%0 Journal Article %1 10433863 %A Dikshit, Pratyush %A Kosek, Mike %A Faulhaber, Nils %A Sengupta, Jayasree %A Bajpai, Vaibhav %D 2024 %J IEEE Transactions on Network and Service Management %K Domain Name Rate;EDNS(0) System;Resilience;Probes;Internet;Time Time;Failure factors;Servers;IP networks;DNS;DNS-over-TCP;DNS-over-UDP;Response %P 1-1 %R 10.1109/TNSM.2024.3365303 %T Evaluating DNS Resiliency and Responsiveness With Truncation, Fragmentation & DoTCP Fallback %X Since its introduction in 1987, the DNS has become one of the core components of the Internet. While it was designed to work with both TCP and UDP, DNS-over-UDP (DoUDP) has become the default option due to its low overhead. As new Resource Records were introduced, the sizes of DNS responses increased considerably. This expansion of the message body has led to truncation and IP fragmentation more often in recent years where large UDP responses make DNS an easy vector for amplifying denial-of-service attacks which can reduce the resiliency of DNS services. This paper investigates the resiliency, responsiveness, and usage of DoTCP and DoUDP over IPv4 and IPv6 for 10 widely used public DNS resolvers. The paper specifically measures the resiliency of the DNS infrastructure in the age of increasing DNS response sizes that lead to truncation and fragmentation. Our results offer key insights into the management of robust and reliable DNS network services. While DNS Flag Day 2020 recommends 1232 bytes of buffer sizes, we find out that 3/10 resolvers mainly announce very large EDNS(0) buffer sizes both from the edge as well as from the core, which potentially causes fragmentation. In reaction to large response sizes from authoritative name servers, we find that resolvers do not fall back to the usage of DoTCP in many cases, bearing the risk of fragmented responses. As the message sizes in the DNS are expected to grow further, this problem will become more urgent in the future. This paper demonstrates the key results (particularly as a consequence of the DNS Flag Day 2020) which may support network service providers make informed choices to better manage their critical DNS services.

@article{10433863, abstract = {Since its introduction in 1987, the DNS has become one of the core components of the Internet. While it was designed to work with both TCP and UDP, DNS-over-UDP (DoUDP) has become the default option due to its low overhead. As new Resource Records were introduced, the sizes of DNS responses increased considerably. This expansion of the message body has led to truncation and IP fragmentation more often in recent years where large UDP responses make DNS an easy vector for amplifying denial-of-service attacks which can reduce the resiliency of DNS services. This paper investigates the resiliency, responsiveness, and usage of DoTCP and DoUDP over IPv4 and IPv6 for 10 widely used public DNS resolvers. The paper specifically measures the resiliency of the DNS infrastructure in the age of increasing DNS response sizes that lead to truncation and fragmentation. Our results offer key insights into the management of robust and reliable DNS network services. While DNS Flag Day 2020 recommends 1232 bytes of buffer sizes, we find out that 3/10 resolvers mainly announce very large EDNS(0) buffer sizes both from the edge as well as from the core, which potentially causes fragmentation. In reaction to large response sizes from authoritative name servers, we find that resolvers do not fall back to the usage of DoTCP in many cases, bearing the risk of fragmented responses. As the message sizes in the DNS are expected to grow further, this problem will become more urgent in the future. This paper demonstrates the key results (particularly as a consequence of the DNS Flag Day 2020) which may support network service providers make informed choices to better manage their critical DNS services.}, added-at = {2024-04-23T14:07:45.000+0200}, author = {Dikshit, Pratyush and Kosek, Mike and Faulhaber, Nils and Sengupta, Jayasree and Bajpai, Vaibhav}, biburl = {https://www.bibsonomy.org/bibtex/2fbb07c3abb2a2a9d9fd57aeba9e8d618/hpi-hiic}, doi = {10.1109/TNSM.2024.3365303}, interhash = {259a06cd7a3af5d2d504cbecc7400d0b}, intrahash = {fbb07c3abb2a2a9d9fd57aeba9e8d618}, issn = {1932-4537}, journal = {IEEE Transactions on Network and Service Management}, keywords = {Domain Name Rate;EDNS(0) System;Resilience;Probes;Internet;Time Time;Failure factors;Servers;IP networks;DNS;DNS-over-TCP;DNS-over-UDP;Response}, pages = {1-1}, timestamp = {2024-04-23T14:07:45.000+0200}, title = {Evaluating DNS Resiliency and Responsiveness With Truncation, Fragmentation & DoTCP Fallback}, year = 2024 }