skip to main content
10.1145/3387514.3405881acmconferencesArticle/Chapter ViewAbstractPublication PagescommConference Proceedingsconference-collections
research-article

Akamai DNS: Providing Authoritative Answers to the World's Queries

Published: 30 July 2020 Publication History

Abstract

We present Akamai DNS, one of the largest authoritative DNS infrastructures in the world, that supports the Akamai content delivery network (CDN) as well as authoritative DNS hosting and DNS-based load balancing services for many enterprises. As the starting point for a significant fraction of the world's Internet interactions, Akamai DNS serves millions of queries each second and must be resilient to avoid disrupting myriad online services, scalable to meet the ever increasing volume of DNS queries, performant to prevent user-perceivable performance degradation, and reconfigurable to react quickly to shifts in network conditions and attacks. We outline the design principles and architecture used to achieve Akamai DNS's goals, relating the design choices to the system workload and quantifying the effectiveness of those designs. Further, we convey insights from operating the production system that are of value to the broader research community.

Supplementary Material

MP4 File (3387514.3405881.mp4)
We present Akamai DNS, one of the largest authoritative DNS infrastructures in the world, that supports the Akamai content delivery network (CDN) as well as authoritative DNS hosting and DNS-based load balancing services for many enterprises. As the starting point for a significant fraction of the world?s Internet interactions, Akamai DNS serves millions of queries each second and must be resilient to avoid disrupting myriad online services, scalable to meet the ever increasing volume of DNS queries, performant to prevent user-perceivable performance degradation, and reconfigurable to react quickly to shifts in network conditions and attacks. We outline the design principles and architecture used to achieve Akamai DNS?s goals, relating the design choices to the system workload and quantifying the effectiveness of those designs. Further, we convey insights from operating the production system that are of value to the broader research community

References

[1]
2020. DNS Camel Viewer. (2020). https://powerdns.org/dns-camel/
[2]
Bernhard Ager, Wolfgang Mühlbauer, Georgios Smaragdakis, and Steve Uhlig. 2010. Comparing DNS resolvers in the wild. In Proceedings of the 10th ACM SIGCOMM conference on Internet measurement. 15--21.
[3]
Akamai. 2019. EdgeScape. (2019). Retrieved December 2019 from https://developer.akamai.com/edgescape
[4]
Konstantin Andreev, Bruce M Maggs, Adam Meyerson, and Ramesh K Sitaraman. 2003. Designing overlay multicast networks for streaming. In Proceedings of the fifteenth annual ACM symposium on Parallel algorithms and architectures. ACM, 149--158.
[5]
Vasco Asturiano. 2011. The Shape of aBGP Update. (2011). Retrieved January 2020 from https://labs.ripe.net/Members/vastur/the-shape-of-a-bgp-update
[6]
Chris Baker. 2016. Dyn, DDoS, and the DNS. (2016).
[7]
Matt Calder, Ashley Flavel, Ethan Katz-Bassett, Ratul Mahajan, and Jitendra Padhye. 2015. Analyzing the Performance of an Anycast CDN. In Proceedings of the 2015 Internet Measurement Conference. 531--537.
[8]
Thomas Callahan, Mark Allman, and Michael Rabinovich. 2013. On modern DNS behavior and properties. ACM SIGCOMM Computer Communication Review 43, 3 (2013), 7--15.
[9]
Sebastian Castro, Duane Wessels, Marina Fomenkov, and Kimberly Claffy. 2008. A day at the root of the internet. ACM SIGCOMM Computer Communication Review 38, 5 (2008), 41--46.
[10]
R. Chandra, P. Traina, and T. Li. 1996. BGP Communities Attribute. RFC 1997. https://tools.ietf.org/html/rfc1997
[11]
Fangfei Chen, Ramesh K Sitaraman, and Marcelo Torres. 2015. End-user mapping: Next generation request routing for content delivery. ACM SIGCOMM Computer Communication Review 45, 4 (2015), 167--181.
[12]
Cloudflare. 2019. Cloudflare 1.1.1.1 Public Recursive Resolver. (2019). Retrieved June 2019 from https://1.1.1.1/
[13]
C. Contavalli, W. van der Gaast, D. Lawrence, and W. Kumari. 2016. Client Subnet in DNS Queries. RFC 7871. https://tools.ietf.org/html/rfc7871
[14]
Jakub Czyz, Michael Kallitsis, Manaf Gharaibeh, Christos Papadopoulos, Michael Bailey, and Manish Karir. 2014. Taming the 800 pound gorilla: The rise and decline of NTP DDoS attacks. In Proceedings of the 2014 Internet Measurement Conference. ACM, 435--448.
[15]
Ricardo de Oliveira Schmidt, John Heidemann, and Jan Harm Kuipers. 2017. Anycast latency: How many sites are enough?. In International Conference on Passive and Active Network Measurement. Springer, 188--200.
[16]
Wouter B De Vries, Ricardo de O Schmidt, Wes Hardaker, John Heidemann, Pieter-Tjerk de Boer, and Aiko Pras. 2017. Broad and Load-Aware Anycast Mapping with Verfploeter. In ACM Internet Measurement Conference.
[17]
Hongyu Gao, Vinod Yegneswaran, Yan Chen, Phillip Porras, Shalini Ghosh, Jian Jiang, and Haixin Duan. 2013. An empirical reexamination of global DNS behavior. In ACM SIGCOMM Computer Communication Review, Vol. 43. ACM, 267--278.
[18]
Google. 2019. Google Public DNS. (2019). Retrieved June 2019 from https://developers.google.com/speed/public-dns/
[19]
P. Hoffman and P. McManus. 2018. DNS Queries over HTTPS (DoH). RFC 8484. https://tools.ietf.org/html/rfc8484
[20]
C. Hopps. 2000. Analysis of an Equal-Cost Multi-Path Algorithm. RFC 2992. https://tools.ietf.org/html/rfc2992
[21]
Z. Hu, L. Zhu, J. Heidemann, A. Mankin, D. Wessels, and P. Hoffman. 2016. Specification for DNS over Transport Layer Security (TLS). RFC 7858. https://tools.ietf.org/html/rfc7858
[22]
Cheng Jin, Haining Wang, and Kang G Shin. 2003. Hop-count filtering: an effective defense against spoofed DDoS traffic. In Proceedings of the 10th ACM Conference on Computer and Communications Security. ACM, 30--41.
[23]
Georgios Kambourakis, Tassos Moschos, Dimitris Geneiatakis, and Stefanos Gritzalis. 2007. Detecting DNS amplification attacks. In International Workshop on Critical Information Infrastructures Security. Springer, 185--196.
[24]
Constantinos Kolias, Georgios Kambourakis, Angelos Stavrou, and Jeffrey Voas. 2017. DDoS in the IoT: Mirai and other botnets. Computer 50, 7 (2017), 80--84.
[25]
Leonidas Kontothanassis, Ramesh Sitaraman, Joel Wein, Duke Hong, Robert Kleinberg, Brian Mancuso, David Shaw, and Daniel Stodolsky. 2004. A transport layer for live streaming in a content delivery network. Proc. IEEE 92, 9 (2004), 1408--1419.
[26]
Marc Kührer, Thomas Hupperich, Jonas Bushart, Christian Rossow, and Thorsten Holz. 2015. Going wild: Large-scale classification of open DNS resolvers. In Proceedings of the 2015 Internet Measurement Conference. 355--368.
[27]
Craig Labovitz, Abha Ahuja, Abhijit Bose, and Farnam Jahanian. 2000. Delayed Internet routing convergence. ACM SIGCOMM Computer Communication Review 30, 4 (2000), 175--187.
[28]
Bu-Sung Lee, Yu Shyang Tan, Yuji Sekiya, Atsushi Narishige, and Susumu Date. 2010. Availability and Effectiveness of Root DNS servers: A long term study. In 2010 IEEE Network Operations and Management Symposium-NOMS 2010. IEEE, 862--865.
[29]
E. Lewis and Ed. A. Hoenes. 2010. DNS Zone Transfer Protocol (AXFR). RFC 5936. https://tools.ietf.org/html/rfc5936
[30]
Stephen McQuistin, Sree Priyanka Uppu, and Marcel Flores. 2019. Taming Any-cast in the Wild Internet. In Proceedings of the Internet Measurement Conference. 165--178.
[31]
P. Mockapetris. 1987. Domain names - implementation and specification. STD 13. https://tools.ietf.org/html/rfc1035
[32]
Giovane Moura, John Heidemann, Moritz Müller, Ricardo de O Schmidt, and Marco Davids. 2018. When the Dike Breaks: Dissecting DNS Defenses During DDoS. In Proceedings of the Internet Measurement Conference 2018. ACM, 8--21.
[33]
Giovane Moura, Ricardo de O Schmidt, John Heidemann, Wouter B de Vries, Moritz Muller, Lan Wei, and Cristian Hesselman. 2016. Anycast vs. DDoS: Evaluating the November 2015 root DNS event. In Proceedings of the 2016 Internet Measurement Conference. ACM, 255--270.
[34]
Moritz Müller, Giovane Moura, Ricardo de O Schmidt, and John Heidemann. 2017. Recursives in the wild: engineering authoritative DNS servers. In Proceedings of the 2017 Internet Measurement Conference. ACM, 489--495.
[35]
Marcin Nawrocki, Jeremias Blendin, Christoph Dietzel, Thomas C Schmidt, and Matthias Wählisch. 2019. Down the Black Hole: Dismantling Operational Practices of BGP Blackholing at IXPs. In Proceedings of the Internet Measurement Conference. ACM, 435--448.
[36]
Erik Nygren, Ramesh K Sitaraman, and Jennifer Sun. 2010. The Akamai Network: A Platform for High-Performance Internet Applications. ACM SIGOPS Operating Systems Review 44, 3 (2010), 2--19.
[37]
Jeffrey Pang, Aditya Akella, Anees Shaikh, Balachander Krishnamurthy, and Srinivasan Seshan. 2004. On The Responsiveness of DNS-Based Network Control. In Proceedings of the 4th ACM SIGCOMM Conference on Internet Measurement. 21--26.
[38]
Jeman Park, Aminollah Khormali, Manar Mohaisen, and Aziz Mohaisen. 2019. Where Are You Taking Me? Behavioral Analysis of Open DNS Resolvers. In 2019 49th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN). IEEE, 493--504.
[39]
Quad9. 2019. Quad9 DNS Service. (2019). Retrieved June 2019 from https://www.quad9.net/
[40]
Yakov Rekhter, Susan Hares, and Tony Li. 2006. A Border Gateway Protocol 4 (BGP-4). RFC 4271. (Jan. 2006). https://doi.org/10.17487/RFC4271
[41]
RIPE. 2019. Atlas. (2019). Retrieved January 2020 from https://atlas.ripe.net/
[42]
RIPE. 2019. Atlas API v2 manual: Base Attributes. (2019). Retrieved June 2020 from https://atlas.ripe.net/docs/api/v2/manual/measurements/types/base_attributes.html
[43]
Sandeep Sarat, Vasileios Pappas, and Andreas Terzis. 2006. On The Use of Anycast in DNS. In Proceedings of 15th International Conference on Computer Communications and Networks. IEEE, 71--78.
[44]
Kyle Schomp. 2019. DNS Recursive Resolver Delegation Selection in the Wild. (2019). Retrieved May 2019 from https://indico.dns-oarc.net/event/31/contributions/676/
[45]
Kyle Schomp, Mark Allman, and Michael Rabinovich. 2014. DNS resolvers considered harmful. In Proceedings of the 13th ACM Workshop on Hot Topics in Networks. ACM, 16.
[46]
Kyle Schomp, Tom Callahan, Michael Rabinovich, and Mark Allman. 2013. On Measuring the Client-side DNS Infrastructure. In Proceedings of the 2013 Conference on Internet Measurement (IMC '13). ACM, New York, NY, USA, 77--90.
[47]
Kyle Schomp, Tom Callahan, Michael Rabinovich, and Mark Allman. 2014. Assessing DNS Vulnerability to Record Injection. In International Conference on Passive and Active Network Measurement. Springer, 214--223.
[48]
Kyle Schomp, Michael Rabinovich, and Mark Allman. 2016. Towards a model of DNS client behavior. In International Conference on Passive and Active Network Measurement. Springer, 263--275.
[49]
Pavlos Sermpezis and Vasileios Kotronis. 2019. Inferring Catchment in Internet Routing. Proceedings of the ACM on Measurement and Analysis of Computing Systems 3, 2 (2019), 30.
[50]
Anees Shaikh, Renu Tewari, and Mukesh Agrawal. 2001. On The Effectiveness Of DNS-Based Server Selection. In Proceedings of IEEE INFOCOM 2001, Vol. 3. IEEE, 1801--1810.
[51]
Roland van Rijswijk-Deij, Anna Sperotto, and Aiko Pras. 2014. DNSSEC and Its Potential for DDoS Attacks: A Comprehensive Measurement Study. In Proceedings of the 2014 Conference on Internet Measurement (IMC '14). ACM, New York, NY, USA, 449--460. https://doi.org/10.1145/2663716.2663731
[52]
Ralf Weber. 2014. Latest Internet Plague: Random Subdomain Attacks. (2014). Retrieved May 2019 from https://indico.uknof.org.uk/event/31/contributions/349/
[53]
Duane Wessels. 2019. Long Term Analysis of Root Server System Performance Using RIPE Atlas Data. (2019). Retrieved Nov 2019 from https://indico.dns-oarc.net/event/32/contributions/713/
[54]
Florian Wohlfart, Nikolaos Chatzis, Caglar Dabanoglu, Georg Carle, and Walter Willinger. 2018. Leveraging interconnections for performance: the serving infrastructure of a large CDN. In Proceedings of the 2018 Conference of the ACM Special Interest Group on Data Communication. ACM, 206--220.
[55]
Bill Woodcock. 2016. Best Practices in DNS Service-Provision Architecture. In ICANN 55. ICANN.
[56]
Yingdi Yu, Duane Wessels, Matt Larson, and Lixia Zhang. 2012. Authority server selection in DNS caching resolvers. ACM SIGCOMM Computer Communication Review 42, 2 (2012), 80--86.

Cited By

View all
  • (2024)Poster: GeoResolver, An Accurate, Scalable, and Explainable Geolocation Technique Using DNS RedirectionProceedings of the 20th International Conference on emerging Networking EXperiments and Technologies10.1145/3680121.3699884(21-22)Online publication date: 9-Dec-2024
  • (2024)Geofeeds: Revolutionizing IP Geolocation or Illusionary Promises?Proceedings of the ACM on Networking10.1145/36768692:CoNEXT3(1-21)Online publication date: 21-Aug-2024
  • (2024)hyDNS: Acceleration of DNS Through Kernel Space ResolutionProceedings of the ACM SIGCOMM 2024 Workshop on eBPF and Kernel Extensions10.1145/3672197.3673439(58-64)Online publication date: 4-Aug-2024
  • Show More Cited By

Index Terms

  1. Akamai DNS: Providing Authoritative Answers to the World's Queries

      Recommendations

      Comments

      Information & Contributors

      Information

      Published In

      cover image ACM Conferences
      SIGCOMM '20: Proceedings of the Annual conference of the ACM Special Interest Group on Data Communication on the applications, technologies, architectures, and protocols for computer communication
      July 2020
      814 pages
      ISBN:9781450379557
      DOI:10.1145/3387514
      Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

      Sponsors

      Publisher

      Association for Computing Machinery

      New York, NY, United States

      Publication History

      Published: 30 July 2020

      Permissions

      Request permissions for this article.

      Check for updates

      Author Tags

      1. DNS
      2. Distributed Systems

      Qualifiers

      • Research-article
      • Research
      • Refereed limited

      Conference

      SIGCOMM '20
      Sponsor:

      Acceptance Rates

      Overall Acceptance Rate 462 of 3,389 submissions, 14%

      Contributors

      Other Metrics

      Bibliometrics & Citations

      Bibliometrics

      Article Metrics

      • Downloads (Last 12 months)109
      • Downloads (Last 6 weeks)9
      Reflects downloads up to 25 Jan 2025

      Other Metrics

      Citations

      Cited By

      View all
      • (2024)Poster: GeoResolver, An Accurate, Scalable, and Explainable Geolocation Technique Using DNS RedirectionProceedings of the 20th International Conference on emerging Networking EXperiments and Technologies10.1145/3680121.3699884(21-22)Online publication date: 9-Dec-2024
      • (2024)Geofeeds: Revolutionizing IP Geolocation or Illusionary Promises?Proceedings of the ACM on Networking10.1145/36768692:CoNEXT3(1-21)Online publication date: 21-Aug-2024
      • (2024)hyDNS: Acceleration of DNS Through Kernel Space ResolutionProceedings of the ACM SIGCOMM 2024 Workshop on eBPF and Kernel Extensions10.1145/3672197.3673439(58-64)Online publication date: 4-Aug-2024
      • (2024)A First Look At IPv6 Hypergiant InfrastructureProceedings of the ACM on Networking10.1145/36563002:CoNEXT2(1-25)Online publication date: 13-Jun-2024
      • (2024)Topaz: Declarative and Verifiable Authoritative DNS at CDN-ScaleProceedings of the ACM SIGCOMM 2024 Conference10.1145/3651890.3672240(891-903)Online publication date: 4-Aug-2024
      • (2024)The Age of DDoScovery: An Empirical Comparison of Industry and Academic DDoS AssessmentsProceedings of the 2024 ACM on Internet Measurement Conference10.1145/3646547.3688451(259-279)Online publication date: 4-Nov-2024
      • (2024)Traffic Centralization and Digital Sovereignty: An Analysis Under the Lens of DNS ServersNOMS 2024-2024 IEEE Network Operations and Management Symposium10.1109/NOMS59830.2024.10575700(1-9)Online publication date: 6-May-2024
      • (2024)DNSScope: Fine-Grained DNS Cache Probing for Remote Network Activity CharacterizationIEEE INFOCOM 2024 - IEEE Conference on Computer Communications10.1109/INFOCOM52122.2024.10621277(1651-1660)Online publication date: 20-May-2024
      • (2024)Internet Identifiers: A Survey of History, Challenges, and Future PerspectivesIEEE Access10.1109/ACCESS.2024.338211512(51919-51941)Online publication date: 2024
      • (2024)The Role of Network Centralization in Shaping Digital Sovereignty: An Analysis Under the DNS LensInternational Journal of Network Management10.1002/nem.230935:1Online publication date: 24-Oct-2024
      • Show More Cited By

      View Options

      Login options

      View options

      PDF

      View or Download as a PDF file.

      PDF

      eReader

      View online with eReader.

      eReader

      Figures

      Tables

      Media

      Share

      Share

      Share this Publication link

      Share on social media