NIC Chile Secondary DNS Service History and Evolution

Slides:



Advertisements
Similar presentations
Access Control for Networks Problems: –Enforce an access control policy Allow trust relationships among machines –Protect local internet from outsiders.
Advertisements

Network Operating System By Elena Otte Distributed Data Processing.
Hands-On Microsoft Windows Server 2003 Networking Chapter 6 Domain Name System.
Hands-On Microsoft Windows Server 2003 Networking Chapter 7 Windows Internet Naming Service.
LAME – Next Steps Mark Kosters, CTO. Delegations tested daily until test good or removed If still lame after 30 consecutive days of testing, POCs notified.
Understanding Network Failures in Data Centers: Measurement, Analysis and Implications Phillipa Gill University of Toronto Navendu Jain & Nachiappan Nagappan.
Peter Janssen, EURid.eu Ljubljana, RIPE 64, 2012 Peter Janssen, EURid.eu Ljubljana, RIPE 64, April
Chapter 13: Sharing Printers on Windows Server 2008 R2 Networks BAI617.
DNS. Introduction What is DNS? –Hierarchy or Tree –Dot used as a separator.
Module 3 DNS Types.
DNS and Active Directory Integration
Experiences Deploying Xrootd at RAL Chris Brew (RAL)
Troubleshooting. Why Troubleshoot? What Can Go Wrong? –Misconfigured zone –Misconfigured server –Misconfigured host –Misconfigured network.
70-291: MCSE Guide to Managing a Microsoft Windows Server 2003 Network Chapter 7: Domain Name System.
DNS Security Pacific IT Pros Nov. 5, Topics DoS Attacks on DNS Servers DoS Attacks by DNS Servers Poisoning DNS Records Monitoring DNS Traffic Leakage.
EIDE Design Considerations 1 EIDE Design Considerations Brian Wright Portland General Electric.
Anycast DNS. WatITis | Strengthening Collaboration | December 8, 2009 | Anycast DNS Outline Current Anycast routing Anycast implemented Problems resolved.
DNS Dynamic Update Performance Study The Purpose Dynamic update and XFR is key approach to perform zone data replication and synchronization,
Kiew-Hong Chua a.k.a Francis Computer Network Presentation 12/5/00.
Module 6: Designing Name Resolution. Module Overview Collecting Information for a Name Resolution Design Designing a DNS Server Strategy Designing a DNS.
Server Performance, Scaling, Reliability and Configuration Norman White.
Denial of Service Sharmistha Roy Adversarial challenges in Web Based Services.
CERN DNS Load Balancing VladimírBahylIT-FIO NicholasGarfieldIT-CS.
CIS 192B – Lesson 2 Domain Name System. CIS 192B – Lesson 2 Types of Services Infrastructure –DHCP, DNS, NIS, AD, TIME Intranet –SSH, NFS, SAMBA Internet.
BNL PDN Enhancements. Perimeter Load Balancers Scaleable Performance Fault Tolerance Server Maintainability User Convenience Perimeter Security.
1 CMPT 471 Networking II DNS © Janice Regan,
2/26/2003 Lecture 4 Computer System Administration Lecture 4 Networking Startup/DNS.
File Transfer And Access (FTP, TFTP, NFS). Remote File Access, Transfer and Storage Networks For different goals variety of approaches to remote file.
Troubleshooting. Why Troubleshoot? What Can Go Wrong? –Misconfigured zone –Misconfigured server –Misconfigured host –Misconfigured network.
© 2015 MetricStream, Inc. All Rights Reserved. AWS server provisioning © 2015 MetricStream, Inc. All Rights Reserved. By, Srikanth K & Rohit.
Step-by-Step Guide to Asynchronous Data (File) Replication (File Based) over a WAN Supported by Open-E ® DSS™ Software Version: DSS ver up85 Presentation.
System Administration(SAD622S) Name of Presenter: Shadreck Chitauro Lecturer 18 July 2016 Faculty of Computing and Informatics.
So You Inherited a DNS Server…
Chap-I Network and System Configuration in Linux
Apache Ignite Data Grid Research Corey Pentasuglia.
Services DFS, DHCP, and WINS are cluster-aware.
AT Commands Supports AT commands
Current Generation Hypervisor Type 1 Type 2.
Module 5: Resolving Host Names by Using Domain Name System (DNS)
High Availability Linux (HA Linux)
AppleTalk and Networking
Global Catalog and Flexible Single Master Operations (FSMO) Roles
LINUX ADMINISTRATION
Geoff Huston APNIC Labs September 2017
Cluster Communications
Briefing: Leverage HPE Storage Solutions in Windows/Hyper-V
Some bits on how it works
LCGAA nightlies infrastructure
SUBMITTED BY: NAIMISHYA ATRI(7TH SEM) IT BRANCH
DNS and Bind Presenter David Wood
Apache Hadoop YARN: Yet Another Resource Manager
Socket Programming Cal Poly Pomona Young CS380.
Introduction to Networks
Working at a Small-to-Medium Business or ISP – Chapter 7
Provisioning Performance of name server Software
Lame DNS Server Sweeping
Reliable Services Jeffrey Richter Microsoft Azure Service Fabric.
Domain Name System Introduction And Overview
Client-Server Interaction
Working at a Small-to-Medium Business or ISP – Chapter 7
LACNIC IV Santiago, Chile April, 2003
Replication Middleware for Cloud Based Storage Service
Working at a Small-to-Medium Business or ISP – Chapter 7
Cloud Web Filtering Platform
TELNET BY , S.AISHWARYA III-IT.
Global Catalog and Flexible Single Master Operations (FSMO) Roles
Applications Layer Functionality & Protocols
IPv6 Addressing By Aman Agrawal Archisman Bhattacharya
(DNS – Domain Name System)
Network programming Lecture 1 Prepared by: Dr. Osama Mokhtar.
Presentation transcript:

NIC Chile Secondary DNS Service History and Evolution Marco Díaz OARC Buenos Aires 2016

A little bit of history NIC Chile started to offer secondary service as a way to improve the local Internet. Launched in 2001. Since then it has been a service free of charge for our customers.

A little bit of history A unicast machine, BIND server over Linux OS. A new configuration generated every hour. A friendly interface for customers when choosing the service

A little bit of history

Operations More than 32000 zones. Lots of zones transfer failed. Lame delegations. Customer calls to “touch” their file zone to keep it alive a little longer. In 2008 we started to generate changes every 30 min.

Problems Due to the very frequent reconfig, a lot of TCP overhead between DNS servers. […] transfers-in 4500; transfers-out 1000; tcp-clients 3500; tcp-listen-queue 15; serial-query-rate 4000; transfers-per-ns 300; transfer-source 200.1.123.7; provide-ixfr no; Max-transfer-time-in 20; [...]

Problems Given the large amount of SOA queries and transfer attempts every 30 min, we started to have interruptions in the service. Interruptions due to scheduled maintenance.

Evolution We wanted a solution that did not involve changes for current customers. In October 2009, first major upgrade unicast to anycast 2 nodes 1 distributor

Evolution secundario.nic.cl 200.1.123.7 sec-dist 200.1.123.7 200.7.5.7

Anycast

Advantages Redundancy Transfers between nodes and distributor are much faster. The service has less impact every 30 min. Scheduled maintenance without service interruptions.

Disadvantage Overhead still exist.

Overhead peaks

“MetaSlave” solution Small daemon that runs along the DNS server, on a different port, and listens for a notify query Based on work from Jan-Piet Mens of “Automatic provisioning of slave DNS servers” When the server receives a notify, triggers the addition of that zone to the server.

MetaSlave implementation sec-dist 200.1.123.7 secundario.nic.cl 200.7.5.7

MetaSlave implementation Perl script TSIG-signed communication with the distributor Queue for commands when the server is not available. Invoke addzone commands. Support Bind and NSD.

MetaSlave implementation Server side config also-notify { 172.30.21.67 port 54 key dist-nodo; };

MetaSlave implementation Advantages Adding only well configured zones. Does not generate overhead traffic. Disadvantage Does not manage change of states (elimination of a zone)

MetaSlave implementation Workaround Another daemon, that runs on the distributor. After every generation, generate a list of the zones eliminated, and invokes delete commands on the node.

Results

Results BAD configured zones identified where almost 60% Well configured zones 40% Total of zones using the service 32464 Added in the “metaslaved” node 13054

Future work Improve policies for the use of service. Improve the scripts for fault tolerance. Using this to mitigate lame delegations.

Thanks! mdiaz@nic.cl

Links http://www.nic.cl http://jpmens.net/2013/02/13/automatic-provisioning-of-slave-dns- servers/

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.