dns comparison of 2006 and 2007 snapshots
play

DNS: comparison of 2006 and 2007 snapshots Sebastian Castro - PowerPoint PPT Presentation

Jan 11, 2023 •128 likes •379 views

DNS: comparison of 2006 and 2007 snapshots Sebastian Castro secastro@caida.org CAIDA 9 th CAIDA/WIDE workshop January 2008 Motivation DITL collections provides highly valuable data for researchers Root servers operators have

  1. DNS: comparison of 2006 and 2007 snapshots Sebastian Castro secastro@caida.org CAIDA 9 th CAIDA/WIDE workshop – January 2008

  2. Motivation • DITL collections provides highly valuable data for researchers • Root servers operators have actively participated on each collection • The availability of traces from several root server instances provides the opportunity to know how is changing along the years. • We prepared some graphs and analysis of the evolution of the DNS traffic using DITL 2006 and 2007 root servers traces. 2

  3. Overview • General statistics – Query rate – Client rate • Stability parameters – Switching clients – Client persistence • Query characteristics – Distribution of queries by query type – Distribution of source ports – Query validity – EDNS support • Comparing with ORSN – Open Root Servers Network 3

  4. General statistics Collection DITL 2006 DITL 2007 Time duration 47.2 hours 24 hours Number of C: 4/4 instances C: 4/4 instances instances F: 34/37 instances F: 36/40 instances K: 17/17 instances K: 15/17 instances M: 6/6 instances DITL 2007 collection includes additional DNS related traces coming from AS112 instances and ORSN servers. Only the traces from AS112 were not included on the presented analysis. 4

  5. General statistics DITL 2006 DITL 2007 DITL 2007 (C, F, K) (C, F, K) (C, F, K, M) Number of queries 3.86 billion 2.8 billion 3.84 billion Number of unique clients ~2.8 million ~2.2 million ~2.8 million Recursive queries 4.02% 17.04% 13.56% TCP Bytes 1.40% 1.24% 1.65% Packets 2.26% 2.00% 2.67% Queries ~221K ~500K ~700K Queries from RFC1918 2.73% 2.83% 4.26% addresses 5

  6. Query rates Used 50 instances of C, K and F common in DITL 2006 and 2007. Ordered ascending by 2006 query rate. 24 instances saw an increase from 50% up to 2382% (f-cgk1). 13 saw a reduction up to 70% 6

  7. Client rate 36 instances saw an increase. On 17 of them was at least of a 50% The top increase is f- cgk1 with a 1344.6% 14 saw a reduction up to 51.3% 7

  8. Switching clients A switching client is any source address seen in more than one instance of the same root. On C and F decreased to a half. K to a fourth. 8

  9. Client persistence Using all source addresses present in 2006 and 2007. Classified in three categories: • Stable: Seen in both years. • Only in 2006 • Only in 2007 9

  10. Distribution of queries by query type The highest fraction of queries are A queries. Decreased fraction of SOA queries Increase in MX queries for C- root and K-root but a decrease for the same type on F-root and a slight increase on fraction of AAAA queries on all roots available for the study. 10

  11. Source port distribution Source port 0 shouldn’t be used, but is allowed in case an answer is not expected. Source port 53 indicated the presence of old BIND 8 clients. 11

  12. Distribution of clients/queries Introduction to the graph Percent of total queries Percent of sent by the total clients clients on the on the query query interval rate interval (log scale) (log scale) Query rate interval 12

  13. Distribution of clients/queries DITL 2006 Leftmost column: ~2.0% of the queries are sent by ~90% of clients. Rightmost column: 145 clients(~0.003%) produced ~14% queries. 13

  14. Distribution of clients/queries DITL 2007 Leftmost column: ~1.5% of the queries are sent by ~85% of clients Rightmost column: 548 (~0.009%) of clients generated ~30% of the queries. 14

  15. Invalid queries analysis • To prepare the invalid queries analysis we required to split the traces per source address. – With more than 2 million sources, the effort would be enormous. – We sampled 10% of source addresses per root • Each query could fit in nine categories of invalid queries – The match was done sequentially – If none matched, was counted as valid query 15

  16. Invalid queries categories • Unused query class: • Any class not in IN, CHAOS, HESIOD, NONE or ANY • A-for-A: A-type query for a name is already a IPv4 Address • <IN, A, 192.16.3.0> • Invalid TLD: a query for a name with an invalid TLD • <IN, MX, localhost.lan> • Non-printable characters: • <IN, A, www.ra^B.us.> • Queries with ‘_’: • <IN, SRV, _ldap._tcp.dc._msdcs.SK0530-K32-1.> • RFC 1918 PTR: • <IN, PTR, 171.144.144.10.in-addr.arpa.> • Identical queries: • a query with the same class, type, name and id (during the whole period) • Repeated queries: • a query with the same class, type and name • Referral-not-cached: • a query seen with a referral previously given. 16

  17. Query validity Fraction of valid/invalid queries seen on C-root The higher the rate the lower the fraction of valid queries. Exception on the rightmost column. 17

  18. Traffic validity Fraction of valid/invalid queries seen on F-root The same pattern for valid queries seen on C-root. K and M follow similar patterns. Surprising proportion of queries for invalid TLD. 18

  19. EDNS support EDNS support by queries EDNS support by clients. Green represents clients with mixed EDNS support. 19

  20. Open Root Server Network (ORSN) Number of queries 4.1 million • Created in Feb 2002 as an alternative for the ICANN- managed root servers. Number of unique 1 650 clients • Europe centric (3 in Germany, 2 in Switzerland, Recursive queries 11.59% one each in Austria, TCP Slovenia, Denmark, Bytes 0.17% Portugal, Greece, Packet 0.22% Netherlands, USA) Queries 0.0118% • Supports IPv6 Queries from RFC1918 0.3% • B (Vienna) and M addresses (Frankfurt) contributed with traces on 2007. 20

  21. General Stats • Query rates – B-vienna: 3.3 queries per second, server side – M-frankfurt: 2.6 queries per second, server side • Comparable to the least busy root instances. • Client rate – B-vienna: 2.28 clients per second – M-frankfurt: 2.53 clients per second • Similar to the client rates in f-ccs1 (2.1) or k-moscow (2.34). Higher than the lowest value found in f-dac1 (1.92). 21

  22. ORSN • Distribution by query type The fraction of A queries is slightly lower than the official roots: around 55%. The A6 type queries have a more relevant presence: 18% in B and 9% in M. Compared with 6% on roots The fraction of AAAA queries is slightly higher: 8.5% against 7%. 22

  23. Distribution of clients/queries ORSN vs roots The proportion of fraction clients/queries is similar. ORSN has a difference of orders of magnitude in number of clients, queries and query rate. 23

  24. ORSN The used the all sources (not sampled as in root servers) ORSN receives a higher proportion of valid queries. 24

  25. Conclusions • The query rate and client rate increased in some instances between 1.5-3 times – But very few instances had increments on both. • The amount of invalid traffic hitting the roots in still high – Some sources could be mitigated by the approval and adoption of new RFC (local zones) • ORSN servers are subject to similar anomalies seen on the official roots – Moderated by the reduced client space served. 25

Recommend

62-302, Florida Administrative Code. Id. . at 2. 1 App. B at B-3 to B-4 (emphasis added). As

62-302, Florida Administrative Code. Id. . at 2. 1 App. B at B-3 to B-4 (emphasis added). As

State Response to Comparison of Methods for Tracking Marsh Phosphorus Concentrations in Loxahatchee National Wildlife Refuge Under the Consent Decree, December 20, 2006, TOC Meeting February 20, 2007 On December 19, 2006, the day before

215 views • 4 slides
garden 2006 2006 Fun Day 2006 Princes Trust Parade Quad Biking 2007 Graffiti Wall 2007 PPP

garden 2006 2006 Fun Day 2006 Princes Trust Parade Quad Biking 2007 Graffiti Wall 2007 PPP

South School Surf Awards garden 2006 2006 Fun Day 2006 Princes Trust Parade Quad Biking 2007 Graffiti Wall 2007 PPP Gardens 2007 Girls Group Computer Class 2008 Summer Club 2008 London 2008 Hobbies Group MV Awards 2009 Landmark 2009

579 views • 20 slides
2006-2007 Event Highlights F all 2006 P artner M eeting and Poster Competition 2006 P oster C

2006-2007 Event Highlights F all 2006 P artner M eeting and Poster Competition 2006 P oster C

2006-2007 Event Highlights F all 2006 P artner M eeting and Poster Competition 2006 P oster C ompetition 2006 Poster Competition Winners TVS Motor Company 2007 Internship Experience Incredible India! India Travel Highlights Delhi Agra

816 views • 33 slides
Beat Map Citywide Comparison of Part I Crimes Chandler Uniform Crime Report (UCR) Annual

Beat Map Citywide Comparison of Part I Crimes Chandler Uniform Crime Report (UCR) Annual

Beat Map Citywide Comparison of Part I Crimes Chandler Uniform Crime Report (UCR) Annual Comparison for the City of Chandler Part One Offenses 2001 2002 2003 2004 2005 2006 2007 2008 2009 2010 2011 Criminal Homicide 6

488 views • 21 slides
2006 Full Year Results Presentation 12 months to 31 December 2006 15 February 2007 1 2006

2006 Full Year Results Presentation 12 months to 31 December 2006 15 February 2007 1 2006

2006 Full Year Results Presentation 12 months to 31 December 2006 15 February 2007 1 2006 Highlights Strong improvement in H2 trading EBIT 8.6% 1. Driven by stronger performance in Australia, New Zealand and an excellent

699 views • 16 slides
2007 Half Year Results September 2007 Admiral Is STILL Different 2004 2005 2006 2007

2007 Half Year Results September 2007 Admiral Is STILL Different 2004 2005 2006 2007

2007 Half Year Results September 2007 Admiral Is STILL Different 2004 2005 2006 2007 Highly Profitable a a a a Fast Growing a a a a Low Risk Profits a a a a a a a a Strongly Cash Generative 2 Highlights

549 views • 39 slides
Neuerungen in Exchange 2007 Neuerungen in Exchange 2007 17.Mai 2006 17.Mai 2006 2E01 2E01

Neuerungen in Exchange 2007 Neuerungen in Exchange 2007 17.Mai 2006 17.Mai 2006 2E01 2E01

HP IT Symposium 2006 Neuerungen in Exchange 2007 Neuerungen in Exchange 2007 17.Mai 2006 17.Mai 2006 2E01 2E01 Marc Grote Marc Grote Consultant Consultant Disclaimer Alle Angaben basieren auf den ffentlich verfgbaren

939 views • 18 slides
2006 Results &amp; Outlook Palais Brongniart, 24 April 2007 1906-2006: 100 years as a listed

2006 Results &amp; Outlook Palais Brongniart, 24 April 2007 1906-2006: 100 years as a listed

2006 Results &amp; Outlook Palais Brongniart, 24 April 2007 1906-2006: 100 years as a listed company Contents Presentation of the company Highlights of 2006 and H1 2007 Results and financing Strategy and targets Touax and the stock market

497 views • 49 slides
Budget Presentation For Fiscal Years 2006/07 &amp; 2007/08 Presented by: Gary J. Lysik, CFO

Budget Presentation For Fiscal Years 2006/07 &amp; 2007/08 Presented by: Gary J. Lysik, CFO

Budget Presentation For Fiscal Years 2006/07 &amp; 2007/08 Presented by: Gary J. Lysik, CFO June 7, 2006 Budget Workshop FY 2006/07 2007/08 1 Outline of Items 1. Purpose of the City Budget 2. Major Budget Objectives 3. Fund Balance

682 views • 47 slides
Copy On Write (COW) allows for atomic transactions without a separate journal Snapshots

Copy On Write (COW) allows for atomic transactions without a separate journal Snapshots

So, why am I talking about Btrfs? I've been using linux and its different filesystems since 1993 I've have been using ext2/ext3/ext4 for 20 years. But I worked at Network Appliance in 1997, and I've grown hooked to snapshots. LVM

478 views • 45 slides
Type Systems Martin Odersky EPFL Master level course, 2006/2007 October 25, 2006 - version 1.1

Type Systems Martin Odersky EPFL Master level course, 2006/2007 October 25, 2006 - version 1.1

Type Systems Martin Odersky EPFL Master level course, 2006/2007 October 25, 2006 - version 1.1 Slides in part adapted from: University of Pennsylvania CIS 500: Software Foundations - Fall 2006 by Benjamin Pierce 1 Course Overview 2 The

527 views • 24 slides
In Praise of Snapshots Ravi Kanbur www.Kanbur.Dyson.cornell.edu UNU-WIDER, Helsinki, 5

In Praise of Snapshots Ravi Kanbur www.Kanbur.Dyson.cornell.edu UNU-WIDER, Helsinki, 5

In Praise of Snapshots Ravi Kanbur www.Kanbur.Dyson.cornell.edu UNU-WIDER, Helsinki, 5 September, 2019 Outline Introduction Positive Analysis: From Mobility to Distribution and Back Normative Assessment: Snapshots and Movies

354 views • 31 slides
Interim report Jan-Sep 2007 Income statement Jan-Sep 2007 (Mkr) Jan-Sep Jan-Sep 2007 2006

Interim report Jan-Sep 2007 Income statement Jan-Sep 2007 (Mkr) Jan-Sep Jan-Sep 2007 2006

1 Interim report Jan-Sep 2007 Income statement Jan-Sep 2007 (Mkr) Jan-Sep Jan-Sep 2007 2006 Comments versus last year Comments versus last year System Sales 351.6 295.7 Revenue Services 252.5 235.6 Total revenue +14% Other

669 views • 20 slides
ASL Comparison of AIRS Dust Retrievals with Introduction A-Train other A-Train Instruments

ASL Comparison of AIRS Dust Retrievals with Introduction A-Train other A-Train Instruments

ASL Comparison of AIRS Dust Retrievals with Introduction A-Train other A-Train Instruments Dust/Cirrus detection using AIRS February 2007 Dust Storm Sergio DeSouza-Machado, L. L. Strow, 02/24/2007 02/21-24/2007 B. Imbiriba, S. E.

511 views • 27 slides
Document Understanding Conference DUC 2006 Welcome! DUC 2006-2007 Program Committee John Conroy

Document Understanding Conference DUC 2006 Welcome! DUC 2006-2007 Program Committee John Conroy

Document Understanding Conference DUC 2006 Welcome! DUC 2006-2007 Program Committee John Conroy IDA/CCS Hoa Dang NIST Donna Harman NIST Ed Hovy ISI/USC Kathy McKeown Columbia University Drago Radev University of Michigan Karen

593 views • 47 slides
Snapshots from the History of Toric Geometry David A. Cox Geometry 19701988 Toric Geometry

Snapshots from the History of Toric Geometry David A. Cox Geometry 19701988 Toric Geometry

Snapshots from the History of Toric Snapshots from the History of Toric Geometry David A. Cox Geometry 19701988 Toric Geometry and its Applications Demazure KKMS Other Early Papers The Russian School Polytopes Other Developments

842 views • 82 slides
Results Meeting Results Meeting for for 3rd Quarter of FY 2006 3rd Quarter of FY 2006 (April

Results Meeting Results Meeting for for 3rd Quarter of FY 2006 3rd Quarter of FY 2006 (April

Results Meeting Results Meeting for for 3rd Quarter of FY 2006 3rd Quarter of FY 2006 (April 1, 2006 December 31, 2006) December 31, 2006) (April 1, 2006 February 9th, 2007 February 9th, 2007 Nippon Television Network Corporation

465 views • 19 slides
1 Q3 2007 Revenue 11.8 (m) 497.8 (9.9) 43.8 452.1 Q3 2006 Organic External Currency

1 Q3 2007 Revenue 11.8 (m) 497.8 (9.9) 43.8 452.1 Q3 2006 Organic External Currency

Frank Piedelivre Q3 2007 Revenue Chief Executive Officer Franois Tardan Chief Financial Officer 6 November 2007 Key Highlights Franois Tardan 2 1 Q3 2007 Revenue 11.8 (m) 497.8 (9.9) 43.8 452.1 Q3 2006 Organic External

293 views • 8 slides
THORESEN THAI AGENCIES PUBLIC COMPANY LIMITED An Integrated Shipping Group Third Quarter

THORESEN THAI AGENCIES PUBLIC COMPANY LIMITED An Integrated Shipping Group Third Quarter

August 2007 THORESEN THAI AGENCIES PUBLIC COMPANY LIMITED An Integrated Shipping Group Third Quarter Financial Highlights Q2/2007 and Q3/2007 Income Statement Comparison % Total Revenues % Q2/2007 Q3/2007 Change Q2/2007 Q3/2007

698 views • 15 slides
THORESEN THAI AGENCIES PUBLIC COMPANY LIMITED An Integrated Shipping Group Second Quarter

THORESEN THAI AGENCIES PUBLIC COMPANY LIMITED An Integrated Shipping Group Second Quarter

May 2007 THORESEN THAI AGENCIES PUBLIC COMPANY LIMITED An Integrated Shipping Group Second Quarter Financial Highlights Q1/2007 and Q2/2007 Income Statement Comparison % Total Revenues % Q1/2007 Q2/2007 Change Q1/2007 Q2/2007

684 views • 15 slides
C.b) RSA with Applications W. Schindler: Cryptography, B-IT, winter 2006 / 2007 2 C.31 RSA The

C.b) RSA with Applications W. Schindler: Cryptography, B-IT, winter 2006 / 2007 2 C.31 RSA The

1 C.b) RSA with Applications W. Schindler: Cryptography, B-IT, winter 2006 / 2007 2 C.31 RSA The RSA algorithm was introduced by Rivest, Shamir and Adleman in 1977. p,q large primes (to be kept secret) n := pq modulus (publicly

858 views • 69 slides
What's Really New on the Web? Identifying New Pages from a Series of Unstable Web Snapshots

What's Really New on the Web? Identifying New Pages from a Series of Unstable Web Snapshots

What's Really New on the Web? Identifying New Pages from a Series of Unstable Web Snapshots Masashi Toyoda and Masaru Kitsuregawa IIS, University of Tokyo Web as a projection of the world Web is now reflecting various events in the real

473 views • 28 slides
Field Measurement of PRISM-FFAG Magnet Y. Arimoto 13th, Apr. 2007@FFAG 2007 CNRS Contents

Field Measurement of PRISM-FFAG Magnet Y. Arimoto 13th, Apr. 2007@FFAG 2007 CNRS Contents

Field Measurement of PRISM-FFAG Magnet Y. Arimoto 13th, Apr. 2007@FFAG 2007 CNRS Contents PRISM-FFAG Magnet Field Measurement Apparatus Measurement Results Current correction Comparison of three magnets Comparison to TOSCA calculation

371 views • 22 slides
2006 Financial Statements Review President and CEO Mikael Mkinen January 30, 2007 1 Key

2006 Financial Statements Review President and CEO Mikael Mkinen January 30, 2007 1 Key

2006 Financial Statements Review President and CEO Mikael Mkinen January 30, 2007 1 Key financials for 2006 Orders received grew significantly and reached MEUR 2,910 (pro forma 2005: 2,385). Q4 order intake was MEUR 716 Net sales

343 views • 19 slides

More recommend