Upload File

reducing rtt of dns query resolution

14
Reducing RTT of DNS query resolution Speaker: Gopinath Palaniappan 22 nd January 2020 1

Upload: others

Post on 03-Apr-2022

13 views

Category:

Documents


0 download

Report

TRANSCRIPT

Page 1: Reducing RTT of DNS query resolution

Reducing RTT of DNS query resolution

Speaker: Gopinath Palaniappan

22nd January 2020

1

Page 2: Reducing RTT of DNS query resolution

Conventional approach of DNS Query Resolution

2

Page 3: Reducing RTT of DNS query resolution

Conventional approach of DNS Query Resolution

3

“In the conventional approach, the RR server spends

considerable time to reach out to the closest root server”

Page 4: Reducing RTT of DNS query resolution

RFC 7706 based approach of DNS Query Resolution

4

Page 5: Reducing RTT of DNS query resolution

RFC 7706 based approach of DNS Query Resolution

5

“In the RFC 7706 based approach, the loopback server

containing root data is hosted on the RR server itself to avoid

visiting the root servers for root data”

Page 6: Reducing RTT of DNS query resolution

RFC 7706 based approach of DNS Query Resolution

6

● Pre-requisites:

○ Must have a software to do the configuration changes.

Example: Bind 9.9.4

○ Capable of running an authoritative server on one of its

loopback addresses (127/8 in IPv4 and ::1 in IPv6).

○ Must be able to retrieve a copy of the entire root zone

including all DNSSEC-related records, and validate them.

Page 7: Reducing RTT of DNS query resolution

RFC 7706 based approach of DNS Query Resolution

7

● Places to look for root zone data:

Root server operators b.root-servers.net

c.root-servers.net

f.root-servers.net

g.root-servers.net

k.root-servers.net

DNS servers from ICANN xfr.lax.dns.icann.org

xfr.cjr.dns.icann.org

Page 8: Reducing RTT of DNS query resolution

RFC 7706 based approach of DNS Query Resolution

8

● Procedure:

○ Add the following configuration settings to “named.conf”:view root {

match-destinations { 127.0.0.1; };

zone “.” {

type slave;

file “rootzone.db”;

notify no;

masters {

192.228.79.201;

192.33.4.12;

192.5.5.241;

192.112.36.4;

Page 9: Reducing RTT of DNS query resolution

RFC 7706 based approach of DNS Query Resolution

9

● Procedure:

○ Add the following configuration settings to “named.conf”:193.0.14.129;

192.0.47.132;

192.0.32.132;

2001:500:84::b;

2001:500:2f::f;

2001:7fd::1;

2620:0:2830:202::132

2620:0:2d0:202::132

};

};

};

Page 10: Reducing RTT of DNS query resolution

RFC 7706 based approach of DNS Query Resolution

10

● Procedure:

○ Add the following configuration settings to “named.conf” to

enable root zone transfer with DNSSEC:

view recursive {

dnssec-validation auto;

allow-recursion { any; };

recursion yes;

zone “.” {

type static-stub;

server-addresses { 127.0.0.1; } ;

};

};

Page 11: Reducing RTT of DNS query resolution

RTT for domain resolution with and without RFC 7706

11

Page 12: Reducing RTT of DNS query resolution

Advantages of implementing RFC 7706 at RR

12

● Reduced RTT

● Resiliency against DDoS on the root server system

Page 13: Reducing RTT of DNS query resolution

References

13

● RFC 7706: https://tools.ietf.org/html/rfc7706

● Procedure for configuring DNS Bind server on CentOS 7:

https://www.itzgeek.com/how-tos/linux/centos-how-

tos/configure-dns-bind-server-on-centos-7-rhel-7.html

https://tools.ietf.org/html/rfc7706
https://www.itzgeek.com/how-tos/linux/centos-how-tos/configure-dns-bind-server-on-centos-7-rhel-7.html
Page 14: Reducing RTT of DNS query resolution

Thank [email protected]

14


MS Exchange Server Error 451 4.4.0 DNS Query Failed

Pseudo Random DNS Query Attacks and Resolver Mitigation Approaches

Wireshark Lab: DNS v7users.wpi.edu/.../Lab2/Wireshark_DNS_v7.0_updated_2019.pdf · 2019-09-08 · 7. Examine the DNS query message. ... computers, while performing the steps indicated

Open Resolvers and the Threat of Reflection Attackscondor.depaul.edu/~jkristof/slides/dns-ctinetseminar.pdfSome Multifaceted Probing Techniques • Query for whoareyou.ultradns.net

Computer Networking Exercises - USI InformaticsExercise 1. Consider a DNS query of type A within a DNS system containing IN class information. Using boxes to represent servers and

Packet Analysis 20190526 · 2019-05-27 · DNS Query Query size 2 answers. 10 Reading tcpdumpOutput •TCP packets: ... –to examine security problems •Developers use it: ... •Run

DNS query trends seen at Root and JP · DNS query trends seen at Root and JP Kazunori Fujiwara, JPRS [email protected] 2016/6/14, NANOG 67 DNS Track

Runninggg Out of Integers - Ben Edelman · IPv6 v4 Proxy DNS Server DNS Query: www google com DNS R l 3ff3:501:41c:c1ad::d8ef:3b68 NAT-PT Server DNS Reply 3ff3:501:41c:c1ad::d8ef:3b68

IPv6 and the DNS · resolve a DNS name may initiate a search within the hierarchical DNS name space, so that one original query may trigger a sequence of queries. If we take the perspective

Applications Layer Protocols - GitHub Pages · Each ISP (residential ISP, company, university) has one. also called “default name server” When host makes DNS query, query is sent

Wireshark Lab: DNS - Unicamcomputerscience.unicam.it/marcantoni/reti/laboratorio... · 2018-11-05 · ANSWER: The destination port of the DNS query is 53 and the source port of the

Syllabus Rtt

DNS Load Balancing in ONTAP · 2020. 11. 6. · A conditional forwarder is a DNS server on a network that forwards DNS queries according to the DNS domain name in the query. For example,

F5 Silverline DDoS Protection | F5 Product DatasheetLTM DNS ASM vCMP Physical Virtual LTM ASM DDoS Attacker DDoS Attacker Customer Partner DNS attacks: DNS amplification, query flood,

CS4/MSc Computer Networking · • Each ISP (residential ISP, company, university) has one. – Also called “default name server” • When a host makes a DNS query, query is sent

DNS/DNSSEC Workshop...| 14 Avoiding Common Misconceptions • Not all internet traffic goes through a root server • Not every DNS query is handled by a root server • Root servers

IP Addressing: DNS Configuration Guide, Cisco IOS XE ... · DNS View Usage Restrictions Based on the Query Source IP Address AstandardIPACLisanumberedornamedsetofhostIPaddress-matchingrules,witheachrulespecifying

Content Distribution Networks - Rutgers Universitybadri/552dir/notes/W11-one.pdf · DNS Protocol When client wants to know an IP address for a host name Client sends a DNS query to

Gulliver Project ‐ status update in 2009€¦ · • Probes DNS reachability from worldwide locaons – RTT, Query Timeout – Node ID (hostname.bind or server.id) • 30 Probe

DNSSEC in Windows DNS Server...1 A DNS client sends a DNS query to a recursive DNS server. The DNS client can indicate that it is DNSSEC-aware (DO=1). 2 The recursive DNS server sends

Protecting Privacy: The Evolution of DNS Security · 2018-05-11 · Verisign Public DNS Resolution • Resolution. is the process of answering a query by following the hierarchy of

1x rtt traffic_management_part_i

Grandstream Networks, Inc.€¦ · Configuring DNS-SRV On Grandstream ... if this domain offers different servers for the same service (SIP), DNS SRV can ... DNS – SRV query List

RTT matters

Optimizing DNS-SD query using TXT records

1 Simplified DNS Query under IPv4/IPv6 Mixed Environment Hiroshi KITAMURA NEC Corporation [email protected]

for the Datacenter TIMELY: RTT-based Congestion Controlnetseminar.stanford.edu/seminars/12_03_15.pdf · Overview RTT Measurement Engine Timestamps RTT Rate Computation Engine Pacing

Wireshark Lab: DNS - Marmara Üniversitesimimoza.marmara.edu.tr/.../CEN335/LAB/Wireshark_DNS_v7.pdf · 2017-04-24 · 7. Examine the DNS query message. ... computers, while performing

UDP UDP DNS Query (M)Stream ICMP HTTP Get URI-GET x URI ...aodun.com.cn/static/copy/yc.pdf · UDP UDP DNS Query (M)Stream ICMP HTTP Get URI-GET x URI-POSTX Cookie ) OSPFX TELNETS

Context-aware Clustering of DNS Query Traffic

DNS Query Sent by Heavy Users and DNS Prefetch Effect

1x rtt traffic_management_part_ii

HOW SHAREPOINT WORKS By Gary Newman. Root Folder Virtual Directories SP Farm DNS Iterative Forward DNS query for A host record HTTP request HTML & JS

Practices on DNS management and Domain Name Emerging Topicswunca.uni.net.th/wunca_regis/wunca33_doc/14/010... · Local DNS Resolver.TH Name Server ROOT Name Server Query Connect to

Robert Nagy - Infoblox€¦ · DH CP F O Pe er Cache DNS Only Remote Sites Small to L arge IP AM F eed Internet Root DNS Servers d Query d Query d Query Optional: Dedicated F F F