Measurement and analysis of the query traffic sent to the D-Root DNS root nameserver, which is hosted by University of Maryland.
Internet anycast depends on inter-domain routing to direct clients to their “closest” sites. Using data collected from a root DNS server for over a year (400M+ queries/day from 100+ sites), we characterize the load balancing and latency performance of global anycast. Our analysis shows that site loads are often unbalanced, and that most queries travel longer than necessary, many by over 5000 km.
Investigating the root causes of these inefficiencies, we can attribute path inflation to two causes. Like unicast, anycast routes are subject to inter-domain routing topology and poli- cies that can increase path length compared to theoretical shortest (e.g., great-circle distance). Unlike unicast, anycast routes are also affected by poor route selection when paths to multiple sites are available, subjecting anycast routes to an additional, unnecessary, penalty.
Unfortunately, BGP provides no information about the number or goodness of reachable anycast sites. We propose an additional hint in BGP advertisements for anycast routes that can enable ISPs to make better choices when multiple “equally good” routes are available. Our results show that use of such routing hints can eliminate much of the anycast path inflation, enabling anycast to approach the performance of unicast routing.
Analyzing the Propagation of IoT Botnets from DNS Leakage
Stephen Herwig, Katura Harvey, Dave Levin, Neil Spring, Bobby Bhattacharjee
Longitudinal Analysis of Root Server Anycast Inefficiencies
Zhihao Li, Dave Levin, Neil Spring, Bobby Bhattacharjee
D-Mystifying the D-Root Address Change
Matthew Lentz, Dave Levin, Jason Castonguay, Neil Spring, Bobby Bhattacharjee
IMC 2013 (International Measurement Conference) Short Paper
On January 3, 2013, the D-root DNS server hosted at the University of Maryland changed
IP address. To avoid service disruption, the old address continues to answer queries.
We perform an initial investigation of the traffic at both the new and old addresses
before, during, and since the flag day. The data we collected show non-obvious behavior:
the overall query volume to the D-roots increases by roughly 50%, the old address
continues to receive a high volume of queries months after the changeover, and far
more queries to the old address succeed than those to the new one. Our analysis provides
a window into how compliant resolvers change over and how non-standard and seemingly
malicious resolvers react (or not) to the IP address change. We provide evidence that a
relatively small number of implementation errors account for nearly all discrepancies
that are not misconfigurations or attacks.