Lecture 9: DNS Caching Flashcards
What is TTL?
Time-To-Live
TTL sets the expiration for cached DNS records
What happens to cached DNS records after the TTL expires?
The cached DNS records must be thrown out and new DNS records fetched via a new DNS call
How are TTLs typically measure?
hours or days
What is propagation delay?
The amount of time required for a signal to be received after it has been sent
Why does DNS system suffer from slow convergence?
- Caching over the lifespan of the TTL
- Slowness of changes made by TLD DNS servers
Why does DNS system suffer from slow convergence?
- Caching over the lifespan of the TTL
- Slowness of changes made by TLD DNS servers
How long does it usually take for DNS system changes to fully propagate?
24-48 hours
What are the benefits of caching in DNS?
- Decreases response time
- Decreases load on the DNS service, the root and TLD DNS servers
- Improves the robustness and reliability of the system
What are the drawbacks of caching?
- It makes DNS opaquer and more difficult to predict
- Results in slow convergence and uneven propagation
- Offers a vector for attack
What is the tradeoff with TTL?
The longer the TTL, the more efficient, but also the slower the convergence and updates are
What protocol and port has DNS traditionally been done on?
A User Datagram Protocol (UDP) requests on port 53
What are the new ways DNS is done though
DNS via TLS
DNS vis HTTPs
What are the drawbacks of DNS via UDP?
- Little to no security
- Anyone sniffing around can see the DNS packets and know what domains you might be trying to retrieve
What is the DNS Date Format?
Header: transaction ID, flags, count of questions and answers
Answers: responsive data returned by the authoritative name server
What is the purpose of the transaction ID?
Match a request to a response
What is the purpose of the transaction ID?
Match a request to a response
What makes up the control field?
- QR flag
- opcode
- AA, TR, RD, and RA bits
- Z-field
- R Code
What is a QR flag?
Can turn a request header into a response header
0: Queries
1: Responses
What is the OPCode?
Used for internal testing
Typically just four zero bits
What is AA?
Represents whether the response came from an
authoritative DNS server
0: Caches and resolvers
1: Authoritative DNS server
What is TR?
1: DNS response > 512 bytes. User must use an alternative protocol (other than UDP)
What is RD (Recursion Desired) and RA (Recursion Available)?
Bits notify the server (RD) or the client (RA) whether recursive DNS resolution is wanted
What is Z-Field?
Reserved for future use – these three bits are always set to zero in present use
What is R Code?
provides a response code that informs the client if there were any errors
0000: Everythings ok
What are the four counts in order?
- Question Count
- Answer Count
- Authority Count
- Additional Count
What is the question count?
Number of questions we’re asking, as a requester
What does each question represent in the question count?
One domain that we are querying for
What is the answer count?
Number of answers the server has responded with
What does each answer represent in the answercount?
Each DNS record returned is an answer
What is the Authority Counts?
How many name server records are returned
What is the Additional Count?
How many additional resource records are included
