Duane Wessels
ABSTRACT
Previous research has shown that most of the DNS queries reaching the root of the hierarchy are bogus [1]. This behavior derives from two constraints on the system: (1) queries that cannot be satisfied locally percolate up to the root of the DNS; (2) some caching nameservers are behind packet filters or firewalls that allow outgoing queries but block incoming replies. These resolvers assume the network failure is temporary and retransmit their queries, often aggressively.DNS pollution may not be causing any perceivable performance problems. The root servers seem well equipped to handle the load. Since DNS messages are small, the pollution does not contribute significantly to the total traffic generated by most organizations. Nonetheless, this paper provides a few reasons why network operators should take the time to investigate and fix these problems.
- Duane Wessels and Marina Fomenkov, "Wow, That's a Lot of Packets," in Proc. 2003 Passive and Active Measurements Workshop, April 2003.]]Google Scholar
- P. B. Danzig, K. Obraczka, and A. Kumar, "An Analysis of Wide-Area Name Server Traffic," ACM Comp. Commun. Review (SIGCOMM'92), Conference Proc., vol. 22, 4, pp. 281--292, 1992, http://catarina.usc.edu/kobraczk/dns.ps.Z.]] Google ScholarDigital Library
- Evi Nemeth, k claffy, and Nevil Brownlee, "DNS Measurements at a Root Server," in Proc. IEEE Globecom, 2001.]]Google Scholar
- Duane Wessels, Marina Fomenkov, and Nevil Brownlee, "Measurements and Laboratory Simulations of the Upper DNS Hierarchy," in Proc. 2004 Passive and Active Measurements Workshop, April 2004.]]Google Scholar
- Joe Abley, "Hierarchical Anycast for Global Service Distribution," 2003.]]Google Scholar
- Daniel J. Bernstein, "djbdns," June 2003, http://cr.yp.to/djbdns.html.]]Google Scholar
- Y. Rekhter, B. Moskowitz, D. Karrenber, G. J. de Groot, and E. Lear, "RFC 1918: Address Allocation for Private Internets," February 1996.]] Google ScholarDigital Library
- "The AS 112 Pro ject," http://www.as112.net.]]Google Scholar
- Mark Andrews, "Negative Caching of DNS Queries (DNS NCACHE)," March 1998, Request For Comments 2038.]] Google ScholarDigital Library
- Internet Software Consortium, "Berkeley Internet Name Domain (BIND) website," http://www.isc.org/sw/bind/.]]Google Scholar
- Paul Albitz and Cricket Liu, DNS and BIND, O'Reilly and Associates, 4th edition, April 2001.]] Google ScholarDigital Library
- Duane Wessels, "dnstop," http://dnstop.measurement- factory.com.]]Google Scholar
- John Strang, Programming With Curses, O'Reilly and Associates, January 1986.]] Google ScholarDigital Library
- P. Vixie, S. Thompson, Y. Rekhter, and J. Bound, "Dynamic Updates in the Domain Name System (DNS UPDATE)," April 1997, Request For Comments 2136.]] Google ScholarDigital Library
- P. Mockapetris, "Domain Names--Concepts and Facilities," November 1987, Internet Standard 0013 (RFCs 1034, 1035).]] Google ScholarDigital Library
- J. Jung, E. Sit, H. Balakrishnan, and R. Morris, "DNS Performance and the Effectiveness of Caching," 2001, http://www.sds.lcs.mit.edu/papers/dns-imw2001.html]]Google Scholar
Index Terms
- Is your caching resolver polluting the internet?
Comments