Post on 12-Sep-2018
ManagingandMonitoringaRootDNSService
JohnCrain
ChiefTechnicalOfficer
WhoamI?
• JohnCrain– ChiefTechnologyOfficeratICANN
• InvolvedwithICANNsinceearlydays.• PriortoICANNattheRIPENCCinAmsterdam,
• PriortothataDesignEngineer,designingprocessesfordevelopingAdvancedThermoplasEcComposites.
2
3
WhatisICANN?
• InternaEonal,PublicBenefit,non‐profitorganizaEonchargedwithmanagingtheInternet’sidenEfiersystems.
• Ensuring“SecurityandStability”ofthosesystemsisacoregoals
• OneofthosesystemsistheDomainNameSystem.Specificallythecontentofthe“RootZone”.
3
4 4
5 5
WhyistheDNSimportant
• PeopleusedomainnamestonavigatetheInternet
– DomainnamesarealsousedonbusinesscardsandadverEsing
– Whatcanyoudowithoutyourdomainname?
DomainNameSystem
• TranslatesthehumanusablenamestomachineusableIPaddresses– www.icann.orgto208.77.188.103
• HierarchicalDatabasewiththeentrylevel,knowntoallDNSresolversbeingtheDNSrootnameservers
6
7 7
TheDotYouForgot!
www
icann
org
.
com museum sb fj
http://www.icann.org.
8 8
FindingtheIPaddress(usingwww.ieE.orgasexample)
PC
Local NS
root NS
? ?
Answer
org NS
?
Answer
ietf NS
?
Answer
Answer
Remembers Answer! Caching
Uses “hints file” in server to find roots
Rootserversarepartofthecoreinfrastructure
• 13Serverssystems– Namedathroughm.root‐servers.net– Throughany‐castwehavemorethan100locaEons
• Operatedby12organizaEons– hYp://www.root‐servers.org
• L.root‐servers.netoperatedbyICANN9
10 10
hJp://www.icann.org/maps/root‐servers.htm
MonitoringtheroottakescoordinaOon
• MonitoringcanbedoneexternallywithstandardtoolssuchasDIG,NSLookup,Pingetc.etc.
• GoodexampleisDNSmon
– hYp://dnsmon.ripe.net
11
DNSmonrunbyRIPENCC
• SendsDNSqueriestoserversfrommulEplelocaEonsgivingagoodstatusoftheserviceasseenfrom“TheInternet”.
• Monitorsserversforvariouszones,includingthe“rootzone”
12
DNSmononagoodday
13
DNSmononanotsogoodday
14
DomainNameSystemOperaOons,AnalysisandResearchCenter
• hYp://www.dns‐oarc.net
• FormedasamemberorganizaEonwhereDNSoperatorsandresearchescancollaborateonstudyingtheDNSandonoperaEonalresponsewhenneeded.
15
TLDstatusmonitor
• NagiosrunningscriptswriYenbythemeasurementfactory.
• hYps://tldmon.dns‐oarc.net
• hYps://tldmon.dns‐oarc.net/nagios/
• (WeuseversionsofthesamescriptsformonitoringL‐root)
16
TLDmonfromOARC
17
DayInTheLifeoftheInternet
• AprojectfromCAIDAwithdataprovidedthroughOARC.
• hYp://www.caida.org/projects/ditl/• 48hrdatadumpfromvariousauthoritaEveDNSservers(Including8ofthe13root‐servers)
• Overlapping24hrdatasetused.• 8billionqueriesstudiedin24hrdataset
18
LessonslearntfromDITL
• Amountofunnecessaryqueriestotherootsismassive>97%
• NonexistentTLDS(22%oftotaltraffic!)
• Repeatqueries(serversnotcachinganswer?)• AforAqueries
– (askingfortheIPAddressofanIPaddress)
19
20 20
OperaOngtheLroot
• TwolargeClustersinLosAngelesandMiami.
• Combinedtotalofmorethan80serversansweringDNS.
• Peeringdirectlywithmorethan50networksthroughouttheglobe
LocalMonitoring
• UnElrecentlynogoodDNStrafficmonitoringsonware.
• LotsofNagios/CacEstats– Dig,Ping,Memory/CPUusageetc.
• DomainsStaEsEcsCollector– Developedbythemeasurementfactory– Takeslivefeedoftrafficandplacesstatsintoarraysbasedonpredefinedparameters.
21
Givesliveviewofqueries
• UpdatesXMLfilestoapresenterserverevery60s
– ShowsusmanyofthetrendsthatweseeonDITL
– ForLrootwepublishadelayedversion
– hYp://stats.l.root‐servers.org
22
GlobalDNSRiskSymposium
23
Feb 3-4 2009, Atlanta, Georgia
Goals:
Increase understanding of DNS risk to the user community
Examine strengths and weaknesses of current efforts to share technical practices and operational approaches with a goal of improving collaboration in mitigating risks and filling gaps.
Specific focus areas:
• Understanding large enterprise DNS reliance and enabling effective risk mitigation • Meeting the challenges to secure and resilient DNS operations in the developing world • Identifying and improving collaboration in combating malicious activity leveraging the DNS
24 24
QuesOons?
ThankYou