17 February 2022
Marriott Austin Downtown
UTC timezone

Find Bugs in your DNS Zone files Before Deployment with GRᴏᴏᴛ

17 Feb 2022, 16:15
25m
Marriott Austin Downtown

Marriott Austin Downtown

304 East Cesar Chavez Street, Austin, Texas 78701 USA
Standard Presentation Main Session OARC 37 Day 1

Speaker

Mr Siva Kesava Reddy Kakarla (University of California, Los Angeles)

Description

Given the DNS’s critical role in today’s Internet, any errors in zone files can have highly disruptive effects on related services. For example, Microsoft experienced a severe global outage in 2019, impacting all Azure customers for two hours due to a DNS misconfiguration. Other major DNS-related outages include those at Slack, Salesforce, GitHub, LinkedIn, iFastNet, and HBO.

To help DNS engineers prevent outages, we developed GRᴏᴏᴛ, the first tool that performs static analysis of zone files to validate properties of interest for all possible DNS queries or provide a counterexample. DNS engineers can use GRᴏᴏᴛ before deploying or updating zone files to catch any bugs in them, such as rewrite loops, black holes, etc., whereas the existing solutions are reactive and incomplete. GRᴏᴏᴛ efficiently analyzes the huge space of DNS queries by partitioning all possible queries into equivalence classes (ECs), where all the queries in the same EC are guaranteed to have the same behavior. GRᴏᴏᴛ then symbolically executes each equivalence class to efficiently find (or prove the absence of) any bugs.

We applied GRᴏᴏᴛ to the configuration files we obtained from a large campus network with over a hundred thousand records, and it revealed 109 new bugs and completed in under 10 seconds. When applied to internal zone files consisting of over 3.5 million records from a large infrastructure service provider, GRᴏᴏᴛ revealed around 160k issues of blackholing, which initiated a cleanup of the zone files.

Presentation delivery Remotely (online)

Primary author

Mr Siva Kesava Reddy Kakarla (University of California, Los Angeles)

Presentation materials