CircleID

Root name servers are a core service of the Internet (For more information on root name servers, please see the DNS Root Name Server FAQ). As such they receive a huge amount of queries and need to answer reliably with acceptable delay. The RIPE NCC is responsible for operating one of the 13 DNS root name servers K-root which responds to 10,000 — 15,000 queries per second. Most root servers are operated as a network of distributed "instances" using anycast. That means a single IPv4 or IPv6 address is announced simultaneously by a set of name server "instances" deployed in different geographical locations.

K-root operates 18 instances; You can find a map http://k.root-servers.org/ on the RIPE NCC's website.

VisualK is a new tool that monitors the load of the K-root name server supported by each instance. It further shows load migrations between pairs of instances over time. ViskalK is one of the tools our operations staff use to monitor the health of K-root.
The image below is a screenshot of the output of the tool. Each instance of K-root is represented by two concentric circles:

• The first one, filled with colour, has a size proportional to the number of queries per second received on that instance;
• The other one, indicated by a dotted line, shows the average load over the previous 30 minutes. This is used as a reference value.

In most cases, these circles overlap. But in some cases you can see that the dotted line is much larger, for example at the root name server instance in Poznan, Poland. This means that something has changed recently: the number of queries has dropped significantly.

In the image you can also see that pairs of instances are connected by links (or "tentacles") if they are considered topologically adjacent. Links between root name server instances are generally invisible, but become active when traffic migration is detected: colour and size of the link indicate the origin and volume of traffic flow, together with bubbles pouring into the instance receiving the traffic. In our example you can see that some load has moved from the instance at NAP (in Miami, Florida) to the one located at LINX (in London, UK).

In addition, VisualK highlights unusual behaviour. Flashing arrows show load migrations between instances that are not considered adjacent. Root name server instances start to blink if their traffic load decreases significantly. The goal is to help spot unexpected changes while they are happening and to allow root name server operators to investigate what causes these changes.

For more information, please refer to the background article on RIPE Labs: VisualK — Monitoring K-root in Near Real Time

VisualK has been developed by Claudio Squarcella, intern at the RIPE NCC, in collaboration with the Compunet Lab at Roma Tre University.

By Daniel Karrenberg, Chief Scientist at the RIPE NCC

Related topics: DNS, Regional Registries