Internet Measurements and Traffic Analysis

DNS Analysis

The Domain Name System (DNS) is an essential part of the Internet infrastructure and most Internet applications depend on the proper functioning of DNS. In this project, we seek to understand the client-perceived performance and behavior of DNS and investigate the effectiveness of its caching mechanisms. Our goal is to understand the factors that affect DNS response latency, the errors and failure modes of DNS, and its scalability. An analysis of the effectiveness of DNS caching is especially important in light of several recent changes in the way DNS is used. Content distribution networks (CDNs) and popular Web sites with multiple servers are increasingly using DNS as a level of indirection to help balance load across servers, or for fault tolerance, or to direct each client request to a topologically nearby server.


Our analysis is based on an extensive collection of packet traces. The novel idea in our approach is to jointly collect both DNS packets and associated TCP connection traffic: since TCP applications drive most DNS traffic, a joint trace collection where all TCP SYN/FIN/RST packets are collected together with DNS packets has the potential to allow us to infer things about the way in which DNS is used. If we only collected DNS packets, we might be able to infer things like DNS response latencies and failure modes, but not infer much about its caching effectiveness.

We have been collecting data at the border router connecting MIT's LCS and AI Lab to the rest of the Internet since Fall 1999. We have analyzed two weeks worth of data collected in January 2000 and December 2000. We also collected data from KAIST in Korea in Spring 2001. We have analyzed one week's worth of data from May 2001.

Our analysis has two parts: first, we study the packet traces to characterize DNS performance as seen by our clients, and draw more fundamental conclusions about its failure modes and its retransmission protocol. Then, we conduct trace-driven simulations to explore the effect of varying time-to-live (TTL) fields and varying degree of cache sharing on DNS cache hit rates.

We are currently investigating a mathematical framework to capture asymptotic properties observed by simulations.

Key Results

A paper detailing our current findings will appear at the First ACM SIGCOMM Internet Measurement Workshop in November 2001.

Our most surprising, non-obvious findings and conclusions are:




NMS HomeProjectsPeoplePapersSoftware


M. I. T. Computer Science and Artificial Intelligence Laboratory · 32 Vassar Street · Cambridge, MA 02139 · USA