Large-scale DNS. Hot Topics/An Analysis of Anomalous Queries
|
|
- Hugh Parrish
- 6 years ago
- Views:
Transcription
1 Large-scale DNS Caching Servers Hot Topics/An Analysis of Anomalous Queries Shintaro NAKAGAMI, Tsuyoshi TOYONO Keisuke ISHIBASHI, Haruhiko NISHIDA, and Haruhiko OHSHIMA NTT Communications, OCN NTT Laboratories 1
2 Outline 1.Hot Topics about OCN DNS Caching Servers - Introduction of OCN - Query Trend on OCN DNS Caching Servers - Problems with DNS Caching Servers 2A 2.An Analysis of fanomalous Queries on Large-scale Caching Servers 2
3 Introduction of OCN OCN (AS4713) The largest ISP in JAPAN 7 million customers DNS operation 150 DNS servers -50 name servers / 100 caching servers 2 kinds of DNS application -BIND9 / CNS (CNS has 6 times performance of BIND) 6 billion queries/day (70 thousand queries/sec) 3
4 OCN Cache DNS Structure Packet Capture Point Server FW Server Router IDS L4SW Server Server Auto filtering Load Sharing Almost 100% Service Availability 4
5 Query Trend on OCN DNS Caching Servers The number of queries is increasing rapidly. The annual query increase rate is 150%. The query increase rate is much higher than the customer increase rate. OCNDNScache server query/sec 60,000 50, ery/sec qu 40,000 30,000 20,000 10,000 0 Apr-06 Jun-06 Aug-06 Oct-06 Dec-06 Feb-07 Apr-07 Jun-07 Aug-07 Oct-07 Dec-07 Feb-08 Apr-08 5
6 What types of Query? A>>AAAA>PTR>MX>TXT>>others AAAA TXT A record queries are increasing. 80.0% 70.0% The number of customers and the number of queries 60.0% per one person are 50.0% increasing. MX record queries are decreasing. Repeat MX queries by 40.0% 30.0% cache server qtype ratio A CNAME NAPTR PTR SRV AAAA MX NS SOA TXT spammer, by botnets or by 20.0% worms are decreasing. 10.0% AAAA and TXT record queries increased rapidly this year. 0.0% 2005/4/7 2006/6/ /4/ /4/28 6
7 TXT Record Queries cache server qname ratio (TXT) TXT record is used for reputation check, SPF, DNSBL 2.0% 1.8% and so on. Queries for reputation check 1.4% 1.2% are increasing. 10% 1.0% 0.8% SPF queries from mail servers 0.6% are also increasing. 0.4% 0.2% There were only a few queries 0.0% for DNSBL check until last year. 1.6% 2005/4/7 2006/6/ /4/ /4/28 7
8 Problems with DNS Caching Servers The load of caching servers is higher than that of name servers. Problem queries DDoS attack queries Bogus queries Queries for Short TTL records Birthday attack and Amp attack aren t observed so much. 8
9 DDoS Attack Queries Attacks by worms (2004/04) The number of queries at this time is 6 times more than usual. Forward operation was effective in this attack. Attacks by botnets (2007/10) The number of queries at this time is 2 times more than usual. Auto filtering by IDS worked effectively in this attack. In these case, there were a lot of SERVFAIL queries. SERVFAIL queries cause a heavy load in caching servers. 9
10 Bogus Queries Caching servers receive a lot of Bogus queries. PTR queries for RFC1918 (private IP address) -PTR *** in-addr.arpa. arpa Invalid TLD -*.localhost, *.local These queries are sent to root-servers as well as cache- servers. -> Useless traffic and processing Bogus queries Bogus queries User NXDOMAIN Cache DNS NXDOMAIN Root DNS 10
11 Short TTL Records 3 days - 1 week, 0.7% 1-3 days, 6.6% 2008 OARC DNS Ops Workshop Distribution ratio of all TTL records More than 1 week, 0.0% 6hours-1day day, 25.1% The Distribution ratio of TTL records in OCN caching servers. TTL records for less than 1 hour account for 43.5%. 1-6 hours, 24.0% TTL records for less than 10 minutes account for 14%. TTL records for less than 1 hour There are also 1 second TTL records minutes, If it isn t necessary, long TTL is 43.0% desirable. Less than 1 hour, 43.5% Less than 10 minutes, 33.0% minutes, 8.0% minutes, 16.0% 11
12 Part 2. An Analysis of Anomalous Queries on Large-scale Caching Servers Tsuyoshi TOYONO NTT Lab.
13 Focus on DNS caching servers in/out queries User -> Cache queries (recursive) Cache -> Authoritative (non-recursive) Root Servers Root Servers Root Servers User OS User (resolver) OS User (resolver) OSs (stub resolvers) Cache Servers (ISP) Authoritative Name Servers Authoritative ti Name Servers Authoritative Name Servers From user queries To authoritative server queries 13
14 What are Anomalous queries? (1/2) Invalid queries 1. Nx-Qtype (Non-existent Qtype) Invalid or broken Qtype Qyp (Ex.) Type 0, Type Nx-TLD (Non-existent it ttop Level ldomain) (Ex.).localhost.,.localdomain.,.workgroup. 3. RFC1918 PTR PTR queries for RFC1918 (Ex.) PTR in-addr.arpa
15 What are Anomalous queries? (2/2) They ignore our answers 4. Repeat queries 2008 OARC DNS Ops Workshop Repeat same Qtype, Qname queries from same IP address within very short time (1 sec) 5. Other repeat queries Ignore TTL Repeat same queries that ignored TTL 5-2. Repeat MX Repeat MX queries within very short time (0.1 sec) Characteristic behavior in some worms (Ex.) Netsky 5-3. Repeat Error Error status answers (ServFail, FormErr, Refused) are replayed, but query is repeated 15
16 User queries (to caching servers) Repeat 68.8% Legitimate 15.0% NQt NxQtype 0.1% NxTLD 1.9% RFC % ignorettl 11.7% RepeatMX 0.1% RepeatNxD 1.4% Legitimate queries: only 15% of all queries Repeat and Ignore TTL are 80% of all queries Legitimate NxQtype NxTLD RFC1918 ignorettl RepeatMX RepeatNxD Repeat 16
17 Server answers (to users) Refused NotImp NXDomain 0% 0% other 17% 0% ServFail 5% NoError FormErr FormErr 0% ServFail NXDomain NotImp Refused other NoError 78% Most answers are normal 78% of total answers are No Error 17% of total t answers are NXDomain Few error answers (Server Fail, Format Err, Refused) 17
18 First question We receive 80% anomalous queries Only 15% legitimate queries But do all users behave like that? Analysis of per user queries
19 Number of queries per user per second (CDF) 100% 90% CDF (% %) CDF(%) 80% 70% 60% 50% qps Queries per second (qps) Most users sent a few queries (1 ~ 10 qps) Only 0.07% 07% of all users sent over 100 qps at some point 19
20 Distribution chart of user query rates qps E+08 query count Number of qps count 1. Obeys Zipf s law Most users sent a few queries, a few users sent most of the queries 2. Exceptions of over qps users! 20
21 Percentage of anomalous queries by query rate type rate 100qps 200qps 300qps 400qps 500qps Legitimate 0.09% 0.01% 0% 0% 0% NxQtype 0% 0% 0% 0% 0% NTLD NxTLD 0% 0% 0% 0% 0% RFC % 0% 0% 0% 0% ignorettl 1.63% 0.05% 05% 0.01% 01% 0% 0% RepeatMX 0.01% 0% 0% 0% 0% RepeatNxD 0.64% 0% 0% 0% 0% Repeat 59.69% 59.69% 59.69% 59.69% 59.69% (Percentage of total queries) Most queries from high query rate users are repeat and ignore TTL NO legitimate queries from users sending over 300qps 21
22 Second question A few users send most repeat queries What do they want to know so much? Close analysis of details of repeat queries
23 Analysis of details of repeat queries (1/3) 2008 OARC DNS Ops Workshop We observed 4 characteristic i types in high h query rate users (Type A) NTP servers (yp ) 3.9% of high query rate users, but 70% of high query rate queries I want to know the correct time! Repeated public NTP servers over qps continuously (Ex.) time.stdtime.gov.tw.
24 Analysis of details of repeat queries (Type B) Mail servers (2/3) 76.4% of high query rate users I want to find good SPAM servers! Repeated A and MX record queries including strings such as mail, mx, smtp (Type C) Messenger servers (yp ) g 7.8% of high query rate users Repeated major messenger service servers (Ex.) AOL AIM, MSN, Windows Live, Yahoo What is their purpose? 2008 OARC DNS Ops Workshop
25 Analysis of details of repeat queries (3/3) (Type D) PTR queries 7.8% of high query rate users 2008 OARC DNS Ops Workshop Repeated PTR record for many IP addresses Perhaps due to web log analyzer or related tools Others (Unclassified) Repeated queries for SNS web site domains Repeated queries including strings pic img photo
26 Summary All queries from high query rate user are bogus or unnecessary. We can prevent these anomalous queries easily. Apply query rate limit control per user In this case, 300 qps The load on DNS servers will decrease.
27 Conclusion We should consider the way to exclude bogus queries. We hope for the development of strong BIND for caching servers. 27
28 Fin OARC DNS Ops Workshop
29 Analysis of details of repeat queries PTR, 7.80% Users ratio Unclassified, 4.10% NTP, 3.90% PTR, 2.10% Messenger, 3.80% Unclassified, 9.80% Queries ratio Messenger, 7.80% Mail, 76.40% Mail, 11.80% NTP, 72.50% NTP Mail Messenger PTR Unclassified
Measurements of traffic in DITL 2008
Measurements of traffic in DITL 2008 Sebastian Castro secastro@caida.org CAIDA / NIC Chile 2008 OARC Workshop Sep 2008 Ottawa, CA Overview DITL 2008 General statistics Query characteristics Query rate
More informationDomain Name System (DNS) Session-1: Fundamentals. Joe Abley AfNOG Workshop, AIS 2017, Nairobi
Domain Name System (DNS) Session-1: Fundamentals Joe Abley AfNOG Workshop, AIS 2017, Nairobi Computers use IP addresses. Why do we need names? Names are easier for people to remember Computers may be moved
More informationIs Your Caching Resolver Polluting the Internet?
Is Your Caching Resolver Polluting the Internet? Duane Wessels The Measurement Factory, and CAIDA wessels@measurement-factory.com September 2004 SIGCOMM 2004 NetTs 0 The Measurement Factory A Disclaimer
More informationQNAME minimisation. Ralph Dolmans (NLnet Labs) https://www.nlnetlabs.nl/ March 2016 Stichting NLnet Labs
QNAME minimisation Ralph Dolmans ralph@nlnetlabs.nl (NLnet Labs) March 2016 Stichting NLnet Labs page 2 Introduction About NLnet Labs A not for profit, public benefit foundation develop Open Source software
More informationMCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration. Chapter 5 Introduction to DNS in Windows Server 2008
MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 5 Introduction to DNS in Windows Server 2008 Objectives Discuss the basics of the Domain Name System (DNS) and its
More informationManaging Caching DNS Server
This chapter explains how to set the Caching DNS server parameters. Before you proceed with the tasks in this chapter, see Introduction to the Domain Name System which explains the basics of DNS. Configuring
More informationOpen Resolvers in COM/NET Resolution!! Duane Wessels, Aziz Mohaisen! DNS-OARC 2014 Spring Workshop! Warsaw, Poland!
Open Resolvers in COM/NET Resolution!! Duane Wessels, Aziz Mohaisen! DNS-OARC 2014 Spring Workshop! Warsaw, Poland! Outine! Why do we care about Open Resolvers?! Surveys at Verisign! Characterizing Open
More informationDomain Name System (DNS) DNS Fundamentals. Computers use IP addresses. Why do we need names? hosts.txt does not scale. The old solution: HOSTS.
Domain Name System (DNS) Computers use IP addresses. Why do we need names? Names are easier for people to remember DNS Fundamentals Computers may be moved between networks, in which case their IP address
More informationDNS. Some advanced topics. Karst Koymans. Informatics Institute University of Amsterdam. (version 17.2, 2017/09/25 12:41:57)
DNS Some advanced topics Karst Koymans Informatics Institute University of Amsterdam (version 17.2, 2017/09/25 12:41:57) Friday, September 22, 2017 Karst Koymans (UvA) DNS Friday, September 22, 2017 1
More informationDomain Name System - Advanced Computer Networks
- Advanced Computer Networks Saurabh Barjatiya International Institute Of Information Technology, Hyderabad 26 August, 2011 Contents 1 Distributed database, highly volatile Domain names Top level domains
More informationDomain Name System (DNS) Session-1: Fundamentals. Computers use IP addresses. Why do we need names? hosts.txt does not scale
Domain Name System (DNS) Computers use IP addresses. Why do we need names? Names are easier for people to remember Session-1: Fundamentals Computers may be moved between networks, in which case their IP
More informationProtecting DNS Critical Infrastructure Solution Overview. Radware Attack Mitigation System (AMS) - Whitepaper
Protecting DNS Critical Infrastructure Solution Overview Radware Attack Mitigation System (AMS) - Whitepaper Table of Contents Introduction...3 DNS DDoS Attacks are Growing and Evolving...3 Challenges
More informationIncrease of Root and JP queries -- Long-term trends of number of queries --
Increase of Root and JP queries -- Long-term trends of number of queries -- Kazunori Fujiwara, JPRS DNS-OARC 2015 Spring Workshop Last Update: 2015/5/10 1945 (UTC) 1 Are DNS queries
More informationWE POWER YOUR MOBILE WORLD ENUM INTEGRATION MANUAL
ENUM INTEGRATION MANUAL 1 CONTENTS INTRODUCTION... 3 CONNECTIVITY... 3 TECHNICAL SPECIFICATION... 4 Valid format for ENUM server query... 4 ENUM server responses... 6 ENUM responses in case of error processing
More informationInternet Engineering. DNS Message Format. Contents. Robert Elz.
Internet Engineering 241-461 Robert Elz kre@munnari.oz.au kre@coe.psu.ac.th http://fivedots.coe.psu.ac.th/~kre Contents The Domain Name System The DNS Database DNS Protocols DNS Message Formats ueries
More informationDomain Name System (DNS) Session 2: Resolver Operation and debugging. Joe Abley AfNOG Workshop, AIS 2017, Nairobi
Domain Name System (DNS) Session 2: Resolver Operation and debugging Joe Abley AfNOG Workshop, AIS 2017, Nairobi DNS Resolver Operation How Resolvers Work (1)! If we've dealt with this query before recently,
More informationSome advanced topics. Karst Koymans. Tuesday, September 16, 2014
DNS Some advanced topics Karst Koymans Informatics Institute University of Amsterdam (version 44, 2014/09/15 08:39:47) Tuesday, September 16, 2014 Karst Koymans (UvA) DNS Tuesday, September 16, 2014 1
More informationDNS(SEC) client analysis
DNS(SEC) client analysis powered by assisted by Bart Gijsen (TNO) DNS-OARC, San Francisco, March 2011 Overview DNS traffic analysis CLIENT [8], [9] Applic. browser Operating system DNS stub [7] Resolver
More informationDNS: Useful tool or just a hammer? Paul DNS-OARC 06 Oct 2013, Phoenix
DNS: Useful tool or just a hammer? Paul Ebersman pebersman@infoblox.com, @paul_ipv6 DNS-OARC 06 Oct 2013, Phoenix 1 Attacking your cache 2 Recursion DNS queries are either recursive or nonrecursive recursive
More informationDNS Anycast Statistic Collection
DNS Anycast Statistic Collection RIPE 61 Measurement Analysis and Tools Working Group 18 Nov 2010 Edward Lewis Neustar 1 What s so hard about reporting? 2 Collecting DNS Statistics (Generic) The Technical
More informationHow to Configure the DNS Server
Make the Barracuda Link Balancer an Authoritative DNS host and configure the DNS Server for inbound load balancing. Step 1. Enable Authoritative DNS Enable Authoritative DNS on the Barracuda Link Balancer
More informationDNS. Karst Koymans & Niels Sijm. Friday, September 14, Informatics Institute University of Amsterdam
DNS Karst Koymans & Niels Sijm Informatics Institute University of Amsterdam Friday, September 14, 2012 Karst Koymans & Niels Sijm (UvA) DNS Friday, September 14, 2012 1 / 32 1 DNS on the wire 2 Zone transfers
More informationDNS. A Massively Distributed Database. Justin Scott December 12, 2018
DNS A Massively Distributed Database Justin Scott December 12, 2018 What is DNS? Translates Hostnames to IP Addresses What is DNS? Example: www.serverlogic.com 23.185.0.4 What is DNS? Example: www.serverlogic.com
More informationUpdate on experimental BIND features to rate-limit recursive queries
Update on experimental BIND features to rate-limit recursive queries OARC Spring 2015 Cathy Almond, ISC What is this talk about? Random DNS query attacks against specific domains a (very) quick recap Mitigation
More informationEnumerating Privacy Leaks in DNS Data Collected above the Recursive
Enumerating Privacy Leaks in DNS Data Collected above the Recursive Basileal Imana 1, Aleksandra Korolova 1 and John Heidemann 2 1 University of Southern California 2 USC/Information Science Institute
More informationResponse Differences between NSD and other DNS Servers
Response Differences between NSD and other DNS Servers Jelte Jansen, NLnet Labs Wouter Wijngaards, NLnet Labs NLnet Labs document 2006-004 November 2, 2006 Abstract This note describes observed differences
More informationAn Update on Anomalous DNS Behavior
An Update on Anomalous DNS Behavior Duane Wessels, and CAIDA wessels@measurement-factory October 23 Motivation Why are root servers getting slammed? Are caching/forwarding DNS servers doing the right thing?
More informationIntroduction to Network. Topics
Introduction to Network Security Chapter 7 Transport Layer Protocols 1 TCP Layer Topics Responsible for reliable end-to-end transfer of application data. TCP vulnerabilities UDP UDP vulnerabilities DNS
More informationRFC 2181 Ranking data and referrals/glue importance --- new resolver algorithm proposal ---
RFC 2181 Ranking data and referrals/glue importance --- new resolver algorithm proposal --- Kazunori Fujiwara fujiwara@jprs.co.jp Japan Registry Services Co., Ltd (JPRS) DNS-OARC Workshop 2016/10/16 Last
More informationFRNOG 25 Meeting: BIND9 Recursive Client Rate limiting
FRNOG 25 Meeting: BIND9 Recursive Client Rate limiting Cathy Almond, Sr. Technical Support Engineer Presenter Cathy Almond ISC Senior Technical Support Engineer, Support Team Lead Agenda 1. Pseudo-random
More informationDefeating DNS Amplification Attacks. UKNOF Manchester Central, UK January Ralf Weber Senior Infrastructure Architect
Defeating DNS Amplification Attacks UKNOF Manchester Central, UK January 21 2014 Ralf Weber Senior Infrastructure Architect History of DNS Amplification DNS amplification attacks aren't new Periodically
More informationDNS Traffic Analysis CDN and the World IPv6 Launch
Regular Paper DNS Traffic Analysis CDN and the World IPv6 Launch Kazunori Fujiwara 1,2,a) Akira Sato 1,b) Kenichi Yoshida 1,c) Received: October 15, 2012, Accepted: March 1, 2013 Abstract: The Domain Name
More informationCSCE 463/612 Networks and Distributed Processing Spring 2018
CSCE 463/612 Networks and Distributed Processing Spring 2018 Application Layer III Dmitri Loguinov Texas A&M University February 8, 2018 Original slides copyright 1996-2004 J.F Kurose and K.W. Ross 1 Chapter
More informationHow to Add Domains and DNS Records
Configure the Barracuda NextGen X-Series Firewall to be the authoritative DNS server for your domains or subdomains to take advantage of Split DNS or dead link detection. Step 1. Make the X-Series Firewall
More informationOPS535 Lab 5. Dynamic DNS. RFC 2136 Dynamic Updates in the Domain Name System (DNS UPDATE)
OPS535 Lab 5 Dynamic DNS Overview In this lab, you add a forward lookup zone and a reverse lookup zone to your primary DNS server and configure both zones to support dynamic updates. Dynamic DNS zone accepts
More informationCS519: Computer Networks. Lecture 6: Apr 5, 2004 Naming and DNS
: Computer Networks Lecture 6: Apr 5, 2004 Naming and DNS Any problem in computer science can be solved with another layer of indirection David Wheeler Naming is a layer of indirection What problems does
More informationWho s Asking? Geoff Huston, Joao Damas APNIC. Roy Arends ICANN
Who s Asking? Geoff Huston, Joao Damas APNIC Roy Arends ICANN Background Experiments that are intended to expose the way in which recursive resolvers interact with the DNS root and its authoritative servers
More informationIs Your Caching Resolver Polluting the Internet?
Is Your Caching Resolver Polluting the Internet? Duane Wessels CAIDA & The Measurement Factory, Inc. wessels@measurement-factory.com ABSTRACT Previous research has shown that most of the DNS queries reaching
More informationTable of Contents DNS. Short history of DNS (1) DNS and BIND. Specification and implementation. A short history of DNS. Root servers.
Table of Contents Specification and implementation DNS Karst Koymans Informatics Institute University of Amsterdam (version 1.11, 2010/10/04 10:03:37) Tuesday, September 14, 2010 A short history of DNS
More informationIs Your Caching Resolver Polluting the Internet?
Is Your Caching Resolver Polluting the Internet? Duane Wessels CAIDA & The Measurement Factory, Inc. wessels@measurement-factory.com ABSTRACT Previous research has shown that most of the DNS queries reaching
More informationRoot Servers. Root hints file come in many names (db.cache, named.root, named.cache, named.ca) See root-servers.org for more detail
What is DNS? Systems to convert domain names into ip addresses: For an instance; www.tashicell.com 118.103.136.66 Reverse: 118.103.136.66 www.tashicell.com DNS Hierarchy Root Servers The top of the DNS
More informationDNS Level 100. Rohit Rahi November Copyright 2018, Oracle and/or its affiliates. All rights reserved.
DNS Level 100 Rohit Rahi November 2018 1 Safe Harbor Statement The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated
More informationTable of Contents DNS. Short history of DNS (1) DNS and BIND. Specification and implementation. A short history of DNS.
Table of Contents Specification and implementation DNS dr. C. P. J. Koymans Informatics Institute University of Amsterdam September 14, 2009 A short history of DNS Root servers Basic concepts Delegation
More informationDNS/DNSSEC Workshop. In Collaboration with APNIC and HKIRC Hong Kong. Champika Wijayatunga Regional Security Engagement Manager Asia Pacific
DNS/DNSSEC Workshop In Collaboration with APNIC and HKIRC Hong Kong Champika Wijayatunga Regional Security Engagement Manager Asia Pacific 22-24 January 2018 1 Agenda 1 2 3 Introduction to DNS DNS Features
More informationDNS and SMTP. James Walden CIT 485: Advanced Cybersecurity. James WaldenCIT 485: Advanced Cybersecurity DNS and SMTP 1 / 31
DNS and SMTP James Walden CIT 485: Advanced Cybersecurity James WaldenCIT 485: Advanced Cybersecurity DNS and SMTP 1 / 31 Table of contents 1. DNS 2. DNS Protocol Packets 3. DNS Caching 4. DNS Cache Poisoning
More informationAugust 14th, 2018 PRESENTED BY:
August 14th, 2018 PRESENTED BY: APPLICATION LAYER ATTACKS 100% 80% 60% 40% 20% 0% DNS is the second most targeted protocol after HTTP. DNS DoS techniques range from: Flooding requests to a given host.
More informationOpenINTEL an infrastructure for long-term, large-scale and high-performance active DNS measurements. Design and Analysis of Communication Systems
OpenINTEL an infrastructure for long-term, large-scale and high-performance active DNS measurements DACS Design and Analysis of Communication Systems Why measure DNS? (Almost) every networked service relies
More informationEDNS Compliance. Mark Andrews
EDNS Compliance Mark Andrews marka@isc.org DataSets Root and TLD servers Alexa Top 1000 Alexa Bottom 1000 of Top 1Million GOV servers from Alexa Top 1Million AU servers from Alexa Top 1Million Methodology
More informationIs your DNS server up-to-date? Pieter Lexis Senior PowerDNS Engineer April 22 nd 2018
lieter_ PowerDNS pieterlexis PowerDNS Is your DNS server up-to-date? Pieter Lexis Senior PowerDNS Engineer April 22 nd 2018 1 What s all this about? A DNS recap What is EDNS? Issues with EDNS on the internet
More informationDNS. Introduction To. everything you never wanted to know about IP directory services
Introduction To DNS everything you never wanted to know about IP directory services Linux Users Victoria, April 3 rd 2007 what is the domain name system anyway? it's like a phone book...kinda DNS is (1)
More informationExpanding ISP and Enterprise Connectivity with Cisco IOS NAT
1 Expanding ISP and Enterprise Connectivity with Cisco IOS Session 2 Presentation_ID.scr 1 Agenda Benefits Definition Availability Terminology s of Translations Overlapping Networks Example 3 Motivation
More informationRe-engineering the DNS One Resolver at a Time. Paul Wilson Director General APNIC channeling Geoff Huston Chief Scientist
Re-engineering the DNS One Resolver at a Time Paul Wilson Director General APNIC channeling Geoff Huston Chief Scientist 1 In this presentation I ll talk about the DNS, and the root server infrastructure
More informationTable of Contents DNS. Short history of DNS (1) DNS and BIND. Specification and implementation. A short history of DNS. Root servers.
Table of Contents Specification and implementation DNS Karst Koymans Informatics Institute University of Amsterdam (version 1.20, 2011/09/26 13:56:09) Tuesday, September 13, 2011 A short history of DNS
More informationImplementation Of Lame Delegation Policy. Ray Plzak ARIN
Implementation Of Lame Delegation Policy Ray Plzak ARIN Background MAR 2002 Policy Formally Proposed APR 2002 ARIN IX JUN 2002 Scripts Developed & Tested Further Discussion on Email Lists OCT 2002 ARIN
More informationTable of Contents. DNS security. Alternative DNS security mechanism. DNSSEC specification. The long (and winding) road to the DNSSEC specification
Table of Contents DNS security Karst Koymans Informatics Institute University of Amsterdam (version 1.19, 2011/09/27 14:18:11) Friday, September 23, 2011 The long (and winding) road to the DNSSEC specification
More informationA DNS Tutorial
http://ntrg.cs.tcd.ie/undergrad/4ba2/multicast/ Copyright Table of Contents What is a DNS?... 3 Why do we need a DNS?... 3 Why do computers prefer addresses based on numbers?... 3 What is a Domain Name,
More information2016 Infoblox Inc. All rights reserved. Implementing AWS Route 53 Synchronization Infoblox-DG January 2016 Page 1 of 8
2016 Infoblox Inc. All rights reserved. Implementing AWS Route 53 Synchronization Infoblox-DG-0136-00 January 2016 Page 1 of 8 Contents Introduction... 3 Infoblox and Route 53 Synchronization... 3 Prerequisites...
More informationDNS Firewall with Response Policy Zone. Suman Kumar Saha bdcert Amber IT Limited
DNS Firewall with Response Policy Zone Suman Kumar Saha bdcert suman@bdcert.org Amber IT Limited suman@amberit.com.bd DNS Response Policy Zone(RPZ) as Firewall RPZ allows a recursive server to control
More informationDNS Session 2: DNS cache operation and DNS debugging. Joe Abley AfNOG 2006 workshop
DNS Session 2: DNS cache operation and DNS debugging Joe Abley AfNOG 2006 workshop How caching NS works (1) If we've dealt with this query before recently, answer is already in the cache easy! Resolver
More informationUnderstanding and Characterizing Hidden Interception of the DNS Resolution Path
Who Is Answering My Queries? Understanding and Characterizing Hidden Interception of the DNS Resolution Path Baojun Liu, Chaoyi Lu, Haixin Duan, YingLiu, ZhouLi, ShuangHaoand MinYang ISP DNS Resolver DNS
More informationGoal of this session
DNS refresher Overview Goal of this session What is DNS? How is DNS built and how does it work? How does a query work? Record types Caching and Authoritative Delegation: domains vs zones Finding the error:
More informationDNSSEC. Lutz Donnerhacke. db089309: 1c1c 6311 ef09 d819 e029 65be bfb6 c9cb dig +dnssec e164.arpa. naptr
DNSSEC Lutz Donnerhacke db089309: 1c1c 6311 ef09 d819 e029 65be bfb6 c9cb dig +dnssec 1.6.5.3.7.5.1.4.6.3.9.4.e164.arpa. naptr 1 A protocol from better times An ancient protocol People were friendly and
More informationInternet Engineering Task Force (IETF) Request for Comments: Category: Best Current Practice ISSN: January 2019
Internet Engineering Task Force (IETF) P. Hoffman Request for Comments: 8499 ICANN BCP: 219 A. Sullivan Obsoletes: 7719 Updates: 2308 K. Fujiwara Category: Best Current Practice JPRS ISSN: 2070-1721 January
More informationSAMPLE REPORTS. Infoblox Reporting and Analytics Infoblox Reporting and Analytics Sample Report Book
SAMPLE REPORTS Infoblox Reporting and Analytics Infoblox Reporting and Analytics Sample Report Book 1 INFOBLOX REPORTING AND ANALYTICS OVERVIEW... 5 2 HOME DASHBOARDS AND PREDICTIVE REPORTS... 6 2.1 HOME
More informationS Computer Networks - Spring What and why? Structure of DNS Management of Domain Names Name Service in Practice
Outline What and why? Structure of DNS Management of Domain Names Name Service in Practice 188lecture12.ppt Pirkko Kuusela, Markus Peuhkuri, Jouni Karvo 1 2 Need Network addresses are numbers Addresses
More informationA Root DNS Server. Akira Kato. Brief Overview of M-Root. WIDE Project
A Root DNS Server Akira Kato WIDE Project kato@wide.ad.jp Brief Overview of M-Root Assumes basic knowledge on DNS Dr. Tatsuya Jinmei has introduced in Nov 19, 2004 What s Root Servers? Start point of the
More informationNaming in Distributed Systems
Naming in Distributed Systems Dr. Yong Guan Department of Electrical and Computer Engineering & Information Assurance Center Iowa State University Outline for Today s Talk Overview: Names, Identifiers,
More informationNetwork Protocols. DNS Intel *slightly modified public version of another talk. TDC 375 Autumn 2009/10 John Kristoff DePaul University 1
Network Protocols DNS Intel *slightly modified public version of another talk TDC 375 Autumn 2009/10 John Kristoff DePaul University 1 What's in a name? dns research01.cti.depaul.edu. TDC 375 Autumn 2009/10
More informationNetworking Applications
Networking Dr. Ayman A. Abdel-Hamid College of Computing and Information Technology Arab Academy for Science & Technology and Maritime Transport 1 Outline Introduction Name Space concepts Domain Name Space
More informationDNSSEC DNS SECURITY EXTENSIONS INTRODUCTION TO DNSSEC FOR SECURING DNS QUERIES AND INFORMATION
DNSSEC DNS SECURITY EXTENSIONS INTRODUCTION TO DNSSEC FOR SECURING DNS QUERIES AND INFORMATION Peter R. Egli 1/10 Contents 1. Security Problems of DNS 2. Solutions for securing DNS 3. Security with DNSSEC
More informationDNS Performance and the Effectiveness of Caching
DNS Performance and the Effectiveness of Caching Jaeyeon Jung, Emil Sit, Hari Balakrishnan, and Robert Morris MIT Laboratory for Computer Science 2 Technology Square Cambridge, MA 2139 jyjung, sit, hari,
More informationDetecting and Quantifying Abusive IPv6 SMTP!
Detecting and Quantifying Abusive IPv6 SMTP Casey Deccio Verisign Labs Internet2 2014 Technical Exchange October 30, 2014 Spam, IPv4 Reputation and DNSBL Spam is pervasive Annoying (pharmaceuticals) Dangerous
More informationECE 435 Network Engineering Lecture 7
ECE 435 Network Engineering Lecture 7 Vince Weaver http://web.eece.maine.edu/~vweaver vincent.weaver@maine.edu 25 September 2018 HW#3 was Posted Announcements 1 HW#2 Review C code will be discussed next
More informationIdentifying Anomalous Traffic Using Delta Traffic. Tsuyoshi KONDOH and Keisuke ISHIBASHI Information Sharing Platform Labs. NTT
Identifying Anomalous Traffic Using Delta Traffic Tsuyoshi KONDOH and Keisuke ISHIBASHI Information Sharing Platform Labs. NTT Flocon2008, January 7 10, 2008, Savannah GA Outline Background and Motivation
More informationDomain Name Service. DNS Overview. October 2009 Computer Networking 1
Domain Name Service DNS Overview October 2009 Computer Networking 1 Why DNS? Addresses are used to locate objects (contain routing information) Names are easier to remember and use than numbers DNS provides
More informationDocumentation for: MTA developers
This document contains implementation guidelines for developers of MTA products/appliances willing to use Spamhaus products to block as much spam as possible. No reference is made to specific products.
More informationCIA Lab Assignment: Domain Name System (1)
CIA Lab Assignment: Domain Name System (1) A. Bakker N. Sijm J. van der Ham M. Pouw Feedback deadline: September 22, 2015 10:00 CET Abstract The Domain Name System (DNS) is a hierarchical, distributed
More informationBOTNET-GENERATED SPAM
BOTNET-GENERATED SPAM By Areej Al-Bataineh University of Texas at San Antonio MIT Spam Conference 2009 www.securitycartoon.com 3/27/2009 Areej Al-Bataineh - Botnet-generated Spam 2 1 Botnets: A Global
More informationMeasurement of Anycast Effects - from the experience on.jp anycast deployment -
Measurement of Anycast Effects - from the experience on.jp anycast deployment - Shinta Sato Japan Registry Services Co., Ltd. (JPRS) RIPE 54 DNS Working Group Thursday 10 May 2007
More informationTransaction oriented DNS flow analysis (WIP)
Transaction oriented DNS flow analysis (WIP) Shigeya Suzuki / Bill Manning WIDE Project USC/ISI & Keio University + Auto-ID Labs Japan CAIDA Workshop 2006 @ISI, March 17th 2006 Topics Current on-going
More informationDomain Name System (DNS)
Domain Name System (DNS) Computer Networks Lecture 9 http://goo.gl/pze5o8 Domain Name System Naming service used in the Internet Accomplishes mapping of logical ("domain") names to IP addresses (and other
More informationSecurity Whitepaper. DNS Resource Exhaustion
DNS Resource Exhaustion Arlyn Johns October, 2014 DNS is Emerging as a Desirable Target for Malicious Actors The current threat landscape is complex, rapidly expanding and advancing in sophistication.
More informationIP Traceback Using DNS Logs against Bots
Journal of Information Processing Vol. 17 232 241 (Sep. 2009) Regular Paper IP Traceback Using DNS Logs against Bots Keisuke Takemori, 1 Masahiko Fujinaga, 1 Toshiya Sayama 1 and Masakatsu Nishigaki 2
More informationIntroducing the Global Site Selector
CHAPTER 1 This chapter describes the Cisco Global Site Selector (GSS) and introduces you to the terms and concepts necessary to help you understand and operate the GSS. This chapter contains the following
More informationIntroducing the Global Site Selector
CHAPTER 1 This chapter describes the Cisco Global Site Selector (GSS) and introduces you to the terms and concepts necessary to help you understand and operate the GSS. This chapter contains the following
More information12. Name & Address 최양희서울대학교컴퓨터공학부
12. Name & Address 최양희서울대학교컴퓨터공학부 How do you get IP address? Manual Configuration Stateful Address Configuration (i.e. from servers) BOOTP DHCPv4, DHCPv6 Stateless Autoconfiguration : IPv6 2009 Yanghee
More informationOverview. Last Lecture. This Lecture. Next Lecture. Scheduled tasks and log management. DNS and BIND Reference: DNS and BIND, 4 th Edition, O Reilly
Last Lecture Overview Scheduled tasks and log management This Lecture DNS and BIND Reference: DNS and BIND, 4 th Edition, O Reilly Next Lecture Address assignment (DHCP) TELE 301 Lecture 11: DNS 1 TELE
More informationAssessing and Improving the Quality of DNSSEC
Assessing and Improving the Quality of DNSSEC Deployment Casey Deccio, Ph.D. Sandia National Laboratories AIMS-4 CAIDA, SDSC, San Diego, CA Feb 9, 2012 Sandia is a multiprogram laboratory operated by Sandia
More informationManaging DNS Firewall
, page 1 DNS firewall controls the domain names, IP addresses, and name servers that are allowed to function on the network. This enables Internet Service Providers (ISP), enterprises, or organizations
More informationManage Your DNS In The Cloud Get Started With Route 53
Manage Your DNS In The Cloud Get Started With Route 53 Expected Learning Manage DNS In The Cloud With Route 53 By the end of this section, you should be able to: Understand the basics of DNS Describe AWS
More informationAn Approach for Determining the Health of the DNS
Available Online at www.ijcsmc.com International Journal of Computer Science and Mobile Computing A Monthly Journal of Computer Science and Information Technology IJCSMC, Vol. 3, Issue. 9, September 2014,
More informationAnalysis of query traffic to.com/.net name servers! Duane Wessels, Matt Larson, Allison Mankin! Verisign Labs! APRICOT 2013!
Analysis of query traffic to.com/.net name servers! Duane Wessels, Matt Larson, Allison Mankin! Verisign Labs! APRICOT 2013! 1! Our Infrastructure! Operator of A root (6 sites), J root (70) Registry for.com/.net
More informationManual Configuration Stateful Address Configuration (i.e. from servers) Stateless Autoconfiguration : IPv6
Manual Configuration Stateful Address Configuration (i.e. from servers) BOOTP DHCPv4, DHCPv6 Stateless Auto : IPv6 최양희서울대학교컴퓨터공학부 2005 Yanghee Choi 2 RARP Hardware address ---> IP address requires direct
More informationThis time. Digging into. Networking. Protocols. Naming DNS & DHCP
This time Digging into Networking Protocols Naming DNS & DHCP Naming IP addresses allow global connectivity But they re pretty useless for humans! Can t be expected to pick their own IP address Can t be
More informationLesson 9: Configuring DNS Records. MOAC : Administering Windows Server 2012
Lesson 9: Configuring DNS Records MOAC 70-411: Administering Windows Server 2012 Overview Exam Objective 3.2: Configure DNS Records Configuring DNS Record Types Using the DNSCMD Command to Manage Resource
More informationBIND-USERS and Other Debugging Experiences. Mark Andrews Internet Systems Consortium
BIND-USERS and Other Debugging Experiences Mark Andrews Internet Systems Consortium Mark_Andrews@isc.org http://isc.org BIND-USERS and Other Debugging Experiences We will look at some typical debugging
More informationDomain Name Service. FAQs. Issue 07 Date HUAWEI TECHNOLOGIES CO., LTD.
Issue 07 Date 2019-03-05 HUAWEI TECHNOLOGIES CO., LTD. Copyright Huawei Technologies Co., Ltd. 2019. All rights reserved. No part of this document may be reproduced or transmitted in any form or by any
More informationphoenixnap Client Portal
phoenixnap Client Portal 1 phoenixnap Client Portal Disclaimer Please be aware that DNS management can be a confusing and complicated system. If you get something wrong, you might experience problems such
More informationDNS Session 2: DNS cache operation and DNS debugging. How caching NS works (1) What if the answer is not in the cache? How caching NS works (2)
D Session 2: D cache operation and D debugging How caching works (1) If we've dealt with this query before recently, answer is already in the cache - easy! Joe Abley AfNOG 2006 workshop Resolver Query
More informationAPNIC elearning: DNS Concepts
APNIC elearning: DNS Concepts 27 MAY 2015 11:00 AM AEST Brisbane (UTC+10) Issue Date: Revision: Introduction Presenter Sheryl Hermoso Training Officer sheryl@apnic.net Specialties: Network Security IPv6
More information