John Heidemann / Papers / Old but Gold: Prospecting TCP to Engineer DNS Anycast (extended)

Old but Gold: Prospecting TCP to Engineer DNS Anycast (extended)
Giovane C
USC/Information Sciences Institute


Giovane C. M. Moura, John Heidemann, Wes Hardaker, Jeroen Bulten, Joao Ceron and Christian Hesselman. Old but Gold: Prospecting TCP to Engineer DNS Anycast (extended). Technical Report ISI-TR-740. USC/Information Sciences Institute. [PDF] [alt PDF]


DNS latency is a concern for many service operators: CDNs exist to reduce service latency to end-users, but must rely on global DNS for reachability and load-balancing. We show that a recursive DNS resolver’s preference for low latency shifts traffic at TLDs and the DNS root. DNS latency today is monitored with distributed infrastructure such as RIPE Atlas, or with active probing using Verfploeter. While Atlas coverage is wide, it is incomplete, and Verfploeter coverage in IPv6 is limited. In this paper we show that passive observation of TCP handshakes provides a mechanism to measure DNS latency. Passive RTT estimation from TCP is an old idea, but it has never been used to examine DNS before. We show that there is sufficient TCP DNS traffic today to provide greater coverage than existing approaches, and is the best method to observe latency of DNS using IPv6. We show that estimates of DNS latency from TCP is consistent with UDP latency. Our approach finds real problems: We define DNS polarization, a new problem where a hypergiant sends global traffic to one anycast site rather than taking advantage of the global anycast deployment—we found Google traffic polarized and cut its latency from 100ms to 10ms, and for Microsoft, the latency cut due to traffic being depolarized was from 90ms to 20ms. Our approach is in operational use for a European country’s top-level domain, and monitoring with our tool helped find and correct a routing detour sending European traffic to Australia.

Bibtex Citation

  author = {Moura, Giovane C. M. and Heidemann, John and Hardaker, Wes and Bulten, Jeroen and Ceron, Joao and Hesselman, Christian},
  title = {Old but Gold: Prospecting {TCP} to Engineer {DNS} Anycast (extended)},
  institution = {USC/Information Sciences Institute},
  year = {2020},
  month = jun,
  project = {ant, lacanic, paaddos, ddidd, diiner},
  jsubject = {network_security},
  number = {ISI-TR-740},
  xnote = {Released June 2020},
  location = {johnh: pafile},
  keywords = {anycast, dns, tcp, latency, root, .nl-tld},
  url = {},
  pdfurl = {},
  otherurl = {},
  dataurl = {},
  myorganization = {USC/Information Sciences Institute},
  copyrightholder = {authors}
Copyright © by John Heidemann