Impact of configuration errors on DNS robustness

During the past twenty years the Domain Name System (DNS) has sustained phenomenal growth while maintaining satisfactory performance. However, the original design focused mainly on system robustness against physical failures, and neglected the impact of operational errors such as misconfigurations. Our recent measurement effort revealed three specific types of misconfigurations in DNS today: lame delegation, diminished server redundancy, and cyclic zone dependency. Zones with configuration errors suffer from reduced availability and increased query delays up to an order of magnitude. Furthermore, while the original DNS design assumed that redundant DNS servers fail independently, our measurements show that operational choices made at individual zones can severely affect the availability of other zones. We found that, left unchecked, DNS configuration errors are widespread, with lame delegation affecting 15% of the DNS zones, diminished server redundancy being even more prevalent, and cyclic dependency appearing in 2% of the zones. We also noted that the degrees of misconfiguration vary from zone to zone, with most popular zones having the lowest percentage of errors. Our results indicate that DNS, as well as any other truly robust large-scale system, must include systematic checking mechanisms to cope with operational errors.

[1]  Paul V. Mockapetris,et al.  Domain names - implementation and specification , 1987, RFC.

[2]  Steven M. Bellovin,et al.  Using the Domain Name System for System Break-ins , 1995, USENIX Security Symposium.

[3]  Scott Rose,et al.  DNS Security Introduction and Requirements , 2005, RFC.

[4]  Randy Bush,et al.  Selection and Operation of Secondary DNS Servers , 1997, RFC.

[5]  Robert Tappan Morris,et al.  DNS performance and the effectiveness of caching , 2001, IMW '01.

[6]  Daniel Massey,et al.  Distributed DNS troubleshooting , 2004, NetT '04.

[7]  Zhe Wang,et al.  CoDNS: Improving DNS Performance and Reliability via Cooperative Lookups , 2004, OSDI.

[8]  Ellen W. Zegura,et al.  Diversity in DNS performance measures , 2002, IMW '02.

[9]  kc claffy,et al.  On the problem of optimization of DNS root servers' placement , 2003 .

[10]  Randy Bush,et al.  Clarifications to the DNS Specification , 1997, RFC.

[11]  David Barr,et al.  Common DNS Operational and Configuration Errors , 1996, RFC.

[12]  Peter B. Danzig,et al.  An analysis of wide-area name server traffic: a study of the Internet Domain Name System , 1992, SIGCOMM 1992.

[13]  Evi Nemeth,et al.  DNS measurements at a root server , 2001, GLOBECOM'01. IEEE Global Telecommunications Conference (Cat. No.01CH37270).

[14]  Lakshminarayanan Subramanian,et al.  An investigation of geographic mapping techniques for internet hosts , 2001, SIGCOMM 2001.

[15]  Paul V. Mockapetris,et al.  Domain names: Concepts and facilities , 1983, RFC.

[16]  Edith Cohen,et al.  Proactive caching of DNS records: addressing a performance bottleneck , 2001, Proceedings 2001 Symposium on Applications and the Internet.

[17]  Paul V. Mockapetris,et al.  Development of the domain name system , 1988, SIGCOMM '88.

[18]  Ratul Mahajan,et al.  Understanding BGP misconfiguration , 2002, SIGCOMM 2002.