Measuring DNS services at APNICA work-in-progress report
Reverse DNS SIGAPRICOT, Bangkok
5 March 2002
Overview
• Motivations• Methodology• Initial outcomes• Future work• Questions
Motivations
• Improve APNIC reporting function– EC response to member survey– Strategic regional/national relevancy
• DNS traffic reflects end-user usage• DNS efficiencies affect global service quality
• Improve monitoring of APNIC services• Check load balance between servers,
locations• Early warning of problems• Review load balance when network changes,
new services added
Methodology
• APNIC DNS nameservers sampled every 15 minutes
– currently approx 8-10Mb named.run• dumps saved as compressed images for
future use
# ndc debug;sleep 60; ndc nodebug
Methodology cont.
• Analyse sample– Requestors
• Source of datagrams– Requested objects
• .in-addr.arpa• .ip6.int, etc
• Collate using RIR allocation maps– Tag data by ISO CC of nearest allocation
boundary– Can sort by volume of requests, CC etc.
RIR Map Issues
• Network licenceholders can use the network anywhere– CC of allocation/assignment record
• Not authoritative source CC of request.– 80:20 rule on likely location of network?
• Many legacy networks list as US but are located worldwide
• Too many addresses unknown CC
Initial Outcomes
• Example load shares– To Brisbane and Tokyo
• CN/TW• ID/HK• NZ/KR
• Query rates– 2 week sample– IPv6 query rate
• Top 10 requesting CC by server location
ratio of AU serve Japan:Brisbane
0.00
0.50
1.00
1.50
2.00
2.50
3.00
3.50
4.00
4.50
5.00
23-Feb 24-Feb 25-Feb 26-Feb 27-Feb 28-Feb 1-Mar 2-Mar
sample time
ratio
TWequal load shareCN
CN,TW serve by server location
ID,HK serveby server location
ratio of AU serve Japan:Brisbane
0.00
0.50
1.00
1.50
2.00
2.50
3.00
3.50
4.00
4.50
5.00
23-Feb 24-Feb 25-Feb 26-Feb 27-Feb 28-Feb 1-Mar 2-Mar
sample time
ratio
IDequal load shareHK
NZ, KR serveby server location
ratio of AU serve Japan:Brisbane
0.00
0.50
1.00
1.50
2.00
2.50
3.00
3.50
4.00
4.50
5.00
23-Feb 24-Feb 25-Feb 26-Feb 27-Feb 28-Feb 1-Mar 2-Mar
sample time
ratio
NZequal load share
"KR"
DNS server query rate
requests
0
200
400
600
800
1000
1200
1400
1/30/0
2 14:0
3
1/31/0
2 20:1
8
2/2/02
2:33
2/3/02
8:48
2/4/02
15:03
2/5/02
21:18
2/7/02
3:33
2/8/02
9:48
2/9/02
16:03
2/10/0
2 22:1
8
2/12/0
2 4:33
2/13/0
2 10:4
8
2/14/0
2 17:0
3
2/15/0
2 23:1
8
2/17/0
2 5:33
2/18/0
2 11:4
8
requests/second
IPv6 requests
0
50
100
150
200
250
30/01
/02
31/01
/02
1/02/0
2
2/02/0
2
3/02/0
2
4/02/0
2
5/02/0
2
6/02/0
2
7/02/0
2
8/02/0
2
9/02/0
2
10/02
/02
11/02
/02
12/02
/02
13/02
/02
14/02
/02
15/02
/02
16/02
/02
17/02
/02
18/02
/02
19/02
/02
Number of requests per MIN IPv6 lookups of any type
full dotted-nybble lookups
Top 20 requesting CC by server location
US 549484 US 541906
?? 129886 CN 129870
CN 107425 ?? 123195
KR 102130 JP 121836
AU 94366 KR 101654
JP 74039 UK 48588
DE 55991 CA 39253
UK 53420 DE 34919
CA 43757 TW 29439
CH 32771 HK 17210
FR 22953 AU 16826
NL 21555 SG 16816
TW 19811 NL 15633
Australia Japan
Future Work
• Table of CC to requested DNS RR– More computationally expensive– May not be completely accurate– Web ‘select-your-own-CC’ interface
• Apply same methodology– Web– Whois
• requester,requested-data inline in logfiles, so much simpler to tabulate
– Consistent methodology for monitoring APNIC resource usage
Future Work cont.
• Account for measurement-induced errors– Additional cost to DNS server to write
named.run file• Is named logging ‘cheaper’ ?
– Avoid methods which query (www,whois,dns)• Improve methodology
– Use DNS logging not debug dumps• Make data available online
– APNIC values interpretation of raw data by the wider community
Questions
George [email protected]