12–13 May 2019
Shangri-La Bangkok
Asia/Bangkok timezone

DNS Recursive Resolver Delegation Selection in the Wild

12 May 2019, 09:45
30m
Ballroom 1 (Shangri-La Bangkok)

Ballroom 1

Shangri-La Bangkok

89 ซอย Wat Suan Plu - Dumex, Khwaeng Bang Rak, Khet Bang Rak, Krung Thep Maha Nakhon 10500, Thailand
Standard Presentation Public Workshop

Speaker

Dr Kyle Schomp (Akamai Technologies)

Description

DNS zones should have multiple nameservers. Combined, RFC 1034 and RFC 2182 require that zones have at least two topologically and geographically distributed nameservers. A primary reason for multiple nameservers is to increase robustness in the face of individual failures. Thus, many zones including those considered critical to many enterprises operate with a large number of NS records per zone.

This provides recursive resolvers with a choice: which nameserver to contact when sending each DNS query? Previous research has studied the behavior of specific recursive resolver software in the lab and the behavior of recursive resolvers in the wild using synthetic traffic loads. This previous work shows that many recursive resolvers will attempt to home in on the lower RTT nameservers and prefer sending DNS queries to them. In this work, we look at the recursive resolvers’ choice of nameserver under production workloads of several zones important to the Akamai platform. We observe how many and how significantly recursive resolvers prefer nameservers by RTT given real world DNS query rates. We go on to consider the impact that this has on performance and security with an eye toward improvements that can be made.

Talk Duration 30 Minutes

Primary author

Dr Kyle Schomp (Akamai Technologies)

Presentation materials