Old but Gold: Prospecting TCP to Engineer and Live Monitor DNS Anycast

Giovane C.M. Moura*, John Heidemann, Wes Hardaker, Pithayuth Charnsethikul, Jeroen Bulten, João M. Ceron, Cristian Hesselman

*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

5 Citations (Scopus)

Abstract

DNS latency is a concern for many service operators: CDNs exist to reduce service latency to end-users but must rely on global DNS for reachability and load-balancing. Today, DNS latency is monitored by active probing from distributed platforms like RIPE Atlas, with Verfploeter, or with commercial services. While Atlas coverage is wide, its 10k sites see only a fraction of the Internet. In this paper we show that passive observation of TCP handshakes can measure live DNS latency, continuously, providing good coverage of current clients of the service. Estimating RTT from TCP is an old idea, but its application to DNS has not previously been studied carefully. We show that there is sufficient TCP DNS traffic today to provide good operational coverage (particularly of IPv6), and very good temporal coverage (better than existing approaches), enabling near-real time evaluation of DNS latency from real clients. We also show that DNS servers can optionally solicit TCP to broaden coverage. We quantify coverage and show that estimates of DNS latency from TCP is consistent with UDP latency. Our approach finds previously unknown, real problems: DNS polarization is a new problem where a hypergiant sends global traffic to one anycast site rather than taking advantage of the global anycast deployment. Correcting polarization in Google DNS cut its latency from 100 ms to 10 ms; and from Microsoft Azure cut latency from 90 ms to 20 ms. We also show other instances of routing problems that add 100–200 ms latency. Finally, real-time use of our approach for a European country-level domain has helped detect and correct a BGP routing misconfiguration that detoured European traffic to Australia. We have integrated our approach into several open source tools: ENTRADA, our open source data warehouse for DNS, a monitoring tool (Anteater), which has been operational for the last 2 years on a country-level top-level domain, and a DNS anonymization tool in use at a root server since March 2021.

Original languageEnglish
Title of host publicationPassive and Active Measurement - 23rd International Conference, PAM 2022, Proceedings
EditorsOliver Hohlfeld, Giovane Moura, Cristel Pelsser
PublisherSpringer
Pages264-292
Number of pages29
ISBN (Print)9783030987848
DOIs
Publication statusPublished - 2022
Event23rd Passive and Active Measurement Conference, PAM 2022 - Virtual Conference
Duration: 28 Mar 202230 Mar 2022
Conference number: 23
https://pam2022.nl/

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume13210 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Conference

Conference23rd Passive and Active Measurement Conference, PAM 2022
Abbreviated titlePAM 2022
CityVirtual Conference
Period28/03/2230/03/22
Internet address

Keywords

  • n/a OA procedure

Fingerprint

Dive into the research topics of 'Old but Gold: Prospecting TCP to Engineer and Live Monitor DNS Anycast'. Together they form a unique fingerprint.

Cite this