ManagingandMonitoringaRootDNSService

JohnCrain

ChiefTechnicalOfficer

WhoamI?

•  JohnCrain–  ChiefTechnologyOfficeratICANN

•  InvolvedwithICANNsinceearlydays.•  PriortoICANNattheRIPENCCinAmsterdam,

•  PriortothataDesignEngineer,designingprocessesfordevelopingAdvancedThermoplasEcComposites.

2

3

WhatisICANN?

•  InternaEonal,PublicBenefit,non‐profitorganizaEonchargedwithmanagingtheInternet’sidenEfiersystems.

•  Ensuring“SecurityandStability”ofthosesystemsisacoregoals

•  OneofthosesystemsistheDomainNameSystem.Specificallythecontentofthe“RootZone”.

3

4 4

5 5

WhyistheDNSimportant

•  PeopleusedomainnamestonavigatetheInternet

– DomainnamesarealsousedonbusinesscardsandadverEsing

– Whatcanyoudowithoutyourdomainname?

DomainNameSystem

•  TranslatesthehumanusablenamestomachineusableIPaddresses– www.icann.orgto208.77.188.103

•  HierarchicalDatabasewiththeentrylevel,knowntoallDNSresolversbeingtheDNSrootnameservers

6

7 7

TheDotYouForgot!

www

icann

org

.

com museum sb fj

http://www.icann.org.

8 8

FindingtheIPaddress(usingwww.ieE.orgasexample)

PC

Local NS

root NS

? ?

Answer

org NS

?

Answer

ietf NS

?

Answer

Answer

Remembers Answer! Caching

Uses “hints file” in server to find roots

Rootserversarepartofthecoreinfrastructure

•  13Serverssystems– Namedathroughm.root‐servers.net–  Throughany‐castwehavemorethan100locaEons

•  Operatedby12organizaEons–  hYp://www.root‐servers.org

•  L.root‐servers.netoperatedbyICANN9

10 10

hJp://www.icann.org/maps/root‐servers.htm

MonitoringtheroottakescoordinaOon

• MonitoringcanbedoneexternallywithstandardtoolssuchasDIG,NSLookup,Pingetc.etc.

•  GoodexampleisDNSmon

–  hYp://dnsmon.ripe.net

11

DNSmonrunbyRIPENCC

•  SendsDNSqueriestoserversfrommulEplelocaEonsgivingagoodstatusoftheserviceasseenfrom“TheInternet”.

• Monitorsserversforvariouszones,includingthe“rootzone”

12

DNSmononagoodday

13

DNSmononanotsogoodday

14

DomainNameSystemOperaOons,AnalysisandResearchCenter

•  hYp://www.dns‐oarc.net

•  FormedasamemberorganizaEonwhereDNSoperatorsandresearchescancollaborateonstudyingtheDNSandonoperaEonalresponsewhenneeded.

15

TLDstatusmonitor

•  NagiosrunningscriptswriYenbythemeasurementfactory.

•  hYps://tldmon.dns‐oarc.net

•  hYps://tldmon.dns‐oarc.net/nagios/

•  (WeuseversionsofthesamescriptsformonitoringL‐root)

16

TLDmonfromOARC

17

DayInTheLifeoftheInternet

•  AprojectfromCAIDAwithdataprovidedthroughOARC.

•  hYp://www.caida.org/projects/ditl/•  48hrdatadumpfromvariousauthoritaEveDNSservers(Including8ofthe13root‐servers)

•  Overlapping24hrdatasetused.•  8billionqueriesstudiedin24hrdataset

18

LessonslearntfromDITL

•  Amountofunnecessaryqueriestotherootsismassive>97%

•  NonexistentTLDS(22%oftotaltraffic!)

•  Repeatqueries(serversnotcachinganswer?)•  AforAqueries

–  (askingfortheIPAddressofanIPaddress)

19

20 20

OperaOngtheLroot

•  TwolargeClustersinLosAngelesandMiami.

•  Combinedtotalofmorethan80serversansweringDNS.

•  Peeringdirectlywithmorethan50networksthroughouttheglobe

LocalMonitoring

•  UnElrecentlynogoodDNStrafficmonitoringsonware.

•  LotsofNagios/CacEstats–  Dig,Ping,Memory/CPUusageetc.

•  DomainsStaEsEcsCollector–  Developedbythemeasurementfactory–  Takeslivefeedoftrafficandplacesstatsintoarraysbasedonpredefinedparameters.

21

Givesliveviewofqueries

•  UpdatesXMLfilestoapresenterserverevery60s

–  ShowsusmanyofthetrendsthatweseeonDITL

–  ForLrootwepublishadelayedversion

–  hYp://stats.l.root‐servers.org

22

GlobalDNSRiskSymposium

23

Feb 3-4 2009, Atlanta, Georgia

Goals:

Increase understanding of DNS risk to the user community

Examine strengths and weaknesses of current efforts to share technical practices and operational approaches with a goal of improving collaboration in mitigating risks and filling gaps.

Specific focus areas:

• Understanding large enterprise DNS reliance and enabling effective risk mitigation • Meeting the challenges to secure and resilient DNS operations in the developing world • Identifying and improving collaboration in combating malicious activity leveraging the DNS

24 24

QuesOons?

ThankYou