![Page 1: Monitoring.uk DNS 19 May 2006 Ian Meikle UKNOF4, Manchester](https://reader036.vdocuments.site/reader036/viewer/2022062515/56649c7b5503460f9492f6b8/html5/thumbnails/1.jpg)
Monitoring .uk DNS
19 May 2006
Ian MeikleUKNOF4, Manchester
![Page 2: Monitoring.uk DNS 19 May 2006 Ian Meikle UKNOF4, Manchester](https://reader036.vdocuments.site/reader036/viewer/2022062515/56649c7b5503460f9492f6b8/html5/thumbnails/2.jpg)
AgendaMonitoring .uk DNs
1. Nameserver Infrastructure
2. DNS Service Metrics
3. DNS Statistics
Questions.
![Page 3: Monitoring.uk DNS 19 May 2006 Ian Meikle UKNOF4, Manchester](https://reader036.vdocuments.site/reader036/viewer/2022062515/56649c7b5503460f9492f6b8/html5/thumbnails/3.jpg)
Nameserver InfrastructureMonitoring .uk DNS
Nominet runs 12 authoritative nameservers for .uk/SLD.uk
• 7 Nominet-managed: ns[1-7].nic.uk
• 4 UltraDNS-managed: ns[a-d].nic.uk• 20 Anycast Instances
• 1 Hidden primary: ns0.nic.uk
3 nameservers reachable over IPv6
![Page 4: Monitoring.uk DNS 19 May 2006 Ian Meikle UKNOF4, Manchester](https://reader036.vdocuments.site/reader036/viewer/2022062515/56649c7b5503460f9492f6b8/html5/thumbnails/4.jpg)
Nameserver InfrastructureMonitoring .uk DNS
QuickTime™ and aTIFF (LZW) decompressor
are needed to see this picture.
![Page 5: Monitoring.uk DNS 19 May 2006 Ian Meikle UKNOF4, Manchester](https://reader036.vdocuments.site/reader036/viewer/2022062515/56649c7b5503460f9492f6b8/html5/thumbnails/5.jpg)
Nameserver InfrastructureMonitoring .uk DNS
Dynamic DNS characteristics
• Potentially, 500 changes per minute
• Serial number is UNIX time of update, e.g. 1146832341
• Propagation varies between nameservers• BIND, <300s lag• UltraDNS 3000 ~ 5000s lag
• Frequency of updates varies between SLDs, e.g. • co.uk
• 58 changes per hour• plc.uk
• less than one change per day
![Page 6: Monitoring.uk DNS 19 May 2006 Ian Meikle UKNOF4, Manchester](https://reader036.vdocuments.site/reader036/viewer/2022062515/56649c7b5503460f9492f6b8/html5/thumbnails/6.jpg)
Nameserver InfrastructureMonitoring .uk DNS
Physical configuration
QuickTime™ and aTIFF (LZW) decompressor
are needed to see this picture.
![Page 7: Monitoring.uk DNS 19 May 2006 Ian Meikle UKNOF4, Manchester](https://reader036.vdocuments.site/reader036/viewer/2022062515/56649c7b5503460f9492f6b8/html5/thumbnails/7.jpg)
DNS service MetricsMonitoring .uk DNS
How DNS service is monitored.
What it is measured.
How nameserver availability is determined.
![Page 8: Monitoring.uk DNS 19 May 2006 Ian Meikle UKNOF4, Manchester](https://reader036.vdocuments.site/reader036/viewer/2022062515/56649c7b5503460f9492f6b8/html5/thumbnails/8.jpg)
DNS service MetricsMonitoring .uk DNS
PINC - Nominet’s nagios-based monitoring system
Regular polling to ascertain that:
• Nameserver is reachable (ping)
• DNS service is available (udp/tcp)
• Zone file age is within acceptable range
![Page 9: Monitoring.uk DNS 19 May 2006 Ian Meikle UKNOF4, Manchester](https://reader036.vdocuments.site/reader036/viewer/2022062515/56649c7b5503460f9492f6b8/html5/thumbnails/9.jpg)
DNS service MetricsMonitoring .uk DNS
Zone file age monitored every five minutes by nagios plug-in:
check_ddns_age!-p ns0.nic.uk ! -z co.uk ! -w 1500 ! -c 1800
Slow changing zones, e.g. sch.uk, have a ‘grace period’ of 30 seconds.
• Required as previous serial number may lag by many hours
UltraDNS have much longer thresholds:• Warn at 8000s• Critical at 15000s
![Page 10: Monitoring.uk DNS 19 May 2006 Ian Meikle UKNOF4, Manchester](https://reader036.vdocuments.site/reader036/viewer/2022062515/56649c7b5503460f9492f6b8/html5/thumbnails/10.jpg)
DNS service MetricsMonitoring .uk DNS
![Page 11: Monitoring.uk DNS 19 May 2006 Ian Meikle UKNOF4, Manchester](https://reader036.vdocuments.site/reader036/viewer/2022062515/56649c7b5503460f9492f6b8/html5/thumbnails/11.jpg)
DNS service MetricsMonitoring .uk DNS
![Page 12: Monitoring.uk DNS 19 May 2006 Ian Meikle UKNOF4, Manchester](https://reader036.vdocuments.site/reader036/viewer/2022062515/56649c7b5503460f9492f6b8/html5/thumbnails/12.jpg)
DNS service MetricsMonitoring .uk DNS
Nameserver availability KPIs
Each month, an individual nameserver must have no more than:• 60 minutes unplanned downtime• 120 minutes total downtime
Nameserver constellation must have zero minutes downtime per month
Creative statistical recording means that an availability indexof < 100% is bad
![Page 13: Monitoring.uk DNS 19 May 2006 Ian Meikle UKNOF4, Manchester](https://reader036.vdocuments.site/reader036/viewer/2022062515/56649c7b5503460f9492f6b8/html5/thumbnails/13.jpg)
DNS service MetricsMonitoring .uk DNS
Nameserver availability KPIs
Recording of downtime is presently a manual process
• Planned maintenance is logged in advance
• Outages recorded as they happened
• Once a month, nameserver availability verified using DNSMON
![Page 14: Monitoring.uk DNS 19 May 2006 Ian Meikle UKNOF4, Manchester](https://reader036.vdocuments.site/reader036/viewer/2022062515/56649c7b5503460f9492f6b8/html5/thumbnails/14.jpg)
DNS service MetricsMonitoring .uk DNS
DNSMON (http://dnsmon.ripe.net)
RIPE NCC subscription service
• Uses TTM boxes to monitor nameserver response
• Provides visual indicator of nameserver health
• Access to raw data is possible
![Page 15: Monitoring.uk DNS 19 May 2006 Ian Meikle UKNOF4, Manchester](https://reader036.vdocuments.site/reader036/viewer/2022062515/56649c7b5503460f9492f6b8/html5/thumbnails/15.jpg)
DNS service MetricsMonitoring .uk DNS
![Page 16: Monitoring.uk DNS 19 May 2006 Ian Meikle UKNOF4, Manchester](https://reader036.vdocuments.site/reader036/viewer/2022062515/56649c7b5503460f9492f6b8/html5/thumbnails/16.jpg)
DNS Statistics
Monitoring .uk DNS
New system for gathering statistics.
What queries arrive at the .uk nameservers?
Uses of this statistical data.
![Page 17: Monitoring.uk DNS 19 May 2006 Ian Meikle UKNOF4, Manchester](https://reader036.vdocuments.site/reader036/viewer/2022062515/56649c7b5503460f9492f6b8/html5/thumbnails/17.jpg)
DNS Statistics
Monitoring .uk DNS
DSC
DSC - A DNS Statistics Collector(http://dns.measurement-factory.com/tools/dsc/)
Two components to DSC:• Collector, using libpcap to capture DNS traffic, storing it as XML• Presenter, extracts data from XML and displays graphically.
Collectors located at each Nominet-managed nameserver site.
Presenters at Nominet, and at OARC.
![Page 18: Monitoring.uk DNS 19 May 2006 Ian Meikle UKNOF4, Manchester](https://reader036.vdocuments.site/reader036/viewer/2022062515/56649c7b5503460f9492f6b8/html5/thumbnails/18.jpg)
DNS Statistics
Monitoring .uk DNS
QuickTime™ and aTIFF (LZW) decompressor
are needed to see this picture.
Modified Configuration
![Page 19: Monitoring.uk DNS 19 May 2006 Ian Meikle UKNOF4, Manchester](https://reader036.vdocuments.site/reader036/viewer/2022062515/56649c7b5503460f9492f6b8/html5/thumbnails/19.jpg)
DNS Statistics
Monitoring .uk DNS
OARC: DSC
OARC - Operations, Analysis, and Research Center.(https://oarc.isc.org/faq.html)
Public service run by ISC:
“The OARC provides a neutral forum for bilateral sharing of sensitive information during DNS attacks by organizations that are dependent on the proper operation of the DNS. The OARC also provides a continued stream of analysis on the operation of the global DNS.”
OARC’s DSC presenter gives statistics for:• C, E, and F-Root• RFC1918• ISC• Nominet
![Page 20: Monitoring.uk DNS 19 May 2006 Ian Meikle UKNOF4, Manchester](https://reader036.vdocuments.site/reader036/viewer/2022062515/56649c7b5503460f9492f6b8/html5/thumbnails/20.jpg)
DNS Statistics
Monitoring .uk DNS
DSC uses
Abuse detection, particularly data mining.
Detecting anomalous traffic.
DDoS agent identification, to help mitigate against attack.
![Page 21: Monitoring.uk DNS 19 May 2006 Ian Meikle UKNOF4, Manchester](https://reader036.vdocuments.site/reader036/viewer/2022062515/56649c7b5503460f9492f6b8/html5/thumbnails/21.jpg)
Questions?Monitoring .uk DNS