cache me if you can effects of dns time to live
play

Cache Me If You Can: Effects of DNS Time-to-Live Giovane C. M. Moura - PowerPoint PPT Presentation

Mar 26, 2023 •144 likes •1.05k views

Cache Me If You Can: Effects of DNS Time-to-Live Giovane C. M. Moura 1 , 2 , John Heidemann 3 , Wes Hardaker 3 , Ricardo de O. Schmidt 4 RIPE 79 Rotterdam, The Netherlands 2019-10-15 1 SIDN Labs, 2 TU Delft, 3 USC/ISI, 4 UPF Outline

  1. Cache Me If You Can: Effects of DNS Time-to-Live Giovane C. M. Moura 1 , 2 , John Heidemann 3 , Wes Hardaker 3 , Ricardo de O. Schmidt 4 RIPE 79 Rotterdam, The Netherlands 2019-10-15 1 SIDN Labs, 2 TU Delft, 3 USC/ISI, 4 UPF

  2. Outline Introduction Parent vs Child Zone configurations and Effective TTL TTLs Use in the Wild Operators Notification Caching (Longer TTL) vs Anycast Shorter vs Longer TTLs Recommendation and Conclusions

  3. Our research on DNS over the last years Our rearch on DNS security/stability: • Anycast and DDoS : IMC 2016 [2] • Resolvers : IMC 2017 [5] • Anycast Engineering : IMC 2017 [1] • Caching and DDoS : IMC 2018 [4] • Caching and TTL, and performance: IMC 2019 [3] • (this paper) • IMC will be next week in Amsterdam 1

  4. Introduction

  5. The role of TTL authoritative user resolver server 1

  6. The role of TTL authoritative user resolver server Q: google.com? 1

  7. The role of TTL authoritative user resolver server Q: google.com? Q: google.com? 1

  8. The role of TTL authoritative user resolver server Q: google.com? Q: google.com? A: 10.10.10.10 A: 10.10.10.10 1

  9. The role of TTL authoritative user resolver server Q: google.com? Q: google.com? A: 10.10.10.10 A: 10.10.10.10 cache 1

  10. The role of TTL authoritative user resolver server Q: google.com? Q: google.com? A: 10.10.10.10 A: 10.10.10.10 ? m o c . e l g o cache o g : Q 1

  11. The role of TTL x authoritative user resolver server Q: google.com? Q: google.com? A: 10.10.10.10 A: 10.10.10.10 ? m o c . e 0 l g 1 o . cache 0 o 1 g . 0 : Q 1 . 0 1 : A cache hit! FASTER 1

  12. The role of TTL x ISP GOOGLE authoritative user resolver server Q: google.com? Q: google.com? A: 10.10.10.10 A: 10.10.10.10 ? m o BUT caching FOR c . e 0 l g 1 o . cache HOW LONG??? 0 o 1 g . 0 : Q 1 . 0 1 : A cache hit! FASTER 1

  13. The role of TTL x ISP GOOGLE authoritative user resolver server Q: google.com? Q: google.com? A: 10.10.10.10 A: 10.10.10.10 ? m o BUT caching FOR c . e 0 l g 1 o . cache HOW LONG??? 0 o 1 g . 0 : Q 1 . 0 1 TTL : A cache hit! FASTER 1

  14. The role of TTL x ISP GOOGLE authoritative user resolver server Q: google.com? Q: google.com? A: 10.10.10.10 A: 10.10.10.10 ? m o BUT caching FOR c . e 0 l g 1 o . cache HOW LONG??? 0 o 1 g . 0 : Q 1 . 0 1 TTL : A cache hit! FASTER • TTL controls caching • auth servers SIGNAL to resolvers how long (TTL) • Caching is VERY important for performance • improves user experience 2

  15. And you must set TTLs • Say you register cachetest.net 3

  16. What TTL values are good? Today it is unclear what an operator should do • DNS OPs folks on TTLs: “ if it ain’t broke don’t fix it ” We think we can help Figure 1: DNS ops chaging TTLs. src: trainworld.be 4

  17. Our contribution Because of conflicting and under-explained TTL advice, we show: 1. the effective TTL comes from multiple places • Parent and Child authoritative servers • NS and A records (sometimes) 2. TTLs are unnecesssarily short • a. because sometimes multiple places → one is shorter and wins • or operators don’t realize the cost 3. We show that longer TTLs are MUCH faster 4. Our results were adopted by 3 ccTLD for ∼ 20ms median latency improvement; 171ms 75%ile 5

  18. The rest of this talk 1. Parent vs Child: who really sets the TTL? 2. NS and A records: are they limited? And bailiwick? 3. Real-world variation exists 4. Longer TTLs are MUCH better 5. Our recommendations 6

  19. Parent vs Child

  20. Duplicate info: which one is chosen? • Parent and child TTLs may vary: dig NS cachetest.net ROOT . NS cachetest.net: .nl .org ... .net * ns1.cachetest.net * TTL: 172800s NS cachetest.net: * ns1.cachetest.net cachetest.net Resolver * TTL: 3600s Which TTL will Rembrandt use? Parent ( 172800s) or child ( TTL: 3600s) 7

  21. Are resolvers parent- or child-centric? Parent vs Child experiment • Test with experiment on .uy : (2019-02-14) • Parent : NS/A TTL: 172800s • Child : NS TTL: 300s ; A: 120s • We query with 15k VPs (Ripe Atlas) mutliple times, every 10min • We analyze TTL values received at VPs 8

  22. Most Atlas VPs resolvers are child-centric Figure 2: Observed TTLs from Atlas VPs for .uy-NS and a.nic.uy-A queries. Spike at Child TTL A (120s) : most resolvers are child centric 1 0.8 CDF TTL Answers 0.6 0.4 A queries 0.2 NS queries 0 5 10 50 120 300 1000 Answers TTL(s) Spike at Child TTL NS (300s): child centric 9 • Remember: TTL parents: 2 days

  23. Most Atlas VPs resolvers are child-centric Figure 2: Observed TTLs from Atlas VPs for .uy-NS and a.nic.uy-A queries. Spike at Child TTL A (120s) : most resolvers are child centric 1 0.8 CDF TTL Answers 0.6 0.4 A queries 0.2 NS queries 0 5 10 50 120 300 1000 Answers TTL(s) Spike at Child TTL NS (300s): child centric 9 • Remember: TTL parents: 2 days

  24. Most Atlas VPs resolvers are child-centric Figure 2: Observed TTLs from Atlas VPs for .uy-NS and a.nic.uy-A queries. Spike at Child TTL A (120s) : most resolvers are child centric 1 0.8 CDF TTL Answers 0.6 0.4 A queries 0.2 NS queries 0 5 10 50 120 300 1000 Answers TTL(s) Spike at Child TTL NS (300s): child centric 9 • Remember: TTL parents: 2 days

  25. Is centricity true for TLDs and SLDs? • Test with .nl TLD A records (ns*.dns.nl) • TTLs are 3600s (child) vs. 17800s (parent) Figure 3: Minimum interarrival time of A queries for TLD 1 0.8 0.6 CDF TTL 173800s TTL 3600s 0.4 0.2 0 1 2 5 10 20 50 Interarrival time (h) Spike at Child TTL A (3600s): confirm child centric for TLD We confirmed this with a second-level domain ( paper) 10

  26. Is centricity true for TLDs and SLDs? • Test with .nl TLD A records (ns*.dns.nl) • TTLs are 3600s (child) vs. 17800s (parent) Figure 3: Minimum interarrival time of A queries for TLD 1 0.8 0.6 CDF TTL 173800s TTL 3600s 0.4 0.2 0 1 2 5 10 20 50 Interarrival time (h) Spike at Child TTL A (3600s): confirm child centric for TLD We confirmed this with a second-level domain ( paper) 10

  27. Is centricity true for TLDs and SLDs? • Test with .nl TLD A records (ns*.dns.nl) • TTLs are 3600s (child) vs. 17800s (parent) Figure 3: Minimum interarrival time of A queries for TLD 1 0.8 0.6 CDF TTL 173800s TTL 3600s 0.4 0.2 0 1 2 5 10 20 50 Interarrival time (h) Spike at Child TTL A (3600s): confirm child centric for TLD We confirmed this with a second-level domain ( paper) 10

  28. Most resolvers wil use child TTLs • Rembrant (and users) mostly use child TTLs • Child TTL controls caching (most times) ROOT . NS cachetest.net: .nl .org ... .net * ns1.cachetest.net * TTL: 172800s NS cachetest.net: * ns1.cachetest.net Resolver cachetest.net * TTL: 3600s Which TTL will Rembrandt use? Parent ( 172800s) or child ( TTL: 3600s) 11

  29. Outline Introduction Parent vs Child Zone configurations and Effective TTL TTLs Use in the Wild Operators Notification Caching (Longer TTL) vs Anycast Shorter vs Longer TTLs Recommendation and Conclusions

  30. Zone configurations and Effective TTL

  31. Are there dependencies between A and NS TTLs? sub.cachetest.net In zone Out of zone NS : ns1.sub.cachetest.net 3600 NS : ns1.zurrundeddu.com 3600 A :10.10.10.10 7200 A :10.10.10.10 7200 To resolve *.sub.cachetest.net, you need both NS and A Are NS and A cached independently? 1. t=0 : all Atlas VPs query (fills cache with NS and A) 2. t=4800 : what happens ? NS is expired; A is still in cache: do resolvers use the “cached A” or refresh it again? trick: at t=540 , we renumber A to 10.10.10.2 (diff answer) Will Marcus Aurelius receive cached or new answer? 12

  32. Are there dependencies between A and NS TTLs? sub.cachetest.net In zone Out of zone NS : ns1.sub.cachetest.net 3600 NS : ns1.zurrundeddu.com 3600 A :10.10.10.10 7200 A :10.10.10.10 7200 To resolve *.sub.cachetest.net, you need both NS and A Are NS and A cached independently? 1. t=0 : all Atlas VPs query (fills cache with NS and A) 2. t=4800 : what happens ? NS is expired; A is still in cache: do resolvers use the “cached A” or refresh it again? trick: at t=540 , we renumber A to 10.10.10.2 (diff answer) Will Marcus Aurelius receive cached or new answer? 12

  33. Are there dependencies between A and NS TTLs? sub.cachetest.net In zone Out of zone NS : ns1.sub.cachetest.net 3600 NS : ns1.zurrundeddu.com 3600 A :10.10.10.10 7200 A :10.10.10.10 7200 To resolve *.sub.cachetest.net, you need both NS and A Are NS and A cached independently? 1. t=0 : all Atlas VPs query (fills cache with NS and A) 2. t=4800 : what happens ? NS is expired; A is still in cache: do resolvers use the “cached A” or refresh it again? trick: at t=540 , we renumber A to 10.10.10.2 (diff answer) Will Marcus Aurelius receive cached or new answer? 12

Recommend

1 Classifying cache misses Cache Organization Classifying misses by causes (3Cs) Cache size,

1 Classifying cache misses Cache Organization Classifying misses by causes (3Cs) Cache size,

Cache Performance Metrics Cache miss rate: number of cache misses divided by number of accesses Lecture 14: Hardware Approaches for Cache Optimizations Cache hit time: the time between sending address and data returning from cache Cache

608 views • 4 slides
1 Trace Cache Summary of Reducing Cache Hit Time Trace: a dynamic sequence of Small and simple

1 Trace Cache Summary of Reducing Cache Hit Time Trace: a dynamic sequence of Small and simple

Improving Cache Performance 1. Reducing miss rates 3. Reducing miss penalty or miss rates via parallelism Larger block size Lecture 18: Reducing Cache Hit Non-blocking caches larger cache size Time and Main Memory Design

285 views • 3 slides
Web Cache Consistency Web Cache Consistency Web Cache Consistency Web Cache Consistency

Web Cache Consistency Web Cache Consistency Web Cache Consistency Web Cache Consistency

Web Cache Consistency Web Cache Consistency Web Cache Consistency Web Cache Consistency Requirements of performance, availability, and disconnected operation require us to relax the goal of semantic transparency. - HTTP 1.1 specification

598 views • 13 slides
mutexes / barriers / monitors 1 last time cache coherency multiple cores, each with own cache

mutexes / barriers / monitors 1 last time cache coherency multiple cores, each with own cache

mutexes / barriers / monitors 1 last time cache coherency multiple cores, each with own cache at most one cache with modifjed value watch other processors accesses to monitor value use invalidation to prevent others from getting modifjed

757 views • 75 slides
A Time Predictable Instruction Cache for a Java Processor Martin Schoeberl Overview

A Time Predictable Instruction Cache for a Java Processor Martin Schoeberl Overview

A Time Predictable Instruction Cache for a Java Processor Martin Schoeberl Overview Motivation Cache Performance Java Properties Method Cache WCET Analysis Results Conclusion, Future Work JOP Method Cache 2

533 views • 25 slides
UNDERSTANDING PROCESSOR CACHE EFFECTS WITH VALGRIND & VTUNE Chester Rebeiro Embedded Lab

UNDERSTANDING PROCESSOR CACHE EFFECTS WITH VALGRIND & VTUNE Chester Rebeiro Embedded Lab

UNDERSTANDING PROCESSOR CACHE EFFECTS WITH VALGRIND & VTUNE Chester Rebeiro Embedded Lab Embedded Lab IIT Kharagpur Is Time Proportional to Iterations? p SIZE = 64MBytes; unsigned int A[SIZE]; Iterations A: I i A f or(i=0;

979 views • 30 slides
Caches Electronic Computers M Caches 1 Cache LOCALITY PRINCIPLE (SPATIAL AND TEMPORAL)

Caches Electronic Computers M Caches 1 Cache LOCALITY PRINCIPLE (SPATIAL AND TEMPORAL)

Caches Electronic Computers M Caches 1 Cache LOCALITY PRINCIPLE (SPATIAL AND TEMPORAL) WORKING SET CPU Cache Registers Cache I lev. Cache II lev. Cache III lev. Memory Disk Tape The cache is a memory with an access time some

572 views • 55 slides
Conditions for and effects of CARD cache implementations Gustaf R antil a and Mikael W

Conditions for and effects of CARD cache implementations Gustaf R antil a and Mikael W

Conditions for and effects of CARD cache implementations Gustaf R antil a and Mikael W anggren {e99_gra,e99_mwa}@e.kth.se 1 Agenda Problem formulation Hypothesis Our approach and methods Results (and their reliability)

634 views • 31 slides
Cache related pre-emption delay aware response time analysis for fixed priority pre-emptive

Cache related pre-emption delay aware response time analysis for fixed priority pre-emptive

Cache related pre-emption delay aware response time analysis for fixed priority pre-emptive systems Sebastian Altmeyer, Robert I. Davis, Claire Maiza RTSS 2011, Vienna 1 Cache Related Pre-emption Delay Useful Cache Blocks Evicting Cache Blocks

644 views • 36 slides
Memory Hierarchy: Cache Memory hierarchy Cache basics Locality Cache organization Cache-aware

Memory Hierarchy: Cache Memory hierarchy Cache basics Locality Cache organization Cache-aware

Memory Hierarchy: Cache Memory hierarchy Cache basics Locality Cache organization Cache-aware programming How does execution time grow with SIZE? int[] array = new int[SIZE]; fillArrayRandomly(array); int s = 0; for (int i = 0; i <

847 views • 48 slides
data level parallelism / exceptions 1 1 last time (1) PRIME+PROBE attacker fjll cache set(s)

data level parallelism / exceptions 1 1 last time (1) PRIME+PROBE attacker fjll cache set(s)

data level parallelism / exceptions 1 1 last time (1) PRIME+PROBE attacker fjll cache set(s) with attacker data let victim run, use cache set(s) cache coherency solution: invalidate or update all other caches on write glossed over details:

1.7k views • 123 slides
L09: Cache Name: ID: Question: Direct Mapping Cache Hit Rate Consider a 4-block empty Cache,

L09: Cache Name: ID: Question: Direct Mapping Cache Hit Rate Consider a 4-block empty Cache,

L09: Cache Name: ID: Question: Direct Mapping Cache Hit Rate Consider a 4-block empty Cache, and all blocks initially marked as not valid , Given the main memory word addresses 0 1 2 3 4 3 4 15, calculate Cache hit rate. Cache Index

654 views • 9 slides
Mitigating Software Instrumentation Cache Effects in Measurement-Based Timing Analysis 1 Enrique

Mitigating Software Instrumentation Cache Effects in Measurement-Based Timing Analysis 1 Enrique

Mitigating Software Instrumentation Cache Effects in Measurement-Based Timing Analysis 1 Enrique Daz 1,2 , Jaume Abella 2 , Enrico Mezzetti 2 , 4 Irune Agirre 3 , Mikel Azkarate-Askasua 3 , 2 Tullio Vardanega 4 , Francisco J. Cazorla 2,5 5 3

545 views • 25 slides
Last time: monads (etc.) = > > 1/ 40 This time: applicatives (etc.) 2/ 40 Example

Last time: monads (etc.) = > > 1/ 40 This time: applicatives (etc.) 2/ 40 Example

Last time: monads (etc.) = > > 1/ 40 This time: applicatives (etc.) 2/ 40 Example effects Effects unavailable in OCaml Effects available in OCaml non-determinism (higher-order) state amb f g h r := f; !r () first-class

717 views • 56 slides
Cache Performance and Set Associative Cache Lecture 12 CDA 3103 06-30-2014 5.1 Introduction

Cache Performance and Set Associative Cache Lecture 12 CDA 3103 06-30-2014 5.1 Introduction

Cache Performance and Set Associative Cache Lecture 12 CDA 3103 06-30-2014 5.1 Introduction Principle of Locality Programs access a small proportion of their address space at any time Temporal locality Items accessed recently

1.03k views • 59 slides
Improving Cache Performance AMAT: Average Memory Access Time AMAT = T hit + Miss Rate x Miss

Improving Cache Performance AMAT: Average Memory Access Time AMAT = T hit + Miss Rate x Miss

Improving Cache Performance AMAT: Average Memory Access Time AMAT = T hit + Miss Rate x Miss Penalty Small Hit Time: On the critical (common case) path Requires small, direct-mapped cache Small size and lack of associativity implies

286 views • 12 slides
What Is Memory Hierarchy A typical memory hierarchy today: Lecture 13: Cache Basics and Cache

What Is Memory Hierarchy A typical memory hierarchy today: Lecture 13: Cache Basics and Cache

What Is Memory Hierarchy A typical memory hierarchy today: Lecture 13: Cache Basics and Cache Performance Proc/Regs L1-Cache Bigger Faster L2-Cache Memory hierarchy concept, cache L3-Cache (optional) design fundamentals, set-associative

303 views • 4 slides
Effects of Memory Randomization, Sanitization and Page Cache on Memory Deduplication Kuniyasu

Effects of Memory Randomization, Sanitization and Page Cache on Memory Deduplication Kuniyasu

Effects of Memory Randomization, Sanitization and Page Cache on Memory Deduplication Kuniyasu Suzaki Kengo Iijima Kuniyasu Suzaki, Kengo Iijima, Toshiki Yagi, Cyrille Artho Research Institute for Secure Systems EuroSec 2012 at Bern, April

283 views • 25 slides
and/or manipulated outside the context of a live action shoot. Visual Effects help tell the

and/or manipulated outside the context of a live action shoot. Visual Effects help tell the

Visual effects (commonly shortened to VFX) are the various processes by which imagery is created and/or manipulated outside the context of a live action shoot. Visual Effects help tell the story. The lines between pre-production, production and

819 views • 23 slides
Blending Cyber Effects into Live, Virtual and Constructive Simulation Daniel J. Lacks, PhD 1 ,

Blending Cyber Effects into Live, Virtual and Constructive Simulation Daniel J. Lacks, PhD 1 ,

IT 2 EC 2020 Blending Cyber Effects into Live, Virtual and Constructive Simulation Cyber Training Blending Cyber Effects into Live, Virtual and Constructive Simulation Daniel J. Lacks, PhD 1 , Stephen Lopez-Couto 2 , Kevin Hofstra 3 1 Chief

322 views • 5 slides
Cache Performance Associativity Replacement Samira Khan Cache Performance March 28,

Cache Performance Associativity Replacement Samira Khan Cache Performance March 28,

3/28/17 Agenda Review from last lecture Cache access Cache Performance Associativity Replacement Samira Khan Cache Performance March 28, 2017 Direct-Mapped Cache: Placement and Access Cache Abstraction and Metrics 00 | 000

518 views • 16 slides
Plan Hierarchical memories and their impact on our programs 1 Cache Memories, Cache Complexity

Plan Hierarchical memories and their impact on our programs 1 Cache Memories, Cache Complexity

Plan Hierarchical memories and their impact on our programs 1 Cache Memories, Cache Complexity Cache Analysis in Practice 2 Marc Moreno Maza The Ideal-Cache Model 3 University of Western Ontario, London, Ontario (Canada) Cache Complexity

632 views • 25 slides
Improving Direct-Mapped Cache Performance by the Addition of a Small Fully-Associative Cache and

Improving Direct-Mapped Cache Performance by the Addition of a Small Fully-Associative Cache and

Improving Direct-Mapped Cache Performance by the Addition of a Small Fully-Associative Cache and Prefetch Buffers Norm Jouppi In Context At the time, CPU performance was really beginning to pull away from DRAM performance Increased

329 views • 22 slides
Generations of Cache 1980: no cache in proc; 1989 first Intel proc with a cache on chip.

Generations of Cache 1980: no cache in proc; 1989 first Intel proc with a cache on chip.

Generations of Cache 1980: no cache in proc; 1989 first Intel proc with a cache on chip. 1995 2-level cache on chip Instructions Per Cycle Lost to Memory 1st Alpha 340 ns/5.0 ns = 68 clks x 2 or 136 2nd Alpha 266 ns/3.3 ns

588 views • 46 slides

More recommend