Presentation is loading. Please wait.

Presentation is loading. Please wait.

High performance recursive DNS solution

Published byArthur Ross Modified over 7 years ago

Similar presentations

Presentation on theme: "High performance recursive DNS solution"— Presentation transcript:

1 High performance recursive DNS solution
Peng Zuo

2 Agenda Introduction to recursive resolver Problems of the recursive resolver SDNS-R: High-performance recursive DNS solution

3 How DNS works User opens browser, enters URL Browser now has IP
Recursive resolver Browser sends HTTP request to web server web server sends HTML data stream Browser renders HTML data

4 DNS Server Types DNS Server: a server that answers DNS queries.
Functional Differences Authoritative DNS Server Caching DNS Server/Recursive DNS Server Forwarding DNS Server Relational Differences Primary and Slave Servers Public and Private Servers

5 Ask example server @ ns.example.cn (+ glue)
DNS Server Types root-server A ? Add to cache Ask cn server (+ glue) Recursive Resolver Stub Resolver A ? A ? gtld-server Ask example ns.example.cn (+ glue) A ? example-server + Properties of the recursive DNS Maintains a cache of recently request data Access to the entire range of DNS world Combination of forwarding DNS and recursive DNS Forwarding DNS server Recursive DNS server

6 Agenda Introduction to recursive resolver Problems of the recursive resolver SDNS-R: High-performance recursive DNS solution

7 Security Issue Various DDoS attack Cache poisoning (Kaminsky attack)
Amplification attack

8 Nxdomain flood ? ? ? ? Recursive DNS Authoritative DNS Botnet
jgalk.dsjgdgasg.cn ? ? 5jt.d5t53g.43t.net ? 53sas.kdjgsjals.com ? 325jkdngoug.cn Recursive DNS Authoritative DNS Botnet The recursive server is running out of available resource!! randomly generated subdomain strings Cache

9 DNS Server Types CDNs depend on user’s DNS to direct requests
Remote DNS services break this assumption

10 Agenda Introduction to recursive resolver Problems of the recursive resolver SDNS-R: High-performance recursive DNS solution

11 SDNS-R: High performance Recursive DNS
Cache Forward Log RCM New design and architecture Support DNS view High performance Cache  performance is about 100 times higher than  common DNS server Forward  performance is about 10 times higher than  common DNS server High Performance DNS Engine Operation System Common DNS server SDNS-R Cache performance (QPS) 30,000 ~ 150,000 10,000,000 Forward performance (QPS) 5,000 ~ 15,000 50,000 + +

12 Benefits DNSSEC traffic grows up sharply The average traffic is up to about 4.5 times The size of None-exist domain response message is up to about 12 times larger Larger Bandwidth 10,000,000 = 100 * 100,000 Internet Reduce cost significantly Mitigate Nxdomain flood attack Easy to maintain Anti-attack device 10GE More Servers & More cabinets in IDC room A DNS node with 10 Gb bandwidth 2 SDNS-R 100 common DNS servers …… Higher Cost 100,000 QPS per server 10,000,000 QPS per server

13 Improvement of view function
view: A powerful and useful feature of BIND 9 that lets a name server answer a DNS query differently depending on who is asking. Configuring a large number of DNS views uses more device memory and more processor time. SDNS-R improves view function: Speed up DNS view lookup Reduce time complexity of DNS view lookup Lower memory consumption optimized data structure and algorithm Expand the use of View function: from IP to IP + domain

14 Architecture of a public DNS
Example: A public DNS consists of SDNS-R Recursive DNS server Forwarding DNS server User in Beijing Beijing Public DNS User in Shanghai Shanghai Hongkong User in Hongkong Suboptimal route Guangzhou

15 Thanks!

Download ppt "High performance recursive DNS solution"

Similar presentations

Review iClickers. Ch 1: The Importance of DNS Security.

Review iClickers. Ch 1: The Importance of DNS Security.
© 2006-2012 NLnet Labs, Licensed under a Creative Commons Attribution 3.0 Unported License.Creative Commons Attribution 3.0 Unported License Introduction.

© NLnet Labs, Licensed under a Creative Commons Attribution 3.0 Unported License.Creative Commons Attribution 3.0 Unported License Introduction.
Sergei Komarov. DNS  Mechanism for IP hostname resolution  Globally distributed database  Hierarchical structure  Comprised of three components.

Sergei Komarov. DNS  Mechanism for IP hostname resolution  Globally distributed database  Hierarchical structure  Comprised of three components.
Domain Name System. DNS is a client/server protocol which provides Name to IP Address Resolution.

Domain Name System. DNS is a client/server protocol which provides Name to IP Address Resolution.
Cis3.2 -- e-commerce -- lecture #6: Content Distribution Networks and P2P (based on notes from Dr Peter McBurney © 2002-2005)

Cis e-commerce -- lecture #6: Content Distribution Networks and P2P (based on notes from Dr Peter McBurney © )
Progress Report 11/1/01 Matt Bridges. Overview Data collection and analysis tool for web site traffic Lets website administrators know who is on their.

Progress Report 11/1/01 Matt Bridges. Overview Data collection and analysis tool for web site traffic Lets website administrators know who is on their.
MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 5 Introduction to DNS in Windows Server 2008.

MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 5 Introduction to DNS in Windows Server 2008.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 7: Planning a DNS Strategy.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 7: Planning a DNS Strategy.
1 Web Content Delivery Reading: Section 9.2.2 and 9.4.3 COS 461: Computer Networks Spring 2007 (MW 1:30-2:50 in Friend 004) Ioannis Avramopoulos Instructor:

1 Web Content Delivery Reading: Section and COS 461: Computer Networks Spring 2007 (MW 1:30-2:50 in Friend 004) Ioannis Avramopoulos Instructor:
 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.

 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.
11.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 11: Introducing WINS, DNS,

11.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 11: Introducing WINS, DNS,
Domain Name System | DNSSEC. 2  Internet Protocol address uniquely identifies laptops or phones or other devices  The Domain Name System matches IP.

Domain Name System | DNSSEC. 2  Internet Protocol address uniquely identifies laptops or phones or other devices  The Domain Name System matches IP.
Module 3 DNS Types.

Module 3 DNS Types.
Advanced Module 3 Stealth Configurations.

Advanced Module 3 Stealth Configurations.
IT 210 The Internet & World Wide Web introduction.

IT 210 The Internet & World Wide Web introduction.
TELE 301 Lecture 11: DNS 1 Overview Last Lecture –Scheduled tasks and log management This Lecture –DNS Next Lecture –Address assignment (DHCP)

TELE 301 Lecture 11: DNS 1 Overview Last Lecture –Scheduled tasks and log management This Lecture –DNS Next Lecture –Address assignment (DHCP)
IIT Indore © Neminath Hubballi

IIT Indore © Neminath Hubballi
70-291: MCSE Guide to Managing a Microsoft Windows Server 2003 Network Chapter 7: Domain Name System.

70-291: MCSE Guide to Managing a Microsoft Windows Server 2003 Network Chapter 7: Domain Name System.
Module 5: Planning a DNS Strategy. Overview Planning DNS Servers Planning a Namespace Planning Zones Planning Zone Replication and Delegation Integrating.

Module 5: Planning a DNS Strategy. Overview Planning DNS Servers Planning a Namespace Planning Zones Planning Zone Replication and Delegation Integrating.
Chapter 17 Domain Name System

Chapter 17 Domain Name System

Similar presentations

Ads by Google