impact of configuration errors on dns robustness vasileios pappas, zhiguo xu, songwu lu, daniel...
Post on 21-Dec-2015
218 views
TRANSCRIPT
Impact of Configuration Errors on DNS Robustness
Vasileios Pappas, Zhiguo Xu, Songwu Lu, Daniel Massey, Andreas Terzis, Lixia Zhang
SIGCOMM 2004Presented by: Keith Mayoral
What this paper is about
• Analysis of different types of configuration errors in DNS.
• How they affect DNS performance, availability, robustness
Motivation
• Jan. 2001: All Authoritative servers for Microsoft DNS domain became inaccessible.
• Unforeseen effect: # of DNS queries for Microsoft domain seen at F root server went from 0.003% of all queries to greater than 25%.
caching server
client
bar zone
foo zone
com zone
root zone
asking for www.bar.foo.comanswer:
www.bar.foo.com A 10.10.10.10
referral:com NS RRscom A RRs
referral:foo NS RRsfoo A RRs
referral:bar NS RRsbar A RRs
Slide taken from V. Pappas ppt on paper
Methodology
• Combination of passive and active measurements over a 6 month period– Observe extent of misconfigurations in global DNS
infrastructure– See how they affect response times and availability
• Passive: collected DNS traces of over 3 million queries as seen from UCLA CS network
• Active: queried random sample set of DNS zones
• Count only the DNS traffic exchanges with external sites• Measure the delay between first query packet and final response• Possible bias incurred since all data taken
in University setting
Passive Measurements
Active Measurements• Purpose to overcome bias in passive
measurements• Implemented specialized DNS resolver• Queried randomly selected subset of DNS
namespace• Also used BGP tables, geo-location info to
estimate server locations.
What constitutes a misconfiguration?
• Reliable DNS operations depend on the following:– Appropriate placement of redundant servers for
high availability– Manual input of each zone’s database for correct
setting– Coordination between parent and child zones for
consistency• Any of the above is considered a configuration
error
3 Measured Misconfigurations
• Lame Deligation– 70% of lame deligation zones reduced avail NSs
for a Zone in half• Diminished Server Redundancy• Cyclic Zone Dependency• First two were previously known of, the third
was discovered by this paper.– No previous quantitative study to gauge
performance impact or extent on internet
Lame Delegation• Cause: operator of zone C makes changes to authoritative
servers, but fails to coordinate with operator for parent zone P to update P accordingly
• Remember: zone P must store the list of NS RRs pertaining to it’s child zone C.
Lame Delegation (cont)
• Decreases zone availability– Both previous examples only had 1 server to give
response even though RRs showed a seemingly redundant set of servers
• Increases query response time– Example 1: a useless referral is sent– Example 2: need to timeout before trying another
• Best case: lame server gives non-auth. answer if name has been cached
Lame Delegation
• Types of L.D.– Type I: non-responding server– Type II: DNS error indication– Type III: non-authoritative answer
Diminished Server Redundancy
• If all replicated servers are connected to same local network, redundancy is lost when network fails.
• If al servers are assigned addresses from same prefix, they will all be unavailable when prefix is unreachable due to routing problems.
• If all servers are in same location, natural disasters can cause failure.
Cyclic Zone Dependency
• Happens when two or more zones’ DNS services depend on each other in a circular way
• Can happen due to configuration errors in either or both of the zones, but more usually all involved zones don’t have noticeable config. errors when viewed separately.
Detecting Misconfigs
• Lame Delegation: detect by simple protocol between parent and child zones to periodically check the consistency of NS records
• Cyclic Zone Dependency: detect via automatic checking by trying to resolve a name through each of the authoritative servers in the zone.
• Diminished Server Redundancy: different case• Also wrote another paper on a tool to proactively
detect DNS configuration errors.
Secret Sauce
• First paper to quantitatively measure Lame Delegation and Diminished Server Redundancy
• First paper to discover Cyclic Zone Dependency
• ??? Anything else?
Conclusion
• We should realize how important a role human errors play in the systems that we build.– DNS– BGP
• Future protocol designs should take into account the impact of misconfigurations.