Call Girls Service Adil Nagar 7001305949 Need escorts Service Pooja Vip
Study of QoS on DNS services provided in Benin at AIS'18
1. QoS of DNS services in Benin
Yazid AKANHO on behalf of Benin DNS Forum.
Dakar, April 11th 2018.
www.dnsforum.bj
#BeninDNS
2. Agenda
1. Context of the study
2. Methodology
3. Results
4. Self-criticism/limitations
5. Going beyond
3. Context of the study
1. DNS, the forgotten part of the Internet!: we want to bring more focus DNS role on the Internet working.
2. domain names systems are usually discussed only by sysadmins in Benin and many countries, for most
users, Internet is just what they see on their screen! …
3. How DNS is used in Benin (resolvers and Authoritative servers)? Are best practices followed or not in
configuration and deployment? Is security taken into account in DNS area? diversity of DNS solutions
used, ...
4. KSK rollover : is Benin ready? How many resolvers do not update KSK and how many potential subscribers
will be affected after the rollover?
5. measure the attractiveness of .bj !
4. The 3 axes of the study
•Identify resolvers provided by ISPs
•Check if ISP’s resolvers configuration comply with
standards and best practices
•Provide appropriate recommendations
Quality of DNS
resolvers provided by
ISPs in Benin
•Check 98 .bj domains zone file configuration
•Check 98 .bj domains NS distribution (geographical, AS, …)
•Analyze the results and provide recommendations
.bj domain names NS
configurations
•Perform an online survey (23 Q): 254 answers collected.
•Measure the perception of Beninese on the national digital identity: .bj
•Identify the key expectation points of Beninese and collect
suggestions/recommendations for a more attractive ccTLD .bj
Attractiveness of ccTLD
.bj
5. Methodology
• Collect resolvers information from various Internet providers : ISP, GSM operators, …
• Use measurement tools to collect various data and metrics from 98 domains:
– Ripe-Atlas probes and APIs for measurements,
– tools like ZoneMaster, whois, dig, geoIP, and various scripts to verify and/or test NS servers IP address,
location, configuration, DNS records and zone files configurations,
• Collect data from end users: survey on attractiveness of .bj
• Data analysis and recommendations on each area of the study.
6. Benin: quick overview
West African country, at west is Nigeria, East is Togo, North is Niger and Burkina-Faso and at South is
Ocean.
10 ISPs and 2 MNO in April 2018.
Q4 2017:
− 4.6M Internet subscribers.
− 99,38% covered by MNOs and the rest by ISPs.
− Internet penetration rate : 40,4%
7. Results: 1
Quality of ISP’s DNS resolvers in Benin
Some ISPs and MNOs are reticent to share resolvers IP addresses. Resolver IP address is not confidential!
However 10 operators provided their resolvers IP address.
Some ISPs comply with BCP16 while few of them do not. Good!
Some ISPs use GPDNS as default resolver for their customers. Data privacy, latency in address resolution !
Very bad!
+90% resolvers are using GPDNS as forwarder. bad!
0
1
2
3
4
5
6
7
8
Operator using their
own resolver (>=1)
Operator using a
third party resolver
Resolver not known Operator using
more than two
resolvers
resolvers info
8. DNSSEC validation in West Africa.
Source: https://stats.labs.apnic.net/dnssec
DNSSEC:
₋ +81 % resolvers perform DNSSEC validation,
₋ +70 % DNS requests are validated with DNSSEC
₋ +41% DNSSEC validation passed through GPDNS.
EDNS:
₋ Very important to avoid DNS answers to be dropped
₋ 40% resolvers activate EDNS (512 to 4096 bytes) : RFC 6891
Trust anchors:
₋ Mandatory to update resolvers before upcoming KSK rollover
₋ One of the tested resolvers is not updated to latest trust-anchors
Results: 1
Quality of ISP’s DNS resolvers in Benin
9. Resolver availability and response time:
₋ 24h ping measurement using RIPE Atlas probes show 100% availability and response time up to
200ms. Globally positive
Results: 1
Quality of ISP’s DNS resolvers in Benin
10. Conclusion & recommendations:
Quality of ISP’s DNS resolvers in Benin
Install resolvers (recursive/cache) where it is not, an ISP must have resolvers (>=2 in different subnets
preferably).
activate DNSSEC validation (configure dnssec-validation auto; instead of dnssec-validation yes; unless you
know what you are doing!) and EDNS where applicable.
Replace GPDNS by Quad9 (exists at Benin IXP), ideally use root hints.
Update to KSK2017 trust anchors : procedure available at : https://www.icann.org/dns-resolvers-checking-
current-trust-anchors
12. Results 2:
Study of .bj domains Name Servers
configuration
98 domains .bj tested ≈12.5% of domains in .bj.
Top 3 countries holding NS from domains in .bj: Benin, France, USA.
2/3 of NS are hosted abroad!, no NS hosted somewhere else in Africa (as per the 98 sample domains).
13. up to 5 Name Servers defined for some domains, recommendation is 2 (BCP16). No domain with 1
authoritative server. Good!
For 93% cases, all NS of a particular domain are within the same AS. Only 7% follow the best practice which
is to put NS in different AS.
0
10
20
30
40
50
60
70
80
# of NS
Number of NS per domain
2 NS 3 NS 4 NS 5 NS
93%
7%
NS distribution per AS
NS in same AS
NS in different AS
Results 2:
Study of .bj domains Name Servers
configuration
14. 50% TTL are > 3 hours for A records tested.
25% of NS in .bj able to talk IPv6, none is hosted in Benin!
5% of NS in .bj have at least one AAAA records, none is hosted in Benin!
TTL configured
On NS
Is NS able
to talk IPv6?
Results 2:
Study of .bj domains Name Servers
configuration
15. Zone file transfer is available in some NS. Admin error or well known ??? Bad!
72.7% domains tested have only one MX record in zone file. Potential point of failure for mail delivery!
89.2% of tested domains Name servers have EDNS activated with 4096 bytes as limit (RFC 6891).
6.10%
93.90%
Is zone file transfer possible?
Yes
No
0.00%
10.00%
20.00%
30.00%
40.00%
50.00%
60.00%
70.00%
80.00%
1 MX 2 MX 3MX 4 MX 5 MX
Number of MX in a domain
Results 2:
Study of .bj domains Name Servers
configuration
16. Conclusion & recommendations:
Study of .bj domains Name Servers
configuration
Install more authoritative servers locally! (reliable power and connectivity may be a constraint!)
Redistribute the NS for the same domain into different AS.
Improve IPv6 deployment.
Name Server hardening: zone file transfer, increase number of MX, increase low TTL where applicable.
18. 254 people with various profile participated in the survey (diversity!): IT, health, marketing, lawyers, …
Dot bj global stats 2017 (from regulatory): 800 names registered, 78% from enterprises, 19% from
individuals and 9% from government.
91,7% of the participants know .bj
But only 12% have a domain dot bj while 67% have a domain name in another TLD (.com, .net, .org…)
75% of them would prefer a dot bj if registration process is simplified. Probably most of those who
actually have a gTLD domain name!
Results 3:
Attractiveness of ccTLD .bj
19. People prefer electronic payment methods to traditional methods, mainly to remove wasting time.
participants prefer other TLD to .bj for various reasons. Each of them should be taken seriously in
strategy management.
90
167
24
49
133
0
20
40
60
80
100
120
140
160
180
Cash Mobile money bank check bank transfer online
payement card
count
Payement method
payment method choices to register .bj
156
132
117
99
45
0
20
40
60
80
100
120
140
160
180
ease of
purchase and
payment
availability
guarantee
affordable
price
referencing other
count
reason
why do you prefer another TLD to .bj?
Results 3:
Attractiveness of ccTLD .bj
20. The 200 recommendations from the community: Almost 200 participants submitted a proposition to
improve visibility and attractiveness of ccTLD .bj. Here are few of them:
Full automation of the registration process: simple reservation and purchase mechanisms,
accessible and available online to avoid the constraint of physical movement to the registrar.
Increase number of registrar
Affordable and competitive costs (the average of 10,000 CFA seems acceptable to the public).
Good communication strategy with excellent packages.
Better control on purchase costs from abroad for customers not resident in Benin
integration of electronic payment methods.
Adoption by Government structures, private companies, NGOs, Universities, ...: political decisions
(assign during Enterprise creation process for example)
Results 3:
Attractiveness of ccTLD .bj
21. Limits
Tests were short (in time) and data collected is not enough to have very trustable conclusions.
Number of answers during the survey was low: analysis may have not reflect the complete reality. Need
to read from more profiles and actors.
Data collected are not enough for a high confidence analysis
22. Going beyond!
• More analysis, this will require support from .bj registry :
– top N most requested domains,
– “Who is asking and what are they asking for?”
– "the top N domains requested which answer is a NXDOMAIN“
– "How many queries use EDNS0 and for which sizes?“
– …
• Redo the study to check for improvements, collect more data to increase confidence interval.
23. About Benin DNS Forum
Forum on Domain Name System and Internet in Benin.
Open : up to 5 local associations working together, new asso are welcome
5 days activities : Woman DNS Academy, public-private sectors seminar on DNS best practices, DNSathon,
public forum with panels and tutos
http://dnsforum.bj/
Reports at http://dnsforum.bj/rapports/