SlideShare a Scribd company logo

DNS-OARC 34: Measuring DNS Flag Day 2020

APNIC
APNIC

APNIC Chief Scientist Geoff Huston presents on the change in the behaviour of DNS recursive resolvers in response to DNS Flag Day 2020.

Internet
1 of 29
Download to read offline
Measuring DNS Flag Day 2020 Geoff Huston Joao Damas APNIC Labs 1
DNS Flag Day 2020 2
DNS Flag Day 2020 3
DNS Flag Day 2020 4
What Happened? We’d like to look at two aspects of this work: • What happened on 1 October 2020 (and thereafter) in the DNS? • Is that recommended value of 1,232 just right? Too small? Too large? 5
Looking at EDNS(0) Buffer Sizes Jan 2020 – August 2020 • 4,096 used by queries from 80% - 95% of users • 512 (no size specified) used by 10% of users • Weekday / Weekend profile suggesting a difference between enterprise and access ISP profiles These results are from looking at queries between recursive e resolvers and authoritative servers 6
Flag Day 2020 Flag Day August 2020 – December 2020 • Use of 4,096 buffer size dropped from ~84% to 70% of users by December • Rise in 1,400 buffer size to 8% of users 7
UDP Fragmentation Flag Day August 2020 – December 2020 • Fragmentation avoidance settings rose from 12% of users to ~22% of users EDNS(0) UDP Buffer Size > MTU EDNS(0) UDP Buffer Size < MTU 8
UDP Fragmentation Avoidance Flag Day August 2020 – December 2020 • 1,232 is now used by 5% of users • 1,400 is now used by 7% of users • 284 different sizes between 512 and 1472 observed in this data set 9
Pick a Size • Is there a “right” size for this parameter? • What are we attempting to achieve here when trying to select the threshold point to get the DNS to switch to use TCP? • Should we use a low value and switch “early”? • Should we use a high value and switch “late”? 10
IP and Packet Sizes IPv4 IPv6 Minimum IP Packet Size 20 40 Maximum Assurred Unfragmented Packet Size 68 1,280 Assured Host Packet Size <= 576 <= 1,500 Maximum Packet Size 65,535 65,575* *4,294,967,33 6 (Jumbogram) 11
Some Questions • Why choose 1,232 octets as the threshold point to truncate a UDP response in Flag Day 2020? • How bad is UDP Fragmentation loss in the DNS? • How bad is TCP in the DNS? 12
Mesurement Challenges • How to perform a large scale measurement? • We embed the measurement in an advertisement to distribute the measurement script to a broad set of test cases • How to detect DNS resolution success? • We use a technique of “glueless” delegation to force a resolve to explicitly resolve the name of a name server – a successful resolution is signalled by the resumption of the original resolution task • How to characterise DNS behaviour? • We pad the response to create the desired response size. Each test uses a response size selected at random from 11 pad sizes. We also use an unpadded short response as a control 13
Limitations • We are measuring the DNS path between recursive resolvers and the authoritative name servers. This is a measurement of the “interior” of the Internet. It is not a measurement of the stub-to-recursive paths at the edge of the network. • Some resolvers alter their behaviour when resolving name server names • In some 30% of cases the EDNS(0) Buffer Size is either dropped from the query, or dropped below 1452 octets 14
Limitations • In some 30% of cases the EDNS(0) Buffer Size is either dropped from the query, or dropped below 1452 octets 15
“Base Test” September 2020 Size Tests Passed Failed Rate 1230 4,303,845 4,282,457 21,388 0.50% 1270 4,308,667 4,287,046 21,621 0.50% 1310 4,307,456 4,286,064 21,392 0.50% 1350 4,304,230 4,282,752 21,478 0.50% 1390 4,310,182 4,288,413 21,769 0.51% 1430 4,303,906 4,281,858 22,048 0.51% 1470 4,308,722 4,269,785 38,937 0.90% 1510 4,303,923 4,197,910 106,013 2.46% 1550 4,306,824 4,194,465 112,359 2.61% 1590 4,300,559 4,187,575 112,984 2.63% 1630 4,305,525 4,191,994 113,531 2.64% Onset of server UDP fragmentation 16
TCP behaviour This selects the subset of cases where the recursive resolver was passed a truncated UDP response, which should trigger the resolver to use TCP Responses which are larger than 1,430 octets show a higher loss rate Size TCP Use Pass Fail NO TCP NO ACK TCP OK 1230 9% 98.7% 1.3% 11.4% 28.3% 60.3% 1270 13% 99.0% 1.0% 12.2% 27.7% 60.1% 1310 13% 99.0% 1.0% 13.2% 26.4% 60.4% 1350 13% 99.0% 1.0% 13.0% 27.9% 59.0% 1390 14% 99.0% 1.0% 15.2% 27.1% 57.7% 1430 14% 99.1% 0.9% 15.7% 25.9% 58.5% 1470 30% 98.5% 1.5% 9.2% 58.3% 32.5% 1510 36% 98.1% 1.9% 22.7% 47.2% 30.1% 1550 36% 98.1% 1.9% 23.2% 46.8% 30.0% 1590 36% 98.1% 1.9% 24.5% 45.7% 29.8% 1630 36% 98.1% 1.9% 25.6% 45.5% 28.9% Truncated UDP response, no followup TCP Stalled TCP session with missing ACK from data segment Completed TCP session but no signal of resumption of original resolution 17
TCP behaviour TCP shows a base failure rate of some 1% to 2% of tests • For smaller responses this may be due to enthusiastic filtering of TCP port 53 packets • For larger responses TCP “Black Hole” factors may be involved, as the server was configured to use a local 1,500 octet MTU and maximum size TCP data segments may have triggered Path MTU pathologies 18
Forcing TCP • Here we set the server’s max buffer size to 512, forcing all resolution attempts to use TCP DNS Response Size Tests TCP Pass Rate TCP Fail Rate IPv4 Failure Rate IPv6 Failure Rate 1150 1,104,539 98.5% 1.6% 1.9% 1.6% 1190 1,105,126 98.5% 1.6% 1.9% 1.6% 1230 1,105,601 98.5% 1.6% 1.9% 1.6% 1270 1,104,571 98.5% 1.6% 1.9% 1.6% 1310 1,104,521 98.5% 1.6% 1.9% 1.6% 1350 1,104,068 98.5% 1.6% 2.0% 1.6% 1390 1,105,080 98.5% 1.6% 1.9% 1.6% 1430 1,104,527 98.5% 1.6% 1.9% 1.6% 1470 1,103,423 98.3% 1.8% 2.1% 1.8% 1510 1,104,960 98.3% 1.8% 2.1% 1.8% 1550 1,105,566 98.3% 1.8% 2.1% 1.8% 1590 1,103,609 98.3% 1.8% 2.1% 1.8% 1630 1,106,284 98.3% 1.8% 2.1% 1.8% IPv4 shows a slightly higher failure rate than IPv6 19
UDP behaviour This selects the subset of cases where the recursive resolver was not passed a truncated UDP response and did not attempt a TCP connection Size UDP Use Pass Fail 1230 91% 99.6% 0.4% 1270 87% 99.6% 0.4% 1310 87% 99.6% 0.4% 1350 87% 99.6% 0.4% 1390 86% 99.6% 0.4% 1430 86% 99.6% 0.4% 1470 70% 99.4% 0.6% 1510 64% 97.2% 2.8% 1550 64% 97.0% 3.0% 1590 64% 97.0% 3.0% 1630 64% 97.0% 3.0% Onset of server UDP fragmentation 20
UDP behaviour UDP shows a base failure rate of some 0.5% to 3% of tests • For smaller responses this may be due to residual filtering of UDP port 53 packets greater than 512 octets in size • For larger responses UDP fragmentation is the likely factor where the buffer size permits the server to transmit fragmented UDP packets, but they appear not to reach the resolver client 21
Forcing UDP • Here we alter the server to treat all queries as if they had signalled a buffer size of 4,096 octets DNS Response Size Tests UDP Pass Rate UDP Fail Rate IPv4 Failure Rate IPv6 Failure Rate 1150 1,140,192 99.6% 0.4% 0.6% 0.1% 1190 1,138,792 99.6% 0.4% 0.6% 0.1% 1230 1,273,730 99.6% 0.4% 0.6% 0.1% 1270 1,272,765 98.1% 1.9% 2.4% 1.2% 1310 1,275,436 98.2% 1.8% 2.4% 1.2% 1350 1,272,634 98.2% 1.8% 2.4% 1.2% 1390 1,273,332 98.1% 1.9% 2.4% 1.2% 1430 1,274,189 97.8% 2.2% 2.6% 1.6% 1470 1,274,581 96.9% 3.1% 3.7% 17.6% 1510 1,273,496 85.0% 15.0% 14.2% 17.6% 1550 1,274,776 85.0% 15.0% 14.4% 17.7% 1590 1,276,441 85.1% 14.9% 14.4% 17.6% 1630 1,275,233 85.1% 14.9% 14.5% 17.6% Onset of server UDP fragmentation 22
Forcing UDP • A number of resolvers will discard a DNS response if it is larger than the original buffer size • This appears to occur in some 2% - 3% of cases • A number of resolvers do not receive fragmented UDP packets • This appears to occur in ~11% of cases in IPv4, and ~15% of cases in IPv6 23
DNS Flag Day 2020 We appear to have repurposed the EDNS(0) Buffer Size parameter • It was originally designed as a signal from the client to the server of the client’s capability to receive a DNS response over UDP • Oddly enough no comparable signal was defined for TCP, even though, presumably, the same client-side memory limitations for DNS payloads would exist • It appears to have been intended as a UDP mechanism that “can help improve the scalability of the DNS by avoiding widespread use of TCP for DNS transport.” (RFC 6891) • The Flag Day measures appear to repurpose this parameter as a UDP fragmentation avoidance signal 24
DNS Transport Considerations • Unfragmented UDP is relatively fast, stable and efficient • There is a slight increase in drop rates above 512 octets to around 0.5% • There is no visible change in drop rates in payloads up to 1500 octets in size • Fragmented UDP has a very high drop rate • Between 11% and 15% drop rate in IPv4 and IPv6 respectively • It is more likely to be due to security filtering practice, although no specific fragmentation measurement has been made • TCP is less efficient and slower than unfragmented UDP, but far better in performance terms than Fragmented UDP • Base failure rate for TCP is between 1% to 2% of cases 25
DNS Transport Priorities • Use unfragmented UDP as much as possible • Avoid dynamic discovery of path MTU / fragmentation onset • Prefer TCP over responding with fragmented UDP for larger responses 26
Buffer Size Considerations • One size fits all? • 1232 is a conservative value with a high assurance of fragmentation avoidance • Early onset of TCP extracts a marginal cost in terms of efficiency and speed of resolution • Could we improve on this by tailoring the value to suit the context of the query/response transaction? • Customised settings • Fragmentation onset occurs in different ways on different paths • Our measurements suggest that in the “interior” of the Internet between recursive resolvers and authoritative servers the prevailing MTU is at 1,500. There is no measurable signal of use of smaller MTUs in this part of the Internet * • Fragmentation onset occurs differently for IPv4 and IPv6 * The “edge” of the internet is likely to be different – no measurements were made for edge scenarios in this study 27
For Recursive to Authoritative Our measurements suggest setting the EDNS(0) Buffer size to: IPv4 1,472 octets IPv6 1,452 octets A small additional performance improvement can be made by using a lower TCP MSS setting – our measurements of a 1,200 octets setting showed a small but visible improvement in TCP resilience for large (multi-segment) payloads. In the TCP the marginal cost of a highly conservative setting for the MSS is far lower than the cost of correcting MTU issues. 28
Thanks! Full Report: https://www.potaroo.net/ispcol/2020-11/xldns.html (part 1) https://www.potaroo.net/ispcol/2020-12/xldns2.html (part 2) 29

Recommended

DNS-OARC-36: Measurement of DNSSEC Validation with RSA-4096
DNS-OARC-36: Measurement of DNSSEC Validation with RSA-4096DNS-OARC-36: Measurement of DNSSEC Validation with RSA-4096
DNS-OARC-36: Measurement of DNSSEC Validation with RSA-4096
APNIC
 
NANOG32 - DNS Anomalies and Their Impacts on DNS Cache Servers
NANOG32 - DNS Anomalies and Their Impacts on DNS Cache ServersNANOG32 - DNS Anomalies and Their Impacts on DNS Cache Servers
NANOG32 - DNS Anomalies and Their Impacts on DNS Cache Servers
Chika Yoshimura
 
PLNOG14: DNS, czyli co nowego w świecie DNS-ozaurów - Adam Obszyński
PLNOG14: DNS, czyli co nowego w świecie DNS-ozaurów - Adam ObszyńskiPLNOG14: DNS, czyli co nowego w świecie DNS-ozaurów - Adam Obszyński
PLNOG14: DNS, czyli co nowego w świecie DNS-ozaurów - Adam Obszyński
PROIDEA
 
bdNOG 7 - Re-engineering the DNS - one resolver at a time
bdNOG 7 - Re-engineering the DNS - one resolver at a timebdNOG 7 - Re-engineering the DNS - one resolver at a time
bdNOG 7 - Re-engineering the DNS - one resolver at a time
APNIC
 
ICANN DNS Symposium 2021: Measuring Recursive Resolver Centrality
ICANN DNS Symposium 2021: Measuring Recursive Resolver CentralityICANN DNS Symposium 2021: Measuring Recursive Resolver Centrality
ICANN DNS Symposium 2021: Measuring Recursive Resolver Centrality
APNIC
 
Thoughts about DNS for DDoS
Thoughts about DNS for DDoSThoughts about DNS for DDoS
Thoughts about DNS for DDoS
APNIC
 
Pseudo Random DNS Query Attacks and Resolver Mitigation Approaches
Pseudo Random DNS Query Attacks and Resolver Mitigation ApproachesPseudo Random DNS Query Attacks and Resolver Mitigation Approaches
Pseudo Random DNS Query Attacks and Resolver Mitigation Approaches
APNIC
 
Drilling Down Into DNS DDoS
Drilling Down Into DNS DDoSDrilling Down Into DNS DDoS
Drilling Down Into DNS DDoS
APNIC
 

Recommended

DNS-OARC-36: Measurement of DNSSEC Validation with RSA-4096
DNS-OARC-36: Measurement of DNSSEC Validation with RSA-4096DNS-OARC-36: Measurement of DNSSEC Validation with RSA-4096
DNS-OARC-36: Measurement of DNSSEC Validation with RSA-4096
APNIC
 
NANOG32 - DNS Anomalies and Their Impacts on DNS Cache Servers
NANOG32 - DNS Anomalies and Their Impacts on DNS Cache ServersNANOG32 - DNS Anomalies and Their Impacts on DNS Cache Servers
NANOG32 - DNS Anomalies and Their Impacts on DNS Cache Servers
Chika Yoshimura
 
PLNOG14: DNS, czyli co nowego w świecie DNS-ozaurów - Adam Obszyński
PLNOG14: DNS, czyli co nowego w świecie DNS-ozaurów - Adam ObszyńskiPLNOG14: DNS, czyli co nowego w świecie DNS-ozaurów - Adam Obszyński
PLNOG14: DNS, czyli co nowego w świecie DNS-ozaurów - Adam Obszyński
PROIDEA
 
bdNOG 7 - Re-engineering the DNS - one resolver at a time
bdNOG 7 - Re-engineering the DNS - one resolver at a timebdNOG 7 - Re-engineering the DNS - one resolver at a time
bdNOG 7 - Re-engineering the DNS - one resolver at a time
APNIC
 
ICANN DNS Symposium 2021: Measuring Recursive Resolver Centrality
ICANN DNS Symposium 2021: Measuring Recursive Resolver CentralityICANN DNS Symposium 2021: Measuring Recursive Resolver Centrality
ICANN DNS Symposium 2021: Measuring Recursive Resolver Centrality
APNIC
 
Thoughts about DNS for DDoS
Thoughts about DNS for DDoSThoughts about DNS for DDoS
Thoughts about DNS for DDoS
APNIC
 
Pseudo Random DNS Query Attacks and Resolver Mitigation Approaches
Pseudo Random DNS Query Attacks and Resolver Mitigation ApproachesPseudo Random DNS Query Attacks and Resolver Mitigation Approaches
Pseudo Random DNS Query Attacks and Resolver Mitigation Approaches
APNIC
 
Drilling Down Into DNS DDoS
Drilling Down Into DNS DDoSDrilling Down Into DNS DDoS
Drilling Down Into DNS DDoS
APNIC
 
DNS DDoS Attack and Risk
DNS DDoS Attack and RiskDNS DDoS Attack and Risk
DNS DDoS Attack and Risk
Sukbum Hong
 
Are we really ready to turn off IPv4?
Are we really ready to turn off IPv4?Are we really ready to turn off IPv4?
Are we really ready to turn off IPv4?
APNIC
 
2nd ICANN APAC-TWNIC Engagement Forum: DNS Oblivion
2nd ICANN APAC-TWNIC Engagement Forum: DNS Oblivion2nd ICANN APAC-TWNIC Engagement Forum: DNS Oblivion
2nd ICANN APAC-TWNIC Engagement Forum: DNS Oblivion
APNIC
 
Network Security Best Practice (BCP38 & 140)
Network Security Best Practice (BCP38 & 140) Network Security Best Practice (BCP38 & 140)
Network Security Best Practice (BCP38 & 140)
Bangladesh Network Operators Group
 
DINR 2021 Virtual Workshop: Passive vs Active Measurements in the DNS
DINR 2021 Virtual Workshop: Passive vs Active Measurements in the DNSDINR 2021 Virtual Workshop: Passive vs Active Measurements in the DNS
DINR 2021 Virtual Workshop: Passive vs Active Measurements in the DNS
APNIC
 
Testing Rolling Roots
Testing Rolling RootsTesting Rolling Roots
Testing Rolling Roots
APNIC
 
Measuring ATR: IETF 101
Measuring ATR: IETF 101Measuring ATR: IETF 101
Measuring ATR: IETF 101
APNIC
 
Internet Week 2018: 1.1.1.0/24 A report from the (anycast) trenches
Internet Week 2018: 1.1.1.0/24 A report from the (anycast) trenchesInternet Week 2018: 1.1.1.0/24 A report from the (anycast) trenches
Internet Week 2018: 1.1.1.0/24 A report from the (anycast) trenches
APNIC
 
Passive DNS Collection -- the 'dnstap' approach, by Paul Vixie [APNIC 38 / AP...
Passive DNS Collection -- the 'dnstap' approach, by Paul Vixie [APNIC 38 / AP...Passive DNS Collection -- the 'dnstap' approach, by Paul Vixie [APNIC 38 / AP...
Passive DNS Collection -- the 'dnstap' approach, by Paul Vixie [APNIC 38 / AP...
APNIC
 
Ricardo de Oliveria Schmidt - DDoS Attacks on the Root DNS
Ricardo de Oliveria Schmidt - DDoS Attacks on the Root DNSRicardo de Oliveria Schmidt - DDoS Attacks on the Root DNS
Ricardo de Oliveria Schmidt - DDoS Attacks on the Root DNS
Michiel Cazemier
 
Internet Week 2018: APNIC Reverse DNS service outage report: May 2018
Internet Week 2018: APNIC Reverse DNS service outage report: May 2018Internet Week 2018: APNIC Reverse DNS service outage report: May 2018
Internet Week 2018: APNIC Reverse DNS service outage report: May 2018
APNIC
 
Part 3 - Local Name Resolution in Linux, FreeBSD and macOS/iOS
Part 3 - Local Name Resolution in Linux, FreeBSD and macOS/iOSPart 3 - Local Name Resolution in Linux, FreeBSD and macOS/iOS
Part 3 - Local Name Resolution in Linux, FreeBSD and macOS/iOS
Men and Mice
 
Passive DNS Collection – Henry Stern, Cisco
Passive DNS Collection – Henry Stern, CiscoPassive DNS Collection – Henry Stern, Cisco
Passive DNS Collection – Henry Stern, Cisco
Henry Stern
 
OARC 26: Who's asking
OARC 26: Who's askingOARC 26: Who's asking
OARC 26: Who's asking
APNIC
 
OpenDNS Whitepaper: Platform Technology
OpenDNS Whitepaper: Platform TechnologyOpenDNS Whitepaper: Platform Technology
OpenDNS Whitepaper: Platform Technology
Courtland Smith
 
Windows 2012 and DNSSEC
Windows 2012 and DNSSECWindows 2012 and DNSSEC
Windows 2012 and DNSSEC
Men and Mice
 
NZNOG 2013 - Experiments in DNSSEC
NZNOG 2013 - Experiments in DNSSECNZNOG 2013 - Experiments in DNSSEC
NZNOG 2013 - Experiments in DNSSEC
APNIC
 
AWS re:Invent 2016: Encryption: It Was the Best of Controls, It Was the Worst...
AWS re:Invent 2016: Encryption: It Was the Best of Controls, It Was the Worst...AWS re:Invent 2016: Encryption: It Was the Best of Controls, It Was the Worst...
AWS re:Invent 2016: Encryption: It Was the Best of Controls, It Was the Worst...
Amazon Web Services
 
SF Python Meetup - Introduction to NATS Messaging with Python3
SF Python Meetup - Introduction to NATS Messaging with Python3SF Python Meetup - Introduction to NATS Messaging with Python3
SF Python Meetup - Introduction to NATS Messaging with Python3
wallyqs
 
The Zen of High Performance Messaging with NATS (Strange Loop 2016)
The Zen of High Performance Messaging with NATS (Strange Loop 2016)The Zen of High Performance Messaging with NATS (Strange Loop 2016)
The Zen of High Performance Messaging with NATS (Strange Loop 2016)
wallyqs
 
RIPE 76: Measuring ATR
RIPE 76: Measuring ATRRIPE 76: Measuring ATR
RIPE 76: Measuring ATR
APNIC
 
wcdma-drive-test-analysis-ppt-libre
wcdma-drive-test-analysis-ppt-librewcdma-drive-test-analysis-ppt-libre
wcdma-drive-test-analysis-ppt-libre
Narcisse FOIDIENG
 

More Related Content

What's hot

Passive DNS Collection – Henry Stern, Cisco
Passive DNS Collection – Henry Stern, CiscoPassive DNS Collection – Henry Stern, Cisco
Passive DNS Collection – Henry Stern, Cisco
Henry Stern
 
AWS re:Invent 2016: Encryption: It Was the Best of Controls, It Was the Worst...
AWS re:Invent 2016: Encryption: It Was the Best of Controls, It Was the Worst...AWS re:Invent 2016: Encryption: It Was the Best of Controls, It Was the Worst...
AWS re:Invent 2016: Encryption: It Was the Best of Controls, It Was the Worst...
Amazon Web Services
 
The Zen of High Performance Messaging with NATS (Strange Loop 2016)
The Zen of High Performance Messaging with NATS (Strange Loop 2016)The Zen of High Performance Messaging with NATS (Strange Loop 2016)
The Zen of High Performance Messaging with NATS (Strange Loop 2016)
wallyqs
 

What's hot (20)

DNS DDoS Attack and Risk
DNS DDoS Attack and RiskDNS DDoS Attack and Risk
DNS DDoS Attack and Risk
 
Are we really ready to turn off IPv4?
Are we really ready to turn off IPv4?Are we really ready to turn off IPv4?
Are we really ready to turn off IPv4?
 
2nd ICANN APAC-TWNIC Engagement Forum: DNS Oblivion
2nd ICANN APAC-TWNIC Engagement Forum: DNS Oblivion2nd ICANN APAC-TWNIC Engagement Forum: DNS Oblivion
2nd ICANN APAC-TWNIC Engagement Forum: DNS Oblivion
 
Network Security Best Practice (BCP38 & 140)
Network Security Best Practice (BCP38 & 140) Network Security Best Practice (BCP38 & 140)
Network Security Best Practice (BCP38 & 140)
 
DINR 2021 Virtual Workshop: Passive vs Active Measurements in the DNS
DINR 2021 Virtual Workshop: Passive vs Active Measurements in the DNSDINR 2021 Virtual Workshop: Passive vs Active Measurements in the DNS
DINR 2021 Virtual Workshop: Passive vs Active Measurements in the DNS
 
Testing Rolling Roots
Testing Rolling RootsTesting Rolling Roots
Testing Rolling Roots
 
Measuring ATR: IETF 101
Measuring ATR: IETF 101Measuring ATR: IETF 101
Measuring ATR: IETF 101
 
Internet Week 2018: 1.1.1.0/24 A report from the (anycast) trenches
Internet Week 2018: 1.1.1.0/24 A report from the (anycast) trenchesInternet Week 2018: 1.1.1.0/24 A report from the (anycast) trenches
Internet Week 2018: 1.1.1.0/24 A report from the (anycast) trenches
 
Passive DNS Collection -- the 'dnstap' approach, by Paul Vixie [APNIC 38 / AP...
Passive DNS Collection -- the 'dnstap' approach, by Paul Vixie [APNIC 38 / AP...Passive DNS Collection -- the 'dnstap' approach, by Paul Vixie [APNIC 38 / AP...
Passive DNS Collection -- the 'dnstap' approach, by Paul Vixie [APNIC 38 / AP...
 
Ricardo de Oliveria Schmidt - DDoS Attacks on the Root DNS
Ricardo de Oliveria Schmidt - DDoS Attacks on the Root DNSRicardo de Oliveria Schmidt - DDoS Attacks on the Root DNS
Ricardo de Oliveria Schmidt - DDoS Attacks on the Root DNS
 
Internet Week 2018: APNIC Reverse DNS service outage report: May 2018
Internet Week 2018: APNIC Reverse DNS service outage report: May 2018Internet Week 2018: APNIC Reverse DNS service outage report: May 2018
Internet Week 2018: APNIC Reverse DNS service outage report: May 2018
 
Part 3 - Local Name Resolution in Linux, FreeBSD and macOS/iOS
Part 3 - Local Name Resolution in Linux, FreeBSD and macOS/iOSPart 3 - Local Name Resolution in Linux, FreeBSD and macOS/iOS
Part 3 - Local Name Resolution in Linux, FreeBSD and macOS/iOS
 
Passive DNS Collection – Henry Stern, Cisco
Passive DNS Collection – Henry Stern, CiscoPassive DNS Collection – Henry Stern, Cisco
Passive DNS Collection – Henry Stern, Cisco
 
OARC 26: Who's asking
OARC 26: Who's askingOARC 26: Who's asking
OARC 26: Who's asking
 
OpenDNS Whitepaper: Platform Technology
OpenDNS Whitepaper: Platform TechnologyOpenDNS Whitepaper: Platform Technology
OpenDNS Whitepaper: Platform Technology
 
Windows 2012 and DNSSEC
Windows 2012 and DNSSECWindows 2012 and DNSSEC
Windows 2012 and DNSSEC
 
NZNOG 2013 - Experiments in DNSSEC
NZNOG 2013 - Experiments in DNSSECNZNOG 2013 - Experiments in DNSSEC
NZNOG 2013 - Experiments in DNSSEC
 
AWS re:Invent 2016: Encryption: It Was the Best of Controls, It Was the Worst...
AWS re:Invent 2016: Encryption: It Was the Best of Controls, It Was the Worst...AWS re:Invent 2016: Encryption: It Was the Best of Controls, It Was the Worst...
AWS re:Invent 2016: Encryption: It Was the Best of Controls, It Was the Worst...
 
SF Python Meetup - Introduction to NATS Messaging with Python3
SF Python Meetup - Introduction to NATS Messaging with Python3SF Python Meetup - Introduction to NATS Messaging with Python3
SF Python Meetup - Introduction to NATS Messaging with Python3
 
The Zen of High Performance Messaging with NATS (Strange Loop 2016)
The Zen of High Performance Messaging with NATS (Strange Loop 2016)The Zen of High Performance Messaging with NATS (Strange Loop 2016)
The Zen of High Performance Messaging with NATS (Strange Loop 2016)
 

Similar to DNS-OARC 34: Measuring DNS Flag Day 2020

House - Dynamic Bandwidth Throttling in a Client Server ...
House - Dynamic Bandwidth Throttling in a Client Server ...House - Dynamic Bandwidth Throttling in a Client Server ...
House - Dynamic Bandwidth Throttling in a Client Server ...
webhostingguy
 
Qualcomm lte-performance-challenges-09-01-2011
Qualcomm lte-performance-challenges-09-01-2011Qualcomm lte-performance-challenges-09-01-2011
Qualcomm lte-performance-challenges-09-01-2011
Muhammad Noor Ifansyah
 

Similar to DNS-OARC 34: Measuring DNS Flag Day 2020 (20)

RIPE 76: Measuring ATR
RIPE 76: Measuring ATRRIPE 76: Measuring ATR
RIPE 76: Measuring ATR
 
wcdma-drive-test-analysis-ppt-libre
wcdma-drive-test-analysis-ppt-librewcdma-drive-test-analysis-ppt-libre
wcdma-drive-test-analysis-ppt-libre
 
wcdma-drive-test-analysis-ppt-libre-150315071837-conversion-gate01
wcdma-drive-test-analysis-ppt-libre-150315071837-conversion-gate01wcdma-drive-test-analysis-ppt-libre-150315071837-conversion-gate01
wcdma-drive-test-analysis-ppt-libre-150315071837-conversion-gate01
 
Measuring IPv6 Performance, RIPE73
Measuring IPv6 Performance, RIPE73Measuring IPv6 Performance, RIPE73
Measuring IPv6 Performance, RIPE73
 
Network Application Performance
Network Application PerformanceNetwork Application Performance
Network Application Performance
 
IPv6 Performance Revisited
IPv6 Performance RevisitedIPv6 Performance Revisited
IPv6 Performance Revisited
 
Aerospike & GCE (LSPE Talk)
Aerospike & GCE (LSPE Talk)Aerospike & GCE (LSPE Talk)
Aerospike & GCE (LSPE Talk)
 
House - Dynamic Bandwidth Throttling in a Client Server ...
House - Dynamic Bandwidth Throttling in a Client Server ...House - Dynamic Bandwidth Throttling in a Client Server ...
House - Dynamic Bandwidth Throttling in a Client Server ...
 
RIPE 78: IPv6 reliability measurements
RIPE 78: IPv6 reliability measurementsRIPE 78: IPv6 reliability measurements
RIPE 78: IPv6 reliability measurements
 
IETF 100: Surviving IPv6 fragmentation
IETF 100: Surviving IPv6 fragmentationIETF 100: Surviving IPv6 fragmentation
IETF 100: Surviving IPv6 fragmentation
 
(NET404) Making Every Packet Count
(NET404) Making Every Packet Count(NET404) Making Every Packet Count
(NET404) Making Every Packet Count
 
What is Actual Internet Speed?, by Seung Il Lee [APNIC 38 / APOPS 2]
What is Actual Internet Speed?, by Seung Il Lee [APNIC 38 / APOPS 2]What is Actual Internet Speed?, by Seung Il Lee [APNIC 38 / APOPS 2]
What is Actual Internet Speed?, by Seung Il Lee [APNIC 38 / APOPS 2]
 
LargeRDFBench
LargeRDFBenchLargeRDFBench
LargeRDFBench
 
Qualcomm lte-performance-challenges-09-01-2011
Qualcomm lte-performance-challenges-09-01-2011Qualcomm lte-performance-challenges-09-01-2011
Qualcomm lte-performance-challenges-09-01-2011
 
RIPE 78: A review of the KSK Roll
RIPE 78: A review of the KSK RollRIPE 78: A review of the KSK Roll
RIPE 78: A review of the KSK Roll
 
IETF 103: Measuring the KSK Roll
IETF 103: Measuring the KSK RollIETF 103: Measuring the KSK Roll
IETF 103: Measuring the KSK Roll
 
Network State Awareness & Troubleshooting
Network State Awareness & TroubleshootingNetwork State Awareness & Troubleshooting
Network State Awareness & Troubleshooting
 
PRTG NETWORK MONITORING
PRTG NETWORK MONITORINGPRTG NETWORK MONITORING
PRTG NETWORK MONITORING
 
Cloud Performance Benchmarking
Cloud Performance BenchmarkingCloud Performance Benchmarking
Cloud Performance Benchmarking
 
OSMC 2023 | Know your data: The stats behind your alerts by Dave McAllister
OSMC 2023 | Know your data: The stats behind your alerts by Dave McAllisterOSMC 2023 | Know your data: The stats behind your alerts by Dave McAllister
OSMC 2023 | Know your data: The stats behind your alerts by Dave McAllister
 

More from APNIC

More from APNIC (20)

APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...
APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...
APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...
 
APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53
 
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
 
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
 
On Starlink, presented by Geoff Huston at NZNOG 2024
On Starlink, presented by Geoff Huston at NZNOG 2024On Starlink, presented by Geoff Huston at NZNOG 2024
On Starlink, presented by Geoff Huston at NZNOG 2024
 
Networking in the Penumbra presented by Geoff Huston at NZNOG
Networking in the Penumbra presented by Geoff Huston at NZNOGNetworking in the Penumbra presented by Geoff Huston at NZNOG
Networking in the Penumbra presented by Geoff Huston at NZNOG
 
IP addressing and IPv6, presented by Paul Wilson at IETF 119
IP addressing and IPv6, presented by Paul Wilson at IETF 119IP addressing and IPv6, presented by Paul Wilson at IETF 119
IP addressing and IPv6, presented by Paul Wilson at IETF 119
 
draft-harrison-sidrops-manifest-number-01, presented at IETF 119
draft-harrison-sidrops-manifest-number-01, presented at IETF 119draft-harrison-sidrops-manifest-number-01, presented at IETF 119
draft-harrison-sidrops-manifest-number-01, presented at IETF 119
 
Making an RFC in Today's IETF, presented by Geoff Huston at IETF 119
Making an RFC in Today's IETF, presented by Geoff Huston at IETF 119Making an RFC in Today's IETF, presented by Geoff Huston at IETF 119
Making an RFC in Today's IETF, presented by Geoff Huston at IETF 119
 
IPv6 Operational Issues (with DNS), presented by Geoff Huston at IETF 119
IPv6 Operational Issues (with DNS), presented by Geoff Huston at IETF 119IPv6 Operational Issues (with DNS), presented by Geoff Huston at IETF 119
IPv6 Operational Issues (with DNS), presented by Geoff Huston at IETF 119
 
Is DNS ready for IPv6, presented by Geoff Huston at IETF 119
Is DNS ready for IPv6, presented by Geoff Huston at IETF 119Is DNS ready for IPv6, presented by Geoff Huston at IETF 119
Is DNS ready for IPv6, presented by Geoff Huston at IETF 119
 
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...Benefits of doing Internet peering and running an Internet Exchange (IX) pres...
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...
 
APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85
APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85
APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85
 
NANOG 90: 'BGP in 2023' presented by Geoff Huston
NANOG 90: 'BGP in 2023' presented by Geoff HustonNANOG 90: 'BGP in 2023' presented by Geoff Huston
NANOG 90: 'BGP in 2023' presented by Geoff Huston
 
DNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff Huston
DNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff HustonDNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff Huston
DNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff Huston
 
APAN 57: APNIC Report at APAN 57, Bangkok, Thailand
APAN 57: APNIC Report at APAN 57, Bangkok, ThailandAPAN 57: APNIC Report at APAN 57, Bangkok, Thailand
APAN 57: APNIC Report at APAN 57, Bangkok, Thailand
 
Lao Digital Week 2024: It's time to deploy IPv6
Lao Digital Week 2024: It's time to deploy IPv6Lao Digital Week 2024: It's time to deploy IPv6
Lao Digital Week 2024: It's time to deploy IPv6
 
AINTEC 2023: Networking in the Penumbra!
AINTEC 2023: Networking in the Penumbra!AINTEC 2023: Networking in the Penumbra!
AINTEC 2023: Networking in the Penumbra!
 
CNIRC 2023: Global and Regional IPv6 Deployment 2023
CNIRC 2023: Global and Regional IPv6 Deployment 2023CNIRC 2023: Global and Regional IPv6 Deployment 2023
CNIRC 2023: Global and Regional IPv6 Deployment 2023
 
AFSIG 2023: APNIC Foundation and support for Internet development
AFSIG 2023: APNIC Foundation and support for Internet developmentAFSIG 2023: APNIC Foundation and support for Internet development
AFSIG 2023: APNIC Foundation and support for Internet development
 

Recently uploaded

WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)
WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)
WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)
Delhi Call girls
 
Yerawada ] Independent Escorts in Pune - Book 8005736733 Call Girls Available...
Yerawada ] Independent Escorts in Pune - Book 8005736733 Call Girls Available...Yerawada ] Independent Escorts in Pune - Book 8005736733 Call Girls Available...
Yerawada ] Independent Escorts in Pune - Book 8005736733 Call Girls Available...
SUHANI PANDEY
 
Call Girls in Prashant Vihar, Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
Call Girls in Prashant Vihar, Delhi 💯 Call Us 🔝9953056974 🔝 Escort ServiceCall Girls in Prashant Vihar, Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
Call Girls in Prashant Vihar, Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
9953056974 Low Rate Call Girls In Saket, Delhi NCR
 
💚😋 Bilaspur Escort Service Call Girls, 9352852248 ₹5000 To 25K With AC💚😋
💚😋 Bilaspur Escort Service Call Girls, 9352852248 ₹5000 To 25K With AC💚😋💚😋 Bilaspur Escort Service Call Girls, 9352852248 ₹5000 To 25K With AC💚😋
💚😋 Bilaspur Escort Service Call Girls, 9352852248 ₹5000 To 25K With AC💚😋
nirzagarg
 
Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...
Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...
Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...
tanu pandey
 
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...
Delhi Call girls
 
(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...
(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...
(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...
Escorts Call Girls
 
VIP Call Girls Himatnagar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Himatnagar 7001035870 Whatsapp Number, 24/07 BookingVIP Call Girls Himatnagar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Himatnagar 7001035870 Whatsapp Number, 24/07 Booking
dharasingh5698
 
Call Girls Sangvi Call Me 7737669865 Budget Friendly No Advance BookingCall G...
Call Girls Sangvi Call Me 7737669865 Budget Friendly No Advance BookingCall G...Call Girls Sangvi Call Me 7737669865 Budget Friendly No Advance BookingCall G...
Call Girls Sangvi Call Me 7737669865 Budget Friendly No Advance BookingCall G...
roncy bisnoi
 
Pirangut | Call Girls Pune Phone No 8005736733 Elite Escort Service Available...
Pirangut | Call Girls Pune Phone No 8005736733 Elite Escort Service Available...Pirangut | Call Girls Pune Phone No 8005736733 Elite Escort Service Available...
Pirangut | Call Girls Pune Phone No 8005736733 Elite Escort Service Available...
SUHANI PANDEY
 
Dubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls Dubai
Dubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls DubaiDubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls Dubai
Dubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls Dubai
kojalkojal131
 
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
EleniIlkou
 
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
Neha Pandey
 
(INDIRA) Call Girl Pune Call Now 8250077686 Pune Escorts 24x7
(INDIRA) Call Girl Pune Call Now 8250077686 Pune Escorts 24x7(INDIRA) Call Girl Pune Call Now 8250077686 Pune Escorts 24x7
(INDIRA) Call Girl Pune Call Now 8250077686 Pune Escorts 24x7
Call Girls in Nagpur High Profile Call Girls
 
Al Barsha Night Partner +0567686026 Call Girls Dubai
Al Barsha Night Partner +0567686026 Call Girls DubaiAl Barsha Night Partner +0567686026 Call Girls Dubai
Al Barsha Night Partner +0567686026 Call Girls Dubai
Escorts Call Girls
 
📱Dehradun Call Girls Service 📱☎️ +91'905,3900,678 ☎️📱 Call Girls In Dehradun 📱
📱Dehradun Call Girls Service 📱☎️ +91'905,3900,678 ☎️📱 Call Girls In Dehradun 📱📱Dehradun Call Girls Service 📱☎️ +91'905,3900,678 ☎️📱 Call Girls In Dehradun 📱
📱Dehradun Call Girls Service 📱☎️ +91'905,3900,678 ☎️📱 Call Girls In Dehradun 📱
@Chandigarh #call #Girls 9053900678 @Call #Girls in @Punjab 9053900678
 
VIP Call Girls Pollachi 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Pollachi 7001035870 Whatsapp Number, 24/07 BookingVIP Call Girls Pollachi 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Pollachi 7001035870 Whatsapp Number, 24/07 Booking
dharasingh5698
 
valsad Escorts Service ☎️ 6378878445 ( Sakshi Sinha ) High Profile Call Girls...
valsad Escorts Service ☎️ 6378878445 ( Sakshi Sinha ) High Profile Call Girls...valsad Escorts Service ☎️ 6378878445 ( Sakshi Sinha ) High Profile Call Girls...
valsad Escorts Service ☎️ 6378878445 ( Sakshi Sinha ) High Profile Call Girls...
Call Girls In Delhi Whatsup 9873940964 Enjoy Unlimited Pleasure
 
在线制作约克大学毕业证(yu毕业证)在读证明认证可查
在线制作约克大学毕业证(yu毕业证)在读证明认证可查在线制作约克大学毕业证(yu毕业证)在读证明认证可查
在线制作约克大学毕业证(yu毕业证)在读证明认证可查
ydyuyu
 

Recently uploaded (20)

20240509 QFM015 Engineering Leadership Reading List April 2024.pdf
20240509 QFM015 Engineering Leadership Reading List April 2024.pdf20240509 QFM015 Engineering Leadership Reading List April 2024.pdf
20240509 QFM015 Engineering Leadership Reading List April 2024.pdf
 
WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)
WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)
WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)
 
Yerawada ] Independent Escorts in Pune - Book 8005736733 Call Girls Available...
Yerawada ] Independent Escorts in Pune - Book 8005736733 Call Girls Available...Yerawada ] Independent Escorts in Pune - Book 8005736733 Call Girls Available...
Yerawada ] Independent Escorts in Pune - Book 8005736733 Call Girls Available...
 
Call Girls in Prashant Vihar, Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
Call Girls in Prashant Vihar, Delhi 💯 Call Us 🔝9953056974 🔝 Escort ServiceCall Girls in Prashant Vihar, Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
Call Girls in Prashant Vihar, Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
 
💚😋 Bilaspur Escort Service Call Girls, 9352852248 ₹5000 To 25K With AC💚😋
💚😋 Bilaspur Escort Service Call Girls, 9352852248 ₹5000 To 25K With AC💚😋💚😋 Bilaspur Escort Service Call Girls, 9352852248 ₹5000 To 25K With AC💚😋
💚😋 Bilaspur Escort Service Call Girls, 9352852248 ₹5000 To 25K With AC💚😋
 
Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...
Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...
Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...
 
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...
 
(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...
(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...
(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...
 
VIP Call Girls Himatnagar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Himatnagar 7001035870 Whatsapp Number, 24/07 BookingVIP Call Girls Himatnagar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Himatnagar 7001035870 Whatsapp Number, 24/07 Booking
 
Call Girls Sangvi Call Me 7737669865 Budget Friendly No Advance BookingCall G...
Call Girls Sangvi Call Me 7737669865 Budget Friendly No Advance BookingCall G...Call Girls Sangvi Call Me 7737669865 Budget Friendly No Advance BookingCall G...
Call Girls Sangvi Call Me 7737669865 Budget Friendly No Advance BookingCall G...
 
Pirangut | Call Girls Pune Phone No 8005736733 Elite Escort Service Available...
Pirangut | Call Girls Pune Phone No 8005736733 Elite Escort Service Available...Pirangut | Call Girls Pune Phone No 8005736733 Elite Escort Service Available...
Pirangut | Call Girls Pune Phone No 8005736733 Elite Escort Service Available...
 
Dubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls Dubai
Dubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls DubaiDubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls Dubai
Dubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls Dubai
 
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
 
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
 
(INDIRA) Call Girl Pune Call Now 8250077686 Pune Escorts 24x7
(INDIRA) Call Girl Pune Call Now 8250077686 Pune Escorts 24x7(INDIRA) Call Girl Pune Call Now 8250077686 Pune Escorts 24x7
(INDIRA) Call Girl Pune Call Now 8250077686 Pune Escorts 24x7
 
Al Barsha Night Partner +0567686026 Call Girls Dubai
Al Barsha Night Partner +0567686026 Call Girls DubaiAl Barsha Night Partner +0567686026 Call Girls Dubai
Al Barsha Night Partner +0567686026 Call Girls Dubai
 
📱Dehradun Call Girls Service 📱☎️ +91'905,3900,678 ☎️📱 Call Girls In Dehradun 📱
📱Dehradun Call Girls Service 📱☎️ +91'905,3900,678 ☎️📱 Call Girls In Dehradun 📱📱Dehradun Call Girls Service 📱☎️ +91'905,3900,678 ☎️📱 Call Girls In Dehradun 📱
📱Dehradun Call Girls Service 📱☎️ +91'905,3900,678 ☎️📱 Call Girls In Dehradun 📱
 
VIP Call Girls Pollachi 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Pollachi 7001035870 Whatsapp Number, 24/07 BookingVIP Call Girls Pollachi 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Pollachi 7001035870 Whatsapp Number, 24/07 Booking
 
valsad Escorts Service ☎️ 6378878445 ( Sakshi Sinha ) High Profile Call Girls...
valsad Escorts Service ☎️ 6378878445 ( Sakshi Sinha ) High Profile Call Girls...valsad Escorts Service ☎️ 6378878445 ( Sakshi Sinha ) High Profile Call Girls...
valsad Escorts Service ☎️ 6378878445 ( Sakshi Sinha ) High Profile Call Girls...
 
在线制作约克大学毕业证(yu毕业证)在读证明认证可查
在线制作约克大学毕业证(yu毕业证)在读证明认证可查在线制作约克大学毕业证(yu毕业证)在读证明认证可查
在线制作约克大学毕业证(yu毕业证)在读证明认证可查
 

DNS-OARC 34: Measuring DNS Flag Day 2020

  • 1. Measuring DNS Flag Day 2020 Geoff Huston Joao Damas APNIC Labs 1
  • 2. DNS Flag Day 2020 2
  • 3. DNS Flag Day 2020 3
  • 4. DNS Flag Day 2020 4
  • 5. What Happened? We’d like to look at two aspects of this work: • What happened on 1 October 2020 (and thereafter) in the DNS? • Is that recommended value of 1,232 just right? Too small? Too large? 5
  • 6. Looking at EDNS(0) Buffer Sizes Jan 2020 – August 2020 • 4,096 used by queries from 80% - 95% of users • 512 (no size specified) used by 10% of users • Weekday / Weekend profile suggesting a difference between enterprise and access ISP profiles These results are from looking at queries between recursive e resolvers and authoritative servers 6
  • 7. Flag Day 2020 Flag Day August 2020 – December 2020 • Use of 4,096 buffer size dropped from ~84% to 70% of users by December • Rise in 1,400 buffer size to 8% of users 7
  • 8. UDP Fragmentation Flag Day August 2020 – December 2020 • Fragmentation avoidance settings rose from 12% of users to ~22% of users EDNS(0) UDP Buffer Size > MTU EDNS(0) UDP Buffer Size < MTU 8
  • 9. UDP Fragmentation Avoidance Flag Day August 2020 – December 2020 • 1,232 is now used by 5% of users • 1,400 is now used by 7% of users • 284 different sizes between 512 and 1472 observed in this data set 9
  • 10. Pick a Size • Is there a “right” size for this parameter? • What are we attempting to achieve here when trying to select the threshold point to get the DNS to switch to use TCP? • Should we use a low value and switch “early”? • Should we use a high value and switch “late”? 10
  • 11. IP and Packet Sizes IPv4 IPv6 Minimum IP Packet Size 20 40 Maximum Assurred Unfragmented Packet Size 68 1,280 Assured Host Packet Size <= 576 <= 1,500 Maximum Packet Size 65,535 65,575* *4,294,967,33 6 (Jumbogram) 11
  • 12. Some Questions • Why choose 1,232 octets as the threshold point to truncate a UDP response in Flag Day 2020? • How bad is UDP Fragmentation loss in the DNS? • How bad is TCP in the DNS? 12
  • 13. Mesurement Challenges • How to perform a large scale measurement? • We embed the measurement in an advertisement to distribute the measurement script to a broad set of test cases • How to detect DNS resolution success? • We use a technique of “glueless” delegation to force a resolve to explicitly resolve the name of a name server – a successful resolution is signalled by the resumption of the original resolution task • How to characterise DNS behaviour? • We pad the response to create the desired response size. Each test uses a response size selected at random from 11 pad sizes. We also use an unpadded short response as a control 13
  • 14. Limitations • We are measuring the DNS path between recursive resolvers and the authoritative name servers. This is a measurement of the “interior” of the Internet. It is not a measurement of the stub-to-recursive paths at the edge of the network. • Some resolvers alter their behaviour when resolving name server names • In some 30% of cases the EDNS(0) Buffer Size is either dropped from the query, or dropped below 1452 octets 14
  • 15. Limitations • In some 30% of cases the EDNS(0) Buffer Size is either dropped from the query, or dropped below 1452 octets 15
  • 16. “Base Test” September 2020 Size Tests Passed Failed Rate 1230 4,303,845 4,282,457 21,388 0.50% 1270 4,308,667 4,287,046 21,621 0.50% 1310 4,307,456 4,286,064 21,392 0.50% 1350 4,304,230 4,282,752 21,478 0.50% 1390 4,310,182 4,288,413 21,769 0.51% 1430 4,303,906 4,281,858 22,048 0.51% 1470 4,308,722 4,269,785 38,937 0.90% 1510 4,303,923 4,197,910 106,013 2.46% 1550 4,306,824 4,194,465 112,359 2.61% 1590 4,300,559 4,187,575 112,984 2.63% 1630 4,305,525 4,191,994 113,531 2.64% Onset of server UDP fragmentation 16
  • 17. TCP behaviour This selects the subset of cases where the recursive resolver was passed a truncated UDP response, which should trigger the resolver to use TCP Responses which are larger than 1,430 octets show a higher loss rate Size TCP Use Pass Fail NO TCP NO ACK TCP OK 1230 9% 98.7% 1.3% 11.4% 28.3% 60.3% 1270 13% 99.0% 1.0% 12.2% 27.7% 60.1% 1310 13% 99.0% 1.0% 13.2% 26.4% 60.4% 1350 13% 99.0% 1.0% 13.0% 27.9% 59.0% 1390 14% 99.0% 1.0% 15.2% 27.1% 57.7% 1430 14% 99.1% 0.9% 15.7% 25.9% 58.5% 1470 30% 98.5% 1.5% 9.2% 58.3% 32.5% 1510 36% 98.1% 1.9% 22.7% 47.2% 30.1% 1550 36% 98.1% 1.9% 23.2% 46.8% 30.0% 1590 36% 98.1% 1.9% 24.5% 45.7% 29.8% 1630 36% 98.1% 1.9% 25.6% 45.5% 28.9% Truncated UDP response, no followup TCP Stalled TCP session with missing ACK from data segment Completed TCP session but no signal of resumption of original resolution 17
  • 18. TCP behaviour TCP shows a base failure rate of some 1% to 2% of tests • For smaller responses this may be due to enthusiastic filtering of TCP port 53 packets • For larger responses TCP “Black Hole” factors may be involved, as the server was configured to use a local 1,500 octet MTU and maximum size TCP data segments may have triggered Path MTU pathologies 18
  • 19. Forcing TCP • Here we set the server’s max buffer size to 512, forcing all resolution attempts to use TCP DNS Response Size Tests TCP Pass Rate TCP Fail Rate IPv4 Failure Rate IPv6 Failure Rate 1150 1,104,539 98.5% 1.6% 1.9% 1.6% 1190 1,105,126 98.5% 1.6% 1.9% 1.6% 1230 1,105,601 98.5% 1.6% 1.9% 1.6% 1270 1,104,571 98.5% 1.6% 1.9% 1.6% 1310 1,104,521 98.5% 1.6% 1.9% 1.6% 1350 1,104,068 98.5% 1.6% 2.0% 1.6% 1390 1,105,080 98.5% 1.6% 1.9% 1.6% 1430 1,104,527 98.5% 1.6% 1.9% 1.6% 1470 1,103,423 98.3% 1.8% 2.1% 1.8% 1510 1,104,960 98.3% 1.8% 2.1% 1.8% 1550 1,105,566 98.3% 1.8% 2.1% 1.8% 1590 1,103,609 98.3% 1.8% 2.1% 1.8% 1630 1,106,284 98.3% 1.8% 2.1% 1.8% IPv4 shows a slightly higher failure rate than IPv6 19
  • 20. UDP behaviour This selects the subset of cases where the recursive resolver was not passed a truncated UDP response and did not attempt a TCP connection Size UDP Use Pass Fail 1230 91% 99.6% 0.4% 1270 87% 99.6% 0.4% 1310 87% 99.6% 0.4% 1350 87% 99.6% 0.4% 1390 86% 99.6% 0.4% 1430 86% 99.6% 0.4% 1470 70% 99.4% 0.6% 1510 64% 97.2% 2.8% 1550 64% 97.0% 3.0% 1590 64% 97.0% 3.0% 1630 64% 97.0% 3.0% Onset of server UDP fragmentation 20
  • 21. UDP behaviour UDP shows a base failure rate of some 0.5% to 3% of tests • For smaller responses this may be due to residual filtering of UDP port 53 packets greater than 512 octets in size • For larger responses UDP fragmentation is the likely factor where the buffer size permits the server to transmit fragmented UDP packets, but they appear not to reach the resolver client 21
  • 22. Forcing UDP • Here we alter the server to treat all queries as if they had signalled a buffer size of 4,096 octets DNS Response Size Tests UDP Pass Rate UDP Fail Rate IPv4 Failure Rate IPv6 Failure Rate 1150 1,140,192 99.6% 0.4% 0.6% 0.1% 1190 1,138,792 99.6% 0.4% 0.6% 0.1% 1230 1,273,730 99.6% 0.4% 0.6% 0.1% 1270 1,272,765 98.1% 1.9% 2.4% 1.2% 1310 1,275,436 98.2% 1.8% 2.4% 1.2% 1350 1,272,634 98.2% 1.8% 2.4% 1.2% 1390 1,273,332 98.1% 1.9% 2.4% 1.2% 1430 1,274,189 97.8% 2.2% 2.6% 1.6% 1470 1,274,581 96.9% 3.1% 3.7% 17.6% 1510 1,273,496 85.0% 15.0% 14.2% 17.6% 1550 1,274,776 85.0% 15.0% 14.4% 17.7% 1590 1,276,441 85.1% 14.9% 14.4% 17.6% 1630 1,275,233 85.1% 14.9% 14.5% 17.6% Onset of server UDP fragmentation 22
  • 23. Forcing UDP • A number of resolvers will discard a DNS response if it is larger than the original buffer size • This appears to occur in some 2% - 3% of cases • A number of resolvers do not receive fragmented UDP packets • This appears to occur in ~11% of cases in IPv4, and ~15% of cases in IPv6 23
  • 24. DNS Flag Day 2020 We appear to have repurposed the EDNS(0) Buffer Size parameter • It was originally designed as a signal from the client to the server of the client’s capability to receive a DNS response over UDP • Oddly enough no comparable signal was defined for TCP, even though, presumably, the same client-side memory limitations for DNS payloads would exist • It appears to have been intended as a UDP mechanism that “can help improve the scalability of the DNS by avoiding widespread use of TCP for DNS transport.” (RFC 6891) • The Flag Day measures appear to repurpose this parameter as a UDP fragmentation avoidance signal 24
  • 25. DNS Transport Considerations • Unfragmented UDP is relatively fast, stable and efficient • There is a slight increase in drop rates above 512 octets to around 0.5% • There is no visible change in drop rates in payloads up to 1500 octets in size • Fragmented UDP has a very high drop rate • Between 11% and 15% drop rate in IPv4 and IPv6 respectively • It is more likely to be due to security filtering practice, although no specific fragmentation measurement has been made • TCP is less efficient and slower than unfragmented UDP, but far better in performance terms than Fragmented UDP • Base failure rate for TCP is between 1% to 2% of cases 25
  • 26. DNS Transport Priorities • Use unfragmented UDP as much as possible • Avoid dynamic discovery of path MTU / fragmentation onset • Prefer TCP over responding with fragmented UDP for larger responses 26
  • 27. Buffer Size Considerations • One size fits all? • 1232 is a conservative value with a high assurance of fragmentation avoidance • Early onset of TCP extracts a marginal cost in terms of efficiency and speed of resolution • Could we improve on this by tailoring the value to suit the context of the query/response transaction? • Customised settings • Fragmentation onset occurs in different ways on different paths • Our measurements suggest that in the “interior” of the Internet between recursive resolvers and authoritative servers the prevailing MTU is at 1,500. There is no measurable signal of use of smaller MTUs in this part of the Internet * • Fragmentation onset occurs differently for IPv4 and IPv6 * The “edge” of the internet is likely to be different – no measurements were made for edge scenarios in this study 27
  • 28. For Recursive to Authoritative Our measurements suggest setting the EDNS(0) Buffer size to: IPv4 1,472 octets IPv6 1,452 octets A small additional performance improvement can be made by using a lower TCP MSS setting – our measurements of a 1,200 octets setting showed a small but visible improvement in TCP resilience for large (multi-segment) payloads. In the TCP the marginal cost of a highly conservative setting for the MSS is far lower than the cost of correcting MTU issues. 28
  • 29. Thanks! Full Report: https://www.potaroo.net/ispcol/2020-11/xldns.html (part 1) https://www.potaroo.net/ispcol/2020-12/xldns2.html (part 2) 29