarchies

15 Format 7 15 More data in the DNS - Effects : On caching nameservers –Reduced cache efficiencies –Higher latencies (cache lookup times) –Deeper hierarchies mean more recursions Verification of –GLUE segregation –DNSSEC signatures

16 Format 7 16 More data in the DNS - Effects On Authoritative NS: –Higher memory requirements Large zones may not even fit –Longer startup/restart times –Large zonetransfers IXFR mitigates this somewhat => Reduced performance

17 Format 7 17 More frequent updates DNS becomes more ‘dynamic’ –Increased use of DDNS Mobile clients DHCP servers updating dynamic client info –Faster domain registrations –Self-help DNS interfaces allowing individual changes –Number portability (ENUM)

18 Format 7 18 More dynamic DNS - Effects Increased demands on master servers –DDNS prerequisite checking Integrity checking atomic updating of changes into zones –Frequent reloading of changed zones possible service interruption during each reload increased memory requirements and processing Increased master-slave traffic NOTIFY IXFR/AXFR Increased query traffic due to lower TTLs employed to make

19 Format 7 19 Demand for faster results Telephony technologies –ENUM –SIP demand fast connection establishment DNS queries must complete in a few ms at most DNSSEC also requires speed

20 Format 7 20 Solutions Add more caching nameservers –Split customer base across servers –anycast –L4 switch infrastructure –Others Disadvantages –added hardware costs –added administrative overheads –limited by resolver limits (# of nameservers) Optimized nameservers

21 Format 7 21 ANS vs BIND Latency ANS Latency <5ms BIND Latency up to 200ms Configuration: HP DL380, 2x2.4Ghz P4 Xeons, 2GB DDR Ram, 2x36GB SCA SCSI 10K, striped with RAID 0, Red Hat Enterprise 3.0 Consistent Low Latency is Critical for ENUM

22 Format 7 22 Comparing BIND and ANS for ENUM BIND 9ANS cold cache ANS warm cache Records in 3.5 Gigs RAM 28 MM>200MM Latency2 seconds0.2 seconds0.003 seconds Queries/Sec 57 493 33,000 CPU Utilization 99% each on two CPU’s 3% 12% Configuration: 2 X AMD 1800+ CPU at 1.5GHz, 3.5 GB RAM, 100Mb Ethernet Interface Red Hat Enterprise 3.0 Server

23 Format 7 23 Solicitation Some problem areas identified Others sure to exist now or arise over time Some can be / have been addressed today How to prepare for new issues?

24 Format 7 24 Solicitation In what other areas do we expect ‘crunch’ ? How can those areas be addressed -DNS engine improvements (design, performance, usability, administrability)? -interoperation (with what?) -network design -procedures

25 Format 7 25 Solicitation (cont) - Would like to learn/discuss ‘regional’ -experiences -concerns -expectations

26 Format 7 26 Solicitation (cont) Asiapac specific issues? Internationalization? Infrastructure issues (limited international connectivity)? Growth industries? How should these be addressed? Future sessions desired (part of DNS SiG or separate)?

27 Format 7 27 Contact Mathias Körber Available tomorrow (Friday) during APNIC member meeting Weekend? Email: Mathias.Koerber@nominum.comMathias.Koerber@nominum.com +65 9815 7807 +1 650 381 6044

Download ppt "DNS Performance – Areas of improvement? Request for Discussion APNIC 20, DNS SiG, September 8 th, 2005 Mathias Körber Nominum, Inc."

Similar presentations

International Telecommunication Union ENUM Issues and Solutions Houlin Zhao Director Telecommunication Standardization Bureau International Telecommunication.

International Telecommunication Union ENUM Issues and Solutions Houlin Zhao Director Telecommunication Standardization Bureau International Telecommunication.
Internet Applications INTERNET APPLICATIONS. Internet Applications Domain Name Service Proxy Service Mail Service Web Service.

Internet Applications INTERNET APPLICATIONS. Internet Applications Domain Name Service Proxy Service Mail Service Web Service.
Managing IP addresses for your private clouds 2013 ASEAN CAS Summit Bangkok, Thailand 7 February 2013 George Kuo Member Services Manager.

Managing IP addresses for your private clouds 2013 ASEAN CAS Summit Bangkok, Thailand 7 February 2013 George Kuo Member Services Manager.
Sergei Komarov. DNS  Mechanism for IP hostname resolution  Globally distributed database  Hierarchical structure  Comprised of three components.

Sergei Komarov. DNS  Mechanism for IP hostname resolution  Globally distributed database  Hierarchical structure  Comprised of three components.
1 Dynamic DNS. 2 Module - Dynamic DNS ♦ Overview The domain names and IP addresses of hosts and the devices may change for many reasons. This module focuses.

1 Dynamic DNS. 2 Module - Dynamic DNS ♦ Overview The domain names and IP addresses of hosts and the devices may change for many reasons. This module focuses.
MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 6 Managing and Administering DNS in Windows Server 2008.

MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 6 Managing and Administering DNS in Windows Server 2008.
Innosoft international inc. Ó 1999 Innosoft International, Inc. Using LDAPv3 for Directory-Enabled Applications & Networking Greg Lavender Director of.

Innosoft international inc. Ó 1999 Innosoft International, Inc. Using LDAPv3 for Directory-Enabled Applications & Networking Greg Lavender Director of.
Sweeping lame DNS reverse delegations APNIC16 – DNS Operations SIG Seoul, Korea, 20 August 2003.

Sweeping lame DNS reverse delegations APNIC16 – DNS Operations SIG Seoul, Korea, 20 August 2003.
2.1 Installing the DNS Server Role Overview of the Domain Name System Role Overview of the DNS Namespace DNS Improvements for Windows Server 2008 Considerations.

2.1 Installing the DNS Server Role Overview of the Domain Name System Role Overview of the DNS Namespace DNS Improvements for Windows Server 2008 Considerations.
Implementing Domain Name System

Implementing Domain Name System
Domain Name System. DNS is a client/server protocol which provides Name to IP Address Resolution.

Domain Name System. DNS is a client/server protocol which provides Name to IP Address Resolution.
Computer Networks: Domain Name System. The domain name system (DNS) is an application-layer protocol for mapping domain names to IP addresses Vacation.

Computer Networks: Domain Name System. The domain name system (DNS) is an application-layer protocol for mapping domain names to IP addresses Vacation.
DNS and DHCP in Dual Stack Networks Lawrence E. Hughes Chairman, InfoWeapons Inc.

DNS and DHCP in Dual Stack Networks Lawrence E. Hughes Chairman, InfoWeapons Inc.
1 DNS. 2 BIND DNS –Resolve names to IP address –Resolve IP address to names (reverse DNS) BIND –Berkeley Internet Name Domain system Version 4 is still.

1 DNS. 2 BIND DNS –Resolve names to IP address –Resolve IP address to names (reverse DNS) BIND –Berkeley Internet Name Domain system Version 4 is still.
Anycast Jennifer Rexford Advanced Computer Networks Tuesdays/Thursdays 1:30pm-2:50pm.

Anycast Jennifer Rexford Advanced Computer Networks Tuesdays/Thursdays 1:30pm-2:50pm.
MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 5 Introduction to DNS in Windows Server 2008.

MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 5 Introduction to DNS in Windows Server 2008.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 7: Planning a DNS Strategy.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 7: Planning a DNS Strategy.
DNS Security Extensions (DNSSEC) Ryan Dearing. Topics History What is DNS? DNS Stats Security DNSSEC DNSSEC Validation Deployment.

DNS Security Extensions (DNSSEC) Ryan Dearing. Topics History What is DNS? DNS Stats Security DNSSEC DNSSEC Validation Deployment.
TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 19 Domain Name System (DNS)

TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 19 Domain Name System (DNS)
Content Delivery Networks. History Early 1990s sees 100% growth in internet traffic per year 1994 o Netscape forms and releases their first browser.

Content Delivery Networks. History Early 1990s sees 100% growth in internet traffic per year 1994 o Netscape forms and releases their first browser.

Similar presentations

Ads by Google