Measuring DNS services at APNICA work-in-progress report

Reverse DNS SIG

APRICOT, Bangkok

5 March 2002

Overview

• Motivations

• Methodology

• Initial outcomes

• Future work

• Questions

Motivations

• Improve APNIC reporting function– EC response to member survey– Strategic regional/national relevancy

• DNS traffic reflects end-user usage• DNS efficiencies affect global service quality

• Improve monitoring of APNIC services• Check load balance between servers,

locations• Early warning of problems• Review load balance when network changes,

new services added

Methodology

• APNIC DNS nameservers sampled every 15 minutes

– currently approx 8-10Mb named.run• dumps saved as compressed images for

future use

# ndc debug;sleep 60; ndc nodebug

Methodology cont.

• Analyse sample– Requestors

• Source of datagrams

– Requested objects• .in-addr.arpa• .ip6.int, etc

• Collate using RIR allocation maps– Tag data by ISO CC of nearest allocation

boundary– Can sort by volume of requests, CC etc.

RIR Map Issues

• Network licenceholders can use the network anywhere– CC of allocation/assignment record

• Not authoritative source CC of request.

– 80:20 rule on likely location of network?

• Many legacy networks list as US but are located worldwide

• Too many addresses unknown CC

Initial Outcomes

• Example load shares– To Brisbane and Tokyo

• CN/TW• ID/HK• NZ/KR

• Query rates– 2 week sample– IPv6 query rate

• Top 10 requesting CC by server location

ratio of AU serve Japan:Brisbane

0.00

0.50

1.00

1.50

2.00

2.50

3.00

3.50

4.00

4.50

5.00

23-Feb 24-Feb 25-Feb 26-Feb 27-Feb 28-Feb 1-Mar 2-Mar

sample time

ratio

TWequal load shareCN

CN,TW serve by server location

ID,HK serveby server location

ratio of AU serve Japan:Brisbane

0.00

0.50

1.00

1.50

2.00

2.50

3.00

3.50

4.00

4.50

5.00

23-Feb 24-Feb 25-Feb 26-Feb 27-Feb 28-Feb 1-Mar 2-Mar

sample time

ratio

ID

equal load share

HK

NZ, KR serveby server location

ratio of AU serve Japan:Brisbane

0.00

0.50

1.00

1.50

2.00

2.50

3.00

3.50

4.00

4.50

5.00

23-Feb 24-Feb 25-Feb 26-Feb 27-Feb 28-Feb 1-Mar 2-Mar

sample time

ratio

NZ

equal load share

"KR"

DNS server query rate

requests

0

200

400

600

800

1000

1200

1400

1/30

/02

14:0

3

1/31

/02

20:1

8

2/2/

02 2

:33

2/3/

02 8

:48

2/4/

02 1

5:03

2/5/

02 2

1:18

2/7/

02 3

:33

2/8/

02 9

:48

2/9/

02 1

6:03

2/10

/02

22:1

8

2/12

/02

4:33

2/13

/02

10:4

8

2/14

/02

17:0

3

2/15

/02

23:1

8

2/17

/02

5:33

2/18

/02

11:4

8

requests/second

IPv6 requests

0

50

100

150

200

250

30/0

1/02

31/0

1/02

1/02

/02

2/02

/02

3/02

/02

4/02

/02

5/02

/02

6/02

/02

7/02

/02

8/02

/02

9/02

/02

10/0

2/02

11/0

2/02

12/0

2/02

13/0

2/02

14/0

2/02

15/0

2/02

16/0

2/02

17/0

2/02

18/0

2/02

19/0

2/02

Number of requests per MIN

IPv6 lookups of any type

full dotted-nybble lookups

Top 20 requesting CC by server location

US 549484 US 541906

?? 129886 CN 129870

CN 107425 ?? 123195

KR 102130 JP 121836

AU 94366 KR 101654

JP 74039 UK 48588

DE 55991 CA 39253

UK 53420 DE 34919

CA 43757 TW 29439

CH 32771 HK 17210

FR 22953 AU 16826

NL 21555 SG 16816

TW 19811 NL 15633

Australia Japan

Future Work

• Table of CC to requested DNS RR– More computationally expensive– May not be completely accurate– Web ‘select-your-own-CC’ interface

• Apply same methodology– Web– Whois

• requester,requested-data inline in logfiles, so much simpler to tabulate

– Consistent methodology for monitoring APNIC resource usage

Future Work cont.

• Account for measurement-induced errors– Additional cost to DNS server to write

named.run file• Is named logging ‘cheaper’ ?

– Avoid methods which query (www,whois,dns)

• Improve methodology– Use DNS logging not debug dumps

• Make data available online– APNIC values interpretation of raw data by the

wider community

Questions

George Michaelson

ggm@apnic.net