1 / 21

Monitoring .uk DNS

Monitoring .uk DNS. Ian Meikle UKNOF4, Manchester. 19 May 2006. Monitoring .uk DNs. Agenda. 1. Nameserver Infrastructure. 2. DNS Service Metrics. 3. DNS Statistics. Questions. Monitoring .uk DNS. Nameserver Infrastructure. Nominet runs 12 authoritative nameservers for .uk/SLD.uk .

shoshana
Download Presentation

Monitoring .uk DNS

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Monitoring .uk DNS Ian Meikle UKNOF4, Manchester 19 May 2006

  2. Monitoring .uk DNs Agenda 1. Nameserver Infrastructure 2. DNS Service Metrics 3. DNS Statistics Questions.

  3. Monitoring .uk DNS Nameserver Infrastructure Nominet runs 12 authoritative nameservers for .uk/SLD.uk • 7 Nominet-managed: ns[1-7].nic.uk • 4 UltraDNS-managed: ns[a-d].nic.uk • 20 Anycast Instances • 1 Hidden primary: ns0.nic.uk 3 nameservers reachable over IPv6

  4. Monitoring .uk DNS Nameserver Infrastructure

  5. Monitoring .uk DNS Nameserver Infrastructure Dynamic DNS characteristics • Potentially, 500 changes per minute • Serial number is UNIX time of update, e.g. 1146832341 • Propagation varies between nameservers • BIND, <300s lag • UltraDNS 3000 ~ 5000s lag • Frequency of updates varies between SLDs, e.g. • co.uk • 58 changes per hour • plc.uk • less than one change per day

  6. Monitoring .uk DNS Nameserver Infrastructure Physical configuration

  7. Monitoring .uk DNS DNS service Metrics How DNS service is monitored. What it is measured. How nameserver availability is determined.

  8. Monitoring .uk DNS DNS service Metrics PINC - Nominet’s nagios-based monitoring system • Regular polling to ascertain that: • Nameserver is reachable (ping) • DNS service is available (udp/tcp) • Zone file age is within acceptable range

  9. Monitoring .uk DNS DNS service Metrics Zone file age monitored every five minutes by nagios plug-in: check_ddns_age!-p ns0.nic.uk ! -z co.uk ! -w 1500 ! -c 1800 • Slow changing zones, e.g. sch.uk, have a ‘grace period’ of 30 seconds. • Required as previous serial number may lag by many hours • UltraDNS have much longer thresholds: • Warn at 8000s • Critical at 15000s

  10. Monitoring .uk DNS DNS service Metrics

  11. Monitoring .uk DNS DNS service Metrics

  12. Monitoring .uk DNS DNS service Metrics Nameserver availability KPIs • Each month, an individual nameserver must have no more than: • 60 minutes unplanned downtime • 120 minutes total downtime Nameserver constellation must have zero minutes downtime per month Creative statistical recording means that an availability index of < 100% is bad

  13. Monitoring .uk DNS DNS service Metrics Nameserver availability KPIs • Recording of downtime is presently a manual process • Planned maintenance is logged in advance • Outages recorded as they happened • Once a month, nameserver availability verified using DNSMON

  14. Monitoring .uk DNS DNS service Metrics (http://dnsmon.ripe.net) DNSMON • RIPE NCC subscription service • Uses TTM boxes to monitor nameserver response • Provides visual indicator of nameserver health • Access to raw data is possible

  15. Monitoring .uk DNS DNS service Metrics

  16. Monitoring .uk DNS DNS Statistics New system for gathering statistics. What queries arrive at the .uk nameservers? Uses of this statistical data.

  17. Monitoring .uk DNS DNS Statistics DSC DSC - A DNS Statistics Collector (http://dns.measurement-factory.com/tools/dsc/) • Two components to DSC: • Collector, using libpcap to capture DNS traffic, storing it as XML • Presenter, extracts data from XML and displays graphically. Collectors located at each Nominet-managed nameserver site. Presenters at Nominet, and at OARC.

  18. Monitoring .uk DNS DNS Statistics Modified Configuration

  19. Monitoring .uk DNS DNS Statistics OARC: DSC OARC - Operations, Analysis, and Research Center. (https://oarc.isc.org/faq.html) Public service run by ISC: “The OARC provides a neutral forum for bilateral sharing of sensitive information during DNS attacks by organizations that are dependent on the proper operation of the DNS. The OARC also provides a continued stream of analysis on the operation of the global DNS.” • OARC’s DSC presenter gives statistics for: • C, E, and F-Root • RFC1918 • ISC • Nominet

  20. Monitoring .uk DNS DNS Statistics DSC uses Abuse detection, particularly data mining. Detecting anomalous traffic. DDoS agent identification, to help mitigate against attack.

  21. Monitoring .uk DNS Questions?

More Related