Observing the DNS configuration

During their first networking course, each CS student at UCLouvain writes a four-pages report that analyses the organisation of a popular web site and the optimisations or sometimes the errors that the maintainers of this website have made when configuring their DNS, HTTP, TLS or protocols TCP. This project lasts one month and the students receive every week guidelines and suggestions on how to carry their analysis. Here are a few examples which can be used to bootstrap the DNS analysis of such a website.

In this blog post, I’ll illustrate the DNS analysis by looking at two websites:

The first step when analysing the DNS configuration of a domain is to use standard command-line tools like dig, host or nslookup. dig is convenient and available on various platforms. Some websites provide a web interface to launch DNS queries, see e.g. https://toolbox.googleapps.com/apps/dig/#A/

dig -t A www.uclouvain.be

; <<>> DiG 9.10.3-P4-Ubuntu <<>> -t A www.uclouvain.be
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52330
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 3, ADDITIONAL: 7

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.uclouvain.be.		IN	A

;; ANSWER SECTION:
www.uclouvain.be.	3600	IN	CNAME	uclouvain.be.
uclouvain.be.		3600	IN	A	130.104.6.136

;; AUTHORITY SECTION:
uclouvain.be.		604800	IN	NS	ns2.sri.ucl.ac.be.
uclouvain.be.		604800	IN	NS	ns3.sri.ucl.ac.be.
uclouvain.be.		604800	IN	NS	ns1.sri.ucl.ac.be.

;; ADDITIONAL SECTION:
ns1.sri.ucl.ac.be.	604800	IN	A	130.104.1.1
ns2.sri.ucl.ac.be.	604800	IN	A	130.104.1.2
ns3.sri.ucl.ac.be.	604800	IN	A	130.104.254.1
ns1.sri.ucl.ac.be.	604800	IN	AAAA	2001:6a8:3081:1::53
ns2.sri.ucl.ac.be.	604800	IN	AAAA	2001:6a8:3081:2::53
ns3.sri.ucl.ac.be.	604800	IN	AAAA	2001:6a8:3082:1::53

;; Query time: 13 msec
;; SERVER: 130.104.1.1#53(130.104.1.1)
;; WHEN: Thu Nov 08 09:52:46 CET 2018
;; MSG SIZE  rcvd: 272

This DNS query returns several interesting information. First, www.uclouvain.be is an alias for uclouvain.be whose IP address is 130.104.6.136. Its TTL is set to 3600 seconds. The uclouvain.be domain is served by three name servers that are reachable over both IPv4 and IPv6. The TTL of the name servers is much longer than the TTL of the A record. Unfortunately, www.uclouvain.be is not (yet) reachable over IPv6.

dig -t AAAA www.uclouvain.be +short
uclouvain.be.

A closer look at the name servers reveals that they all belong to the same IP prefix (IPv4 or IPv6). This is not surprising as these are the prefixes assigned to the university, but it implies that if those prefixes are unreachable then the DNS server becomes unreachable as well.

The DNS can be used to distribute a wide range of records. The full list of DNS records is available on http://www.iana.org/assignments/dns-parameters/dns-parameters.xhtml#dns-parameters-4. However, many of these records are obsolete and not used. The most interesting DNS records to analyse are :

  • the NS records that store the name servers
  • the MX record that stores information about the mail relays
  • the TXT records that are often used to store specific information
  • the CAA record that stores information about TLS certificates
  • the DNSSEC records

The script below queries some of these records

#!/bin/bash
if test $# -lt 1 -o $# -gt 2
then
    echo "usage: $0 <domain> [<resolver>]" >&2
    exit 1                                  
fi
domain=${1%.}.
resolver=8.8.8.8
if test $# -eq 2
then
    resolver=@${2#@}
fi

for record in A NS SOA HINFO MINFO MX TXT RP SIG KEY AAAA LOC SRV CERT SSHFP IPSECKEY RRSIG NSEC DNSKEY NSEC3 TLSA OPENPGPKEY SPF URI CAA
do  
    echo "Querying ${record} DNS record for ${domain}" 
    dig -t ${record} ${resolver} ${domain} +short 
    sleep 1
done

Here is the output of this script for uclouvain.be as an example

Querying A DNS record for uclouvain.be.
130.104.6.136
Querying NS DNS record for uclouvain.be.
ns3.sri.ucl.ac.be.
ns1.sri.ucl.ac.be.
ns2.sri.ucl.ac.be.
Querying SOA DNS record for uclouvain.be.
ns1.sri.ucl.ac.be. adminet.uclouvain.be. 2018110711 7200 900 3600000 10800
Querying HINFO DNS record for uclouvain.be.
Querying MINFO DNS record for uclouvain.be.
Querying MX DNS record for uclouvain.be.
10 smtp.sgsi.ucl.ac.be.
Querying TXT DNS record for uclouvain.be.
"google-site-verification=Ml1v6XgZ2Q7Cufq7CfRZc4kQbA3aTFzY_Th3ihTL5ws"
"v=spf1 ip4:130.104.0.0/16 ip4:193.190.244.6 mx include:sharepointonline.com include:spf.protection.outlook.com include:spf.mandrillapp.com -all"
"spycloud-domain-verification=744107e5-7ce2-4a07-8b92-4aefb1177e34"
"7U6NJ5oO1N+vL5O4R425eudYGKMkxssuHJO1HWT6kLIs9ucloZxTpTntj3Mz/ZGPplBVL0zguDWvL4Ur+4zfPg=="
"MS=ms66087194"
Querying RP DNS record for uclouvain.be.
Querying SIG DNS record for uclouvain.be.
Querying KEY DNS record for uclouvain.be.
Querying AAAA DNS record for uclouvain.be.
Querying LOC DNS record for uclouvain.be.
Querying SRV DNS record for uclouvain.be.
Querying CERT DNS record for uclouvain.be.
Querying SSHFP DNS record for uclouvain.be.
Querying IPSECKEY DNS record for uclouvain.be.
Querying RRSIG DNS record for uclouvain.be.
NSEC3PARAM 8 2 0 20181207195308 20181107194214 28923 uclouvain.be. BN++TOpXw1ShM6J03YU3eHTA4OYXu2Bx219lnWwhabiQ/59hv/AMXOYA Q0utv3Oi2dR0F1UwlAdePYdhVBgcTWIASn9e0cphBVp8o4AlfqNnxKPz 6um5EVZVrGB884pPbwbire+ER/B1geSbjXUy9lBcrA7VaY/PtudUL90I h+8=
MX 8 2 86400 20181120024256 20181021021958 28923 uclouvain.be. BFrUaEzKiHexa2/Qgf4FvnzQyE64BEQLKlvbEtxfKDwnzVFkfqggKt42 4W+7KsBqaIZHXi8mY5I+0MoOZJXziQlMNRf88ozgV+mYbkVVWZV0hp5X W5zg6VtIx51KKs/KKiCgXU/6J+q48OMXm6fS6V9e88G0ExE59IrNJkCo v0Q=
TXT 8 2 86400 20181128141041 20181029131041 28923 uclouvain.be. jtfJiCyDIRpIHFOPxamsvSLFL5zXSmzqFBTtWiAp8gRYkn+aN/TyDwc0 LK9YnDMwQ2KgQfnlhnx8UUIAe1xQ0+QKb8Nnnfo2S4pThFrbxk4biixx HOsAHb/UpjWkivq2apl0z6xsXbtXENWW5HEdf0mXkRbIpS3jmQOIhQH3 bb0=
A 8 2 3600 20181117180419 20181018172540 28923 uclouvain.be. QwGaiCRDHrQG7B/FOH60BU9kgerZsI6+dOpgyAq18U4x+T4gx/jxlHx2 M0Ojrrgjj0Pxp2RcIq0SKCvJBDK6Lw6rYZNaTfl/gOWPW3qmLopJteHZ 5qOlPPkX3DechvTpmmVz4IspeFrX44IxEtIM9EY+4SR/9NCGjMmWhIJI fKA=
NS 8 2 604800 20181123194331 20181024190318 28923 uclouvain.be. lKmr+68HwH4mMgsyFfkOC/G43WbolUBg+Cjm4/0AzO3m9t31Yb/bn1+K Zk49bg0n9fu2acl8uuPSJ/zcH7h++nm7QC+50V75ll/hYI3gW7tpLEDu LJnLngnxWwgopbBaYiQrlua3h2XvHgnNdZzH4ficozZklscIPo86muhE cHQ=
SOA 8 2 10800 20181208065634 20181108055634 28923 uclouvain.be. Pi7YDS6BanWkrpyu6yBqrVXnsVijO+cyZhOSxEecnNhFfRq9CIkhonGY l8LfVm60zKJtg84AjVEpiu86LLNA2zUyEjYGdLpBdg2TZk8QLbYBVEB9 d0Dia1l8yQTc/CoM8YPRfof/4GyX2dqAnz8hvO0wH2WOjB3R6mY3PQpL H0M=
TYPE65534 8 2 0 20181207161937 20181107161553 28923 uclouvain.be. J9dntTRq4i8OTx9yqq+64upxiorOVBBmh8esizhVZdm/REbcB2Sz/e/u PD3CS91MbEzpHp6tLzjIW8TjU/BvBCCzuMDuM9jfOWMAzoSokskS5mqp BEGGcklAz6qwCc61qhLp0vZwutXk1b2bnQth907KjNvvKBJvYgHWg5AY EgE=
DNSKEY 8 2 10800 20181120043148 20181021033154 28923 uclouvain.be. fz5Adl7LPeHhBpbtCBk1k/F0ivEALXUp3FD7L7slny+4FkV46rYiYVc/ HPJGKGeBC7bIFRNRJRcOASVEpJ4iRqCf+2P7GgL0Ar9SXHKCQsjSiBV8 9WWtKpEBDhhJCflGb6zviRWP94OHzLo9CcKUYc5v4j0HPQfmNIF/iaa3 KGg=
DNSKEY 8 2 10800 20181120043148 20181021033154 51640 uclouvain.be. TA9x2STAJOF/EdiUuvpFkL/EIi5iPbuHJyOm2EvHhA2A6TK+loCS7HDY XFfpDjEmdgs7jCqlcfDNkxtm5iZuvTV4Bao1D0CM/qXw8kJ0JP7kAGiq +Z0Vw0D10XeYyNNW6X21X58xlNIr4/Vu1dJJi9YdZjEd+IqWD0dpRUdF Fl5Mq/HuDZU1UIvmvMcpwXYCXVSHYOxfCuwGrmy2ZG4K/w883+yjRh39 iCo5aD88VCI4DhgpoRucYbWH7zqbxXKobIhZTnUMxYJyXuq9RoNu777U LJVuE4TTFiG2IRinkxWErzY28Vo2oowSREwGg0kl337o07sb2y2h2708 EXGScA==
CAA 8 2 86400 20181124120401 20181025111117 28923 uclouvain.be. Nw98DNUGeRyF+jL4umoRGi1RIFQcUI7wjm3pTlG3sT62S+dyvNS5vS8m 88Sfuw4vSUrnEwpHHBj6y4Itx/rZ1b+6IzNhmsdqJLwvlInGykhXI2V8 jr9/ZXwCFfrCuZUSgVxToJdnJjzjWpxO8NO2+xdrmfgo6J3CiTYFt50C wP0=
Querying NSEC DNS record for uclouvain.be.
Querying DNSKEY DNS record for uclouvain.be.
257 3 8 AwEAAcHmOi24czXiZw4UZAB0SSq27wg8V3BNE66upEVljz9SiR9zTXeu v5x/nxJSTvwYpf8v6QNGtNy41RFqu5mJ7K+My2E5w/It1SjNpBDjpeOH z8M062djAwWl/s2uop14amIw6nkyUC7XDwRRitzkB0oDdn15DTXyXBlU HAG6KM0S8B9H/ITScBohK/1ywBUZrFaGbk8fxwUSF7uowRUavb6IDM9Y q0/23GCKhSND0/435UNCG7g6G9QiZWn2TK/eXuDy1j8UPWCQ7wbMmZiM bswcbEeWwbXzB3HDhHvdqPbCK2k3Z6noJ/7/YRh5ge93HgSy5Ftt3QiQ e4NK9BNyT3k=
256 3 8 AwEAAZXT+oJtJ5259YHVlFDJsTCpcnObSpZrVUxZFRVynuRLxc4KEngE gwRmfi6QuBvC834gr4b+rOJ9o2uWqZxJhrTqWoZP1mfSI7ptvI1Aart8 SUlxXlIhJjKTRZnuDT/D+9ny9jSk3NTcjgrz4CRpEmPIDstXkENyjgx9 edN1Kt2Z
Querying NSEC3 DNS record for uclouvain.be.
Querying TLSA DNS record for uclouvain.be.
Querying OPENPGPKEY DNS record for uclouvain.be.
Querying SPF DNS record for uclouvain.be.
Querying URI DNS record for uclouvain.be.
Querying CAA DNS record for uclouvain.be.
0 issue "letsencrypt.org"
0 issue "digicert.com"
0 iodef "mailto:abuse@uclouvain.be"
0 issuewild "digicert.com"

The ietf.org domain has a different utilisation of these DNS records.

sh dns.sh ietf.org 130.104.1.1
Querying A DNS record for ietf.org.
4.31.198.44
Querying NS DNS record for ietf.org.
ns1.sea1.afilias-nst.info.
ns1.hkg1.afilias-nst.info.
ns0.amsl.com.
ns1.ams1.afilias-nst.info.
ns1.mia1.afilias-nst.info.
ns1.yyz1.afilias-nst.info.
Querying SOA DNS record for ietf.org.
ns0.amsl.com. glen.amsl.com. 1200000391 1800 1800 604800 1800
Querying HINFO DNS record for ietf.org.
Querying MINFO DNS record for ietf.org.
Querying MX DNS record for ietf.org.
0 mail.ietf.org.
Querying TXT DNS record for ietf.org.
"v=spf1 ip4:4.31.198.32/27 ip6:2001:1900:3001:0011::0/64 ip4:66.70.182.38 ip4:158.69.166.16/29 ip6:2607:5300:203:1b26::0/64 ip4:158.69.229.207 ip4:192.95.54.40/29 ip6:2607:5300:0060:9ccf::0/64 -all"
"google-site-verification=LytDaT1hg3foX-6-Re56chzsSGCQDkCa4xltAH1k2m8"
Querying RP DNS record for ietf.org.
Querying SIG DNS record for ietf.org.
Querying KEY DNS record for ietf.org.
Querying AAAA DNS record for ietf.org.
2001:1900:3001:11::2c
Querying LOC DNS record for ietf.org.
Querying SRV DNS record for ietf.org.
Querying CERT DNS record for ietf.org.
Querying SSHFP DNS record for ietf.org.
Querying IPSECKEY DNS record for ietf.org.
Querying RRSIG DNS record for ietf.org.
AAAA 5 2 1800 20190926223337 20180926213636 40452 ietf.org. lhLo1DQb+mB5agyAdwyHZucxDeaBXVVH8buu3aX7i1gk40kAfyGNe+7j W8xMegVh1KzHe2v5mesRVY5YmbNO9fbgdUKEuAy2gyMCo0kfprpArJyO Tfuym2s4AHUwAM7KY3RockNgouLKsm3z9IjyC1LJu0uotdIHCuaI74n+ POa2Gt5o7KQX/wORwAtklOH45tI7bOjvqkbwrWotNB2c+985mrXdU9do ciVCCbO0ozteSJNwBBBr8c+/mmJxYg6Mjs8cLsIFyUe04FZDY4QqR28Q i7lQtxqOW0uol+y8VMS0w9uQAqO5jSLZSIEmsom/R91t1VagiH8SqBDg SairWA==
TXT 5 2 1800 20190926223402 20180926213636 40452 ietf.org. k5WgRXgKycJ4g4GBdE2mb4Z/tEnxAJMeuCB2G/3ABTWwzo+hSXlclSfU stmFp7DtsvRFuBDzFOArjOa4QwbGo1/dKWqQMuGrw2mWRTek0w86IcMW Hvt1iXEx8ssHp+sajnuSf4MmNSexrfwFOJ6Sp+LIetOrFokH7HBPhlAa MEfBUJ9wvjaG2a1GxxQ9QbXQR4lxzjGQ90txKsmlZ1q5YR+znKHM7XOT j+WjL0fw15VpTIKknKQaEMkI+8v7aoViKVy7tyiXqzL1LnLK8QDsScEw YorOdfwI2rINkXDFZdhmUODba4FjQ1lW6j2O0IgUWae/QdXc4Zk2dnIB MwWEtw==
MX 5 2 1800 20190926223630 20180926213636 40452 ietf.org. gxsH6qZnsMwgMxaWLshJsxKxBkugxhtfJfsqk2lsyPcF56e7JkzCQ7ph FoMjilsPOO6GjbgRJahWgrugfYYABt7PUd8Mk5UQ5bRx3sWhq7RPXyPB Uyvv0S1EC6Rizwz5TG5Hb/harO2ZLf6Pims67mHFnPGP6ux82MgUy63Y 08htiDpMMgUWqtFfKapY+a5x+hziPrTFC5KDnvTyr0845IBv7RSuQa73 94Kq3TREyiAC59+/BF9XLsMqGZdTc04rbX7Es8bcabP4sQOSndyDU6SI nr5i4CLsvXQEgGDPHE7wnwKFcA/A5YrNtYvDH9erE4KuXsRjk8MrT6zk P/lwlw==
NSEC 5 2 1800 20190926223536 20180926213636 40452 ietf.org. NDXamRHTVoOFZqs5sKfre+g3FygLn2gRkc3l9JKRRWBRJwp4GSjQMCoh Uj+WYbV3ljYbhbkQXAkSZcWp2IXGlvZXpKwj6D6JM2FSPVWhTnod9Sid hQWbEbTTCmzVWJYOY8qUaAT6ViR+gn+lr5HDE95NIYzByUwPO7UCeT2g wWjQJE1/MOAxJxjQwDeAJoHuaT/KxnmC+mwCgNtBBGoHgUKVr3NicmvM hwJufqzynntimH7gD+8XklKm4NT+t5AROOvAjUB1uCo2ytvbqjE662tM eLKmPNMHeMk179tz91Dhskcx+O8I8zXOBGfIpg3kuMophKdnhUJFXKL3 d9E1ZA==
SOA 5 2 1800 20190926223608 20180926213636 40452 ietf.org. gNzN3CeRDaPj5a8rrjT8UOkVs2lR9o4CF9NHZsJNZe/R0JvVZ7u+jsfv OXK9VX82wFIf4J1UE/IR5JrpWLEURCE+e+EqsPj+zrH+DAS58fKwxUqv aF1Ysk2b3qR0IJi4f3NGikdF6wDtIKKvruvUVyDVikp1Kl1rjb0GYkVH LyLdvMxI1PdKWzx9eAyttDhNEEoz+QO6TrA91jwaqgKKV1/a7Oxf3Qk7 C9awsS2+tjHhnS/MlAJEVGxRyprohNHe55G6h6Qfz2fSzTSnv3EBlGWA hOuRk9gSIAtsLPQrbNLRbdYVEiuTcdNMkCOJJsOxtyjSqFOg72q4XACD O24HFw==
NS 5 2 1800 20191023123045 20181023113117 40452 ietf.org. CfaG2dg1HrNt084nwZ3efTv4qbyYn9+n7PGgTaKZEoQ/N+VBen51GyOX jvIUaxeBHJdGfCKBZ8BulJNsYsdxAPiQ5O70OSDvMG3RUkbI0H5Co05N Obns/SDz+Yng7GsCqho9+aR++21pyPjcPyix+YO/nmojvq4Bwua1z1W/ b9LQHv1Vi6hzq9seGLsZ+PMUPd7WkoX+Ope4+ik9P2vqmzQtD71O3cfW tgqt8E6u1m1sFMVHBWoPZr/4XNUJlMRjjceXxeDt0brERUywDBQLJ0Fv ++Ic9lREapAPiBrI86LL2JZduLIx2IkKH6QMnN+vydHZ7J9W2N08B10H P3K9NA==
A 5 2 1800 20190926223628 20180926213636 40452 ietf.org. Ao1ynZFbX78EhXa05Ve8hWMxLp6zehfGMSLDlDufgeSruzyxsYVfCrwC TV6osMaqLTooMplCzzBdCcaEjpMobOgvdZ+iEzfceq6yPRTZlRrJFz9Z NyJ6/Y71bpoUCiycmGwXeXW051V8pjrUSOwws7tSZG1qCfAivwUfkx4z YEJu9Z3GYAOf0p/HkQZPf8X0DPM108wE8379M8w688I3kdH8gi2hWr9w RFzVdO1HMYlU6HW2D/Ryd7fq/kTN7dhxGwlp2/SGI8+UGmnp9KyHumJp zXSfO2lIi1nON98alS0rdy32YIb9T++X/S8vuo0r5moXwrFP1s/U/34+ sFMJrg==
DNSKEY 5 2 1800 20190926223407 20180926213636 40452 ietf.org. fBtsjfr4y8tDVi59qtEzF1UW2Zprk3QHeVNkN2xsb9BoNN/PoPNakX79 uh4dCym01FltJ6aMaVyRM4Oiw+y7/4UOwBRHisIinV68Vu8CLFdTE35t iqMIXqZdSOyoWqB4zb6c/ZrFj3sueT2GyAyA9xYoGFsqX7f9WquO+r3m GYimDs8MAkSAIh9L7NWZVmFDMWbaA8cdy+0Mozi+tzyyT8mKaZzNUueT Y9ZfSTUd0M80jcntYSZnQbkZZ7Vq+JWQUzy2ToUPBN0VEyTfaP/DGT3X QjFnoPAHmUYH367mOCfEc3/m7kQYYFtIFqKBGfIefKnwbl5RGiJcfFBz NRBe0Q==
DNSKEY 5 2 1800 20190926223531 20180926213636 45586 ietf.org. YOD2ZtkuCxPAYjhRo7bP06BhdtQXD1VVXpc2fSLqAD4Zj/e2ahZWLoKG dl1o9+Q5Fz2XTIYwYoxgnK/x7iWhfV3w4fEPZ09vJxRyp6VPnk4+jOFk khQ+69hLQJEhKPcN700SqEYPBR/WspbEajeG/03PLwBIvlmBwFoL6V+T aEJsHdlcEImLo6qsP+XEepjn5EzxZmUNI37uAF9AsrPkBrk1aH48+KbL wnA5T81430BpwMOlULMeJEOGocQiPmRBP3XnvJVTBxLl4Hmj6F9zPcbR ypb5uV3udyZw+DRT8JWACkcOuE9/uYnDCTlvdPnOEcwlG1ONGqmQ0a// gYHKpw==
DS 7 2 86400 20181122152331 20181101142331 1862 org. JRSyRXXrgwlKWURHOoRXCsJXDksEDi1a717+4/ztmZwJvAV3B7DNE3je ph2HujuC8cLN9zb/6XsSPYvlPSMNFKQGcRpyy+jsPX9/vrAhR2CZnSun SgeVHLBpBHqjJ/cfLbOEQFR5GmcmHTbFgikQMz83IcweG5usD4qB0DDQ 84s=
Querying NSEC DNS record for ietf.org.
_dmarc.ietf.org. A NS SOA MX TXT AAAA RRSIG NSEC DNSKEY SPF
Querying DNSKEY DNS record for ietf.org.
256 3 5 AwEAAdDECajHaTjfSoNTY58WcBah1BxPKVIHBz4IfLjfqMvium4lgKtK ZLe97DgJ5/NQrNEGGQmr6fKvUj67cfrZUojZ2cGRizVhgkOqZ9scaTVX NuXLM5Tw7VWOVIceeXAuuH2mPIiEV6MhJYUsW6dvmNsJ4XwCgNgroAmX hoMEiWEjBB+wjYZQ5GtZHBFKVXACSWTiCtddHcueOeSVPi5WH94Vlubh HfiytNPZLrObhUCHT6k0tNE6phLoHnXWU+6vpsYpz6GhMw/R9BFxW5Pd PFIWBgoWk2/XFVRSKG9Lr61b2z1R126xeUwvw46RVy3hanV3vNO7LM5H niqaYclBbhk=
257 3 5 AwEAAavjQ1H6pE8FV8LGP0wQBFVL0EM9BRfqxz9p/sZ+8AByqyFHLdZc HoOGF7CgB5OKYMvGOgysuYQloPlwbq7Ws5WywbutbXyG24lMWy4jijlJ UsaFrS5EvUu4ydmuRc/TGnEXnN1XQkO+waIT4cLtrmcWjoY8Oqud6lDa Jdj1cKr2nX1NrmMRowIu3DIVtGbQJmzpukpDVZaYMMAm8M5vz4U2vRCV ETLgDoQ7rhsiD127J8gVExjO8B0113jCajbFRcMtUtFTjH4z7jXP2ZzD cXsgpe4LYFuenFQAcRBRlE6oaykHR7rlPqqmw58nIELJUFoMcb/BdRLg byTeurFlnxs=
Querying NSEC3 DNS record for ietf.org.
Querying TLSA DNS record for ietf.org.
Querying OPENPGPKEY DNS record for ietf.org.
Querying SPF DNS record for ietf.org.
"v=spf1 ip4:4.31.198.32/27 ip6:2001:1900:3001:0011::0/64 ip4:66.70.182.38 ip4:158.69.166.16/29 ip6:2607:5300:203:1b26::0/64 ip4:158.69.229.207 ip4:192.95.54.40/29 ip6:2607:5300:0060:9ccf::0/64 -all"
Querying URI DNS record for ietf.org.
Querying CAA DNS record for ietf.org.

It is interesting to look at the NS records more closely.

dig -t NS ietf.org +short
ns1.mia1.afilias-nst.info.
ns0.amsl.com.
ns1.ams1.afilias-nst.info.
ns1.yyz1.afilias-nst.info.
ns1.hkg1.afilias-nst.info.
ns1.sea1.afilias-nst.info.

These are served by different domains names hosted in different IP prefixes:

#dig ns1.mia1.afilias-nst.info. +short
65.22.7.1
#dig ns1.ams1.afilias-nst.info. +short
65.22.6.79
#dig ns1.yyz1.afilias-nst.info. +short
65.22.9.1
#dig ns1.hkg1.afilias-nst.info. +short
65.22.6.1
#dig ns1.sea1.afilias-nst.info. +short
65.22.8.1
# dig ns0.amsl.com. +short
4.31.198.40

This provides some redundancy. afilias is a company that provides DNS services, see https://www.afilias.info/. Looking at the names, it is likely that some of them are located in Miami, Amsterdam, HongKong or Seattle.

Besides looking at the DNS records themselves, another intersting point to consider is to see whether the DNS always returns the same address for a popular website. This requires querying different name servers to determine whether the same IP addresses are always returned. One possibility for this is to use a public DNS resolver such as those listed on https://en.wikipedia.org/wiki/Public_recursive_name_server.

A better approach is to rely on the RIPE Atlas measurement platform. This platform gathers thousands of measurement probes that are installed in a wide range of networks. The nice point about this platform is that the owners of probes can scheduled regular measurements on any probe. We have selected a subset of the RIPE Atlas anchors and have configured them to perform DNS measurements.

Two DNS measurements are scheduled and run every 5 hours for one month.

RIPE provides graphical interfaces and several tools to analyse the results that are publicly available on the above URL. On the command line, ripe-atlas allows to parse the results directly on the command line. Sagan and Cousteau provide a high-level python API to access the same data.

As an example, the python script below parses the JSON file from the measurements above to extract the IP address announced by the DNS servers.

from ripe.atlas.cousteau import AtlasResultsRequest
from ripe.atlas.sagan import Result, DnsResult

kwargs = {
    "msm_id": 17175949,
}

addr=list()

is_success, results = AtlasResultsRequest(**kwargs).create()

if is_success:
    for result in results:
        parsed=DnsResult.get(result)
        for ans in parsed.responses[0].abuf.answers:
            if ans.type=='AAAA' or ans.type=='A':
                if not(ans.address in addr) :
                    addr.append(ans.address)


print addr   

This measurement shows that www.ietf.org is reachable over two IPv4 ([‘104.20.0.85’, ‘104.20.1.85’]) and two IPv6 addresses [‘2606:4700:10:0:0:0:6814:55’, ‘2606:4700:10:0:0:0:6814:155’] from anywhere in the world.

Another interesting usage of RIPE Atlas is to explore the round-trip-times between various locations and our servers. Since uclouvain.be does not support IPv6 currently, we use www.ietf.org and cnp3book.info.ucl.ac.be as our measurement targets. Four delay measurements have been scheduled every five hours :

These measurements provide interesting results to compare the performance of the two websites.

The round-trip-times measurements for cnp3book.info.ucl.ac.be, a server located in Louvain-la-Neuve, Belgium, show that the round-trip time can reach 300 msec and more in some parts of the world. This is illustrated in the figure below that is available from https://atlas.ripe.net/measurements/17177420/#!map

https://atlas.ripe.net/measurements/17177420/#!map

The IETF website on the other hand shows a completely different behaviour. More than half of the measurement probes report a rtt of 20 msec or less.

https://atlas.ripe.net/measurements/17177418/#!map

The DNS configuration does not explain these differences in round-trip-times…

Written on November 8, 2018