Abstract image of a woman sitting on books and studying on a laptop

DNS Measurements

AFRINIC, profile picture
AFRINIC

This document discusses using Internet measurements and the RIPE Atlas platform to monitor DNS performance. RIPE Atlas allows monitoring DNS infrastructure like root name servers from thousands of global vantage points. It can troubleshoot problems, validate peering strategies, and help with content distribution planning. Both active and passive DNS measurements are covered, including analyzing zone files to assess IPv6 and DNSSEC deployment. Use cases demonstrated include monitoring root server performance and which instances clients use.

Internet
1 of 31
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
Internet/DNS Measurements Africa DNS Forum 2017 Josiah Chavula, Amreesh Phokeer AFRINIC Ltd Research & Innovation
Overview Internet Measurements ● Motivation for DNS Measurements ● RIPE Atlas measurements ● Tools, Techniques and Metrics ● Use Cases
Why Internet Measurements ● Monitor the performance of your network in real time from thousands of vantage points ● Troubleshoot problems close to your customers ● Validate your peering strategies (e.g. TraceMON routing anomalies) ● Plan your content distribution (e.g reachability and latency) ● Research (e.g. IPv6 and DNSSEC deployment and performance)
• Large-scale monitoring of Authoritative DNS (Roots, ccTLDs, etc…) • automatically detect failures • monitoring performance • Determine which instances of a name server clients/networks use • assess the impact of issues with one or more root name servers DNS Measurements (Active Measurements)
Passive DNS Measurements Analysis of zone files / resolvers’ data • Prevalence of DNS Authoritative Name servers running V6 • DNS Resolvers: prevalence of resolvers requesting AAAA records. • DNS Queries: the distribution of actual IPv6-related DNS queries. Please share DNS data!
RIPE Atlas: Probes •Global network of "probes" to measure Internet connectivity •Monitor network reachability from hundreds of vantage points •Monitor responsiveness of DNS infrastructure, such as root name servers
RIPE Atlas: Anchors •More powerful probes, monitoring regional connectivity •7 anchors in Africa
Accessing Ripe Atlas: https://atlas.ripe.net
• Root Server Performance • Server responsiveness • Performance comparison between TCP and UDP • Root Instances • which root DNS server instance gets queried by clients • Root server latencies • compare response times for DNS SOA queries to all the root DNS servers DNS Measurements
DNSMON: monitoring root zone servers
DNSMON: monitoring root zone servers
DomainMON - Up-to-date performance overview of your DNS zone
DomainMON - longitudinal performance overview of your DNS zone
Root Server Performance Performance comparison between TCP and UDP (ratio).
Which DNS root server instance is used by clients? • measure "gravitational radius" of root server instances (for servers employing anycasting) • What is the latency of different root server instances?
Which root DNS server instance is used by clients? Example: Some South African client experiences 482ms response time to Sydney versus 39ms response time to Cape Town
• Query for popular domain names to hit caches and local resolvers where appropriate Measuring end-user DNS experience?
DNS Latency Visualization: List latencies to a DNS server per probe
DNS Latency Visualization: Latency-color-coded map of probes
compare: 15ms versus 361ms DNS latency
• Compare multiple latency trends to resolvers • Charts updated in real time as data is received from the probes LatencyMON
RIPE Atlas live streaming (https://atlas.ripe.net/docs/result-streaming/, http://sg-pub.ripe.net/demo-area/atlas-stream/conn/ ) Receive measurement results as soon as they are sent by the probes - Real-time connectivity monitoring - Publish/subscribe through web sockets Three types of data: - Measurement results - Probe connection status events - Measurements metadata
The Root Canary • Measuring and monitoring the impact of the KSK rollover • Track operational impact of the root KSK • Measure validation during the KSK rollover from a global perspective • Gain immediate insight into which operators have validation problems • Monitor the state of DNSSEC validation from multiple angles • Ripe Atlas probes + test validation • using signed and bogus records
Validation status based on RIPE Atlas probes that have successfully executed tests (https://portal.rootcanary.org/rcmstats.html )
~ 0.6% validation failures
• Monitoring DNS Propagation Time / DNS Consistency • monitoring SOA timestamp propagation time • looking at the moment when a change is made by one of the registrars, and following how quickly these changes propagate. • DNS resolver hijack checker • how do we protect from “bad actors” on the Internet? How do we know that DNS resolution is coming from the “proper” place? • use RIPE Atlas probes to query a pre-set DNS record on your own server, and use a public DNS resolver with known IP addresses; match the responses; mark the probes that show inconsistent responses. • Reverse DNS statistics • dig into reverse DNS data: what percentage of delegations has issues (lame), latency in domain object creation, coverage of address space with reverse delegations. Other DNS Use Cases (From Ripe Atlas Hackathon: https://labs.ripe.net/Members/becha/results-dns-measurements-hackathon )
Web Interface Measurements (https://atlas.ripe.net/measurements/form/ )
RIPE Atlas Cousteau • A python wrapper around RIPE Atlas API - https://github.com/RIPE-NCC/ripe-atlas-cousteau - pip install ripe.atlas.cousteau • Manage measurements: - Create a measurement - Stop a measurement - Change probes involved • Fetch results from API, streaming and probes
RIPE Atlas Cousteau + Python
More about Ripe Atlas • Atlas Tools: https://atlas.ripe.net/measurements-and-tools/tools/ • RESTfulAPI – https://atlas.ripe.net/docs/measurement-creation-api/ • Atlas API description – https://atlas.ripe.net/docs/rest/ • AtlasAPI tutorial – https://atlas.ripe.net/docs/measurement-creation-api/ • Public measurements – https://atlas.ripe.net/measurements/ • Map of results – https://atlas.ripe.net/results/maps/ • List of probes – https://atlas.ripe.net/probes/ • Geographical mapsof probes – https://atlas.ripe.net/results/maps/network-coverage/
AFRINIC-27 27 November to 2nd December 2017 Lagos, Nigeria AFRICOMM 2017 International Workshop on Internet Measurements Research in Africa DECEMBER 11–12, 2017 | LAGOS, NIGERIA http://africommconference.org/2017/show/IMRA Upcoming Internet Measurements Workshops

More Related Content

PDF
Testing Rolling Roots
APNIC
 
PDF
Data Aggregation At Scale Using Apache Flume
Arvind Prabhakar
 
PDF
RedisConf18 - Active-Active Geo-Distributed Apps with Redis CRDTs (conflict f...
Redis Labs
 
PPTX
RedisConf18 - Application of Redis in IOT Edge Devices
Redis Labs
 
PDF
Rolling the Root Zone DNSSEC Key Signing Key
APNIC
 
PDF
Big Data Day LA 2015 - Always-on Ingestion for Data at Scale by Arvind Prabha...
Data Con LA
 
PPTX
Fraud Detection Architecture
Gwen (Chen) Shapira
 
PDF
Stream Processing Everywhere - What to use?
MapR Technologies
 
Testing Rolling Roots
APNIC
 
Data Aggregation At Scale Using Apache Flume
Arvind Prabhakar
 
RedisConf18 - Active-Active Geo-Distributed Apps with Redis CRDTs (conflict f...
Redis Labs
 
RedisConf18 - Application of Redis in IOT Edge Devices
Redis Labs
 
Rolling the Root Zone DNSSEC Key Signing Key
APNIC
 
Big Data Day LA 2015 - Always-on Ingestion for Data at Scale by Arvind Prabha...
Data Con LA
 
Fraud Detection Architecture
Gwen (Chen) Shapira
 
Stream Processing Everywhere - What to use?
MapR Technologies
 

What's hot (20)

PDF
Using ~300 Billion DNS Queries to Analyse the TLD Name Collision Problem
APNIC
 
PDF
What no one tells you about writing a streaming app
hadooparchbook
 
PPTX
Streaming in the Wild with Apache Flink
DataWorks Summit/Hadoop Summit
 
PPTX
Dealing with an Upside Down Internet
MapR Technologies
 
PDF
Hadoop application architectures - using Customer 360 as an example
hadooparchbook
 
PPTX
Free Code Friday - Spark Streaming with HBase
MapR Technologies
 
PDF
Introduction to Apache NiFi And Storm
Jungtaek Lim
 
PDF
Architecting a next generation data platform
hadooparchbook
 
PPTX
Embeddable data transformation for real time streams
Joey Echeverria
 
PDF
Streaming architecture patterns
hadooparchbook
 
PPTX
Bridging the gap of Relational to Hadoop using Sqoop @ Expedia
DataWorks Summit/Hadoop Summit
 
PPTX
Design Patterns For Real Time Streaming Data Analytics
DataWorks Summit
 
PPTX
Design Patterns For Real Time Streaming Data Analytics
DataWorks Summit
 
PDF
Architecting next generation big data platform
hadooparchbook
 
PDF
Hadoop application architectures - Fraud detection tutorial
hadooparchbook
 
PPTX
In Flux Limiting for a multi-tenant logging service
DataWorks Summit/Hadoop Summit
 
PPTX
Tracking Crime as It Occurs with Apache Phoenix, Apache HBase and Apache NiFi
DataWorks Summit
 
PPTX
Real time fraud detection at 1+M scale on hadoop stack
DataWorks Summit/Hadoop Summit
 
PPTX
Faster, Faster, Faster: The True Story of a Mobile Analytics Data Mart on Hive
DataWorks Summit/Hadoop Summit
 
PPTX
Using Spark Streaming and NiFi for the next generation of ETL in the enterprise
DataWorks Summit
 
Using ~300 Billion DNS Queries to Analyse the TLD Name Collision Problem
APNIC
 
What no one tells you about writing a streaming app
hadooparchbook
 
Streaming in the Wild with Apache Flink
DataWorks Summit/Hadoop Summit
 
Dealing with an Upside Down Internet
MapR Technologies
 
Hadoop application architectures - using Customer 360 as an example
hadooparchbook
 
Free Code Friday - Spark Streaming with HBase
MapR Technologies
 
Introduction to Apache NiFi And Storm
Jungtaek Lim
 
Architecting a next generation data platform
hadooparchbook
 
Embeddable data transformation for real time streams
Joey Echeverria
 
Streaming architecture patterns
hadooparchbook
 
Bridging the gap of Relational to Hadoop using Sqoop @ Expedia
DataWorks Summit/Hadoop Summit
 
Design Patterns For Real Time Streaming Data Analytics
DataWorks Summit
 
Design Patterns For Real Time Streaming Data Analytics
DataWorks Summit
 
Architecting next generation big data platform
hadooparchbook
 
Hadoop application architectures - Fraud detection tutorial
hadooparchbook
 
In Flux Limiting for a multi-tenant logging service
DataWorks Summit/Hadoop Summit
 
Tracking Crime as It Occurs with Apache Phoenix, Apache HBase and Apache NiFi
DataWorks Summit
 
Real time fraud detection at 1+M scale on hadoop stack
DataWorks Summit/Hadoop Summit
 
Faster, Faster, Faster: The True Story of a Mobile Analytics Data Mart on Hive
DataWorks Summit/Hadoop Summit
 
Using Spark Streaming and NiFi for the next generation of ETL in the enterprise
DataWorks Summit
 
Ad

Similar to DNS Measurements (20)

PDF
DINR 2021 Virtual Workshop: Passive vs Active Measurements in the DNS
APNIC
 
PDF
Monitoring DNS Records and Servers
ThousandEyes
 
PDF
Measuring CDN performance and why you're doing it wrong
Fastly
 
PDF
DNS in IR: Collection, Analysis and Response
pm123008
 
PDF
Never Stop Exploring - Pushing the Limits of Solr: Presented by Anirudha Jadh...
Lucidworks
 
PDF
Authoritative Nameserver Selection and Recursive Resolvers
APNIC
 
PDF
Measuring CDN performance and why you're doing it wrong
Fastly
 
PDF
1 technical-dns-workshop-day1
DNS Entrepreneurship Center
 
PPTX
6421 b Module-03
Bibekananada Jena
 
PDF
NZNOG 2013 - Experiments in DNSSEC
APNIC
 
PPTX
Abuse of DNS wildcards in China - from passiveDNS perspective
APNIC
 
PPTX
How DNS works and How to secure it: An Introduction
yasithbagya1
 
PDF
ION Hangzhou - Why Deploy DNSSEC?
Deploy360 Programme (Internet Society)
 
PDF
CNIT 40: 4: Monitoring and detecting security breaches
Sam Bowne
 
PDF
DNS Survival Guide
APNIC
 
PDF
DNS Survival Guide.
Qrator Labs
 
PDF
Internet Week 2018: 1.1.1.0/24 A report from the (anycast) trenches
APNIC
 
PPTX
Computer Networks & internet protocols.pptx
jesudossai2
 
PPTX
DNS - MCSE 2019
Milad Es'Haghi
 
PDF
Kentik Network@Scale (Dan Ellis)
gvillain
 
DINR 2021 Virtual Workshop: Passive vs Active Measurements in the DNS
APNIC
 
Monitoring DNS Records and Servers
ThousandEyes
 
Measuring CDN performance and why you're doing it wrong
Fastly
 
DNS in IR: Collection, Analysis and Response
pm123008
 
Never Stop Exploring - Pushing the Limits of Solr: Presented by Anirudha Jadh...
Lucidworks
 
Authoritative Nameserver Selection and Recursive Resolvers
APNIC
 
Measuring CDN performance and why you're doing it wrong
Fastly
 
1 technical-dns-workshop-day1
DNS Entrepreneurship Center
 
6421 b Module-03
Bibekananada Jena
 
NZNOG 2013 - Experiments in DNSSEC
APNIC
 
Abuse of DNS wildcards in China - from passiveDNS perspective
APNIC
 
How DNS works and How to secure it: An Introduction
yasithbagya1
 
ION Hangzhou - Why Deploy DNSSEC?
Deploy360 Programme (Internet Society)
 
CNIT 40: 4: Monitoring and detecting security breaches
Sam Bowne
 
DNS Survival Guide
APNIC
 
DNS Survival Guide.
Qrator Labs
 
Internet Week 2018: 1.1.1.0/24 A report from the (anycast) trenches
APNIC
 
Computer Networks & internet protocols.pptx
jesudossai2
 
DNS - MCSE 2019
Milad Es'Haghi
 
Kentik Network@Scale (Dan Ellis)
gvillain
 
Ad

More from AFRINIC (20)

PDF
AIS19 - Policies under discussion
AFRINIC
 
PDF
AIS19 Newcomers Session (EN)
AFRINIC
 
PDF
AFRINIC 101 2017
AFRINIC
 
PDF
AFRINIC 101 2016 (Fr)
AFRINIC
 
PDF
Internet development in Africa: a content use, hosting and distribution persp...
AFRINIC
 
PDF
Insight Into Africa’s Country-level Latencies
AFRINIC
 
PDF
Deep Diving into Africa’s Inter-Country Latencies
AFRINIC
 
PDF
Studying performance barriers to cloud services in Africa's public sector
AFRINIC
 
PDF
Routing security and implications for NRENs
AFRINIC
 
PDF
APRICOT Latency Clustering
AFRINIC
 
PDF
Latency clustering AfPIF2017
AFRINIC
 
PDF
AFRINIC RIA MoU
AFRINIC
 
PDF
AFRINIC DNSSEC Infrastructure and Signer Migration
AFRINIC
 
PDF
Tampering With the Open Internet: Experiences From Africa
AFRINIC
 
PDF
Assessing Internet Freedom and the Digital Resilience
AFRINIC
 
PDF
Measuring quality of Internet links in NRENs
AFRINIC
 
PDF
State of Internet measurement Infrastructure/tools in Africa
AFRINIC
 
PDF
TraceMON - a new RIPE Atlas tool
AFRINIC
 
PDF
Measuring the complexity of the Internet: indexes and indicators
AFRINIC
 
PDF
Beyond access: measuring digital inequalities
AFRINIC
 
AIS19 - Policies under discussion
AFRINIC
 
AIS19 Newcomers Session (EN)
AFRINIC
 
AFRINIC 101 2017
AFRINIC
 
AFRINIC 101 2016 (Fr)
AFRINIC
 
Internet development in Africa: a content use, hosting and distribution persp...
AFRINIC
 
Insight Into Africa’s Country-level Latencies
AFRINIC
 
Deep Diving into Africa’s Inter-Country Latencies
AFRINIC
 
Studying performance barriers to cloud services in Africa's public sector
AFRINIC
 
Routing security and implications for NRENs
AFRINIC
 
APRICOT Latency Clustering
AFRINIC
 
Latency clustering AfPIF2017
AFRINIC
 
AFRINIC RIA MoU
AFRINIC
 
AFRINIC DNSSEC Infrastructure and Signer Migration
AFRINIC
 
Tampering With the Open Internet: Experiences From Africa
AFRINIC
 
Assessing Internet Freedom and the Digital Resilience
AFRINIC
 
Measuring quality of Internet links in NRENs
AFRINIC
 
State of Internet measurement Infrastructure/tools in Africa
AFRINIC
 
TraceMON - a new RIPE Atlas tool
AFRINIC
 
Measuring the complexity of the Internet: indexes and indicators
AFRINIC
 
Beyond access: measuring digital inequalities
AFRINIC
 

Recently uploaded (20)

PPT
12 Things That Make People Trust a Website Instantly
Shethil Ahammed
 
PDF
Smart Home Technology for Health Monitoring (www.kiu.ac.ug)
publication11
 
PDF
📍 LABUAN4D EXCLUSIVE SERVER STAR GAMING ASIA NO.1 TERPOPULER DI INDONESIA ! 🌟
alexiskandar061
 
PPT
FIRE PREVENTION AND CONTROL PLAN- LUS.FM.MQ.OM.UTM.PLN.00014.ppt
MelwinPaul6
 
PDF
Session 1 (Week 1)fghjmgfdsfgthyjkhfdsadfghjkhgfdsa
ssuser25df8b
 
PPTX
Layers_of_the_Earth_Grade7.pptx class by
varadhanvara05
 
PDF
Exploring VPS Hosting Trends for SMBs in 2025
Liquid Web
 
PDF
📍 LABUAN4D EXCLUSIVE SERVER STAR GAMING ASIA NO.1 TERPOPULER DI INDONESIA ! 🌟
alexiskandar061
 
PPT
Ethics in Information System - Management Information System
faizhossain3
 
PDF
Exploring The Internet Of Things(IOT).ppt
rakeshk19831911
 
PPTX
artificialintelligenceai1-copy-210604123353.pptx
b45r14
 
PPTX
Reading as a good Form of Recreation
Raj Kumble
 
DOCX
Powerful Ways AIRCONNECT INFOSYSTEMS Pvt Ltd Enhances IT Infrastructure in In...
Airconnect pvtltd
 
PDF
simpleintnettestmetiaerl for the simple testint
sherlockholmes10009
 
PPTX
TITLE DEFENSE entitle the impact of social media on education
AgustoJerizMarfil
 
PPTX
Mathew Digital SEO Checklist Guidlines 2025
Mathew Digital
 
PPT
250152213-Excitation-SystemWERRT (1).ppt
woldemariamworku2
 
PDF
Course Overview and Agenda cloud security
ElsayedKowaydeh
 
PDF
Containerization lab dddddddddddddddmanual.pdf
muler161921
 
PDF
The Evolution of Traditional to New Media .pdf
NIKKODENSMIRO
 
12 Things That Make People Trust a Website Instantly
Shethil Ahammed
 
Smart Home Technology for Health Monitoring (www.kiu.ac.ug)
publication11
 
📍 LABUAN4D EXCLUSIVE SERVER STAR GAMING ASIA NO.1 TERPOPULER DI INDONESIA ! 🌟
alexiskandar061
 
FIRE PREVENTION AND CONTROL PLAN- LUS.FM.MQ.OM.UTM.PLN.00014.ppt
MelwinPaul6
 
Session 1 (Week 1)fghjmgfdsfgthyjkhfdsadfghjkhgfdsa
ssuser25df8b
 
Layers_of_the_Earth_Grade7.pptx class by
varadhanvara05
 
Exploring VPS Hosting Trends for SMBs in 2025
Liquid Web
 
📍 LABUAN4D EXCLUSIVE SERVER STAR GAMING ASIA NO.1 TERPOPULER DI INDONESIA ! 🌟
alexiskandar061
 
Ethics in Information System - Management Information System
faizhossain3
 
Exploring The Internet Of Things(IOT).ppt
rakeshk19831911
 
artificialintelligenceai1-copy-210604123353.pptx
b45r14
 
Reading as a good Form of Recreation
Raj Kumble
 
Powerful Ways AIRCONNECT INFOSYSTEMS Pvt Ltd Enhances IT Infrastructure in In...
Airconnect pvtltd
 
simpleintnettestmetiaerl for the simple testint
sherlockholmes10009
 
TITLE DEFENSE entitle the impact of social media on education
AgustoJerizMarfil
 
Mathew Digital SEO Checklist Guidlines 2025
Mathew Digital
 
250152213-Excitation-SystemWERRT (1).ppt
woldemariamworku2
 
Course Overview and Agenda cloud security
ElsayedKowaydeh
 
Containerization lab dddddddddddddddmanual.pdf
muler161921
 
The Evolution of Traditional to New Media .pdf
NIKKODENSMIRO
 

DNS Measurements

  • 1. Internet/DNS Measurements Africa DNS Forum 2017 Josiah Chavula, Amreesh Phokeer AFRINIC Ltd Research & Innovation
  • 2. Overview Internet Measurements ● Motivation for DNS Measurements ● RIPE Atlas measurements ● Tools, Techniques and Metrics ● Use Cases
  • 3. Why Internet Measurements ● Monitor the performance of your network in real time from thousands of vantage points ● Troubleshoot problems close to your customers ● Validate your peering strategies (e.g. TraceMON routing anomalies) ● Plan your content distribution (e.g reachability and latency) ● Research (e.g. IPv6 and DNSSEC deployment and performance)
  • 4. • Large-scale monitoring of Authoritative DNS (Roots, ccTLDs, etc…) • automatically detect failures • monitoring performance • Determine which instances of a name server clients/networks use • assess the impact of issues with one or more root name servers DNS Measurements (Active Measurements)
  • 5. Passive DNS Measurements Analysis of zone files / resolvers’ data • Prevalence of DNS Authoritative Name servers running V6 • DNS Resolvers: prevalence of resolvers requesting AAAA records. • DNS Queries: the distribution of actual IPv6-related DNS queries. Please share DNS data!
  • 6. RIPE Atlas: Probes •Global network of "probes" to measure Internet connectivity •Monitor network reachability from hundreds of vantage points •Monitor responsiveness of DNS infrastructure, such as root name servers
  • 7. RIPE Atlas: Anchors •More powerful probes, monitoring regional connectivity •7 anchors in Africa
  • 8. Accessing Ripe Atlas: https://atlas.ripe.net
  • 9. • Root Server Performance • Server responsiveness • Performance comparison between TCP and UDP • Root Instances • which root DNS server instance gets queried by clients • Root server latencies • compare response times for DNS SOA queries to all the root DNS servers DNS Measurements
  • 10. DNSMON: monitoring root zone servers
  • 11. DNSMON: monitoring root zone servers
  • 14. Root Server Performance Performance comparison between TCP and UDP (ratio).
  • 15. Which DNS root server instance is used by clients? • measure "gravitational radius" of root server instances (for servers employing anycasting) • What is the latency of different root server instances?
  • 16. Which root DNS server instance is used by clients? Example: Some South African client experiences 482ms response time to Sydney versus 39ms response time to Cape Town
  • 17. • Query for popular domain names to hit caches and local resolvers where appropriate Measuring end-user DNS experience?
  • 18. DNS Latency Visualization: List latencies to a DNS server per probe
  • 20. compare: 15ms versus 361ms DNS latency
  • 21. • Compare multiple latency trends to resolvers • Charts updated in real time as data is received from the probes LatencyMON
  • 22. RIPE Atlas live streaming (https://atlas.ripe.net/docs/result-streaming/, http://sg-pub.ripe.net/demo-area/atlas-stream/conn/ ) Receive measurement results as soon as they are sent by the probes - Real-time connectivity monitoring - Publish/subscribe through web sockets Three types of data: - Measurement results - Probe connection status events - Measurements metadata
  • 23. The Root Canary • Measuring and monitoring the impact of the KSK rollover • Track operational impact of the root KSK • Measure validation during the KSK rollover from a global perspective • Gain immediate insight into which operators have validation problems • Monitor the state of DNSSEC validation from multiple angles • Ripe Atlas probes + test validation • using signed and bogus records
  • 24. Validation status based on RIPE Atlas probes that have successfully executed tests (https://portal.rootcanary.org/rcmstats.html )
  • 26. • Monitoring DNS Propagation Time / DNS Consistency • monitoring SOA timestamp propagation time • looking at the moment when a change is made by one of the registrars, and following how quickly these changes propagate. • DNS resolver hijack checker • how do we protect from “bad actors” on the Internet? How do we know that DNS resolution is coming from the “proper” place? • use RIPE Atlas probes to query a pre-set DNS record on your own server, and use a public DNS resolver with known IP addresses; match the responses; mark the probes that show inconsistent responses. • Reverse DNS statistics • dig into reverse DNS data: what percentage of delegations has issues (lame), latency in domain object creation, coverage of address space with reverse delegations. Other DNS Use Cases (From Ripe Atlas Hackathon: https://labs.ripe.net/Members/becha/results-dns-measurements-hackathon )
  • 27. Web Interface Measurements (https://atlas.ripe.net/measurements/form/ )
  • 28. RIPE Atlas Cousteau • A python wrapper around RIPE Atlas API - https://github.com/RIPE-NCC/ripe-atlas-cousteau - pip install ripe.atlas.cousteau • Manage measurements: - Create a measurement - Stop a measurement - Change probes involved • Fetch results from API, streaming and probes
  • 30. More about Ripe Atlas • Atlas Tools: https://atlas.ripe.net/measurements-and-tools/tools/ • RESTfulAPI – https://atlas.ripe.net/docs/measurement-creation-api/ • Atlas API description – https://atlas.ripe.net/docs/rest/ • AtlasAPI tutorial – https://atlas.ripe.net/docs/measurement-creation-api/ • Public measurements – https://atlas.ripe.net/measurements/ • Map of results – https://atlas.ripe.net/results/maps/ • List of probes – https://atlas.ripe.net/probes/ • Geographical mapsof probes – https://atlas.ripe.net/results/maps/network-coverage/
  • 31. AFRINIC-27 27 November to 2nd December 2017 Lagos, Nigeria AFRICOMM 2017 International Workshop on Internet Measurements Research in Africa DECEMBER 11–12, 2017 | LAGOS, NIGERIA http://africommconference.org/2017/show/IMRA Upcoming Internet Measurements Workshops