 |
At our March meeting, Evi Nemeth
of the University of Colorado,
XOR,
and the Cooperative Association for Internet Data Analysis
(CAIDA)
presented her most recent work measuring traffic to the Internet's DNS
root servers, their performance, and problems in the DNS structure.
Evi's work involved two sets of measurements. At the University
of California, San Diego, she was able to use an optical splitter
to monitor all DNS client traffic from the university to the
various root servers. Her optical splitter "takes only five percent
of the light and 100 percent of the data." From this perspective,
she was able to monitor performance of all the root servers queried
from anywhere in the university, easily finding out which servers
have problems, and in some cases helping the root server administrators
to improve their performance. Evi shared with us her observations
of "who's been naughty and who's been nice."
At the F root server, Evi managed to spend some time collecting
6 GB per hour of trace data and gaining a perspective on performance
from the root server's perspective. More interesting than the
performance information she presented was the shocking fact that
25 percent of the queries the servers received were bogus,
highlighting the magnitude of the problem with software bugs
and DNS server mis-configurations.
She spent a significant amount of time categorizing the bogus queries,
and showing how the bogus queries increased when a new version
of Microsoft Windows were released-- and even tracking down a
missing 'else' in their code that prevented their DNS server from
ever caching responses to their queries. Some of the
queries included ones with unroutable source addresses (like 10.1.1.1),
queries asking for reverse lookups of private addresses,
queries asking: "what's the IP address of 192.168.10.1," and
queries with spoofed source addresses that were used as part
of the denial-of-service attacks last winter.
Evi tracked down many of these problems to bad default configurations
in Windows; but to be fair she tracked down quite a few to UNIX
operating system-hosted DNS servers as well.
Evi's paper is available at:
http://www.caida.org/outreach/papers/2001/DNSMeasRoot/
and the slides she presented are at:
http://www.caida.org/outreach/presentations/ietf0112/dns.damage.html
|
 |
