--- title: Lab Meeting Minutes 2022/12/13 tags: lab_meeting --- > Outline > [TOC] --- # PERAL Lab Meeting - 時間：111 年 12 月 13 日 08:00 - 地點：科三 321 - 線上會議連結 : [Online](https://meet.google.com/fpe-wtqu-mue) - 出席者：吳坤熹老師、謝萬霖、吳騰然、劉怡君、田蕙瑜、洪胤勛、紀見如、劉冠伶、林大智、繆亭霄 - Absent: 丘世宇、莊才賢 - 會議主題：[DNS Negative Caching](https://docs.google.com/presentation/d/1m4DvUqoQyxAWRazog3_v2pDk9QOHkLMKV-4L_D1wrpU/edit?fbclid=IwAR1C1U1d7e42gy82RG-hUXBVPha_NG-6fiYFVOQkJij16H0XL8H6TkBsjqM#slide=id.p) - 主講者: 劉冠伶 - 主記: 林大智 ## 會議內容 DNA Negative cache #### 1. Introduction ##### (1) what is DNS negative cache? - the storage of knowledge that something does not exist - 在進行重複查詢時，由於會事先存取在Cache，所以提高效能 ##### (2) negative responses - Name Error: - domain name does not exist. - record: NXDOMAIN - server not found. - record: SERVFAIL - No Data (NODATA): - the domain name in the query is valid but records of the given type are not available. - record: NOERROR - have to be algorithmically determined from the response’s contents as there is no record value to indicate NODATA. ##### (3) negative answers from authoritative servers - the TTL of this record is set from the minimum of the MINIMUM field of the SOA record and the TTL of the SOA itself, and indicates how long a resolver may cache the negative answer ##### (4) caching negative answers - a name error (NXDOMAIN) -> <QNAME, QCLASS> - a no data error (NODATA) -> <QNAME, QTYPE, QCLASS> ##### (5) why DNS negative cache? - reduce the workload of upstream servers. - close an attack surface that might be used for denial of service attacks. - NXDOMAIN attacks is a DDoS attack targeting DNS server. - negative caching in resolvers is no-longer optional, if a resolver caches anything it must also cache negative answers. #### 2. DNS Negative Caching in the Wild ##### (1) measurement overview - 7,174 clients (RIPE Atlas probes) - authoritative DNS server - Experiment Flow ##### (2) preliminary results - our results show that 866 out of the 7,174 probes (12.07%) did not receive any cached response. - the reason is that public resolvers and many non-public DNS resolvers use load balancing techniques, with multiple caches. ##### (3) conclusions and future work - single IP probes - counting resolvers - some resolvers still operate with no negative caching - many resolvers use load balancing techniques. - As part of our ongoing and future work, we focus on the impact of use multiple caches on DNS caching. #### 3. Hands-on - show dns negative cache - use TTL to prove that NCACHE exists - view client’s cache - view server’s cache (failure)  --- ### 建議&問題 1. [name=Angela] 第一次提到給全稱 e.g. p.6 The full name of SOA, start of authority 2. [name=Solomon] P.10 報告一篇論文時，要標明其出處及作者所在單位 3. [name=Solomon] P.12 臺灣有哪些 public DNS resolver? 4. [name=Solomon] P.16 讓我們看看你的 nodata.ashley.test.ncnu.org 的zone file中有什麼 5. [name=Edgar] P.5 是什麼演算法? 7. [name=Edgar] size of negative cache? 8. [name=Edgar] what will happen when the negative table is full? (Are positive cache and negative cache two independent tables? Or the same table?) 9. [name=Jennifer]甚麼是SOA 答:那個zone名稱，寫在file開頭 10. [name=Jennifer]時間到了，TTL會自動刪除 答:會 11. [name=August] multiple caches為何會導致實驗結果不準 Solomon補充 : TTL並不是被reset，我們把dig的結果統整起來看看，有很多台8.8.4.4，所以才有 load balancing，正是因為很多台，所以才會重複出現300 答:resolver會有很多台，所以每次找的不一定是前一次的 12. [name=Lawrence] Resolver and DNS 通常是同台還是不同台 答: 大公司通常是不同台，但窮學生通常都在同一台 13. [name=Branko] 14. [name=Angela] 原本以為 mutiple cache 是因為resolver 有多個 IP address，但聽完講解後，reslover 可能是因為在同一個 IP 下有 load balancing 產生 multi-cashe ，那原本的方法該如何解釋? 答:再去survey一下 15. [name=Angela] P.5 如果有一台機器被restart後，上一次被放在 16. [name=Edgar] 需要連送相同指令的話，可以用 watch -n 1 -d <command> -n 是間隔秒數 -d 是 highlight 變化的字元 17. [name=]下次可以放個小範例 18. [name=]為什麼要有，必要嗎? 答:他可以減少DoS的攻擊的發生，也可以增進效能 ## 待追蹤事項 1. [name=] ## 臨時動議 1. 調查考試時間，為了給大家準備期末考，用以決定meeting結束時間還有訂餐時間 2. 尾牙時間: 1/13(Fri) 中午 3. 冬至:12/22 中午 --- 散會結束時間：