FRUUG - Front Range Unix Users Group
FRUUG home
meeting archive
about FRUUG
join FRUUG
contact info

March 2001: DNS Damage

At our March meeting, Evi Nemeth of the University of Colorado, XOR, and the Cooperative Association for Internet Data Analysis (CAIDA) presented her most recent work measuring traffic to the Internet's DNS root servers, their performance, and problems in the DNS structure.

Evi's work involved two sets of measurements. At the University of California, San Diego, she was able to use an optical splitter to monitor all DNS client traffic from the university to the various root servers. Her optical splitter "takes only five percent of the light and 100 percent of the data." From this perspective, she was able to monitor performance of all the root servers queried from anywhere in the university, easily finding out which servers have problems, and in some cases helping the root server administrators to improve their performance. Evi shared with us her observations of "who's been naughty and who's been nice."

At the F root server, Evi managed to spend some time collecting 6 GB per hour of trace data and gaining a perspective on performance from the root server's perspective. More interesting than the performance information she presented was the shocking fact that 25 percent of the queries the servers received were bogus, highlighting the magnitude of the problem with software bugs and DNS server mis-configurations. She spent a significant amount of time categorizing the bogus queries, and showing how the bogus queries increased when a new version of Microsoft Windows were released-- and even tracking down a missing 'else' in their code that prevented their DNS server from ever caching responses to their queries. Some of the queries included ones with unroutable source addresses (like, queries asking for reverse lookups of private addresses, queries asking: "what's the IP address of," and queries with spoofed source addresses that were used as part of the denial-of-service attacks last winter. Evi tracked down many of these problems to bad default configurations in Windows; but to be fair she tracked down quite a few to UNIX operating system-hosted DNS servers as well.

Evi's paper is available at: and the slides she presented are at:

Site Map Recruiter Info
February 15, 2009

February 2008: FRUUG Enters Quiescent Phase
After 27 years running, we're suspending operations.

Future Meetings:
None planned

Site by
Lone Eagle Systems, Inc.,
Hosted courtesy of Indra