Geoff Huston APNIC Labs

Slides:



Advertisements
Similar presentations
Measuring IPv6 Geoff Huston APNIC Labs, February 2014.
Advertisements

Measuring the DNS from the Users’ perspective Geoff Huston APNIC Labs, May 2014.
A Question of Protocol Geoff Huston APNIC. Originally there was RFC791:
Multiple Tiers in Action
Content Distribution Network (CDN) Performance Punit Shah CSE581 Internet Technologies OGI, OHSU 2002, Jan 16th.
Google App Engine and Java Application: Clustering Internet search results for a person Aleksandar Kartelj Faculty of Mathematics,
1. 1.Charting the CDNs(locating all their content and DNS servers). 2.Assessing their server availability. 3.Quantifying their world-wide delay performance.
Geoff Huston APNIC Labs
1 All Your iFRAMEs Point to Us Mike Burry. 2 Drive-by downloads Malicious code (typically Javascript) Downloaded without user interaction (automatic),
Tyre Kicking the DNS Testing Transport Considerations of Rolling Roots Geoff Huston APNIC.
Enabling Embedded Systems to access Internet Resources.
Lecture # 6 Forms, Widgets and Event Handling. Today Questions: From notes/reading/life? Share Personal Web Page (if not too personal) 1.Introduce: How.
Measuring IPv6 Deployment Geoff Huston George Michaelson
Target relevant customers. Remarketing with Google Remarketing with Google. Target customers who have already shown an interest in your business.
Measuring DNSSEC Use Geoff Huston APNIC Labs. We all know…
Happy Eyeballs for the DNS Geoff Huston, George Michaelson APNIC Labs October 2015.
DNSSEC – Issues and Achievements Geoff Huston APNIC Labs.
What if Everyone Did It? Geoff Huston APNIC Labs.
Domain Name System: DNS To identify an entity, TCP/IP protocols use the IP address, which uniquely identifies the Connection of a host to the Internet.
Introduction to Digital Analytics Keith MacDonald Guest Presentation.
The Application Layer DNS – The Domain Name System The DNS Name Space Resource Records Name Servers
High performance recursive DNS solution
4.01 How Web Pages Work.
A Speculation on DNS DDOS
Geoff Huston APNIC March 2017
DNSSEC Deployment Challenges
Advanced Topics in Concurrency and Reactive Programming: Case Study – Google Cluster Majeed Kassis.
Improving searches through community clustering of information
George Michaelson Geoff Huston Joao Damas APNIC Labs
Ad-blocker circumvention System
SEMINAR ON DDNS (DYNAMIC DOMAIN NAME SERVICE)
Geoff Huston APNIC Labs
Measuring IPv6 Performance
THE NEED FOR DNS DOMAIN NAME SYSTEM
Chapter 25 Domain Name System.
Geoff Huston APNIC Labs
Geoff Huston APNIC Labs
“Size of DNS” Size of the DNS can be describe from the time before it was created all the computer on a network used to receive a host file named HOST.TXT,
User working in web-browser
A quick review of DNSSEC Validation in today’s Internet
Geoff Huston APNIC Labs September 2017
The Status of APNIC’s IPv4 Resources: Exhaustion & Transfers
draft-huston-kskroll-sentinel
Are we there yet? Measuring iPv6 in 2016
A Speculation on DNS DDOS
IPv6 Performance (revisited)
Internet Networking recitation #12
Joao Damas, Geoff Labs March 2018
Chapter 19 Domain Name System (DNS)
ROUND ROBIN DNS Round robin DNS is usually used for balancing the load of geographically distributed Web servers. For example, a company has one domain.
Geoff Huston, Joao Damas APNIC Roy Arends ICANN
Geoff Huston APNIC Labs May 2018
Modelling the internet
Measuring KSK Roll Readiness
Modelling the internet
Unit 1.4 Wired and Wireless Networks Lesson 3
PHP and Forms.
Chapter 25 Domain Name System
Geoff Huston APNIC Labs
Chapter 25 Domain Name System.
Measuring KSK Roll Readiness
Certificate Revocation
Chapter 25 Domain Name System
Domain Name System: DNS
Computer Networks Primary, Secondary and Root Servers
4.01 How Web Pages Work.
What’s the Time? Geoff Huston APNIC.
Q/ Compare between HTTP & HTTPS? HTTP HTTPS
What part of “NO” is so hard for the DNS to understand?
The Resolvers We Use Geoff Huston APNIC.
Presentation transcript:

Geoff Huston APNIC Labs Zombies Geoff Huston APNIC Labs

What we did: Run an online advertisement with an embedded measurement script The script caused the browser to fetch a number of 1x1 ‘blots’ To ensure that we had a clear view of the actions of the user and the DNS resolvers they use, we used unique URL labels.

Ad Impressions per Day We are currently serving some 8 M

URL Load We are generating some 24 million DNS queries for “unique” DNS names per day And similarly performing some 24 million HTTP blot fetches for “unique” URLs per day

“Unique”? What is meant by “unique”? The DNS name is queried by a single endpoint once and only once(*) – never again! (And the name includes a subfield of the time it was created) The TTL of the record is 1 second The URL fetch is performed by a single endpoint once and only once – and never again! Which means that we should see one query for the name at the authoritative name server * Well not quite, 25% of the time its queried twice, and sometimes more, but its all triggered by a single resolution action initiated by the endpoint – all these queries are clustered together in time

What do we see? 1450151673.887 [x] 15-Dec-2015 query: z.t10000.u953a6ea5.s1448087430.i5112.vxxxx.06ca0.z.dotnxdomain.net A 1450151673.887 [x] 15-Dec-2015 query: z.t10000.uc86fd1d9.s1447672979.i5112.vxxxx.3b460.z.dotnxdomain.net A 1450151673.887 [x] 15-Dec-2015 query: z.t10000.ub46e3821.s1447703026.i5112.vxxxx.0c914.z.dotnxdomain.net A 1450151674.013 [x] 15-Dec-2015 query: z.t10000.u953a6ea5.s1448087430.i5112.vxxxx.06ca0.z.dotnxdomain.net A 1450151674.015 [x] 15-Dec-2015 query: z.t10000.ub46e3821.s1447703026.i5112.vxxxx.0c914.z.dotnxdomain.net A 1450151674.017 [x] 15-Dec-2015 query: z.t10000.uc86fd1d9.s1447672979.i5112.vxxxx.3b460.z.dotnxdomain.net A 1450151674.753 [x] 15-Dec-2015 query: z.t10000.u953a6ea5.s1448087430.i5112.vxxxx.06ca0.z.dotnxdomain.net A 1450151674.755 [x] 15-Dec-2015 query: z.t10000.uc86fd1d9.s1447672979.i5112.vxxxx.3b460.z.dotnxdomain.net A 1450151674.756 [x] 15-Dec-2015 query: z.t10000.u953a6ea5.s1448087430.i5112.vxxxx.06ca0.z.dotnxdomain.net A 1450151674.757 [x] 15-Dec-2015 query: z.t10000.ub46e3821.s1447703026.i5112.vxxxx.0c914.z.dotnxdomain.net A

What do we see? 2015-12-15 03:54:33 query time 2015-11-21 06:30:30 1450151673.887 [x] 15-Dec-2015 query: z.t10000.u953a6ea5.s1448087430.i5112.vxxxx.06ca0.z.dotnxdomain.net A 1450151673.887 [x] 15-Dec-2015 query: z.t10000.uc86fd1d9.s1447672979.i5112.vxxxx.3b460.z.dotnxdomain.net A 1450151673.887 [x] 15-Dec-2015 query: z.t10000.ub46e3821.s1447703026.i5112.vxxxx.0c914.z.dotnxdomain.net A 1450151674.013 [x] 15-Dec-2015 query: z.t10000.u953a6ea5.s1448087430.i5112.vxxxx.06ca0.z.dotnxdomain.net A 1450151674.015 [x] 15-Dec-2015 query: z.t10000.ub46e3821.s1447703026.i5112.vxxxx.0c914.z.dotnxdomain.net A 1450151674.017 [x] 15-Dec-2015 query: z.t10000.uc86fd1d9.s1447672979.i5112.vxxxx.3b460.z.dotnxdomain.net A 1450151674.753 [x] 15-Dec-2015 query: z.t10000.u953a6ea5.s1448087430.i5112.vxxxx.06ca0.z.dotnxdomain.net A 1450151674.755 [x] 15-Dec-2015 query: z.t10000.uc86fd1d9.s1447672979.i5112.vxxxx.3b460.z.dotnxdomain.net A 1450151674.756 [x] 15-Dec-2015 query: z.t10000.u953a6ea5.s1448087430.i5112.vxxxx.06ca0.z.dotnxdomain.net A 1450151674.757 [x] 15-Dec-2015 query: z.t10000.ub46e3821.s1447703026.i5112.vxxxx.0c914.z.dotnxdomain.net A 2015-11-21 06:30:30 2015-11-16 11:22:59 2015-11-16 19:43:46 The time that the ad was created!

What do we see? Diff == Zombie Time! CreationTime Query Time 1450151673.887 [x] 15-Dec-2015 query: z.t10000.u953a6ea5.s1448087430.i5112.vxxxx.06ca0.z.dotnxdomain.net A 1450151673.887 [x] 15-Dec-2015 query: z.t10000.uc86fd1d9.s1447672979.i5112.vxxxx.3b460.z.dotnxdomain.net A 1450151673.887 [x] 15-Dec-2015 query: z.t10000.ub46e3821.s1447703026.i5112.vxxxx.0c914.z.dotnxdomain.net A 1450151674.013 [x] 15-Dec-2015 query: z.t10000.u953a6ea5.s1448087430.i5112.vxxxx.06ca0.z.dotnxdomain.net A 1450151674.015 [x] 15-Dec-2015 query: z.t10000.ub46e3821.s1447703026.i5112.vxxxx.0c914.z.dotnxdomain.net A 1450151674.017 [x] 15-Dec-2015 query: z.t10000.uc86fd1d9.s1447672979.i5112.vxxxx.3b460.z.dotnxdomain.net A 1450151674.753 [x] 15-Dec-2015 query: z.t10000.u953a6ea5.s1448087430.i5112.vxxxx.06ca0.z.dotnxdomain.net A 1450151674.755 [x] 15-Dec-2015 query: z.t10000.uc86fd1d9.s1447672979.i5112.vxxxx.3b460.z.dotnxdomain.net A 1450151674.756 [x] 15-Dec-2015 query: z.t10000.u953a6ea5.s1448087430.i5112.vxxxx.06ca0.z.dotnxdomain.net A 1450151674.757 [x] 15-Dec-2015 query: z.t10000.ub46e3821.s1447703026.i5112.vxxxx.0c914.z.dotnxdomain.net A Query Time CreationTime Diff == Zombie Time!

One Day, One DNS Server

One Day, One DNS Server

60 Days, All DNS Servers

60 Days, All DNS Servers 50% of all zombie queries are more than 6 months old!

Zombie Repeats per day

Zombie Repeats per day 1 query every 3 seconds!

Zombie Repeats per day

Zombie Repeats per day 2/3 of all queries occur once per day Do Zombies have a 32 “hours” per day?

What is causing this? Is this the result of a collection of deranged DNS recursive resolvers with an obsession about never forgetting a thing? Or web proxies that just have too much time (and space) on their hands and want to fill all that space with a vast collection of identical 1x1 pixel gifs? Let’s look at web zombies …

Zombie URL Age Distribution

Zombie URL Age Distribution 50% of all zombie URLs are less than 4 days old

Zombie URL Repeats

DNS vs URLs DNS zombies are living their own zombie half life! They are not the hell spawn of zombie URLS!

Zombies It seems that on the Internet very little is allowed to be forgotten We can use this…

DNS as storage Write(index,data) query = “data.index.storage” foreach i (0..100) { dig IN A query; }

DNS as storage Write(index,data) query = “data.index.storage” foreach i (0..100) { dig IN A query; } Read(index) wait(query, “index.storage”) return data

DNS as storage Write(index,data) query = “data.index.storage” foreach i (0..100) { dig IN A query; } Read(index) wait(query, “index.storage”) return data Delete(index) print(“I’m sorry Dave, I can’t do that”)

Thanks!

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.