Reduction of Root DNS Server Queries

Kazunori FUJIWARA  Akira SATO  Kenichi YOSHIDA  

Publication
B - Abstracts of IEICE TRANSACTIONS on Communications (Japanese Edition)   Vol.J98-B   No.6   pp.497-508
Publication Date: 2015/06/01
Online ISSN: 1881-0209
DOI: 
Type of Manuscript: PAPER
Category: 
Keyword: 
DNS,  DNSSEC,  root DNS server,  full resolver,  

Full Text(in Japanese): PDF(616.2KB)
>>Buy this Article


Summary: 
As a result of DNS-OARC root dataset analysis, we found that more than 30,000 IP addresses sent more than 100,000 queries to root DNS servers within 48 hours. The number of queries is too large, and indicates potential problems. To clarify the problems, we investigated behavior of DNS full resolvers, and found: 1) BIND 9 full resolver which is widely used sends many reducible queries to root. 2) Queries for non-existent TLDs from few stub resolvers cause many queries to root DNS servers. This paper proposes following three approaches to reduce queries to root DNS servers: i) use of Unbound with large cache size configuration, ii) refinement of full resolvers' algorithm, iii) aggressive use of DNSSEC and NSEC resource records.