Presentation is loading. Please wait.

Presentation is loading. Please wait.

Testing DNS resolvers (as) in real world

Published byErik Conley Modified over 6 years ago

Similar presentations

Presentation on theme: "Testing DNS resolvers (as) in real world"— Presentation transcript:

1 Testing DNS resolvers (as) in real world
Petr Špaček • • 17 May 2017 (speaking) Filip Široký • • (working :-)

2 Focus on functional testing
Goal: “Support line should stay silent” Are users able to resolve names they want? Ignoring Security Performance Usability

3 Challenges DNS cache Lot of state Ordering & timing matters
Forwarding → chain of caches → state explosion Query flags RD, DO, AD, CD, … Weird implementations on authoritative side Network glitches

4 What users want? Open youtube.com (using Firefox 52 as an example)
15 DNS queries from stub resolver (2.3 seconds) Some of them sent in paralell (race conditions) Some repeated (cache) … and watch a video 35 DNS queries from stub resolver (2.5 seconds)

5 Generating test for youtube.com
Open a web site using Selenium (web test framework) Capture stub ↔ recursive resolver traffic Including timing and parallel queries Capture resolver ↔ authoritative traffic Repeat with Query name minimization on/off Different resolvers (Knot resolver, Unbound, ...) Transform captured traffic into Deckard [1] test [1]

6

7 Testing youtube.com Use Deckard tool to simulate DNS client and replies from authorities Replay sequence of queries from web browser Including timing and parallel queries Authorities reply with captured answers Check if answers to the simulated client match Repeat the test with query minimization off/on forwarding off/on (two resolvers under test at once)

8 Anatomy of Deckard test
RANGE_BEGIN ADDRESS 2001:678:11::1 MATCH opcode qtype qname REPLY NOERROR QR AA DO SECTION QUESTION turris.cz. IN DS SECTION ANSWER turris.cz IN DS <...> STEP 121 CHECK_ANSWER MATCH all REPLY RD RA QR AD api.turris.cz. IN A api.turris.cz IN A

9 Further plans Make it work! Combine tests for multiple sites into one
Interleaving requests from multiple clients Compare with captured data sets Mobile vs. desktop web browsers? ? Other non-web clients? A better user simulation?

10 Get in touch Deckard tool README Mailing list Speaker Petr Špaček •

Download ppt "Testing DNS resolvers (as) in real world"

Similar presentations

Enabling Secure Internet Access with ISA Server

Enabling Secure Internet Access with ISA Server
Reinventing Email using REST. Anything addressable by a URI is called a resource GET, PUT, POST, DELETE WebDAV (MOVE, LOCK)

Reinventing using REST. Anything addressable by a URI is called a resource GET, PUT, POST, DELETE WebDAV (MOVE, LOCK)
Progress Report 11/1/01 Matt Bridges. Overview Data collection and analysis tool for web site traffic Lets website administrators know who is on their.

Progress Report 11/1/01 Matt Bridges. Overview Data collection and analysis tool for web site traffic Lets website administrators know who is on their.
Domain Name System: DNS

Domain Name System: DNS
1 Web Content Delivery Reading: Section 9.2.2 and 9.4.3 COS 461: Computer Networks Spring 2007 (MW 1:30-2:50 in Friend 004) Ioannis Avramopoulos Instructor:

1 Web Content Delivery Reading: Section and COS 461: Computer Networks Spring 2007 (MW 1:30-2:50 in Friend 004) Ioannis Avramopoulos Instructor:
TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 19 Domain Name System (DNS)

TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 19 Domain Name System (DNS)
TCP/IP Protocol Suite 1 Chapter 17 Upon completion you will be able to: Domain Name System: DNS Understand how the DNS is organized Know the domains in.

TCP/IP Protocol Suite 1 Chapter 17 Upon completion you will be able to: Domain Name System: DNS Understand how the DNS is organized Know the domains in.
NET0183 Networks and Communications Lecture 25 DNS Domain Name System 8/25/20091 NET0183 Networks and Communications by Dr Andy Brooks.

NET0183 Networks and Communications Lecture 25 DNS Domain Name System 8/25/20091 NET0183 Networks and Communications by Dr Andy Brooks.
1 3 Web Proxies Web Protocols and Practice. 2 Topics Web Protocols and Practice WEB PROXIES  Web Proxy Definition  Three of the Most Common Intermediaries.

1 3 Web Proxies Web Protocols and Practice. 2 Topics Web Protocols and Practice WEB PROXIES  Web Proxy Definition  Three of the Most Common Intermediaries.
Implementing DNS Module D 7: Implementing DNS

Implementing DNS Module D 7: Implementing DNS
Geoff Huston APNIC Labs

Geoff Huston APNIC Labs
PA3: Router Junxian (Jim) Huang EECS 489 W11 /

PA3: Router Junxian (Jim) Huang EECS 489 W11 /
14 DNS : The Domain Name System. 14 Introduction - Problem Computers are used to work with numbers Humans are used to work with names ==> IP addresses.

14 DNS : The Domain Name System. 14 Introduction - Problem Computers are used to work with numbers Humans are used to work with names ==> IP addresses.
October 15, 2002Serguei A. Mokhov, 1 Intro to DNS SOEN321 - Information Systems Security.

October 15, 2002Serguei A. Mokhov, 1 Intro to DNS SOEN321 - Information Systems Security.
Chapter 17 Domain Name System

Chapter 17 Domain Name System
Fully Qualified Domain Names FQDNs. DNS Database A distributed, hierarchical database Resolves Fully Qualified Domain Names (FQDNs) to IP addresses –

Fully Qualified Domain Names FQDNs. DNS Database A distributed, hierarchical database Resolves Fully Qualified Domain Names (FQDNs) to IP addresses –
Module 8 DNS Tools & Diagnostics. Objectives Understand dig and nslookup Understand BIND toolset Understand BIND logs Understand wire level messages.

Module 8 DNS Tools & Diagnostics. Objectives Understand dig and nslookup Understand BIND toolset Understand BIND logs Understand wire level messages.
Netprog: DNS and name lookups1 Address Conversion Functions and The Domain Name System Refs: Chapter 9 RFC 1034 RFC 1035.

Netprog: DNS and name lookups1 Address Conversion Functions and The Domain Name System Refs: Chapter 9 RFC 1034 RFC 1035.
1 Kyung Hee University Chapter 18 Domain Name System.

1 Kyung Hee University Chapter 18 Domain Name System.
Domain Name System Refs: Chapter 9 RFC 1034 RFC 1035.

Domain Name System Refs: Chapter 9 RFC 1034 RFC 1035.

Similar presentations

Ads by Google