On the DNS Deployment of Modern Web Services

Total Page:16

File Type:pdf, Size:1020Kb

On the DNS Deployment of Modern Web Services On the DNS Deployment of Modern Web Services Shuai Hao∗y, Haining Wang∗, Angelos Stavrouz, and Evgenia Smirniy ∗University of Delaware, Newark, DE, USA yCollege of William and Mary, Williamsburg, VA, USA zGeorge Mason University, Fairfax, VA, USA Email: fhaos,[email protected], [email protected], [email protected] Abstract—Accessing Internet services relies on the Domain Existing DNS measurements studied the characteristics of Name System (DNS) for translating human-readable names to DNS activities and operations [16], [17], [21], [24], [26], the routable network addresses. At the bottom level of the DNS root or top-level-domain servers [20], [22], [29], [30], [36], or hierarchy, the authoritative DNS (ADNS) servers maintain the actual mapping records and answer the DNS queries. Today, the DNS resolvers [15], [18], [35]. Some works involving the the increasing use of upstream ADNS services (i.e., third-party characteristics of ADNSes mainly focused on the comparison ADNS-hosting services) and Infrastructure-as-a-Service (IaaS) with local DNS (LDNS) servers, but none of them explored clouds facilitates the establishment of web services, and has various ADNS deployments for web services. Complementary been fostering the evolution of the deployment of ADNS servers. to these prior works, we present a large-scale measurement To shed light on this trend, in this paper we present a large- scale measurement to study the ADNS deployment patterns of study in attempt to answer the following questions: (1) how modern web services and examine the characteristics of different do modern web services deploy their ADNS servers? (2) what deployment styles, such as performance, life-cycle of servers, are the characteristics of different ADNS deployment patterns? and availability. Furthermore, we focus specifically on the DNS and (3) in particular, how do the cloud-hosting subdomains deployment for subdomains hosted in IaaS clouds. administer their ADNS servers? We first collect the authoritative DNS server information I. INTRODUCTION for top-ranking websites on Alexa’s list [2] and eliminate the As a hierarchical distributed database system, the Domain redundant domain records. This constructs our dataset with Name System (DNS) is one of the most important components about 2.3 million nameservers for about 0.94 million websites. of Internet infrastructure, providing the mapping between the We then develop a systematic method to explore ADNS server domain names and network-level addresses to direct clients to deployment patterns and perform the geo-distributed probing specific Internet services. In DNS hierarchy, the Root and Top- experiments. In particular, by directly issuing DNS queries to Level-Domain nameservers are mainly used as the querying each ADNS server, we examine their deployment details and referrals, while the authoritative DNS (ADNS) servers, admin- characteristics. Next, we focus on the DNS deployment of web istered by the service providers, are responsible for storing the services whose subdomains are hosted in cloud infrastructure. name-to-address records and returning answers to the clients. We extract the subdomain list from an existing dataset [5], Deploying authoritative nameservers requires extra hard- reproduce the ADNS servers of subdomains for comparing ware resources and additional maintenance support. Also, the with the original results, and examine their deployment. We critical roles of DNS service in web infrastructure make it an summarize our major findings and contributions as follows: attractive target to attackers. Thus, web service providers are increasingly adopting the upstream authoritative DNS servers, • We use a simple heuristic method to determine the ADNS including the top sites (e.g., Amazon and Twitter) that have deployment patterns. In fact, it is fairly easy to recognize the ability to maintain their own ADNS infrastructures. In ad- the pattern for an individual website from its NS records, dition, to save a large amount of investment for infrastructure, but it is much more difficult when looking for millions many of today’s popular web services are directly built upon of websites in such a large-scale study. Infrastructure-as-a-Service (IaaS) clouds such as Amazon EC2 • We validate the use of ADNS proxy infrastructure by and Windows Azure. The traditional web service providers examining the transition delay and the TTL aging. are also migrating extended services into clouds to use the • We first quantify the usage and profile the characteristics “illusively-infinite” computing and storage resources. The IaaS of ADNS servers in terms of the deployment patterns. infrastructure greatly facilitates the establishment of modern • We find that most top-ranked websites deploy their own web services and also promotes the process of delegating DNS servers but emerging popular social sites tend to the authoritative name resolution to third-party ADNS service use the upstream DNS-hosting services. We also observe providers. Besides traditional web-hosting providers such as few servers being used in private deployment. Dyn [6] and Ultradns [14], the Content Delivery Networks • We find that the ADNS deployment patterns remain sta- (CDN) and cloud service providers also offer the ADNS ble. The change of private servers is more frequent than services that integrate the name resolution into their CDNs that of upstream servers. The websites using upstream or cloud infrastructures [1], [4]. services change frequently their hosting domains but have Root Server Top-Level Upstream ADNS Server Domain Server Web Server Web Server ADNS Server Internet Internet 1 2 1 Local/Public 2 3 2 Resolver Internet Web Server 1 (a) Private ADNS Server (b) Upstream ADNS Server 5 4 Local Network Authoritative DNS Server ADNS Upstream Client Web Server Server ADNS Server Resolver 6 Internet 1a Fig. 1. DNS Resolution Process (Iterative query). 2 1b (c) Hybrid ADNS Servers the lowest frequency to change their deployment patterns. • Among the studied patterns (i.e., private, upstream, and hybrid), we observe that upstream achieves the highest Fig. 2. ADNS Deployment for Web Services. performance while hybrid has the highest availability. TABLE I • We quantify the usage of ADNSes for cloud-hosting ADNS DEPLOYMENT OF TOP 15 SITES3 subdomains. We observe a noticeable growth on the usage of cloud-providing DNS service. Domain ADNS google.com google.com The remainder of this paper is organized as follows. We facebook.com facebook.com introduce DNS and ADNS deployment in x2. We describe the youtube.com google.com data sets used and our analysis methods in x3. We present the yahoo.com yahoo.com measurement results and analysis of ADNS deployment for baidu.com baidu.com top-ranking websites in x4. We profile the usage of ADNSes wikipedia.org wikimedia.org amazon.com dynect.net, ultradns4 for cloud-hosting subdomains in x5. We survey related work twitter.com dynect.net in x6, and finally conclude the paper in x7. taobao.com taobao.com qq.com qq.com II. BACKGROUND google.co.in google.com live.com msft.net In this section, we give an overview of DNS and present the sina.com.cn sina.com.cn authoritative DNS deployment patterns for modern web ser- linkedin.com dynect.net, linkedin.com vices. In addition, we specially discuss the DNS deployment weibo.com sina.com.cn of cloud-hosting subdomains. A. DNS Overview • Private ADNS server: The web service owners deploy Figure 1 shows the DNS components and the process of their private authoritative DNS servers only within their 1 name resolution. A resolution routine on the client-end host, own domains. called stub resolver, issues a DNS lookup to a recursive • Upstream ADNS server: The web service owners del- resolver, a local DNS server deployed by the client’s local egate their authoritative name resolution to the upstream network or a public DNS service [8], [10] located in a wide DNS-hosting service providers.2 area network. Without considering the cache effects on the • Hybrid ADNS deployment: The web service owners resolvers and intermediate servers, the recursive resolver will employ both the private DNS servers and the upstream first contact the root server. The root server directs the resolver ADNS servers for their authoritative name resolution. to query a top-level-domain (TLD) server (e.g., the .com TLD server). Similarly, the TLD server responds the resolver’s 1The domains hosting web services and private nameservers may also be query with the address of the authoritative DNS (ADNS) located inside IaaS clouds. In such a case, the service provider runs the ADNS servers with cloud instances. server for the corresponding domain. Next, the resolver queries 2We only consider the ADNS-hosting domains to identify the deployment, the ADNS server for the address of the domain host, and regardless of whether a website itself is hosted in private infrastructure or finally the client can reach the Internet service as the recursive web-hosting companies. 3 resolver returns the answer for name resolution. The ranking is from April 2015. 4The TLDs of Ultradns serving for amazon.com include .net, .org, .info, and .co.uk. Although Amazon offers a public DNS-hosting service B. ADNS Deployment Patterns (Route 53 [4]) for its cloud tenants, it delegates its DNS resolution to upstream providers. We infer that it is a historical reason: Amazon has been running the Figure 2 illustrates the steps of a client accessing the web upstream ADNS for amazon.com since its establishment in 1995 and did services under three different ADNS deployments: not switch to private servers when expanding its business to cloud services. ADNS Server Web Server Upstream DNS Proxy Cloud Subdomain Web Server DNS Proxy ADNS Server ADNS Web Server Web Server 2 Server Internet Cloud Internet 1 4 1 3 Internet 2 1 2a 2b (a) Proxy for Private ADNS (b) Proxy for Upstream ADNS (a) Primary ADNS Fig. 3. DNS Proxy. delegate resolution Cloud Subdomain ADNS DNS Server Web Server Table I lists the domains hosting authoritative DNS servers Web Server Server for the top 15 websites on Alexa’s list [2].
Recommended publications
  • Performance Efficiency Pillar
    Performance Efficiency Pillar AWS Well-Architected Framework Performance Efficiency Pillar AWS Well-Architected Framework Performance Efficiency Pillar: AWS Well-Architected Framework Copyright © Amazon Web Services, Inc. and/or its affiliates. All rights reserved. Amazon's trademarks and trade dress may not be used in connection with any product or service that is not Amazon's, in any manner that is likely to cause confusion among customers, or in any manner that disparages or discredits Amazon. All other trademarks not owned by Amazon are the property of their respective owners, who may or may not be affiliated with, connected to, or sponsored by Amazon. Performance Efficiency Pillar AWS Well-Architected Framework Table of Contents Abstract and Introduction ................................................................................................................... 1 Abstract .................................................................................................................................... 1 Introduction .............................................................................................................................. 1 Performance Efficiency ....................................................................................................................... 2 Design Principles ........................................................................................................................ 2 Definition .................................................................................................................................
    [Show full text]
  • Amazon Silk Developer Guide Amazon Silk Developer Guide
    Amazon Silk Developer Guide Amazon Silk Developer Guide Amazon Silk: Developer Guide Copyright © 2015 Amazon Web Services, Inc. and/or its affiliates. All rights reserved. The following are trademarks of Amazon Web Services, Inc.: Amazon, Amazon Web Services Design, AWS, Amazon CloudFront, AWS CloudTrail, AWS CodeDeploy, Amazon Cognito, Amazon DevPay, DynamoDB, ElastiCache, Amazon EC2, Amazon Elastic Compute Cloud, Amazon Glacier, Amazon Kinesis, Kindle, Kindle Fire, AWS Marketplace Design, Mechanical Turk, Amazon Redshift, Amazon Route 53, Amazon S3, Amazon VPC, and Amazon WorkDocs. In addition, Amazon.com graphics, logos, page headers, button icons, scripts, and service names are trademarks, or trade dress of Amazon in the U.S. and/or other countries. Amazon©s trademarks and trade dress may not be used in connection with any product or service that is not Amazon©s, in any manner that is likely to cause confusion among customers, or in any manner that disparages or discredits Amazon. All other trademarks not owned by Amazon are the property of their respective owners, who may or may not be affiliated with, connected to, or sponsored by Amazon. AWS documentation posted on the Alpha server is for internal testing and review purposes only. It is not intended for external customers. Amazon Silk Developer Guide Table of Contents What Is Amazon Silk? .................................................................................................................... 1 Split Browser Architecture ......................................................................................................
    [Show full text]
  • Web Application Hosting in the AWS Cloud AWS Whitepaper Web Application Hosting in the AWS Cloud AWS Whitepaper
    Web Application Hosting in the AWS Cloud AWS Whitepaper Web Application Hosting in the AWS Cloud AWS Whitepaper Web Application Hosting in the AWS Cloud: AWS Whitepaper Copyright © Amazon Web Services, Inc. and/or its affiliates. All rights reserved. Amazon's trademarks and trade dress may not be used in connection with any product or service that is not Amazon's, in any manner that is likely to cause confusion among customers, or in any manner that disparages or discredits Amazon. All other trademarks not owned by Amazon are the property of their respective owners, who may or may not be affiliated with, connected to, or sponsored by Amazon. Web Application Hosting in the AWS Cloud AWS Whitepaper Table of Contents Abstract ............................................................................................................................................ 1 Abstract .................................................................................................................................... 1 An overview of traditional web hosting ................................................................................................ 2 Web application hosting in the cloud using AWS .................................................................................... 3 How AWS can solve common web application hosting issues ........................................................... 3 A cost-effective alternative to oversized fleets needed to handle peaks ..................................... 3 A scalable solution to handling unexpected traffic
    [Show full text]
  • Amazon Mechanical Turk Requester UI Guide Amazon Mechanical Turk Requester UI Guide
    Amazon Mechanical Turk Requester UI Guide Amazon Mechanical Turk Requester UI Guide Amazon Mechanical Turk: Requester UI Guide Copyright © 2014 Amazon Web Services, Inc. and/or its affiliates. All rights reserved. The following are trademarks of Amazon Web Services, Inc.: Amazon, Amazon Web Services Design, AWS, Amazon CloudFront, Cloudfront, Amazon DevPay, DynamoDB, ElastiCache, Amazon EC2, Amazon Elastic Compute Cloud, Amazon Glacier, Kindle, Kindle Fire, AWS Marketplace Design, Mechanical Turk, Amazon Redshift, Amazon Route 53, Amazon S3, Amazon VPC. In addition, Amazon.com graphics, logos, page headers, button icons, scripts, and service names are trademarks, or trade dress of Amazon in the U.S. and/or other countries. Amazon©s trademarks and trade dress may not be used in connection with any product or service that is not Amazon©s, in any manner that is likely to cause confusion among customers, or in any manner that disparages or discredits Amazon. All other trademarks not owned by Amazon are the property of their respective owners, who may or may not be affiliated with, connected to, or sponsored by Amazon. Amazon Mechanical Turk Requester UI Guide Table of Contents Welcome ..................................................................................................................................... 1 How Do I...? ......................................................................................................................... 1 Introduction to Mechanical Turk .......................................................................................................
    [Show full text]
  • How Can Startups Make Use of Cloud Services
    California State University, San Bernardino CSUSB ScholarWorks Electronic Theses, Projects, and Dissertations Office of aduateGr Studies 4-2021 How can startups make use of cloud services Gauri Nade Gauri Nade California State University - San Bernardino Follow this and additional works at: https://scholarworks.lib.csusb.edu/etd Part of the Educational Technology Commons Recommended Citation Nade, Gauri and Nade, Gauri, "How can startups make use of cloud services" (2021). Electronic Theses, Projects, and Dissertations. 1262. https://scholarworks.lib.csusb.edu/etd/1262 This Thesis is brought to you for free and open access by the Office of aduateGr Studies at CSUSB ScholarWorks. It has been accepted for inclusion in Electronic Theses, Projects, and Dissertations by an authorized administrator of CSUSB ScholarWorks. For more information, please contact [email protected]. HOW CAN START UPS MAKE USE OF CLOUD SERVICES A Project Presented to the Faculty of California State University, San Bernardino In Partial Fulfillment of the Requirements for the Degree Master of Science in Information Systems and Technology by Gauri Rajendra Nade May 2021 HOW CAN START UPS MAKE USE OF CLOUD SERVICES A Project Presented to the Faculty of California State University, San Bernardino by Gauri Rajendra Nade May 2021 Approved by: Benjamin Becerra, PhD, Committee Chair Conrad Shayo, PhD, Reader Jay Varzandeh, PhD, Dept. Chair, Information & Decision Sciences © 2021 Gauri Rajendra Nade ABSTRACT The purpose of this project is to discuss the technical obstacles that small and medium-sized enterprises (SMEs) face, as well as how cloud computing can help to solve these issues. Cloud computing has the ability to radically change competitive environments by offering a new forum for generating and delivering business value and market development.
    [Show full text]
  • Using Amazon Web Services for Disaster Recovery October 2014
    Amazon Web Services – Using AWS for Disaster Recovery October 2014 Using Amazon Web Services for Disaster Recovery October 2014 Glen Robinson, Attila Narin, and Chris Elleman Page 1 of 22 Amazon Web Services – Using AWS for Disaster Recovery October 2014 Contents Introduction ...............................................................................................................................................................3 Recovery Time Objective and Recovery Point Objective ................................................................................................4 Traditional DR Investment Practices ............................................................................................................................4 AWS Services and Features Essential for Disaster Recovery ...........................................................................................5 Example Disaster Recovery Scenarios with AWS ...........................................................................................................9 Backup and Restore ................................................................................................................................................9 Pilot Light for Quick Recovery into AWS ................................................................................................................. 11 Warm Standby Solution in AWS ............................................................................................................................. 14 Multi-Site Solution Deployed
    [Show full text]
  • Architecting for HIPAA Security and Compliance Whitepaper
    Architecting for HIPAA Security and Compliance on Amazon Web Services AWS Whitepaper Architecting for HIPAA Security and Compliance on Amazon Web Services AWS Whitepaper Architecting for HIPAA Security and Compliance on Amazon Web Services: AWS Whitepaper Copyright © Amazon Web Services, Inc. and/or its affiliates. All rights reserved. Amazon's trademarks and trade dress may not be used in connection with any product or service that is not Amazon's, in any manner that is likely to cause confusion among customers, or in any manner that disparages or discredits Amazon. All other trademarks not owned by Amazon are the property of their respective owners, who may or may not be affiliated with, connected to, or sponsored by Amazon. Architecting for HIPAA Security and Compliance on Amazon Web Services AWS Whitepaper Table of Contents Abstract ............................................................................................................................................ 1 Introduction ...................................................................................................................................... 2 Encryption and protection of PHI in AWS .............................................................................................. 3 Alexa for Business ...................................................................................................................... 6 Amazon API Gateway ................................................................................................................. 6 Amazon AppFlow
    [Show full text]
  • Integrate AWS Route 53 Eventtracker V9.2X and Above
    Integrate AWS Route 53 EventTracker v9.2x and above Publication Date: January 25, 2021 Integrate AWS Route 53 Abstract This guide provides instructions to configure AWS Route 53 to send its log to EventTracker. Scope The configurations detailed in this guide are consistent with EventTracker version v9.2x or above and AWS Route 53 Audience Administrators who are assigned the task to monitor AWS Route 53 events using EventTracker. The information contained in this document represents the current view of Netsurion on the issues discussed as of the date of publication. Because Netsurion must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Netsurion, and Netsurion cannot guarantee the accuracy of any information presented after the date of publication. This document is for informational purposes only. Netsurion MAKES NO WARRANTIES, EXPRESS OR IMPLIED, AS TO THE INFORMATION IN THIS DOCUMENT. Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, this paper may be freely distributed without permission from Netsurion, if its content is unaltered, nothing is added to the content and credit to Netsurion is provided. Netsurion may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Netsurion, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property. The example companies, organizations, products, people and events depicted herein are fictitious. No association with any real company, organization, product, person or event is intended or should be inferred.
    [Show full text]
  • Amazon Web Services: Overview of Security Processes August 2015
    Amazon Web Services – Overview of Security Processes August 2015 Amazon Web Services: Overview of Security Processes August 2015 (Please consult http://aws.amazon.com/security/ for the latest version of this paper) Page 1 of 75 Amazon Web Services – Overview of Security Processes August 2015 Table of Contents Introduction ............................................................................................................................................................................ 5 Shared Security Responsibility Model .................................................................................................................................... 5 AWS Security Responsibilities ............................................................................................................................................. 6 Customer Security Responsibilities ..................................................................................................................................... 6 AWS Global Infrastructure Security ........................................................................................................................................ 7 AWS Compliance Program .................................................................................................................................................. 7 Physical and Environmental Security .................................................................................................................................. 8 Fire Detection and Suppression
    [Show full text]
  • Amazon Mechanical Turk Getting Started Guide API Version 2013-11-15 Amazon Mechanical Turk Getting Started Guide
    Amazon Mechanical Turk Getting Started Guide API Version 2013-11-15 Amazon Mechanical Turk Getting Started Guide Amazon Mechanical Turk: Getting Started Guide Copyright © 2014 Amazon Web Services, Inc. and/or its affiliates. All rights reserved. The following are trademarks of Amazon Web Services, Inc.: Amazon, Amazon Web Services Design, AWS, Amazon CloudFront, Cloudfront, Amazon DevPay, DynamoDB, ElastiCache, Amazon EC2, Amazon Elastic Compute Cloud, Amazon Glacier, Kindle, Kindle Fire, AWS Marketplace Design, Mechanical Turk, Amazon Redshift, Amazon Route 53, Amazon S3, Amazon VPC. In addition, Amazon.com graphics, logos, page headers, button icons, scripts, and service names are trademarks, or trade dress of Amazon in the U.S. and/or other countries. Amazon©s trademarks and trade dress may not be used in connection with any product or service that is not Amazon©s, in any manner that is likely to cause confusion among customers, or in any manner that disparages or discredits Amazon. All other trademarks not owned by Amazon are the property of their respective owners, who may or may not be affiliated with, connected to, or sponsored by Amazon. Amazon Mechanical Turk Getting Started Guide Table of Contents Welcome ..................................................................................................................................... 1 How Do I...? ......................................................................................................................... 1 Introduction to Amazon Mechanical Turk ...........................................................................................
    [Show full text]
  • Read the Case Study
    Customer Case Study – Education Babbly helps babies communicate with a HIPAA- compliant Kubernetes infrastructure. This child development start-up needed to address industry compliance needs while strengthening platform security, scalability and reliability. Our customer The obstacles they faced Babbly is an AI-powered platform that helps Babbly needed to develop and manage parents interact with, track and improve a stable, future-ready Kubernetes their children’s speech development from infrastructure that could support frequent birth to two years using machine learning application releases and automate as well as expertise from pediatricians and security. It also needed to meet industry language therapists. compliance requirements. How we helped What we achieved together Public Cloud — Amazon Web services (AWS), In just six weeks, Onica (a Rackspace AWS CloudFormation, Kubernetes, Amazon Technology company), built a production Certificate Manager, Amazon EKS, Amazon ready Kubernetes architecture for the Babbly RDS, Amazon CloudWatch Container Insights, application. Security increased with the Amazon Route 53, Amazon Web Application deployment of tools that enabled several Firewall, Elastic Load Balancing, AWS WAFv2, capabilities, including end-to-end encryption. AWS Managed Rules, Linkerd, Bitbucket, Customer experience was enhanced with Runaway, Kustomize. improvements in uptime and reliability. “We were looking for an experienced partner that can help us achieve our desired production-ready infrastructure within a very short timeframe. Onica came on-board matching the high standards the Babbly team embodies, and worked closely with us so we could release our application on schedule.” Carla Margalef Bentabol CTO and Co-Founder, Babbly Seeking a stable and logging solutions that would support Choosing the right AWS One of the initial priorities was to meet production workloads.
    [Show full text]
  • Streamline Amazon Workspaces Management with Intune Implementation Guide
    Streamline Amazon WorkSpaces Management with Intune Implementation Guide June 10, 2021 Notices Customers are responsible for making their own independent assessment of the information in this document. This document: (a) is for informational purposes only, (b) represents current AWS product offerings and practices, which are subject to change without notice, and (c) does not create any commitments or assurances from AWS and its affiliates, suppliers or licensors. AWS products or services are provided “as is” without warranties, representations, or conditions of any kind, whether express or implied. The responsibilities and liabilities of AWS to its customers are controlled by AWS agreements, and this document is not part of, nor does it modify, any agreement between AWS and its customers. © 2021 Amazon Web Services, Inc. or its affiliates. All rights reserved. Contents Overview .............................................................................................................................. 1 Cost ...................................................................................................................................... 1 Services Used and Costs ................................................................................................. 2 Architecture overview .......................................................................................................... 4 Walkthrough ......................................................................................................................... 5 Prerequisites....................................................................................................................
    [Show full text]