Monitoring DNS with Open-Source Solutions

Thursday, March 29, 2018 - 10:00 am10:20 am

Felipe Espinoza and Javier Bustos, NIC Labs

Abstract: 

NIC Chile is the DNS administrator of the ccTLD .cl, managing over 500.000 domain names in an infrastructure composed by more than 30 servers distributed around the globe (some of them belonging to one of the three Anycast clouds used in the name service) answering a ratio of around 3,000 queries/sec per server. In this scenario, we took the challenge of build a real-time monitor system four our DNS service, by only using open-source software.

We reviewed and benchmarked different alternatives: Packetbeat, Collectd, DSC, Fievel, and GoPassiveDNS for data collection; Prometheus, Druid, ClickHouse, InfluxDB, ElasticSearch, and OpenTSDB as DB engines; and Kibana, Grafana, and Graphite Web for visualization. The info we wanted to know were, Five top-queried domains, mean length of DNS queries, and the number of queries per subnetwork, per operation code (OPCODE), per class (QCLASS), per type (QTYPE), per answer type, per transport protocol (UDP, TCP), and with active EDNS.

With that scenario, we measured:

  • CPU used by DB.
  • RAM
  • Secondary memory
  • Time required for data aggregation

We present two compatibility matrices summarizing our findings and a ready-to-use open-source integrated monitoring system.

Felipe Espinoza, NIC Labs

Felipe Espinoza is a Software Engineer at NIC Labs, who does research on maintenance and improvements of the DNS service availability. Before joining NIC Labs, he had an internship at Google and worked at different other analytics companies which helped him realize the difficulties and challenges that distributed systems have to face. He is mainly interested in large scale systems design and looking for weak spots on different applications.

Javier Bustos, NIC Labs

Javier Bustos-Jiménez is the director of NIC Labs at the University of Chile. He has been working on several projects such as DNS real-time monitoring and Mobile Internet QoS platforms. He is mainly interested in complex networks, internet protocols, network privacy/security, and data science.

SREcon18 Americas Open Access Videos Sponsored by
Indeed

Open Access Media

USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.

BibTeX
@conference {213100,
author = {Felipe Espinoza and Javier Bustos},
title = {Monitoring {DNS} with Open-Source Solutions},
year = {2018},
address = {Santa Clara, CA},
publisher = {{USENIX} Association},
}