Old but Gold: Prospecting TCP to Engineer and Live Monitor DNS Anycast. Moura, G. C. M., Heidemann, J., Hardaker, W., Charnsethikul, P., Bulten, J., Ceron, J. M., & Hesselman, C. In Proceedings of the Passive and Active Measurement Workshop, pages to appear, virtual, March, 2022. Springer. best paper awardPaper doi abstract bibtex DNS latency is a concern for many service operators: CDNs exist to reduce service latency to end-users but must rely on global DNS for reachability and load-balancing. Today, DNS latency is monitored by active probing from distributed platforms like RIPE Atlas, with Verfploeter, or with commercial services. While Atlas coverage is wide, its 10k sites see only a fraction of the Internet. In this paper we show that passive observation of TCP handshakes can measure \emphlive DNS latency, continuously, providing good coverage of current clients of the service. Estimating RTT from TCP is an old idea, but its application to DNS has not previously been studied carefully. We show that there is sufficient TCP DNS traffic today to provide good operational coverage (particularly of IPv6), and very good temporal coverage (better than existing approaches), enabling near-real time evaluation of DNS latency from \emphreal clients. We also show that DNS servers can optionally solicit TCP to broaden coverage. We quantify coverage and show that estimates of DNS latency from TCP is consistent with UDP latency. Our approach finds previously unknown, real problems: \emphDNS polarization is a new problem where a hypergiant sends global traffic to one anycast site rather than taking advantage of the global anycast deployment. Correcting polarization in Google DNS cut its latency from 100ms to 10ms; and from Microsoft Azure cut latency from 90ms to 20ms. We also show other instances of routing problems that add 100–200ms latency. Finally, \emphreal-time use of our approach for a European country-level domain has helped detect and correct a BGP routing misconfiguration that detoured European traffic to Australia. We have integrated our approach into several open source tools: Entrada, our open source data warehouse for DNS, a monitoring tool (ANTS), which has been operational for the last 2 years on a country-level top-level domain, and a DNS anonymization tool in use at a root server since March 2021.
@InProceedings{Moura22a,
author = "Giovane C. M. Moura and John Heidemann and
Wes Hardaker and Pithayuth Charnsethikul and Jeroen
Bulten and Jo{\~a}o M. Ceron and Cristian Hesselman",
title = "Old but Gold: Prospecting {TCP} to Engineer and Live Monitor {DNS} Anycast",
booktitle = "Proceedings of the " # " Passive and Active Measurement Workshop",
project = "ant, paaddos, ddidd",
jsubject = "network_security",
year = 2022,
sortdate = "2022-03-28",
pages = "to appear",
month = mar,
note = "best paper award",
address = "virtual",
publisher = "Springer",
jlocation = "johnh: pafile",
keywords = "anycast, dns, tcp, latency, root, .nl-tld, monitoring",
doi = "10.1007/978-3-030-98785-5_12",
url = "https://ant.isi.edu/%7ejohnh/PAPERS/Moura22a.html",
pdfurl = "https://ant.isi.edu/%7ejohnh/PAPERS/Moura22a.pdf",
blogurl = "https://ant.isi.edu/blog/?p=1854",
abstract = "DNS latency is a concern for many service operators: CDNs exist to
reduce service latency to end-users but must rely on global DNS for
reachability and load-balancing. Today, DNS latency is monitored by
active probing from distributed platforms like RIPE Atlas, with
Verfploeter, or with commercial services. While Atlas coverage is
wide, its 10k sites see only a fraction of the Internet. In this
paper we show that passive observation of TCP handshakes can measure
\emph{live DNS latency, continuously, providing good coverage of
current clients of the service}. Estimating RTT from TCP is an old
idea, but its application to DNS has not previously been studied
carefully. We show that there is sufficient TCP DNS traffic today to
provide good operational coverage (particularly of IPv6), and very
good temporal coverage (better than existing approaches), enabling
near-real time evaluation of DNS latency from \emph{real clients}. We
also show that DNS servers can optionally solicit TCP to broaden
coverage. We quantify coverage and show that estimates of DNS latency
from TCP is consistent with UDP latency. Our approach finds
previously unknown, real problems: \emph{DNS polarization} is a new
problem where a hypergiant sends global traffic to one anycast site
rather than taking advantage of the global anycast deployment.
Correcting polarization in Google DNS cut its latency from 100ms to
10ms; and from Microsoft Azure cut latency from 90ms to 20ms.
We also show other instances of routing problems that add 100--200ms
latency. Finally, \emph{real-time} use of our approach for a European
country-level domain has helped detect and correct a BGP routing
misconfiguration that detoured European traffic to Australia. We have
integrated our approach into several open source tools: Entrada, our
open source data warehouse for DNS, a monitoring tool (ANTS), which
has been operational for the last 2 years on a country-level top-level
domain, and a DNS anonymization tool in use at a root server since
March 2021.",
}
Downloads: 0
{"_id":"4xksP6YPj5G8QTPqF","bibbaseid":"moura-heidemann-hardaker-charnsethikul-bulten-ceron-hesselman-oldbutgoldprospectingtcptoengineerandlivemonitordnsanycast-2022","author_short":["Moura, G. C. M.","Heidemann, J.","Hardaker, W.","Charnsethikul, P.","Bulten, J.","Ceron, J. M.","Hesselman, C."],"bibdata":{"bibtype":"inproceedings","type":"inproceedings","author":[{"firstnames":["Giovane","C.","M."],"propositions":[],"lastnames":["Moura"],"suffixes":[]},{"firstnames":["John"],"propositions":[],"lastnames":["Heidemann"],"suffixes":[]},{"firstnames":["Wes"],"propositions":[],"lastnames":["Hardaker"],"suffixes":[]},{"firstnames":["Pithayuth"],"propositions":[],"lastnames":["Charnsethikul"],"suffixes":[]},{"firstnames":["Jeroen"],"propositions":[],"lastnames":["Bulten"],"suffixes":[]},{"firstnames":["João","M."],"propositions":[],"lastnames":["Ceron"],"suffixes":[]},{"firstnames":["Cristian"],"propositions":[],"lastnames":["Hesselman"],"suffixes":[]}],"title":"Old but Gold: Prospecting TCP to Engineer and Live Monitor DNS Anycast","booktitle":"Proceedings of the Passive and Active Measurement Workshop","project":"ant, paaddos, ddidd","jsubject":"network_security","year":"2022","sortdate":"2022-03-28","pages":"to appear","month":"March","note":"best paper award","address":"virtual","publisher":"Springer","jlocation":"johnh: pafile","keywords":"anycast, dns, tcp, latency, root, .nl-tld, monitoring","doi":"10.1007/978-3-030-98785-5_12","url":"https://ant.isi.edu/%7ejohnh/PAPERS/Moura22a.html","pdfurl":"https://ant.isi.edu/%7ejohnh/PAPERS/Moura22a.pdf","blogurl":"https://ant.isi.edu/blog/?p=1854","abstract":"DNS latency is a concern for many service operators: CDNs exist to reduce service latency to end-users but must rely on global DNS for reachability and load-balancing. Today, DNS latency is monitored by active probing from distributed platforms like RIPE Atlas, with Verfploeter, or with commercial services. While Atlas coverage is wide, its 10k sites see only a fraction of the Internet. In this paper we show that passive observation of TCP handshakes can measure \\emphlive DNS latency, continuously, providing good coverage of current clients of the service. Estimating RTT from TCP is an old idea, but its application to DNS has not previously been studied carefully. We show that there is sufficient TCP DNS traffic today to provide good operational coverage (particularly of IPv6), and very good temporal coverage (better than existing approaches), enabling near-real time evaluation of DNS latency from \\emphreal clients. We also show that DNS servers can optionally solicit TCP to broaden coverage. We quantify coverage and show that estimates of DNS latency from TCP is consistent with UDP latency. Our approach finds previously unknown, real problems: \\emphDNS polarization is a new problem where a hypergiant sends global traffic to one anycast site rather than taking advantage of the global anycast deployment. Correcting polarization in Google DNS cut its latency from 100ms to 10ms; and from Microsoft Azure cut latency from 90ms to 20ms. We also show other instances of routing problems that add 100–200ms latency. Finally, \\emphreal-time use of our approach for a European country-level domain has helped detect and correct a BGP routing misconfiguration that detoured European traffic to Australia. We have integrated our approach into several open source tools: Entrada, our open source data warehouse for DNS, a monitoring tool (ANTS), which has been operational for the last 2 years on a country-level top-level domain, and a DNS anonymization tool in use at a root server since March 2021.","bibtex":"@InProceedings{Moura22a,\n author = \"Giovane C. M. Moura and John Heidemann and\n Wes Hardaker and Pithayuth Charnsethikul and Jeroen\n Bulten and Jo{\\~a}o M. Ceron and Cristian Hesselman\",\n title = \"Old but Gold: Prospecting {TCP} to Engineer and Live Monitor {DNS} Anycast\",\n booktitle = \"Proceedings of the \" # \" Passive and Active Measurement Workshop\",\n\tproject = \"ant, paaddos, ddidd\",\n\tjsubject = \"network_security\",\n year = 2022,\n\tsortdate = \t\"2022-03-28\",\n pages = \"to appear\",\n month = mar,\n\tnote = \"best paper award\",\n address = \"virtual\",\n publisher = \"Springer\",\n jlocation = \"johnh: pafile\",\n\tkeywords = \t\"anycast, dns, tcp, latency, root, .nl-tld, monitoring\",\n doi = \"10.1007/978-3-030-98785-5_12\",\n\turl =\t\t\"https://ant.isi.edu/%7ejohnh/PAPERS/Moura22a.html\",\n\tpdfurl =\t\"https://ant.isi.edu/%7ejohnh/PAPERS/Moura22a.pdf\",\n\tblogurl = \"https://ant.isi.edu/blog/?p=1854\",\n\tabstract = \"DNS latency is a concern for many service operators: CDNs exist to\nreduce service latency to end-users but must rely on global DNS for\nreachability and load-balancing. Today, DNS latency is monitored by\nactive probing from distributed platforms like RIPE Atlas, with\nVerfploeter, or with commercial services. While Atlas coverage is\nwide, its 10k sites see only a fraction of the Internet. In this\npaper we show that passive observation of TCP handshakes can measure\n\\emph{live DNS latency, continuously, providing good coverage of\ncurrent clients of the service}. Estimating RTT from TCP is an old\nidea, but its application to DNS has not previously been studied\ncarefully. We show that there is sufficient TCP DNS traffic today to\nprovide good operational coverage (particularly of IPv6), and very\ngood temporal coverage (better than existing approaches), enabling\nnear-real time evaluation of DNS latency from \\emph{real clients}. We\nalso show that DNS servers can optionally solicit TCP to broaden\ncoverage. We quantify coverage and show that estimates of DNS latency\nfrom TCP is consistent with UDP latency. Our approach finds\npreviously unknown, real problems: \\emph{DNS polarization} is a new\nproblem where a hypergiant sends global traffic to one anycast site\nrather than taking advantage of the global anycast deployment.\nCorrecting polarization in Google DNS cut its latency from 100ms to\n10ms; and from Microsoft Azure cut latency from 90ms to 20ms.\nWe also show other instances of routing problems that add 100--200ms\nlatency. Finally, \\emph{real-time} use of our approach for a European\ncountry-level domain has helped detect and correct a BGP routing\nmisconfiguration that detoured European traffic to Australia. We have\nintegrated our approach into several open source tools: Entrada, our\nopen source data warehouse for DNS, a monitoring tool (ANTS), which\nhas been operational for the last 2 years on a country-level top-level\ndomain, and a DNS anonymization tool in use at a root server since\nMarch 2021.\",\n}\n\n","author_short":["Moura, G. C. M.","Heidemann, J.","Hardaker, W.","Charnsethikul, P.","Bulten, J.","Ceron, J. M.","Hesselman, C."],"bibbaseid":"moura-heidemann-hardaker-charnsethikul-bulten-ceron-hesselman-oldbutgoldprospectingtcptoengineerandlivemonitordnsanycast-2022","role":"author","urls":{"Paper":"https://ant.isi.edu/%7ejohnh/PAPERS/Moura22a.html"},"keyword":["anycast","dns","tcp","latency","root",".nl-tld","monitoring"],"metadata":{"authorlinks":{}}},"bibtype":"inproceedings","biburl":"https://bibbase.org/f/dHevizJoWEhWowz8q/johnh-2023-2.bib","dataSources":["YLyu3mj3xsBeoqiHK","fLZcDgNSoSuatv6aX","tvsqNFk5TtbQJY2wo","fxEParwu2ZfurScPY","b6BAndrcxvv6AyYZN","7nuQvtHTqKrLmgu99"],"keywords":["anycast","dns","tcp","latency","root",".nl-tld","monitoring"],"search_terms":["old","gold","prospecting","tcp","engineer","live","monitor","dns","anycast","moura","heidemann","hardaker","charnsethikul","bulten","ceron","hesselman"],"title":"Old but Gold: Prospecting TCP to Engineer and Live Monitor DNS Anycast","year":2022}