DNS Observatory: The big picture of the DNS

Pawel Foremski, Oliver Gasser, Giovane C.M. Moura

Research output: Chapter in Book/Conference proceedings/Edited volumeConference contributionScientificpeer-review

11 Citations (Scopus)

Abstract

The Domain Name System (DNS) is thought of as having the simple-sounding task of resolving domains into IP addresses. With its stub resolvers, different layers of recursive resolvers, authoritative nameservers, a multitude of query types, and DNSSEC, the DNS ecosystem is actually quite complex. In this paper, we introduce DNS Observatory: a new stream analytics platform that provides a bird's-eye view on the DNS. As the data source, we leverage a large stream of passive DNS observations produced by hundreds of globally distributed probes, acquiring a peak of 200 k DNS queries per second between recursive resolvers and authoritative nameservers. For each observed DNS transaction, we extract traffic features, aggregate them, and track the top-k DNS objects, e.g., the top authoritative nameserver IP addresses or the top domains. We analyze 1.6 trillion DNS transactions over a four month period. This allows us to characterize DNS deployments and traffic patterns, evaluate its associated infrastructure and performance, as well as gain insight into the modern additions to the DNS and related Internet protocols. We find an alarming concentration of DNS traffic: roughly half of the observed traffic is handled by only 1 k authoritative nameservers and by 10 AS operators. By evaluating the median delay of DNS queries, we find that the top 10 k nameservers have indeed a shorter response time than less popular nameservers, which is correlated with less router hops. We also study how DNS TTL adjustments can impact query volumes, anticipate upcoming changes to DNS infrastructure, and how negative caching TTLs affect the Happy Eyeballs algorithm. We find some popular domains with a a share of up to 90 % of empty DNS responses due to short negative caching TTLs. We propose actionable measures to improve uncovered DNS shortcomings.

Original languageEnglish
Title of host publicationIMC'19
Subtitle of host publicationProceedings of the 2019 ACM Internet Measurement Conference
PublisherAssociation for Computing Machinery (ACM)
Pages87-100
Number of pages14
ISBN (Electronic)9781450369480
DOIs
Publication statusPublished - 21 Oct 2019
Event19th ACM Internet Measurement Conference, IMC 2019 - Amsterdam, Netherlands
Duration: 21 Oct 201923 Oct 2019

Conference

Conference19th ACM Internet Measurement Conference, IMC 2019
Country/TerritoryNetherlands
CityAmsterdam
Period21/10/1923/10/19

Fingerprint

Dive into the research topics of 'DNS Observatory: The big picture of the DNS'. Together they form a unique fingerprint.

Cite this