After the discussion a few weeks back about DNS performance, I asked one
of my colleagues, Brendon Jones to add DNS performance to the gTLD/Root
servers to our Active Measurement Platform (AMP) which is already
monitoring the .nz nameservers. These have now had a while to collect
some data and show a fairly interesting (and IMHO pretty visualisation
of New Zealands DNS performance)
For starters, we've in the past measured performance to the .nz ccTLD
name servers to track their performance within New Zealand. This shows
a pretty healthy coverage for .nz. Full marks to all the people who
have done the hard work to make this happen.
This in comparison shows how many hops we see in a traceroute to the .nz
ccTLD servers. All the New Zealand name servers are firewalled in such a
way we can't get an accurate count, but this at least provides a lower
bound. You can see people who don't peer at WIX don't see the near
instance of ns7.
Second up, we added a test to all of our measurement points to the Root
Servers. This shows quite distinctively that there are several places
in New Zealand whose peering policy means that they don't see some, or
in the case of Otago Uni's CS Dept, any, New Zealand based instances.
vuw interestingly doesn't appear to be able to contact any f.root
instance at all. New Zealand seems to be fairly well covered with F,
I, J and even a fairly close K root.
This shows the same visualisation to all of the gTLD servers. This
shows a much more unhappy view of New Zealand. Our monitoring points
are quite biased towards universities which generally prefer KAREN,
which has poor coverage (which appears to be due to KARENs policies) and
thus show very poor numbers. However it doesn't paint a particularly
rosy picture for much of the rest of New Zealand either, with Maxnet and
TheLoop also failing to find any instances anywhere near New Zealand at
Afilias provide nameserving for several zones including .org/.mobi and
so on. Right this instant TelstraClear doesn't appear to be able to get
at all, so again many of the universities show failures, although this
time it doesn't appear to be routing issues with KAREN.
Also, just as we were setting up collecting some test data (but
unfortunately not traceroute data), KAREN coincidentally had a major
outage in Hamilton which impacted the University of Waikato. This let
us see what happens when KAREN's routes aren't available: (See?
Unscheduled outages /can/ have an upside!)
This shows that if we don't have KAREN routes available, then our
performance to b, e, j and k root *improves*, Sigh. Also our
performance to F root degrades as our commodity internet connection
suddenly has to handle the additional load:
So, all in all, New Zealand's DNS Performance is better than I had seen
(my two measurement points inside Waikato University and Rurallink were
two of the worst to choose from, Rurallink doesn't yet host an AMP node
so doesn't appear here).
Hopefully KAREN will in the future consider hosting/peering directly
with at least a root server, and NZ ccTLD server so if an Universities
commidity connection falls over then you can still resolve (and
therefore create new connections to) other research institutions. KAREN
could either start not accepting "scenic" routes from other R&E networks
for other anycast instances of Root/gTLD/ccTLD servers, or provide
access to them via less amusing routes by increasing their peering.
People who don't peer at WIX miss out on the instances hosted there. If
you're not peering, some of your customers are getting slower results
for DNS lookups than necessary making web pages take longer, to load,
and thus your service appear to be slower. Yet another reason to
improve your peering.
Ideas and comments welcomed!