dns: functions evolution · 2019. 3. 15. · google public resolver & dot/doh end users tld...
TRANSCRIPT
![Page 1: DNS: FUNCTIONS EVOLUTION · 2019. 3. 15. · Google public resolver & DoT/DoH End users TLD zone servers Google Resolver 8.8.8.8 From Google Cache sTLD zone servers DNS over TLS](https://reader035.vdocument.in/reader035/viewer/2022081411/60a70e5bbd69d16b7c4b356d/html5/thumbnails/1.jpg)
DNS: FUNCTIONS EVOLUTION
Pavel KhramtsovMSK-IX DNS projects manager Moscow, 2018
![Page 2: DNS: FUNCTIONS EVOLUTION · 2019. 3. 15. · Google public resolver & DoT/DoH End users TLD zone servers Google Resolver 8.8.8.8 From Google Cache sTLD zone servers DNS over TLS](https://reader035.vdocument.in/reader035/viewer/2022081411/60a70e5bbd69d16b7c4b356d/html5/thumbnails/2.jpg)
DNS
![Page 3: DNS: FUNCTIONS EVOLUTION · 2019. 3. 15. · Google public resolver & DoT/DoH End users TLD zone servers Google Resolver 8.8.8.8 From Google Cache sTLD zone servers DNS over TLS](https://reader035.vdocument.in/reader035/viewer/2022081411/60a70e5bbd69d16b7c4b356d/html5/thumbnails/3.jpg)
The classic recursion scheme
DNS answers
ROOT zone servers
End users
TLD zone servers
Public DNS Resolver dns.ix.ru
62.76.76.62
sTLD zone servers
End users queries
Recursion
It may be any ISP’s resolver
Stub resolver
![Page 4: DNS: FUNCTIONS EVOLUTION · 2019. 3. 15. · Google public resolver & DoT/DoH End users TLD zone servers Google Resolver 8.8.8.8 From Google Cache sTLD zone servers DNS over TLS](https://reader035.vdocument.in/reader035/viewer/2022081411/60a70e5bbd69d16b7c4b356d/html5/thumbnails/4.jpg)
The classic recursion scheme with DNSSEC
DNS answers
ROOT zone servers
End users
TLD zone servers
ISP’s resolver
sTLD zone servers
End users queries
Recursion and DNSSEC validation
Stub resolver
KSK 11.10.2018
RFC 5011
![Page 5: DNS: FUNCTIONS EVOLUTION · 2019. 3. 15. · Google public resolver & DoT/DoH End users TLD zone servers Google Resolver 8.8.8.8 From Google Cache sTLD zone servers DNS over TLS](https://reader035.vdocument.in/reader035/viewer/2022081411/60a70e5bbd69d16b7c4b356d/html5/thumbnails/5.jpg)
The classic recursion scheme with local root & prefetching
DNS answers
End users
TLD zone servers
ISP’s resolver
sTLD zone servers
End users queries
Recursion and DNSSEC validation
Stub resolver
KSK 11.10.2018
RFC 5011
ROOT zone local server
RFC 7706
Root zone
“Prefetching”
ISP
![Page 6: DNS: FUNCTIONS EVOLUTION · 2019. 3. 15. · Google public resolver & DoT/DoH End users TLD zone servers Google Resolver 8.8.8.8 From Google Cache sTLD zone servers DNS over TLS](https://reader035.vdocument.in/reader035/viewer/2022081411/60a70e5bbd69d16b7c4b356d/html5/thumbnails/6.jpg)
The classic recursion scheme with Google public resolver
DNS answers
End users
TLD zone servers
Google Resolver
8.8.8.8 From Google Cache
sTLD zone servers
End users queries
Recursion and DNSSEC validation
Stub resolver
KSK 11.10.2018
RFC 5011
ROOT zone local server
RFC 7706 ?
Root zone
“Prefetching - ?”
ISP
![Page 7: DNS: FUNCTIONS EVOLUTION · 2019. 3. 15. · Google public resolver & DoT/DoH End users TLD zone servers Google Resolver 8.8.8.8 From Google Cache sTLD zone servers DNS over TLS](https://reader035.vdocument.in/reader035/viewer/2022081411/60a70e5bbd69d16b7c4b356d/html5/thumbnails/7.jpg)
The classic recursion scheme with Google public resolver & DoT/DoH
End users
TLD zone servers
Google Resolver
8.8.8.8 From Google Cache
sTLD zone servers
DNS over TLS / DNS over HTTPS
Recursion and DNSSEC validation
Browser with DoT/DoH
KSK 11.10.2018
RFC 5011
ROOT zone local server
RFC 7706 ?
Root zone
“Prefetching - ?”
ISP
Does Google need DNS?Actually Yes! For prefetching.
Does end-user need DNS?No!
![Page 8: DNS: FUNCTIONS EVOLUTION · 2019. 3. 15. · Google public resolver & DoT/DoH End users TLD zone servers Google Resolver 8.8.8.8 From Google Cache sTLD zone servers DNS over TLS](https://reader035.vdocument.in/reader035/viewer/2022081411/60a70e5bbd69d16b7c4b356d/html5/thumbnails/8.jpg)
The trust to Google is boundless
What Google EcosystemIncludes?● Search Engine
● Browser
● Public Resolver
● Information resources cache
● Center of Authority
● …
![Page 9: DNS: FUNCTIONS EVOLUTION · 2019. 3. 15. · Google public resolver & DoT/DoH End users TLD zone servers Google Resolver 8.8.8.8 From Google Cache sTLD zone servers DNS over TLS](https://reader035.vdocument.in/reader035/viewer/2022081411/60a70e5bbd69d16b7c4b356d/html5/thumbnails/9.jpg)
Resume
One World. One Internet. One Resolving?
Is it still right?
Does new DNS-trends keep the Resolving in correct way?
That is the question!
![Page 10: DNS: FUNCTIONS EVOLUTION · 2019. 3. 15. · Google public resolver & DoT/DoH End users TLD zone servers Google Resolver 8.8.8.8 From Google Cache sTLD zone servers DNS over TLS](https://reader035.vdocument.in/reader035/viewer/2022081411/60a70e5bbd69d16b7c4b356d/html5/thumbnails/10.jpg)
Thank you!Your questions?
Pavel KhramtsovMSK-IX DNS projects manager +7 (495) 737-92-95
8 Marta Street 1, bld. 12, office XXXV, room 19 Moscow 127083, Russian Federation
msk-ix.ruWebsite
facebook.com/msk.ixFacebook