Presentation is loading. Please wait.

Presentation is loading. Please wait.

Monitoring.uk DNS 19 May 2006 Ian Meikle UKNOF4, Manchester.

Published byHaven Hughston Modified over 10 years ago

Similar presentations

Presentation on theme: "Monitoring.uk DNS 19 May 2006 Ian Meikle UKNOF4, Manchester."— Presentation transcript:

1 Monitoring.uk DNS 19 May 2006 Ian Meikle UKNOF4, Manchester

2 Agenda Monitoring.uk DNs 1. Nameserver Infrastructure 2. DNS Service Metrics 3. DNS Statistics Questions.

3 Nameserver Infrastructure Monitoring.uk DNS Nominet runs 12 authoritative nameservers for.uk/SLD.uk 7 Nominet-managed: ns[1-7].nic.uk 4 UltraDNS-managed: ns[a-d].nic.uk 20 Anycast Instances 1 Hidden primary: ns0.nic.uk 3 nameservers reachable over IPv6

4 Nameserver Infrastructure Monitoring.uk DNS

5 Nameserver Infrastructure Monitoring.uk DNS Dynamic DNS characteristics Potentially, 500 changes per minute Serial number is UNIX time of update, e.g. 1146832341 Propagation varies between nameservers BIND, <300s lag UltraDNS 3000 ~ 5000s lag Frequency of updates varies between SLDs, e.g. co.uk 58 changes per hour plc.uk less than one change per day

6 Nameserver Infrastructure Monitoring.uk DNS Physical configuration

7 DNS service Metrics Monitoring.uk DNS How DNS service is monitored. What it is measured. How nameserver availability is determined.

8 DNS service Metrics Monitoring.uk DNS PINC - Nominet’s nagios-based monitoring system Regular polling to ascertain that: Nameserver is reachable (ping) DNS service is available (udp/tcp) Zone file age is within acceptable range

9 DNS service Metrics Monitoring.uk DNS Zone file age monitored every five minutes by nagios plug-in: check_ddns_age!-p ns0.nic.uk ! -z co.uk ! -w 1500 ! -c 1800 Slow changing zones, e.g. sch.uk, have a ‘grace period’ of 30 seconds. Required as previous serial number may lag by many hours UltraDNS have much longer thresholds: Warn at 8000s Critical at 15000s

10 DNS service Metrics Monitoring.uk DNS

11 DNS service Metrics Monitoring.uk DNS

12 DNS service Metrics Monitoring.uk DNS Nameserver availability KPIs Each month, an individual nameserver must have no more than: 60 minutes unplanned downtime 120 minutes total downtime Nameserver constellation must have zero minutes downtime per month Creative statistical recording means that an availability index of < 100% is bad

13 DNS service Metrics Monitoring.uk DNS Nameserver availability KPIs Recording of downtime is presently a manual process Planned maintenance is logged in advance Outages recorded as they happened Once a month, nameserver availability verified using DNSMON

14 DNS service Metrics Monitoring.uk DNS DNSMON (http://dnsmon.ripe.net) RIPE NCC subscription service Uses TTM boxes to monitor nameserver response Provides visual indicator of nameserver health Access to raw data is possible

15 DNS service Metrics Monitoring.uk DNS

16 DNS Statistics Monitoring.uk DNS New system for gathering statistics. What queries arrive at the.uk nameservers? Uses of this statistical data.

17 DNS Statistics Monitoring.uk DNS DSC DSC - A DNS Statistics Collector (http://dns.measurement-factory.com/tools/dsc/) Two components to DSC: Collector, using libpcap to capture DNS traffic, storing it as XML Presenter, extracts data from XML and displays graphically. Collectors located at each Nominet-managed nameserver site. Presenters at Nominet, and at OARC.

18 DNS Statistics Monitoring.uk DNS Modified Configuration

19 DNS Statistics Monitoring.uk DNS OARC: DSC OARC - Operations, Analysis, and Research Center. (https://oarc.isc.org/faq.html) Public service run by ISC: “The OARC provides a neutral forum for bilateral sharing of sensitive information during DNS attacks by organizations that are dependent on the proper operation of the DNS. The OARC also provides a continued stream of analysis on the operation of the global DNS.” OARC’s DSC presenter gives statistics for: C, E, and F-Root RFC1918 ISC Nominet

20 DNS Statistics Monitoring.uk DNS DSC uses Abuse detection, particularly data mining. Detecting anomalous traffic. DDoS agent identification, to help mitigate against attack.

21 Questions? Monitoring.uk DNS

Download ppt "Monitoring.uk DNS 19 May 2006 Ian Meikle UKNOF4, Manchester."

Similar presentations

1 Brett Carr OARC, November 2006, Redmond RIPE NCC DNS Services Overview Brett Carr Manager, DNS Services RIPE NCC.

1 Brett Carr OARC, November 2006, Redmond RIPE NCC DNS Services Overview Brett Carr Manager, DNS Services RIPE NCC.
ITR3 lecture 9: DNS, mail, rsync Thomas Krichel 2002-11-05.

ITR3 lecture 9: DNS, mail, rsync Thomas Krichel
© 2007 Language Line Services Confidential Information w w w. L a n g u a g e l i n e. c o.uk Presentation to: European Emergency Number Association Brussels,

© 2007 Language Line Services Confidential Information w w w. L a n g u a g e l i n e. c o.uk Presentation to: European Emergency Number Association Brussels,
Leadership Giving Discussion. Agenda Introduction What is Leadership Giving at…? Metrics for Leadership Giving Identifying Leadership Giving prospects.

Leadership Giving Discussion. Agenda Introduction What is Leadership Giving at…? Metrics for Leadership Giving Identifying Leadership Giving prospects.
IPv6 Glue Why registrars need to support it Elise Gerich VP, IANA.

IPv6 Glue Why registrars need to support it Elise Gerich VP, IANA.
Sergei Komarov. DNS  Mechanism for IP hostname resolution  Globally distributed database  Hierarchical structure  Comprised of three components.

Sergei Komarov. DNS  Mechanism for IP hostname resolution  Globally distributed database  Hierarchical structure  Comprised of three components.
Internet Identity For All.my ccTLD IPv6 Update By Lai Heng Choong Head of Application, Database and Security.my DOMAIN REGISTRY APTLD Member Meeting, 1.

Internet Identity For All.my ccTLD IPv6 Update By Lai Heng Choong Head of Application, Database and Security.my DOMAIN REGISTRY APTLD Member Meeting, 1.
Sweeping lame DNS reverse delegations APNIC16 – DNS Operations SIG Seoul, Korea, 20 August 2003.

Sweeping lame DNS reverse delegations APNIC16 – DNS Operations SIG Seoul, Korea, 20 August 2003.
Active Context Tracking™ technology enabling business transaction management in a distributed environment Rocky Mountain CMG Spring? ‘09 Forum.

Active Context Tracking™ technology enabling business transaction management in a distributed environment Rocky Mountain CMG Spring? ‘09 Forum.
MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 4 Installing and Configuring the Dynamic Host Configuration Protocol.

MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 4 Installing and Configuring the Dynamic Host Configuration Protocol.
Implementing Domain Name System

Implementing Domain Name System
June 2007APTLD Meeting/Dubai ANYCAST Alireza Saleh.ir ccTLD

June 2007APTLD Meeting/Dubai ANYCAST Alireza Saleh.ir ccTLD
The Domain Name System. CeylonLinux DNS concepts using BIND 2 Hostnames IP Addresses are great for computers –IP address includes information used for.

The Domain Name System. CeylonLinux DNS concepts using BIND 2 Hostnames IP Addresses are great for computers –IP address includes information used for.
Application Layer Anycasting: A Server Selection Architecture and Use in a Replicated Web Service Presented in 294-4 by Jayanthkumar Kannan On 11/26/03.

Application Layer Anycasting: A Server Selection Architecture and Use in a Replicated Web Service Presented in by Jayanthkumar Kannan On 11/26/03.
DirectAccess is an Enterprise Solution: No support for Windows 7 Professional Requires two consecutive public IP addresses Cannot NAT to the DirectAccess.

DirectAccess is an Enterprise Solution: No support for Windows 7 Professional Requires two consecutive public IP addresses Cannot NAT to the DirectAccess.
MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 5 Introduction to DNS in Windows Server 2008.

MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 5 Introduction to DNS in Windows Server 2008.
Technical Area Report Bryon Ellacott, Technical Area Manager APNIC 28.

Technical Area Report Bryon Ellacott, Technical Area Manager APNIC 28.
DNS Domain Name Systems Introduction 1. DNS DNS is not needed for the internet to work IP addresses are all that is needed The internet would be extremely.

DNS Domain Name Systems Introduction 1. DNS DNS is not needed for the internet to work IP addresses are all that is needed The internet would be extremely.
Engineering Workshops DNS Rick Summerhill. Engineering Workshops Basic Ideas DNS in IPv6 is much like DNS in IPv4 Keep files and delegations as simple.

Engineering Workshops DNS Rick Summerhill. Engineering Workshops Basic Ideas DNS in IPv6 is much like DNS in IPv4 Keep files and delegations as simple.
DNS. Introduction What is DNS? –Hierarchy or Tree –Dot used as a separator.

DNS. Introduction What is DNS? –Hierarchy or Tree –Dot used as a separator.

Similar presentations

Ads by Google