A global reference model of the domain name system

Abstract

The domain name system (DNS) is a crucial component of the Internet. At this time, the DNS is facing major changes such as the introduction of DNSSEC and Internationalized Domain Name extensions (IDNs), the adoption of IPv6 and the upcoming extension of new generic top-level domains. These changes can significantly impact the behavior of the DNS. This paper presents a global DNS reference model for predicting DNS traffic behavior under specific conditions. The quantitative reference model is intended to be used for analyzing “what-if” scenarios—for example, how would DNS query rates at the recursive and authoritative name servers increase if DNSSEC validation errors were to cause more ServFail responses to be sent to DNS clients? The DNS reference model takes into account all relevant components present in the DNS architecture. Real-world data from recursive resolvers is analyzed statistically in order to characterize the system variables that describe query behavior at each of the independent system components. In addition, experimental results that characterize DNS client behavior and data from the literature are used to model the behavior of authoritative name servers. The reference model is validated by comparing the model predictions with the behavior observed in real-world operations. The validation results demonstrate the accuracy of the model predictions. A what-if scenario dealing with the effect of ServFail responses on DNS traffic flow is also presented to demonstrate the applicability of the model.