On modern DNS behavior and properties

By: Thomas Callahan, Mark Allman, Michael Rabinovich

Appears in: CCR July 2013

Abstract: The Internet crucially depends on the Domain Name System (DNS) to both allow users to interact with the system in human-friendly terms and also increasingly as a way to direct traffic to the best content replicas at the instant the content is requested. This paper is an initial study into the behavior and properties of the modern DNS system. We passively monitor DNS and related traffic within a residential network in an effort to understand server behavior--as viewed through DNS responses?and client behavior--as viewed through both DNS requests and traffic that follows DNS responses. We present an initial set of wide ranging findings.

Public Review By: Sharad Agarwal

Studies by online content providers including Amazon, Google and Microsoft, and by network game researchers have quantified the impact of network latency on user behavior. DNS is an important part of that latency -- both in contributing to initial connection setup latency but also in picking a server that has low network distance and low load for the client to use. A number of measurement studies of DNS behavior on the Internet have been published in the past. This paper is a more recent one. The authors have studied 14 months of data from a 90 home neighborhood in the US, served by bi-directional 1 Gbps fiber links. This data includes 200 million DNS queries and 1.1 billion flows. There are a number of notable findings in this paper. 63% of hostnames were requested only once throughout the 14 month window. Google's public DNS resolver served only 1% of queries. 75% of hostnames mapped to only 1 IP address, and those tended to not be optimized for geographic locality to the client. Two-thirds of DNS transactions completed in under 1ms, but 25% took between 10ms and 1s. 40% of DNS responses went unused, perhaps as a result of DNS prefetching. While the contribution of this paper is time-bounded until DNS behavior changes again, there is value to the community here. DNS researchers will find the results of interest, either in confirming that previously observed behavior is still happening or in seeing new behavior. Other researchers may find the data useful in building models for evaluation. However, as all the reviewers pointed out, the findings could be skewed by the small population of fiber-connected homes in the US. For instance, the paper finds heavy use of the Chrome web browser among their users, but Chrome commands roughly 16% of the browser market. This can skew some numbers, such as DNS prefetching.