[rssac-caucus] Preliminary result in Resolver Study Work Party
John Heidemann
johnh at isi.edu
Thu Dec 20 19:41:35 UTC 2018
On Wed, 19 Dec 2018 01:09:58 -0800, Fred Baker wrote:
>Mario, would you kindly add Davey to the Work Party mailer?
>
>> On Dec 19, 2018, at 4:39 PM, Davey Song <songlinjian at gmail.com> wrote:
>>
>> I'm sorry and I missed last call for Resolver Study Work Party. I'm wondering is there any open
>document or preliminary result of this work party? I'm personally intereted in the resolver behavior
>on timeout and re-query. Can anyone give me some hint?
>
>The SOW is at
>https://www.icann.org/en/system/files/files/rssac-sow-resolver-behaviors-07aug18-en.pdf. We have
>"met", for some definition of that term, three times.
That looks like an interesting study.
There is some recent work related to some of the tasks:
1. Analyze DNS resolver network traffic and behaviour to better
understand how they operate as they interact with authoritative servers
generally and the RSS specifically in terms of preferred root server
selection.
=> task 1 was I think discussed in [Mueller17b]
2. Analyze DNS resolver and authoritative server code bases and perform
(ideally repeatable) simulations to further extract a model of how
modern resolvers implement caching and priming of the root name servers.
=> task 2 was discussed in [Moura18b], at least in the context of DoS
3. Analyze DNS resolver code bases and perform (ideally repeatable)
resolution simulations to further extract a model of how modern
resolvers choose which authoritative server for a given zone to query.
=> Am I correct to read task 3 as like task 1, but about general
authoritative servers and not just root servers?
It would be interesting to know if anyone (or how many) treat the roots
differently than general auths.
4. Analyze DNS resolver systems using multiple resolution instances
(with potentially individual or shared caching systems) to understand
how they interact with the RSS. (e.g. google, cloudflare, quad9 type
systems)
=> Google was examined in [Schomp13a], although I'm sure it's changed since
then, and it's only one example of a large parallel recursive resolver.
But their methodology is solid and probably useful at looking at the new
public DNS implementations.
Specific references are below.
It will be neat to see new results here---I think the prior work mainly
used WAN experiments and traffic analysis, so examining code may lead to
some new observations. Or things may have changed.
I just wanted to mention them because
The SOW at
https://www.icann.org/en/system/files/files/rssac-sow-resolver-behaviors-07aug18-en.pdf
didn't mention any prior work, so it's a little hard to tell where it's
starting.
-John
----------------------------------------------------------------------
[Moura18b]
Giovane C. M. Moura, John Heidemann, Moritz M{\"u}ller, Ricardo de O. Schmidt, and Marco Davids.
When the Dike Breaks: Dissecting DNS Defenses During DDoS.
In _Proceedings of the ACM Internet Measurement Conference_, October, 2018.
<https://doi.org/10.1145/3278532.3278534>, <https://www.isi.edu/%7ejohnh/PAPERS/Moura18b.html>.
[Mueller17b]
Moritz M\"{u}ller, Giovane C. M. Moura, Ricardo de O. Schmidt, and John Heidemann.
Recursives in the Wild: Engineering Authoritative DNS Servers.
In _Proceedings of the ACM Internet Measurement Conference_, pp. 489-495.
London, UK, 2017.
<https://doi.org/10.1145/3131365.3131366>, <https://www.isi.edu/%7ejohnh/PAPERS/Mueller17b.html>.
[Schomp13a]
Kyle Schomp, Tom Callahan, Michael Rabinovich, and Mark Allman.
On Measuring the Client-Side DNS Infrastructure.
In _Proceedings of the ACM Internet Measurement Conference_, Barcelona, Spain, ACM.
October, 2013.
<http://conferences.sigcomm.org/imc/2013/papers/imc029-schompAemb.pdf>.
More information about the rssac-caucus
mailing list