nanog mailing list archives

Re: What DNS Is Not

From: David Andersen <dga () cs cmu edu>
Date: Sun, 8 Nov 2009 19:59:24 -0500

On Nov 8, 2009, at 7:46 PM, bmanning () vacation karoshi com wrote:


"The paper also presents the results of trace-driven simulations that
explore the effect of varying TTLs and varying degrees of cache
sharing on DNS cache hit rates. "


        I'm not debating the traces - I wonder about the simulation
        model.  (and yes, I've read the paper)

I'm happy to chat about this offline if it bores people, but I'mcurious what you're wondering about.


The method was pretty simple:

 - Record the TCP SYN/FIN packets and the DNS packets

- For every SYN, figure out what name the computer had resolved toopen a connection to this IP address- From the TTL of the DNS, figure out whether finding that bindingwould have required a DNS lookup

There are some obvious potential sources of error - most particularly,name-based HTTP virtual hosting may break some of the assumptions inthis - but I'd guess that with a somewhat smaller trace, not too mucherror is introduced by clients going to different name-based vhosts onthe same IP address within a small amount of time. There arecertainly some, but I'd be surprised if it was more than a %age of theaccesses. Are there other methodological concerns?

I'd also point out for this discussion two studies that looked at howaccurately one can geo-map clients based on the IP address of theirchosen DNS resolver. There are obviously potential pitfalls here(e.g., someone who travels and still uses their "home" resolver). In2002:

Z. M. Mao, C. D. Cranor, F. Douglis, and M. Rabinovich. A Precise andEfficient Evaluation of the Proximity between Web Clients and theirLocal DNS Servers. In Proc. USENIX Annual Technical Conference,Berkeley, CA, June 2002.


Bottom line:  It's ok but not great.

"We con- clude that DNS is good for very coarse-grained serverselection, since 64% of the associations belong to the same AutonomousSystem. DNS is less useful for finer- grained server selection, sinceonly 16% of the client and local DNS associations are in the samenetwork-aware cluster [13] (based on BGP routing information from awide set of routers)"

We did a wardriving study in Pittsburgh recently where we found that,of the access points we could connect to, 99% of them used their ISP'sprovided DNS server. Pretty good if your target is residential users:


http://www.cs.cmu.edu/~dga/papers/han-imc2008-abstract.html

(it's a small part of the paper in section 4.3).

  -Dave

Current thread:

What DNS Is Not Alex Balashov (Nov 08)
- Re: What DNS Is Not Dave Temkin (Nov 08)
  - Re: What DNS Is Not Alex Balashov (Nov 08)
    - Re: What DNS Is Not Dave Temkin (Nov 08)
    - Re: What DNS Is Not David Andersen (Nov 08)
    - Re: What DNS Is Not bmanning (Nov 08)
    - Re: What DNS Is Not David Andersen (Nov 08)
    - Re: What DNS Is Not bmanning (Nov 08)
    - Re: What DNS Is Not David Andersen (Nov 08)
    - Re: What DNS Is Not David Conrad (Nov 08)
    - Re: What DNS Is Not Paul Ferguson (Nov 08)
    - Re: What DNS Is Not Scott Howard (Nov 08)
    - Re: What DNS Is Not Paul Wall (Nov 08)
    - Re: What DNS Is Not Joe Greco (Nov 08)
    - Re: What DNS Is Not Simon Lyall (Nov 08)
    - Re: What DNS Is Not Joe Abley (Nov 08)
    - Re: What DNS Is Not Paul Vixie (Nov 09)
    - Re: What DNS Is Not Bill Stewart (Nov 09)
    - Re: What DNS Is Not Valdis . Kletnieks (Nov 09)

(Thread continues...)