Rendimiento de DNS para el TLD .re
Esta web utiliza el top level domain .re. Tenía curiosidad por ver el rendimiento desde un sitio lejano a Francia, país al que pertenece la entidad que lo gestiona, el registry AFNIC.
En el mapa de arriba se puede observar la localización de los servidores DNS para los TLD .fr y .re. Este otro mapa de un año antes se distingue además servidores unicast de anycast:
Anycast permite utilizar una misma dirección IP en múltiples servidores alrededor del mundo. Cada autonomous system (AS) enruta esa IP anycast a un servidor físico distinto. El objetivo es aumentar la redundancia y el rendimiento:
The .fr TLD in an increasingly dense «cloud»
Afnic Business Report 2011
Ever since 2010, Afnic initiated a change in its DNS system by
increasingly relying on Anycast technology, thereby multiplying the
number of servers hosting the data of the .fr zone to ensure a high
level of redundancy and greater performance. The use of Anycast was
further developed in 2011 with a «thickening» of the cloud of servers
by adding new European Anycast nodes and the re-integration of
French Unicast nodes for the sake of robustness.
Otra cita:
With respect to security, as early as 2007 AFNIC had
AFNIC activity report 2008
begun studying “anycast” technology, which makes
it possible to strengthen DNS infrastructure and to
provide better local service. The principle behind
this technology is to hide a cloud of servers behind
a single address, in particular for the purpose of
protecting against denial of service attacks.
En el párrafo más adelante menciona las empresas externas que se utilizaron:
An initial vendor, Autonomica, was selected at the
AFNIC activity report 2008
beginning of 2008, quickly joined by a second, PCH,
in order to cover new zones.
At the end of 2008, the server landscape for .fr is
as follows: three are maintained by AFNIC, three
others entrusted to peers and two are anycast clouds
operated by the service provides mentioned above.
As explained in the answer to Question 34 (Geographic Diversity), the registry also relies on two operators of Anycast clouds to expand the international coverage of the DNS nodes which must respond to queries for the domain extensions hosted on them. The two operators are Netnod Autonomica and PCH (Packet Clearing House) who are both known for their high quality services; in addition, Netnod Autonomica hosts one the root server
https://www.domainpeople.com/partnerservices/new-gtlds/404/
New gTLD Application Submitted to ICANN by: Fédération Nationale de la Mutualité Française (String: MUTUELLE)
Las tres redes anycast de la AFNIC se corresponden con:
DNS publishing will be on all three of the Anycast clouds already used for the .fr TLD:
Onboarding guide for new gTLDs operated by Afnic
d.nic.fr, f.ext.nic.fr, g.ext.nic.fr.
https://www.afnic.fr/medias/documents/onboarding-guide-new-gtld.pdf
d.nic.fr es la gestionada por AFNIC, y supongo que las otras dos son administradas por las empresas externas (de ahí ext) mencionadas anteriormente.
Pruebas desde Amazon EC2 Tokio
Arranqué una máquina virtual de EC2 en Tokio, e hice algunas pruebas:
dig +trace
[ec2-user@ip-172-31-12-157 ~]$ dig +trace www.riru.re
; <<>> DiG 9.11.4-P2-RedHat-9.11.4-26.P2.amzn2.2 <<>> +trace www.riru.re
;; global options: +cmd
. 518400 IN NS A.ROOT-SERVERS.NET.
. 518400 IN NS B.ROOT-SERVERS.NET.
. 518400 IN NS C.ROOT-SERVERS.NET.
. 518400 IN NS D.ROOT-SERVERS.NET.
. 518400 IN NS E.ROOT-SERVERS.NET.
. 518400 IN NS F.ROOT-SERVERS.NET.
. 518400 IN NS G.ROOT-SERVERS.NET.
. 518400 IN NS H.ROOT-SERVERS.NET.
. 518400 IN NS I.ROOT-SERVERS.NET.
. 518400 IN NS J.ROOT-SERVERS.NET.
. 518400 IN NS K.ROOT-SERVERS.NET.
. 518400 IN NS L.ROOT-SERVERS.NET.
. 518400 IN NS M.ROOT-SERVERS.NET.
;; Received 239 bytes from 172.31.0.2#53(172.31.0.2) in 0 ms
re. 172800 IN NS d.nic.fr.
re. 172800 IN NS e.ext.nic.fr.
re. 172800 IN NS f.ext.nic.fr.
re. 172800 IN NS g.ext.nic.fr.
re. 86400 IN DS 52825 13 2 AFC7C347395CA52E36E8851599EFBF883DAFB7F79FDEEE5D849C2BA4 76D9F16B
re. 86400 IN RRSIG DS 8 1 86400 20210224170000 20210211160000 42351 . oqBi8bI5TKB8SWI/Km/lmSmqawEBqJSX5k8aRMQy5HuD70AMcEnYpQJt IWSpg1Np1fbxDArckLMMh94wuZyYSLc5g6rf1/kMuyN31pSCyq8O/8XQ J/A1CN7NES+AUcsWmOuFYFTrpywTTI9bpgSsI+muvW/18ykzPkV5Xzwx 6Ah6BvN2rDDwNJWQeUaf0ABWlU6quyC9VMD/bfvkjU+nlPYxChfFyo3I v9mW7WOCed+U+srmaF0JDlRBfreKbudQ5sjL0m2OJBNMxCxXoBjtazyT RRUyJaiafCn+GgOqFZaw6oBPTOsdvNkzYXsLrhc+cYAHzD6EHq0j1uyf +fKvfw==
;; Received 625 bytes from 199.9.14.201#53(B.ROOT-SERVERS.NET) in 72 ms
riru.re. 172800 IN NS ns-121-b.gandi.net.
riru.re. 172800 IN NS ns-168-c.gandi.net.
riru.re. 172800 IN NS ns-48-a.gandi.net.
HS5G9SIQRB513KAFKG9O7E4S116CO5JV.re. 5400 IN NSEC3 1 1 1 297E821C HSVLAJ99BRR3CC7RLS3SR6OLK0KU0GTU NS SOA TXT NAPTR RRSIG DNSKEY NSEC3PARAM
HS5G9SIQRB513KAFKG9O7E4S116CO5JV.re. 5400 IN RRSIG NSEC3 13 2 5400 20210303074242 20210210144633 19928 re. EMx016lDsNRg+DS7Hy6EGJkQrsvt6FsiwXz2Tm2dOpnZVmCI6O95L42z LdgZT3cmh0fw0/URTGrHV2KPfZMoiA==
VJG3IIVKIGM8ENOVCH1SUGKCUA75HO0O.re. 5400 IN NSEC3 1 1 1 297E821C VJT0UD5QK1JHJP9J6878OFABF1J2FU6E NS DS RRSIG
VJG3IIVKIGM8ENOVCH1SUGKCUA75HO0O.re. 5400 IN RRSIG NSEC3 13 2 5400 20210323150255 20210122141921 19928 re. NAvdMVHlOI3u+C1Ff+sgoAo3OXBstKcx2DTCPl6yXIY0SCZ/mxVlDQ8I NKnwXP0cWNBZVSObn4yk50/rZBsXPg==
;; Received 482 bytes from 194.0.36.1#53(g.ext.nic.fr) in 3 ms
www.riru.re. 3600 IN CNAME webacc0.sd3.ghst.net.
;; Received 74 bytes from 217.70.187.169#53(ns-168-c.gandi.net) in 4 ms
Aquí lo importante son los servidores TLD de la AFNIC (d.nic.fr, e.ext.nic.fr, f.ext.nic.fr y g.ext.nic.fr). Los que vienen después (ns-121-b.gandi.net, ns-168-c.gandi.net y ns-48-a.gandi.net) son los de mi registrar (gandi.net).
dig a servidor DNS preconfigurado
[ec2-user@ip-172-31-12-157 ~]$ cat /etc/resolv.conf
; generated by /usr/sbin/dhclient-script
search ap-northeast-1.compute.internal
options timeout:2 attempts:5
nameserver 172.31.0.2
[ec2-user@ip-172-31-12-157 ~]$ dig www.riru.re
; <<>> DiG 9.11.4-P2-RedHat-9.11.4-26.P2.amzn2.2 <<>> www.riru.re
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25149
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.riru.re. IN A
;; ANSWER SECTION:
www.riru.re. 300 IN CNAME webacc0.sd3.ghst.net.
webacc0.sd3.ghst.net. 300 IN A 155.133.132.2
;; Query time: 365 msec
;; SERVER: 172.31.0.2#53(172.31.0.2)
;; WHEN: Fri Feb 12 02:09:05 UTC 2021
;; MSG SIZE rcvd: 90
Otra consulta DNS posterior, a las 02:21:54 UTC, dio como resultado 242 msec.
mtr a servidores TLD .re
d.nic.fra Fráncforte.ext.nic.fra Ámsterdamf.ext.nic.fra Singapurg.ext.nic.frse queda dentro de Tokio. Esto era lo que realmente quería comprobar. Llega por cierto a través de una conexión directa de 54.239.53.217 (Amazon Technologies, Inc.) con el JPIX (Japan Internet Exchange Co., Ltd.)
My traceroute [v0.92]
ip-172-31-12-157.ap-northeast-1.compute.internal (172.31.12.157) 2021-02-12T01:58:16+0000
Keys: Help Display mode Restart statistics Order of fields quit
Packets Pings
Host Loss% Snt Last Avg Best Wrst StDev
1. ec2-54-150-128-67.ap-northeast-1.compute.amazonaws.com 0.0% 6 3.0 18.2 1.1 91.3 35.9
2. ???
3. ???
4. ???
5. ???
6. ???
7. 100.65.11.33 0.0% 6 0.4 3.8 0.4 15.0 5.9
8. 15.230.129.203 0.0% 6 4.0 3.3 2.7 4.0 0.5
9. 15.230.129.212 0.0% 6 4.2 4.1 3.6 4.6 0.4
10. 52.93.72.116 0.0% 6 2.6 2.7 2.6 2.9 0.1
11. 100.91.137.84 0.0% 5 70.3 70.9 70.0 74.1 1.8
12. 100.91.3.139 0.0% 5 70.2 69.9 69.7 70.2 0.2
13. 150.222.240.97 0.0% 5 70.4 70.1 69.9 70.4 0.2
14. 100.91.181.40 0.0% 5 70.4 70.4 70.4 70.5 0.0
15. 52.93.8.128 50.0% 5 69.8 70.1 69.8 70.5 0.5
16. 52.93.8.125 0.0% 5 69.6 69.7 69.4 70.0 0.3
17. 33891.sgw.equinix.com 0.0% 5 70.0 72.4 69.9 82.1 5.4
18. ae2-2021.fra20.core-backbone.com 0.0% 5 232.6 232.7 232.6 232.8 0.1
19. core-backbone.ip-it.com 0.0% 5 232.4 232.4 232.3 232.4 0.0
20. ipit-transit.c02.fra.de.as49697.net 0.0% 5 253.5 253.7 253.3 254.7 0.6
21. v3001.c02.fra.de.as49697.net 0.0% 5 251.6 269.6 251.6 340.8 39.8
22. de-cix.fra.de.nic.fr 0.0% 5 242.9 252.9 242.7 293.1 22.5
23. d.nic.fr 0.0% 5 241.1 252.7 238.3 296.0 24.6
My traceroute [v0.92]
ip-172-31-12-157.ap-northeast-1.compute.internal (172.31.12.157) 2021-02-12T01:59:01+0000
Keys: Help Display mode Restart statistics Order of fields quit
Packets Pings
Host Loss% Snt Last Avg Best Wrst StDev
1. ec2-54-150-128-47.ap-northeast-1.compute.amazonaws.com 0.0% 6 3.3 22.9 1.6 116.2 45.7
2. ???
3. ???
4. ???
5. ???
6. ???
7. 100.65.8.65 0.0% 6 0.4 0.4 0.3 0.4 0.0
8. 15.230.129.157 0.0% 6 0.5 2.2 0.5 6.7 2.4
9. 15.230.129.166 0.0% 6 3.8 2.0 1.0 3.8 1.1
10. 52.95.31.46 0.0% 6 8.8 2.9 0.4 8.8 3.9
11. 100.91.149.20 0.0% 6 5.6 3.5 1.7 7.4 2.4
12. 100.91.3.219 0.0% 5 3.2 3.9 2.7 7.2 1.8
13. 100.91.147.147 0.0% 5 2.3 1.7 1.3 2.3 0.5
14. 150.222.90.34 0.0% 5 2.8 3.3 2.1 5.5 1.4
15. 52.93.250.156 0.0% 5 1.4 1.7 1.3 2.2 0.4
16. 210.173.176.161 0.0% 5 2.0 2.0 1.9 2.2 0.1
17. ???
18. be10.r0.r327.nkf.ams.nl.iptp.net 0.0% 5 220.3 220.3 220.3 220.4 0.1
19. 4-4.r0.r327.nkf.ams.nl.iptp.net 0.0% 5 195.7 196.0 195.6 197.4 0.8
20. nlix-globaltransit.alphamegahosting.com 0.0% 5 197.6 197.6 197.5 197.7 0.1
21. e.ext.nic.fr 0.0% 5 218.6 218.6 218.5 218.7 0.1
My traceroute [v0.92]
ip-172-31-12-157.ap-northeast-1.compute.internal (172.31.12.157) 2021-02-12T01:59:35+0000
Keys: Help Display mode Restart statistics Order of fields quit
Packets Pings
Host Loss% Snt Last Avg Best Wrst StDev
1. ec2-54-150-128-39.ap-northeast-1.compute.amazonaws.com 0.0% 6 4.1 10.1 0.6 34.5 12.3
2. ???
3. ???
4. ???
5. ???
6. ???
7. 100.65.11.97 0.0% 6 0.4 5.8 0.4 26.2 10.2
8. 15.230.129.207 0.0% 6 3.4 4.2 2.8 8.8 2.3
9. 15.230.129.210 0.0% 6 5.3 4.9 3.7 6.9 1.3
10. 52.93.72.130 0.0% 5 2.7 2.7 2.6 2.7 0.1
11. 100.91.137.70 0.0% 5 71.3 71.2 71.0 71.6 0.2
12. 100.91.3.137 0.0% 5 71.4 71.1 70.4 71.4 0.4
13. 150.222.240.95 0.0% 5 71.2 71.4 71.2 71.8 0.3
14. 100.91.181.2 0.0% 5 70.4 75.2 70.3 91.8 9.4
15. 52.93.8.46 40.0% 5 69.7 69.9 69.7 70.0 0.2
16. 52.93.8.37 0.0% 5 69.5 69.8 69.4 71.3 0.8
17. 8674.sgw.equinix.com 0.0% 5 70.8 70.8 70.8 70.9 0.0
18. f.ext.nic.fr 0.0% 5 70.9 70.9 70.9 71.0 0.0
My traceroute [v0.92]
ip-172-31-12-157.ap-northeast-1.compute.internal (172.31.12.157) 2021-02-12T02:00:04+0000
Keys: Help Display mode Restart statistics Order of fields quit
Packets Pings
Host Loss% Snt Last Avg Best Wrst StDev
1. ec2-54-150-128-79.ap-northeast-1.compute.amazonaws.com 0.0% 6 25.8 21.9 1.4 54.3 23.1
2. ???
3. ???
4. ???
5. ???
6. ???
7. 100.65.9.33 0.0% 6 0.8 5.4 0.3 29.6 11.9
8. 15.230.129.155 0.0% 6 1.8 2.6 0.7 5.4 2.2
9. 15.230.129.170 0.0% 6 1.8 1.9 1.1 3.6 0.9
10. 52.95.31.50 0.0% 6 0.6 3.1 0.4 8.4 3.4
11. 100.91.149.100 0.0% 5 1.8 1.9 1.6 2.6 0.4
12. 100.91.3.229 0.0% 5 4.8 3.4 2.8 4.8 0.8
13. 100.91.147.225 0.0% 5 4.9 3.1 2.5 4.9 1.0
14. 150.222.90.12 0.0% 5 4.2 5.0 3.3 9.5 2.6
15. 54.239.53.215 0.0% 5 5.2 2.3 1.5 5.2 1.6
16. as42.ix.jpix.ad.jp 0.0% 5 2.4 2.5 2.3 3.2 0.4
17. g.ext.nic.fr 0.0% 5 2.7 2.8 2.7 2.9 0.1
mtr a servidores para riru.re
ns-121-b.gandi.neta Tokions-168-c.gandi.neta Tokions-48-a.gandi.neta Los Ángeles
My traceroute [v0.92]
ip-172-31-12-157.ap-northeast-1.compute.internal (172.31.12.157) 2021-02-12T02:04:44+0000
Keys: Help Display mode Restart statistics Order of fields quit
Packets Pings
Host Loss% Snt Last Avg Best Wrst StDev
1. ec2-54-150-128-43.ap-northeast-1.compute.amazonaws.com 0.0% 6 3.4 30.3 3.4 79.9 37.5
2. ???
3. ???
4. ???
5. ???
6. ???
7. 100.65.9.161 0.0% 5 0.3 11.0 0.3 33.0 15.1
8. 52.93.73.225 0.0% 5 3.0 3.0 2.9 3.1 0.1
9. 52.93.72.177 0.0% 5 3.3 5.7 3.3 7.9 2.0
10. 52.93.72.96 0.0% 5 4.1 3.0 2.7 4.1 0.6
11. 100.91.137.34 0.0% 5 3.6 3.3 3.2 3.6 0.2
12. 100.91.3.213 0.0% 5 2.8 3.1 2.7 3.6 0.4
13. 100.91.147.163 0.0% 5 4.4 3.9 3.6 4.4 0.4
14. 150.222.90.24 0.0% 5 5.0 6.8 4.6 10.8 2.5
15. 54.239.53.243 0.0% 5 2.6 2.6 2.4 2.8 0.1
16. ae-29.r01.tokyjp08.jp.bb.gin.ntt.net 0.0% 5 3.7 3.6 3.5 3.7 0.1
17. ae-19.r30.tokyjp05.jp.bb.gin.ntt.net 75.0% 5 4.6 4.6 4.6 4.6 0.0
18. ae-2.r02.tokyjp05.jp.bb.gin.ntt.net 0.0% 5 4.7 4.7 4.6 4.8 0.1
19. 61.120.144.202 0.0% 5 4.1 4.1 4.1 4.2 0.0
20. 213.167.230.122 0.0% 5 5.2 5.3 5.2 5.5 0.2
My traceroute [v0.92]
ip-172-31-12-157.ap-northeast-1.compute.internal (172.31.12.157) 2021-02-12T02:05:37+0000
Keys: Help Display mode Restart statistics Order of fields quit
Packets Pings
Host Loss% Snt Last Avg Best Wrst StDev
1. ec2-54-150-128-73.ap-northeast-1.compute.amazonaws.com 0.0% 6 2.8 13.2 2.6 37.6 15.1
2. ???
3. ???
4. ???
5. ???
6. ???
7. 100.65.11.129 0.0% 6 3.3 14.6 0.9 38.3 15.3
8. 15.230.129.153 0.0% 6 0.8 1.4 0.6 3.5 1.1
9. 15.230.129.174 0.0% 6 1.7 1.7 1.1 2.3 0.4
10. 52.95.31.22 0.0% 6 0.3 2.0 0.3 10.2 4.0
11. 100.91.149.0 0.0% 5 3.3 3.2 2.7 3.5 0.3
12. 100.91.3.217 0.0% 5 2.5 3.0 2.5 3.4 0.4
13. 100.91.147.129 0.0% 5 6.6 3.4 2.4 6.6 1.8
14. 150.222.90.18 0.0% 5 21.7 6.7 2.3 21.7 8.4
15. 54.239.53.253 0.0% 5 4.7 2.2 1.5 4.7 1.4
16. ae-29.r01.tokyjp08.jp.bb.gin.ntt.net 0.0% 5 10.1 4.0 2.3 10.1 3.4
17. ae-19.r30.tokyjp05.jp.bb.gin.ntt.net 40.0% 5 5.4 4.5 3.5 5.4 1.0
18. ae-2.r02.tokyjp05.jp.bb.gin.ntt.net 0.0% 5 3.5 3.6 3.5 3.7 0.1
19. 61.120.144.202 0.0% 5 3.0 3.1 2.9 3.7 0.3
20. ns-168-c.gandi.net 0.0% 5 4.2 4.2 4.1 4.2 0.0
My traceroute [v0.92]
ip-172-31-12-157.ap-northeast-1.compute.internal (172.31.12.157) 2021-02-12T02:06:20+0000
Keys: Help Display mode Restart statistics Order of fields quit
Packets Pings
Host Loss% Snt Last Avg Best Wrst StDev
1. ec2-54-150-128-67.ap-northeast-1.compute.amazonaws.com 0.0% 6 2.9 29.8 2.1 88.9 41.5
2. ???
3. ???
4. ???
5. ???
6. ???
7. 100.65.10.65 0.0% 6 0.4 1.8 0.3 8.1 3.1
8. 15.230.129.133 0.0% 5 3.0 1.8 0.5 3.9 1.5
9. 15.230.129.138 0.0% 5 1.8 2.7 1.2 5.8 1.8
10. 52.95.31.58 0.0% 5 0.5 1.7 0.4 6.3 2.5
11. 100.91.149.22 0.0% 5 1.5 1.8 1.5 2.4 0.4
12. 100.91.3.195 0.0% 5 1.4 2.0 1.4 2.5 0.4
13. 100.91.147.21 0.0% 5 1.4 1.4 1.4 1.4 0.0
14. 52.95.30.49 0.0% 5 2.0 3.4 2.0 5.3 1.7
15. 54.239.53.217 0.0% 5 2.7 2.8 2.6 3.1 0.2
16. as6939.ix.jpix.ad.jp 0.0% 5 1.5 1.5 1.4 1.7 0.1
17. 100ge12-2.core1.sjc2.he.net 0.0% 5 108.5 108.9 108.5 110.1 0.7
18. 100ge4-2.core3.fmt2.he.net 0.0% 5 120.4 119.6 113.7 132.5 7.7
19. 100ge2-1.core2.fmt2.he.net 0.0% 5 110.2 113.0 110.2 118.4 3.8
20. ixreach-ltd.10gigabitethernet5-2.core2.fmt2.he.net 0.0% 5 110.8 110.9 110.7 111.1 0.2
21. ae1-4079.bb.cs1.lax.as43531.net 0.0% 5 120.7 118.5 117.2 120.7 1.6
22. ns-48-a.gandi.net 0.0% 5 117.3 117.3 117.2 117.5 0.1
Pruebas desde VyprVPN Japón
Como curiosidad, desde VyprVPN Japón, obtuve estos destinos:
DNS .re
d.nic.fra Londrese.ext.nic.fra Ámsterdamf.ext.nic.fra Hong Kongg.ext.nic.fra Singapur
riru.re
ns-121-b.gandi.neta Parísns-168-c.gandi.neta Parísns-48-a.gandi.neta Los Ángeles
Curiosamente aquí ninguno se quedó en Tokio. Esto es un enrutado no óptimo. Con mtr he comprobado que la culpa es de PCCW Global, quien enruta.
Conclusiones
Hemos visto en este post un ejemplo de buena cobertura global de DNS, tanto por parte del registry (AFNIC) como de mi registrar (gandi.net). No se trata sólo de que DNS funcione globalmente, sino de que sea redundante y eficiente.