[dns-operations] Best Resources for Deep Dive Understanding of DNS

Alexander Neilson alexander at neilson.net.nz
Mon Jan 5 23:17:16 UTC 2015 


> On 6/01/2015, at 11:59 am, Franck Martin <fmartin at linkedin.com> wrote:
> 
> 
> On Jan 4, 2015, at 2:44 AM, Alexander Neilson <alexander at neilson.net.nz <mailto:alexander at neilson.net.nz>> wrote:
> 
>> 
>>> 
>>>> * IPv6 access to resolving and authoritative servers
>>> Even Better :-)
>> 
>> Next step is a full IPv6 rollout to customers
> 
> Excellent… On a side note you may want to read: https://www.m3aawg.org/sites/maawg/files/news/M3AAWG_Inbound_IPv6_Policy_Issues-2014-09.pdf <https://www.m3aawg.org/sites/maawg/files/news/M3AAWG_Inbound_IPv6_Policy_Issues-2014-09.pdf>
> 
> Which deals with email but also rDNS.

Thanks, Will take a look

> 
>> 
>>> 
>>>> * Resolved Fragmentation issues to allow full 4096 EDNS resolution
>>> The best ;-). It seems like you already learned a lot and have taken the right decisions.
>> 
>> I am doing my best to try improve all aspects of our network. However the learning is what I really value out of it all as every change I make helps me to understand how it all works in the plumbing.
> 
> You may find some useful documentation here if you worry about your network and not DNS only: https://www.m3aawg.org/published-documents <https://www.m3aawg.org/published-documents>
> 

Thank you, more resources on networks all over (DNS or otherwise) are always welcome. Trying to learn more to be a better network operator.

>> 
>>> 
>>> [..]
>>>> To give an idea of the current top questions I have (however not limiting myself to learning about these):
>>>> 
>>>> * prioritisation of root servers (my analysis of my server queries shows a high proportion of queries to a.root-servers.net <http://a.root-servers.net/> however I have identified that this is one of the lowest response performance root server from where I am located), I would like to prefer the 6 root servers with the best response time (I have found 6 with RTT of less than 5ms and the rest show RTT ~180-200)
>>> Normally your resolver software should do this. The only reason I have why it doesn't is that there is a difference between the round trip that ping gives you and the actual round trip of the dns message, which the resolver will use for it's decision which server to query. Some servers take some time to answer a query, although it shouldn't be in the hundreds of milliseconds range.
>> 
>> I did some actual resolution checks from the system and saw the following response times for a DNS queries for the com TLD NS
>> 
>> a: Query time: 199 msec
>> b: Query time: 137 msec
>> c: Query time: 144 msec
>> d: Query time: 9 msec
>> e: Query time: 8 msec
>> f: Query time: 129 msec
>> g: Query time: 172 msec
>> h: Query time: 201 msec
>> i: Query time: 79 msec
>> j: Query time: 134 msec
>> k: Query time: 206 msec
>> l: Query time: 8 msec
>> m: Query time: 243 msec
>> 
>> Now it may be something inside the network that specifically asks for a resolution of or against a.root-servers.net <http://a.root-servers.net/> but I am seeing 11% of queries for a. and nothing in the top lists for any other root server.
> 
> I would have expected from NZ, the I and F root server would be the fastest… 
> 
> http://www.apnic.net/community/support/root-servers/root-server-map <http://www.apnic.net/community/support/root-servers/root-server-map>
> https://www.google.com/maps/d/u/0/viewer?ll=11.424429,26.178063&ie=UTF8&om=1&msa=0&spn=142.883537,288.632813&z=2&hl=en&mid=zlG9ajNou0XE.kueIslroMXZQ <https://www.google.com/maps/d/u/0/viewer?ll=11.424429,26.178063&ie=UTF8&om=1&msa=0&spn=142.883537,288.632813&z=2&hl=en&mid=zlG9ajNou0XE.kueIslroMXZQ>
> 
> You may want to get an atlas probe, so you can participate in global DNS measurements: https://atlas.ripe.net/ <https://atlas.ripe.net/>
> 
> See results there: https://atlas.ripe.net/results/maps/ <https://atlas.ripe.net/results/maps/>
> and how it matches your view of the Internet.

i root server is live in Wellingon (so our wellington customers get better times to it than this) however we haven’t fully integrated our Wellington WIX peering with our Auckland and north network (some legacy AS borders between our Southern half and Northern half.

the ISC f root server had a node peering at APE however this had some issues with their BGP announcement (so some manual routing had to be done to use it. And now their Peering IP Address doesn’t respond to packets nor do they seem to have any live sessions. I have emailed ISC about this over the shutdown and they are yet to respond (may be just back in the office)



Regards
Alexander

Alexander Neilson
Neilson Productions Limited

alexander at neilson.net.nz
+64 21 329 681
+64 22 456 2326

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20150106/614e4662/attachment.html>

More information about the dns-operations mailing list