[Measurement-wg] Hackathon at AIS 2019: Measuring DNS using RIPE Atlas, 19-20 June 2019

Amreesh Phokeer amreesh at afrinic.net
Mon Jun 3 07:36:34 UTC 2019

Hello measurement folks,

ISOC and AFRINIC are organising a two-day Hackathon @AIS2019 on 19-20 June, 2019.

##Measuring DNS using RIPE Atlas

Champions: Willem Toorop - (NLNET Labs) - possibly also: Jasper den Hartog - (RIPE NCC)

Encryption everywhere. It’s an initiative in the technical community that started as a reaction to Edward Snowden’s revelations about the NSA’s widespread surveillance and pervasive monitoring. All of these efforts are aimed at protecting the complete path between the user and the service. This means authentication and encryption should start at the edge of the network, with the end user. As just about any interaction on the Internet starts out with a query for a domain name, it puts the DNS at the core of achieving this ultimate goal.

The IETF has developed two methods for providing privacy for DNS:

	• DNS-over-TLS (DoT): RFC7858 and RFC8310.
	• DNS-over-HTTPS (DoH) as specified in RFC8484.

Mozilla recently announced that they have implemented DNS over HTTPS in Firefox and would like to deploy it by default for their users (Mozilla announcement). They intend to select a set of Trusted Recursive Resolvers (TRRs) that will be used for DoH resolution. Requirements for TRRs are published here. Currently there is a single TRR in Firefox: Cloudfare's

Also DNS-over-TLS currently is mostly available trough cloud provided DNS services, like: Cloudflare's, Google's, and Quad9's

###Within this hackathon track we will address the following questions:

	• How would centralized cloud provided DNS resolvers impact Internet in the African region?
	• Does it have performance implications?
	• Does it have other implications? (Political?)
	• Is it beneficial and achievable to provide local DoT or DoH resolvers?
	• How can this best be achieved/realized?

###Optimal DNS Latency

To address the question of performance and latency we will utilize RIPE Atlas, a global, open, distributed Internet measurement platform, consisting of thousands of measurement devices that measure Internet connectivity in real time. We will do measurements from RIPE Atlas probes in the Africa region to measure the latency from them to the cloud provided DNS services and compare that to the network provided resolver.

The density of RIPE Atlas probes in the Africa region is still quite low (see https://atlas.ripe.net/results/maps/density/ ), which we can hopefully improve a little during the hackathon by handing out RIPE Atlas probes for people to connect in their own network.

###Resolver Jedi

A considered measurement has to take along the deployment properties of the network provided resolvers we are comparing with. Are they optimally close to the probes? The IXP Country Jedi is a project that shows if the Internet traffic paths within a country stay within that country. As an example, here are the IXP Country Jedi results for South Africa: http://sg-pub.ripe.net/emile/ixp-country-jedi/latest/ZA/ixpcountry/index.html The Resolver Jedi will build upon this idea and show if the DHCP configured resolver on Atlas Probes are within the same country and also the path towards that resolver.

###Run your own DoH and/or DoT server

For performance and or political reasons it can be desirable to run your own DoH server. This can be done in different ways. For example DoH on the same server that runs an website might provide better privacy properties.

For optimum performance we also have to consider:

	• TLS Session Resumption
	• TCP Fast Open
Investigating and create instructions for setting up a DNS over HTTPS (DoH) service. Either shared with a regular website and/or offering it as a standalone resolver service.


	• Your own laptop
	• Good knowledge of Linux and how to administer software with it
	• For doing and processing RIPE Atlas measurements, Python is a big plus!

For more information please visit:

If you are interested to join, please contact Kevin Chege <chege at isoc.org>.

Amreesh D. Phokeer
Research Manager, AFRINIC
t: +230 403 51 00 | f: +230 466 6758 | tt: @afrinic | w: www.afrinic.net
facebook.com/afrinic | flickr.com/afrinic | youtube.com/afrinicmedia
Skype: amreesh.afrinic

More information about the Measurement-wg mailing list