Internet DRAFT - draft-wang-dnsop-cachesurvey
draft-wang-dnsop-cachesurvey
DNSOP Working Group Wei Wang
Internet Draft Zhiwei Yan
Intended status: Informational NANEL
Expires: August 2015 February 24, 2015
A Survey of the DNS cache service in China
draft-wang-dnsop-cachesurvey-00.txt
Abstract
DNS cache directly serves the DNS queries from stub resolvers as the
data source in the specified network area. For the present, however,
operators manage and run the cache service in a diversified manner.
This arouses the main motivation of this survey report. Instead of
regulating or specifying the operation of the DNS cache service, our
aim is to investigate the situation of the DNS cache service (at
least in mainland China) and propose the future operation
recommendations with solid practical foundation.
Requirements Language
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in [RFC2119].
Status of this Memo
This Internet-Draft is submitted to IETF in full conformance with
the provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as Internet-
Drafts.
Internet-Drafts are draft documents valid for a maximum of six
months and may be updated, replaced, or obsoleted by other documents
at any time. It is inappropriate to use Internet-Drafts as
reference material or to cite them other than as "work in progress".
The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt
The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html
This Internet-Draft will expire on August, 2015.
W. Wang et al. Expires August,2015 [Page 1]
Internet-Draft DNS cache service in China February 24, 2015
Copyright Notice
Copyright (c) 2010 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with
respect to this document. Code Components extracted from this
document must include Simplified BSD License text as described in
Section 4.e of the Trust Legal Provisions and are provided without
warranty as described in the Simplified BSD License.
Table of Contents
1. Survey respondents .......................................... 2
2. Survey results .............................................. 3
2.1. Overview ............................................... 3
2.2. Architecture improvement of recursive service .......... 3
2.3. Local cache service .................................... 4
2.3.1. Root zone file cache .............................. 4
2.3.2. TLD zone file cache ............................... 4
2.3.3. TOP-N domain names cache .......................... 4
3. Analysis .................................................... 5
Survey contributors ............................................ 6
APPENDIX: Recommendations ...................................... 7
Author's Address ............................................... 7
Acknowledgment ................................................. 8
1. Survey respondents
This survey covers three main Internet service providers (ISPs) in
China and the top three recursive service providers in China, as
following:
1) China Telecom Co.Ltd.
2) China United Network Communications Group Co.Ltd.
3) China Mobile Communications Co.,Ltd.
4) Qihoo 360 Technology Co. Ltd.
5) Alibaba Group Holding Ltd.
W. Wang et al. Expires August,2015 [Page 2]
Internet-Draft DNS cache service in China February 24, 2015
6) Tencent Holdings Ltd.
2. Survey results
So as to present the survey results clearly and concisely, we select
only the key results and have them listed with analytical logics.
2.1. Overview
In order to make this survey rational, six most representative
survey respondents are selected. Half of them are typical ISPs and
the others are typical public recursive service providers in China.
All the six survey respondents deploy recursive service quite widely
with stable service scale.
(In consider of the business secret protection, the geographical
coverage, amount of the clients and service scale of the survey
respondents are not given here because it is inappropriate to show
them together.)
2.2. Architecture improvement of recursive service
To meet the respective demands of business operation and IT
operation, recursive service operators simultaneously take the same
architecture model, transformingthe classical textbookish recursive
server into a composite architecture consisted of three independent
servers: online cache, recursive server and offline (or backup)
server. We denote this kind of recursive service architecture as
"Big recursive service" in view of its large scale and serious
influence, as shown in Figure 1.
+------------------------+
| |
| +-+-+-+-+ |
| |Backup | |
| |server | |
| +-+-+-+-+ |
| |
+-+-+-+-+-+ | +-+-+-+-+ +-+-+-+-+-+ | +-+-+-+-+-+-+-+
|Stub | | |Online | |Recursive| | |Authoritative|
|resolver |-----|cache | |server |----|server |
+-+-+-+-+-+ | +-+-+-+-+ +-+-+-+-+-+ | +-+-+-+-+-+-+-+
| |
| Big recursive service |
+------------------------+
Figure 1. Big recursive service model
Specifically, the online cache serves the stub resolvers directly,
and the backup server is mainly used in the emergency case as a
W. Wang et al. Expires August,2015 [Page 3]
Internet-Draft DNS cache service in China February 24, 2015
backup data source, while the recursive server fetches DNS data from
the authoritative servers.
2.3. Local cache service
All the six survey respondents deploy the local cache service. Due
to different business requirements, they all cache the TOP-N domain
names, while three of them cache the root and TLD zone files as well.
(We here use the term "local" to manifest the administration
boundary of the service, such as province region of an ISP, covering
area of DNS end users and etc.)
2.3.1. Root zone file cache
For the three ISPs, they all cache the root zone file.
The actual requirement to cache the root zone file is for the
emergency response and it is not used as online service. For each
ISP, the root zone file cache is deployed in one server instance in
a shared manner (in province level) to cover all the recursive
servers in its related autonomous area.
The data is updated once per day from open data source, but the
integrity and correctness of the downloaded data are not
verified (for example with DNSSEC).
2.3.2. TLD zone file cache
For the three ISPs, all of them cache some TLD zone files. The
actual requirement and deployment model of the TLD zone file cache
is the same as the case of root zone file cache.
The data is updated once per day from open data source but the
integrity and correctness of the downloaded data are not verified
(for example with DNSSEC).
2.3.3. TOP-N domain names cache
All the six survey respondents cache the resource records of TOP-N
domain names. The selected TOP-N domain names are different between
different survey respondents based on respective online service log
and scale. But the scales of cached domain names can varied from 1
million to 100 million regarding to the amount of end user and the
business policy of operators.
The cached data is directly used for responding the requests from the
stub resolvers in order to satisfy the stub resolvers most
efficiently. Besides, the cached data is maintained in an active
manner with some respondents, for example, some recursive
W. Wang et al. Expires August,2015 [Page 4]
Internet-Draft DNS cache service in China February 24, 2015
servers anticipate the expiration of the cached data and fetch it
without receiving the actual request from client.
3. Analysis
In the following, the positive and negative impacts of the "Big
recursive service" on the DNS ecosystem are analyzed:
1) Online cache
a) Positive points: The online cache of the six survey respondents
is in large amount, almost above million levels. In this way,
stub resolvers can be served efficiently and it reduces the
impacts of attacks towards the recursive server.
b) Negative points: It will break the balance of the classical DNS
model as the query amount of authoritative server is inversely
proportional to the cache scale. The amount of queries will
decrease with the enlargement of online cache. In an extreme
case, the authoritative server could recognize only one request
from China during valid TTL period if only one single online
cache covers all DNS requests in China.
2) Backup server
a) Positive points: The backup server is maintained in order to
recover the DNS resolution service in the emergency case.There
are two types of data in the backup server: a) zone files
(including the root and TLDs); b) snapshot of the online
service.
b) Negative points: Currently, backup server can be activated by
the operator without notifying the related authoritative server.
It means that the authoritative server will be completely
replaced by backup server in emergency area, and queries from
that area will drop steeply even till to zero.
3) Recursive server
a) Positive points: The load of the recursive server will be
decreased significantly. And it only focuses on the
communication with authoritative server. In this way, the
operation and failure risk will reduce.
b) Negative points: Due to the above mentioned cache functions,
recursive server has degenerated as the "weak" tool, which only
fetches and refreshes the authoritative data in the cache or
helps scheduling some sophisticated applications like CDN
service (e.g., to schedule the client to the suitable server
instance according to the geographical location of the client).
W. Wang et al. Expires August,2015 [Page 5]
Internet-Draft DNS cache service in China February 24, 2015
In this way, requests sent from recursive server to
authoritative server may not be actually triggered by stub
resolvers, or if they are wholly simulated, it will result in the
distortion of the query behavior at authoritative server, and
the judgment of administrator will be affected correspondingly.
Survey contributors
The following individuals served as experts and representatives of
the survey respondents during the completion of this survey report.
The contributions from their respective experience as a stakeholder,
a corporate manager or technical expert had bestowed essential
guidance to the analysis and conclusions presented herein.
Contributors may not agree with all the observations statedin the
document, but all agree that it presents an important reference for
succeeding works. In addition to those listed below, there were an
equal number of contributors with equal stature whose names are not
included for various reasons.
Ziqian Liu
China Telecom Co. Ltd.
Email: liuzq@chinatelecom.com.cn
Hailong Bai
China United Network Communications Group Co. Ltd.
Email: baihl@chinaunicom.cn
Juan Zhang
China Mobile Communications Co.,Ltd.
Email: zhangjuan@chinamobile.com
Shuang Li
Alibaba Group Holding Ltd.
Email: shuang.ls@alibaba-inc.com
Xiaohong Shi
Qihoo 360 Technology Co. Ltd.
Email: shixiaohong@360.cn
Yougen Zou
Tencent Holdings Ltd.
Email: living_stone@114dns.com
W. Wang et al. Expires August,2015 [Page 6]
Internet-Draft DNS cache service in China February 24, 2015
APPENDIX: Recommendations
As emphasized in the abstract, this survey is motivated from the
cooperation of cache service and then the following suggestions
areproposed based on the above conclusions, in order to optimize the
DNS cache service:
1) Considering the wide deployment of the "Big recursive service"
and its impacts mentioned above, a transparent, harmonious and win-
win cooperation between authoritative server and recursive server is
needed. Typically, authoritative server may provide the recursive
server with the latest authoritative data to improve the cache hit-
ratio and emergency response ability, and the recursive server may
provide the authoritative server the local query statistical data
along with a normal NS or zone query as a service optimization factor
for the authoritative service operator.
2) Operators individually manage the backup server mainly as an
emergency response of the recursive service in the autonomous area.
It is suggested that local community should construct and maintain a
trusted and shared backup server cooperately, and in this way, the
emergency recovery function of the backup servercan cover more
recursive services. This trusted and shared backup server is the
representative of local community and it is more eligible to build up
a more efficient and fluent scheme to manage and collect the backup
data.
(We herein only list the main suggestions to coordinate the recursive
service. Detailed solution and service architecture will be proposed
in the future. Of course, some operators may favor these ideas, but
they don't need to be standardized)
Author's Address
Wei Wang
NANEL (Naming&Addressing National Engeering Lab)
No.4 South 4th Street, Zhongguancun
Beijing, P. R. China
Email: wangwei@cnnic.cn
Zhiwei Yan
NANEL (Naming&Addressing National Engeering Lab)
No.4 South 4th Street, Zhongguancun
Beijing, P. R. China
Email: yanzhiwei@cnnic.cn
W. Wang et al. Expires August,2015 [Page 7]
Internet-Draft DNS cache service in China February 24, 2015
Acknowledgment
Funding for the RFC Editor function is currently provided by the
Internet Society.
W. Wang et al. Expires August,2015 [Page 8]