Embed Size (px)
Citation preview
DNS: FUNCTIONS EVOLUTION
Pavel KhramtsovMSK-IX DNS projects manager Moscow, 2018
DNS
The classic recursion scheme
DNS answers
ROOT zone servers
End users
TLD zone servers
Public DNS Resolver dns.ix.ru
62.76.76.62
sTLD zone servers
End users queries
Recursion
It may be any ISP’s resolver
Stub resolver
The classic recursion scheme with DNSSEC
DNS answers
ROOT zone servers
End users
TLD zone servers
ISP’s resolver
sTLD zone servers
End users queries
Recursion and DNSSEC validation
Stub resolver
KSK 11.10.2018
RFC 5011
The classic recursion scheme with local root & prefetching
DNS answers
End users
TLD zone servers
ISP’s resolver
sTLD zone servers
End users queries
Recursion and DNSSEC validation
Stub resolver
KSK 11.10.2018
RFC 5011
ROOT zone local server
RFC 7706
Root zone
“Prefetching”
ISP
The classic recursion scheme with Google public resolver
DNS answers
End users
TLD zone servers
Google Resolver
8.8.8.8 From Google Cache
sTLD zone servers
End users queries
Recursion and DNSSEC validation
Stub resolver
KSK 11.10.2018
RFC 5011
ROOT zone local server
RFC 7706 ?
Root zone
“Prefetching - ?”
ISP
The classic recursion scheme with Google public resolver & DoT/DoH
End users
TLD zone servers
Google Resolver
8.8.8.8 From Google Cache
sTLD zone servers
DNS over TLS / DNS over HTTPS
Recursion and DNSSEC validation
Browser with DoT/DoH
KSK 11.10.2018
RFC 5011
ROOT zone local server
RFC 7706 ?
Root zone
“Prefetching - ?”
ISP
Does Google need DNS?Actually Yes! For prefetching.
Does end-user need DNS?No!
The trust to Google is boundless
What Google EcosystemIncludes?● Search Engine
● Browser
● Public Resolver
● Information resources cache
● Center of Authority
● …
Resume
One World. One Internet. One Resolving?
Is it still right?
Does new DNS-trends keep the Resolving in correct way?
That is the question!
Thank you!Your questions?
Pavel KhramtsovMSK-IX DNS projects manager +7 (495) 737-92-95
8 Marta Street 1, bld. 12, office XXXV, room 19 Moscow 127083, Russian Federation
msk-ix.ruWebsite
facebook.com/msk.ixFacebook
