For Full-Text PDF, please login, if you are a member of IEICE,|
or go to Pay Per View on menu list, if you are a nonmember of IEICE.
Reduction of Root DNS Server Queries
Kazunori FUJIWARA Akira SATO Kenichi YOSHIDA
B - Abstracts of IEICE TRANSACTIONS on Communications (Japanese Edition)
Publication Date: 2015/06/01
Online ISSN: 1881-0209
Type of Manuscript: PAPER
DNS, DNSSEC, root DNS server, full resolver,
Full Text(in Japanese): PDF(616.2KB)
>>Buy this Article
As a result of DNS-OARC root dataset analysis, we found that more than 30,000 IP addresses sent more than 100,000 queries to root DNS servers within 48 hours. The number of queries is too large, and indicates potential problems. To clarify the problems, we investigated behavior of DNS full resolvers, and found: 1) BIND 9 full resolver which is widely used sends many reducible queries to root. 2) Queries for non-existent TLDs from few stub resolvers cause many queries to root DNS servers. This paper proposes following three approaches to reduce queries to root DNS servers: i) use of Unbound with large cache size configuration, ii) refinement of full resolvers' algorithm, iii) aggressive use of DNSSEC and NSEC resource records.