Mitigating DNS DoS Attacks
|
|
- Stella Arnold
- 8 years ago
- Views:
Transcription
1 Mitigating DNS DoS Attacks Hitesh Ballani and Paul Francis Cornell University ACM CCS 2008
2 DoS attacks on DNS Attack: Flood the nameservers of a DNS zone Goal: Disrupt the resolution of The zone s resource records And the records for any of the sub-zones. edu. com. us. jp. cornell.edu. cmu.edu mit.edu cs.cornell.edu. eng.cornell.edu.
3 DoS attacks on DNS Attack: Flood the nameservers of a DNS zone Goal: Disrupt the resolution of The zone s resource records And the records for any of the sub-zones FLOOD ATTACK. edu. com. us. jp. cornell.edu. cmu.edu mit.edu cs.cornell.edu. eng.cornell.edu.
4 DoS attacks on DNS Attack: Flood the nameservers of a DNS zone Goal: Disrupt the resolution of The zone s resource records And the records for any of the sub-zones Attacks aplenty (some successful, other not!) Microsoft attacked (2001) DNS Root Servers attacked (2002) SCO attacked (2003) Akamai attacked (2004) Root Servers, TLDs and UltraDNS (2006) Root Servers attacked (2007)
5 Networking community to the rescue Kangasharaju et. al.(g Cox et. al.(g Theimer et. al(g Ramasubramaniam et. al.(g Handley et. al.(g Deegan et. al.(g [INFOCOM 00] [IPTPS 02] [ICDCS 02] [SIGCOMM 04] [HotNets 05] [SIGCOMM CCR 05]
6 Networking community to the rescue Kangasharaju et. al.(g Cox et. al.(g Theimer et. al(g Ramasubramaniam et. al.(g Handley et. al.(g Deegan et. al.(g [INFOCOM 00] [IPTPS 02] [ICDCS 02] [SIGCOMM 04] [HotNets 05] [SIGCOMM CCR 05] Decouple data distribution from authority hierarchy Ensure availability of data distribution mechanism
7 Networking community to the rescue Kangasharaju et. al.(g Cox et. al.(g Theimer et. al(g Ramasubramaniam et. al.(g Handley et. al.(g Deegan et. al.(g [INFOCOM 00] [IPTPS 02] [ICDCS 02] [SIGCOMM 04] [HotNets 05] [SIGCOMM CCR 05] Decouple data distribution from authority hierarchy Ensure availability of data distribution mechanism Centralized approaches(g
8 Networking community to the rescue Kangasharaju et. al.(g Cox et. al.(g Theimer et. al(g Ramasubramaniam et. al.(g Handley et. al.(g Deegan et. al.(g [INFOCOM 00] [IPTPS 02] [ICDCS 02] [SIGCOMM 04] [HotNets 05] [SIGCOMM CCR 05] Decouple data distribution from authority hierarchy Ensure availability of data distribution mechanism Centralized approaches(g Peer-to-peer approaches(g
9 A complementary tact to handle DoS attacks Do away with the need for 100% availability Clients are able to resolve a zone s records even when the zone s nameservers are not available
10 In this paper A minor modification in the caching behavior of DNS resolvers Reduces the need for nameserver availability in the existing DNS framework Mitigates the impact of DoS attacks on DNS
11 Talk Outline Introductiong( DNS Resolvers Todayg( Proposed Modificationg( Evaluationg( The Goodg( The Bad and the Uglyg(
12 DNS Resolvers Today(g Client Root-Server A? Resolver Nameserver (.edu TLD) Cache Nameserver (.cornell.edu)
13 DNS Resolvers Today(g Client Root-Server A? Resolver Nameserver (.edu TLD) Lookup A? Cache Nameserver (.cornell.edu) Resolution Process 1. Lookup the resolver cache 2. Traverse down the DNS hierarchy 3. Traversal fails Resolution fails
14 DNS Resolvers Today(g Client Root-Server A? Resolver Nameserver (.edu TLD) Lookup NS?.cornell.edu NS?.edu Cache Nameserver (.cornell.edu) Resolution Process 1. Lookup the resolver cache 2. Traverse down the DNS hierarchy 3. Traversal fails Resolution fails
15 DNS Resolvers Today(g Client Root-Server Resolver Nameserver (.edu TLD) Cache Nameserver (.cornell.edu) Resolution Process 1. Lookup the resolver cache 2. Traverse down the DNS hierarchy 3. Traversal fails Resolution fails
16 DNS Resolvers Today(g Client Root-Server A= Resolver Nameserver (.edu TLD) Cache Nameserver (.cornell.edu) Resolution Process 1. Lookup the resolver cache 2. Traverse down the DNS hierarchy 3. Traversal fails Resolution fails
17 DNS Resolvers Today(g Client Root-Server Resolver Cache Traversal fails Nameserver (.edu TLD) Nameserver (.cornell.edu) Resolution Process 1. Lookup the resolver cache 2. Traverse down the DNS hierarchy 3. Traversal fails Resolution fails
18 DNS Resolvers Today(g Client Root-Server Resolver Nameserver (.edu TLD) Cache responses for TTL period Cache Nameserver (.cornell.edu) Resolver caching behavior Cached records expunged after their TTL expires
19 Proposed Modification(g Client Root-Server Resolver Nameserver (.edu TLD) Stale Cache Stale Records Cache Nameserver (.cornell.edu) Cached records expunged to a Stale Cache
20 Proposed Modification(g Client Root-Server Resolver Nameserver (.edu TLD) Stale Cache.edu NS Lookup Cache Modified Resolution Process 1. Lookup the resolver cache 2. Traverse down the DNS hierarchy Nameserver (.cornell.edu) 3. Traversal fails Resolution can continue
21 Proposed Modification(g Client Root-Server Resolver Nameserver (.edu TLD) Stale Cache Cache Lookup successful Modified Resolution Process 1. Lookup the resolver cache 2. Traverse down the DNS hierarchy Nameserver (.cornell.edu) 3. Traversal fails Resolution can continue
22 Proposed Modification(g Client Root-Server Resolver Nameserver (.edu TLD) Stale Cache Cache Lookup successful Nameserver (.cornell.edu) Stale records for a zone used only when the nameservers for the zone are unavailable
23 Stale Cache Details(g Expunging records from the Stale Cache Responses from nameservers used to clean up the stale cache Stale Cache lookup time not critical Lookups can be done while querying the nameservers
24 Talk Outline Introductiong( DNS Resolvers Todayg( Proposed Modificationg( Evaluationg( The Goodg( The Bad and the Uglyg(
25 DNS Trace Collection Cornell CS Dept. INTERNET DNS Trace Collector Anonymise DNS Trace 65-Day DNS Trace 138 million DNS packets 4.5 million unique DNS names Trace collected at Border Router Network s resolvers could not answer the collected queries
26 Stale Cache Simulation Simulation Variables Stale Cache Size Number of days for which stale records are kept Varied from 1 to 30 days Attack Duration Varied from 3 to 24 hours
27 Is History Useful? Attack: Entire DNS Fails
28 Is History Useful? Attack: Entire DNS Fails Fraction of Queries Answered Hr 06 Hr 12 Hr 24 Hr Stale Cache Size (days) 14-Day Stale Cache can answer 80% queries
29 Is History Useful? Attack: Entire DNS Fails Fraction of Accurate Records Hr 06 Hr 12 Hr 24 Hr Stale Cache Size (days) 99.6% accurate answers with 14-Day Stale Cache
30 Root-Servers Fail Other Attack Scenarios Queries for Top-level Domains (TLDs) not resolved Stale Cache can answer all such queries TLD Nameservers Fail Queries for two-level names (eg, a.com) not resolved Stale Cache can answer >75% such queries Accuracy of answers is 99.4%
31 Depends on network Number of hosts Query-rate For the collected trace Memory Footprint 1300 hosts and 25 DNS pkts/sec Month-long Stale Cache = 313MB
32 Proposed Modification: Pros Increased DNS Robustness Nameserver availability less crucial Mitigates the impact of DoS attacks Simplicity Does not change the basic protocol operation Does not impose any load on DNS Does not impact the query resolution latency Incremental Deployment Motivation for deployment
33 Talk Outline Introductiong( DNS Resolvers Todayg( Proposed Modificationg( Evaluationg( The Goodg( The Bad and the Uglyg(
34 Ballani Vixie Obsolete Autonomy Attack Latency Too specific
35 Ballani Vixie Obsolete Autonomy Attack Latency Too specific Possibility of obsolete information being used Obselete zone records used by a resolver only if Zone s records have been updated since the last access by the resolver Zone s nameservers are inaccessible
36 Ballani Vixie Obsolete Autonomy Attack Latency Too specific Possibility of obsolete information being used Obselete zone records used by a resolver only if Zone s records have been updated since the last access by the resolver Zone s nameservers are inaccessible Trade-off between the possibility of obsolete information being used and the inability to resolve queries
37 Ballani Vixie Obsolete Autonomy Attack Latency Too specific Possibility of obsolete information being used Obselete zone records used by a resolver only if Zone s records have been updated since the last access by the resolver Zone s nameservers are inaccessible Trade-off between the possibility of obsolete information being used and the inability to resolve queries Restrict the Stale Cache size
38 Ballani Vixie Obsolete Autonomy Attack Latency Too specific Greg Minshall s former CEO:... he would sign (almost) any contract, as long as he could get out of it in a finite period of time
39 Ballani Vixie Obsolete Autonomy Attack Latency Too specific Greg Minshall s former CEO:... he would sign (almost) any contract, as long as he could get out of it in a finite period of time Zone Autonomy Does the.com zone operator control access to the.xxx.com sub-zone? Today Proposed.xxx.com NS records expire after a TTL period?
40 Obsolete Autonomy Attack Latency Too specific Ballani Vixie Greg Minshall s former CEO:... he would sign (almost) any contract, as long as he could get out of it in a finite period of time Zone Autonomy Does the.com zone operator control access to the.xxx.com sub-zone? Today.xxx.com NS records expire after a TTL period Proposed Can respond with a NXDOMAIN for queries for.xxx.com Zone operators still control access to their sub-zones
41 Obsolete Autonomy Attack Latency Too specific Ballani Vixie Attackers forcing the use of obsolete records for a zone by Waiting for the zone s records to be updated And then flooding the zone s nameservers
42 Obsolete Autonomy Attack Latency Too specific Ballani Vixie Attackers forcing the use of obsolete records for a zone by Waiting for the zone s records to be updated And then flooding the zone s nameservers
43 Obsolete Autonomy Attack Latency Too specific Ballani Vixie Resolution latency in the face of attacks Resolver must query each nameserver of a zone before using the zone s records from the stale cache Given default resolver timeout configurations, this can lead to high resolution latencies
44 Obsolete Autonomy Attack Latency Too specific Ballani Vixie Resolution latency in the face of attacks Resolver must query each nameserver of a zone before using the zone s records from the stale cache Given default resolver timeout configurations, this can lead to high resolution latencies Alleviative: Resolvers configured with aggressive retry and timeout values
45 Obsolete Autonomy Attack Latency Too specific Ballani Vixie DNS servers can still be overwhelmed Unable to update the zone s records Application servers can still be DoS ed
46 Obsolete Autonomy Attack Latency Too specific Ballani Vixie DNS servers can still be overwhelmed Unable to update the zone s records Application servers can still be DoS ed Do DNS servers and Application servers share the network bottleneck?
47 Summary A minor modification in the caching behavior of DNS resolvers Reduces the need for nameserver availability in the existing DNS framework Mitigates the impact of DoS attacks on DNS Stale Cache Modifies the DNS caching semantics Does not impact fundamental DNS characteristics
48 Thank You!
Mitigating DNS DoS Attacks
Mitigating DNS DoS Attacks Hitesh Ballani Cornell University Ithaca, NY hitesh@cs.cornell.edu Paul Francis Cornell University Ithaca, NY francis@cs.cornell.edu ABSTRACT This paper considers DoS attacks
More informationReview of Mitigating DNS DoS Attacks
Review of Mitigating DNS DoS Attacks Tak-Lon Wu I433/I590 Research paper Computer Science Dept. Indiana University Bloomington, IN 47405 taklwu@indiana.edu 1. Introduction Abstract The Domain Name system
More informationNetwork Working Group. Category: Best Current Practice S. Bradner Harvard University M. Patton Consultant July 1997
Network Working Group Request for Comments: 2182 BCP: 16 Category: Best Current Practice R. Elz University of Melbourne R. Bush RGnet, Inc. S. Bradner Harvard University M. Patton Consultant July 1997
More informationNET0183 Networks and Communications
NET0183 Networks and Communications Lecture 25 DNS Domain Name System 8/25/2009 1 NET0183 Networks and Communications by Dr Andy Brooks DNS is a distributed database implemented in a hierarchy of many
More information- Domain Name System -
1 Name Resolution - Domain Name System - Name resolution systems provide the translation between alphanumeric names and numerical addresses, alleviating the need for users and administrators to memorize
More informationTHE MASTER LIST OF DNS TERMINOLOGY. v 2.0
THE MASTER LIST OF DNS TERMINOLOGY v 2.0 DNS can be hard to understand and if you re unfamiliar with the terminology, learning more about DNS can seem as daunting as learning a new language. To help people
More informationThe Internet Domain Name System
The Internet Domain Name System Hari Balakrishnan 6.829 Fall 2002 Goals DNS architecture How DNS works DNS uses Mail Content Distribution Networks (CDNs) DNS Performance How well does it work? Why does
More informationComputer Networks: Domain Name System
Computer Networks: Domain Name System Domain Name System The domain name system (DNS) is an application-layer protocol for mapping domain names to IP addresses DNS www.example.com 208.77.188.166 http://www.example.com
More informationIP addresses have hierarchy (network & subnet) Internet names (FQDNs) also have hierarchy. and of course there can be sub-sub-!!
The Domain Hierarchy IP addresses have hierarchy (network & subnet) Internet names (FQDNs) also have hierarchy the general form for a fully qualified name is and of course there can be sub-sub-!! -sub-domains
More informationTHE MASTER LIST OF DNS TERMINOLOGY. First Edition
THE MASTER LIST OF DNS TERMINOLOGY First Edition DNS can be hard to understand and if you re unfamiliar with the terminology, learning more about DNS can seem as daunting as learning a new language. To
More informationUnderstand Names Resolution
Understand Names Resolution Lesson Overview In this lesson, you will learn about: Domain name resolution Name resolution process steps DNS WINS Anticipatory Set 1. List the host name of 4 of your favorite
More informationThe Domain Name System
Internet Engineering 241-461 Robert Elz kre@munnari.oz.au kre@coe.psu.ac.th http://fivedots.coe.psu.ac.th/~kre DNS The Domain Name System Kurose & Ross: Computer Networking Chapter 2 (2.5) James F. Kurose
More informationDNS and BIND. David White
DNS and BIND David White DNS: Backbone of the Internet Translates Domains into unique IP Addresses i.e. developcents.com = 66.228.59.103 Distributed Database of Host Information Works seamlessly behind
More informationDNS Cache Poisoning Vulnerability Explanation and Remedies Viareggio, Italy October 2008
DNS Cache Poisoning Vulnerability Explanation and Remedies Viareggio, Italy October 2008 Kim Davies Internet Assigned Numbers Authority Internet Corporation for Assigned Names & Numbers Agenda How do you
More informationNaming and the DNS. Focus. How do we name hosts etc.? Application Presentation Topics. Session Domain Name System (DNS) Email/URLs
Naming and the DNS Focus How do we name hosts etc.? Application Presentation Topics Session Domain Name System (DNS) Email/URLs Transport Network Data Link Physical Ldns.1 Names and Addresses 43 name address
More informationDNS and E-mail Interface User Guide
DNS and E-mail Interface User Guide Document Revision 04 // 2012 www.twcbc.com back back to TOC to TOC Header Text and Info Table of Contents 1. Introduction 3 2. Accessing the Application 4 3. Working
More informationLecture 2 CS 3311. An example of a middleware service: DNS Domain Name System
Lecture 2 CS 3311 An example of a middleware service: DNS Domain Name System The problem Networked computers have names and IP addresses. Applications use names; IP uses for routing purposes IP addresses.
More informationEECS 489 Winter 2010 Midterm Exam
EECS 489 Winter 2010 Midterm Exam Name: This is an open-book, open-resources exam. Explain or show your work for each question. Your grade will be severely deducted if you don t show your work, even if
More informationDomain Name System (DNS) RFC 1034 RFC 1035 http://www.ietf.org
Domain Name System (DNS) RFC 1034 RFC 1035 http://www.ietf.org TCP/IP Protocol Suite Application Layer DHCP DNS SNMP HTTP SMTP POP Transport Layer UDP TCP ICMP IGMP Network Layer IP Link Layer ARP ARP
More information2008 DNS Cache Poisoning Vulnerability Cairo, Egypt November 2008
2008 DNS Cache Poisoning Vulnerability Cairo, Egypt November 2008 Kim Davies Manager, Root Zone Services Internet Corporation for Assigned Names & Numbers How does the DNS work? A typical DNS query The
More informationModule 2. Configuring and Troubleshooting DNS. Contents:
Configuring and Troubleshooting DNS 2-1 Module 2 Configuring and Troubleshooting DNS Contents: Lesson 1: Installing the DNS Server Role 2-3 Lesson 2: Configuring the DNS Server Role 2-9 Lesson 3: Configuring
More informationIPv6 support in the DNS
IPv6 support in the DNS How important is the DNS? Getting the IP address of the remote endpoint is necessary for every communication between TCP/IP applications Humans are unable to memorize millions of
More informationEnhancing DNS Resilience against Denial of Service Attacks
Enhancing DNS Resilience against Denial of Service Attacks Vasileios Pappas T.J. Watson Center IBM Research vpappas@us.ibm.com Dan Massey Computer Science Department Colorado State University massey@cs.colostate.edu
More informationThe Case for Pushing DNS
The Case for Pushing DNS Mark Handley, Adam Greenhalgh University College, London m.handley, a.greenhalgh @cs.ucl.ac.uk We present the case for using a peer-to-peer infrastructure to push DNS name server
More informationECE 4321 Computer Networks. Network Programming
ECE 4321 Computer Networks Network Programming Name Space System.Net Domain Name System (DNS) To resolve computer naming Host database is split up and distributed among multiple systems on the Internet
More informationThe secret life of a DNS query. Igor Sviridov <sia@nest.org> 20120522
The secret life of a DNS query Igor Sviridov 20120522 Preface Nowadays, when we type URL (or is it a search string? ;-) into a browser (or mobile device) many things happen. While most of
More informationResponse Policy Zones for the Domain Name System (DNS RPZ) By Paul Vixie, ISC (et.al.) 2010 World Tour
Response Policy Zones for the Domain Name System (DNS ) By Paul Vixie, ISC (et.al.) 2010 World Tour Overview Motivation for DNS Response Policy Zones Relationship to DNS RBL (DNSBL) Constraints and Goals
More informationDomain Name Servers. Domain Types WWW host names. Internet Names. COMP476 Networked Computer Systems. Domain Name Servers
Domain Name Servers COMP76 Networked Computer Systems Internet Names Hierarchical starting from the right host.subnet.organization.type Names are case insensitive and can be in either upper or lower case.
More informationManaging DNS Server Properties
CHAPTER 17 Managing DNS Server Properties This chapter explains how to set the DNS server parameters. Before you proceed with the tasks in this chapter, read Chapter 15, Managing Zones, which explains
More informationpage 1 DNS Rate Limiting W. Matthijs Mekking matthijs@nlnetlabs.nl http://www.nlnetlabs.nl/ 28 Feb 2013 Stichting NLnet Labs
page 1 DNS Rate Limiting W. Matthijs Mekking matthijs@nlnetlabs.nl page 2 One slide DNS Root www.nlnetlabs.nl A Referral: nl NS www.nlnetlabs.nl A 213.154.224.1 www.nlnetlabs.nl A www.nlnetlabs.nl A 213.154.224.1
More informationDevelopment of the Domain Name System. Joey Brown David Margolies
Development of the Domain Name System Joey Brown David Margolies Introduction DNS provides name service for the Internet 1982 - HOSTS.TXT Centrally maintained Too large Too costly to distribute Organizations
More informationDNS. Computer networks - Administration 1DV202. fredag 30 mars 12
DNS Computer networks - Administration 1DV202 DNS History Who needs DNS? The DNS namespace How DNS works The DNS database The BIND software Server and client configuration The history of DNS RFC 882 and
More informationApplications & Application-Layer Protocols: The Domain Name System and Peerto-Peer
CPSC 360 Network Programming Applications & Application-Layer Protocols: The Domain Name System and Peerto-Peer Systems Michele Weigle Department of Computer Science Clemson University mweigle@cs.clemson.edu
More informationDomain Name System DNS
CE443 Computer Networks Domain Name System DNS Behnam Momeni Computer Engineering Department Sharif University of Technology Acknowledgments: Lecture slides are from Computer networks course thought by
More informationComputer Networks: DNS a2acks CS 1951e - Computer Systems Security: Principles and Prac>ce. Domain Name System
Computer Networks: DNS a2acks CS 1951e - Computer Systems Security: Principles and Prac>ce 18/02/15 Networks: DNS attacks 1 Domain Name System The domain name system (DNS) is an applica>on- layer protocol
More informationThe Environment Surrounding DNS. 3.1 The Latest DNS Trends. 3. Technology Trends
3. The Environment Surrounding DNS DNS is used in many applications, serving as an important Internet service. Here we discuss name collision issues that have arisen with recent TLD additions, and examine
More informationThe Root of the Matter: Hints or Slaves
The Root of the Matter: Hints or Slaves David Malone October 21, 2003 Abstract We consider the possibility of having a name server act as a slave to the root zone, rather than caching
More informationIntroduction to the Domain Name System
CHAPTER 14 The Domain Name System (DNS) handles the growing number of Internet users. DNS translates names, such as www.cisco.com, into IP addresses, such as 192.168.40.0 (or the more extended IPv6 addresses),
More informationHow To Understand The Power Of A Content Delivery Network (Cdn)
Overview 5-44 5-44 Computer Networking 5-64 Lecture 8: Delivering Content Content Delivery Networks Peter Steenkiste Fall 04 www.cs.cmu.edu/~prs/5-44-f4 Web Consistent hashing Peer-to-peer CDN Motivation
More informationAn Introduction to the Domain Name System
An Introduction to the Domain Name System Olaf Kolkman Olaf@nlnetlabs.nl October 28, 2005 Stichting NLnet Labs This Presentation An introduction to the DNS Laymen level For non-technologists About protocol
More informationDomain Name System. CS 571 Fall 2006. 2006, Kenneth L. Calvert University of Kentucky, USA All rights reserved
Domain Name System CS 571 Fall 2006 2006, Kenneth L. Calvert University of Kentucky, USA All rights reserved DNS Specifications Domain Names Concepts and Facilities RFC 1034, November 1987 Introduction
More informationCS3600 SYSTEMS AND NETWORKS
CS3600 SYSTEMS AND NETWORKS FALL 2011 Lecture 19: DNS Prof. Alan Mislove (amislove@ccs.neu.edu) Slides used with permissions from Edward W. Knightly, T. S. Eugene Ng, Ion Stoica, Hui Zhang Human Involvement
More informationHow To Manage Dns On An Elfiq Link Load Balancer (Link Balancer) On A Pcode (Networking) On Ipad Or Ipad (Netware) On Your Ipad On A Ipad At A Pc Or Ipa
White paper The IDNS module for incoming load balancing For Elfiq Operating System (EOS) version 3.x Document Revision 1.5 October 2007 Elfiq Solutions www.elfiq.com COPYRIGHT The content of this document
More informationDNS. Spring 2016 CS 438 Staff 1
DNS Spring 2016 CS 438 Staff 1 Host Names vs. IP addresses Host names Mnemonic name appreciated by humans Variable length, full alphabet of characters Provide little (if any) information about physical
More informationHW2 Grade. CS585: Applications. Traditional Applications SMTP SMTP HTTP 11/10/2009
HW2 Grade 70 60 CS585: Applications 50 40 30 20 0 0 2 3 4 5 6 7 8 9 0234567892022223242526272829303323334353637383940442 CS585\CS485\ECE440 Fall 2009 Traditional Applications SMTP Simple Mail Transfer
More informationIntroduction to DNS CHAPTER 5. In This Chapter
297 CHAPTER 5 Introduction to DNS Domain Name System (DNS) enables you to use hierarchical, friendly names to easily locate computers and other resources on an IP network. The following sections describe
More informationDNS, CDNs Weds March 17 2010 Lecture 13. What is the relationship between a domain name (e.g., youtube.com) and an IP address?
DNS, CDNs Weds March 17 2010 Lecture 13 DNS What is the relationship between a domain name (e.g., youtube.com) and an IP address? DNS is the system that determines this mapping. Basic idea: You contact
More informationDistributed Systems. 22. Naming. 2013 Paul Krzyzanowski. Rutgers University. Fall 2013
Distributed Systems 22. Naming Paul Krzyzanowski Rutgers University Fall 2013 November 21, 2013 2013 Paul Krzyzanowski 1 My 15 MacBook Pro The rightmost computer on my desk Paul s aluminum laptop, but
More informationWeek 3 / Paper 2. Bernhard Ager, Wolfgang Mühlbauer, Georgios Smaragdakis, Steve Uhlig ACM IMC 2010.
Week 3 / Paper 2 Comparing DNS Resolvers in the Wild Bernhard Ager, Wolfgang Mühlbauer, Georgios Smaragdakis, Steve Uhlig ACM IMC 2010. Main point How does ISP DNS compare with Google DNS and OpenDNS?
More informationDNS and BIND Primer. Pete Nesbitt pete @ linux1.ca. April 2012
DNS and BIND Primer Pete Nesbitt pete @ linux1.ca April 2012 1 When we access the Internet we typically do so by accessing systems using a somewhat meaningful hostname often in the form of a web based
More informationDEPLOYMENT GUIDE Version 1.1. DNS Traffic Management using the BIG-IP Local Traffic Manager
DEPLOYMENT GUIDE Version 1.1 DNS Traffic Management using the BIG-IP Local Traffic Manager Table of Contents Table of Contents Introducing DNS server traffic management with the BIG-IP LTM Prerequisites
More informationDNS + DHCP. Michael Tsai 2015/04/27
DNS + DHCP Michael Tsai 2015/04/27 lubuntu.ova http://goo.gl/bax8b8 DNS + DHCP DNS: domain name < > IP address DHCP: gives you a IP + configuration when you joins a new network DHCP = Dynamic Host Configuration
More informationDNS Domain Name System
Domain Name System DNS Domain Name System The domain name system is usually used to translate a host name into an IP address Domain names comprise a hierarchy so that names are unique, yet easy to remember.
More informationDomain Name System (DNS)
Domain Name System (DNS) Instructor: Anirban Mahanti Office: ICT 745 Email: mahanti@cpsc.ucalgary.ca Class Location: ICT 121 Lectures: MWF 12:00 12:50 Notes derived from Computer Networking: A Top Down
More informationThe Design and Implementation of a Next Generation Name Service for the Internet
The Design and Implementation of a Next Generation Name Service for the Internet Venugopalan Ramasubramanian Emin Gün Sirer Dept. of Computer Science, Cornell University, Ithaca, NY 14853 {ramasv,egs}@cs.cornell.edu
More informationMeasurements and Laboratory Simulations of the Upper DNS Hierarchy
Measurements and Laboratory Simulations of the Upper DNS Hierarchy Duane Wessels 1, Marina Fomenkov 2, Nevil Brownlee 2, and kc claffy 2 1 The Measurement Factory, Inc. wessels@measurement-factory.com
More informationDNS Queries And IPv6 Root Servers
1 Is Your Caching Resolver Polluting the Internet? Duane Wessels CAIDA & The Measurement Factory, Inc. wessels@measurement-factory.com Abstract Previous research has shown that most of the DNS queries
More informationA New Look at the Old Domain Name System
A New Look at the Old Domain Name System Yair Amir 1, Daniel Massey 2, Ciprian Tutu 1 Technical Report CNDS-2003-2 http://www.cnds.jhu.edu July 18, 2003 Abstract The Domain Name System (DNS) is undergoing
More informationConfiguration Notes 0215
Mediatrix Digital and Analog VoIP Gateways DNS SRV Configuration for a Redundant Server Solution (SIP) Introduction... 2 Deployment Scenario... 2 DNS SRV (RFC 2782)... 3 Microsoft Server Configuration...
More informationThe Continuing Denial of Service Threat Posed by DNS Recursion (v2.0)
The Continuing Denial of Service Threat Posed by DNS Recursion (v2.0) US-CERT Summary US-CERT has been alerted to an increase in distributed denial of service (DDoS) attacks using spoofed recursive DNS
More informationDNS traffic analysis -- Issues of IPv6 and CDN --
DNS traffic analysis -- Issues of IPv6 and CDN -- Kazunori Fujiwara ^, Akira Sato, Kenichi Yoshida University of Tsukuba ^Japan Registry Services Co., Ltd (JPRS) July 29, 2012 IEPG meeting at Vancouver
More informationABSTRACT Acknowledgments List of Abbreviations Contents ABSTRACT 3 Acknowledgments 5 List of Abbreviations 7 List of Figures 15 List of Tables 23 1 Introduction 25 2 Motivation and background 29 3 Overview
More informationMeasuring Query Latency of Top Level DNS Servers
Measuring Query Latency of Top Level DNS Servers Jinjin Liang 1,2, Jian Jiang 1,2, Haixin Duan 1,2, Kang Li 3, and Jianping Wu 1,2 1 Institute for Network Science and Cyberspace, Tsinghua University 2
More informationCS 43: Computer Networks Naming and DNS. Kevin Webb Swarthmore College September 17, 2015
CS 43: Computer Networks Naming and DNS Kevin Webb Swarthmore College September 17, 2015 Agenda Identifiers and addressing Domain Name System History Query sequences Record types Load balancing Recall:
More informationNames vs. Addresses. Flat vs. Hierarchical Space. Domain Name System (DNS) Computer Networks. Lecture 5: Domain Name System
Names vs. Addresses Computer Networks Lecture 5: Domain Name System Names are easier for human to remember www.umich.edu vs. 141.213.4.4 Addresses can be changed without changing names move www.umich.edu
More informationNetworking Overview. (as usual, thanks to Dave Wagner and Vern Paxson)
Networking Overview (as usual, thanks to Dave Wagner and Vern Paxson) Focus For This Lecture Sufficient background in networking to then explore security issues in next few lectures Networking = the Internet
More informationA Quick Introduction to the Domain Name System
A Quick Introduction to the Domain Name System David Conrad Chief Technology Officer Overview Introduction to the DNS DNS Components DNS Structure and Hierarchy The DNS in Context
More informationApplication and service delivery with the Elfiq idns module
Technical White Paper Application and service delivery with the Elfiq idns module For Elfiq Operating System (EOS) version 3.x Document Revision 1.63 June 2012 Table of Contents 1. The IDNS module... 3
More informationCMPE 80N: Introduction to Networking and the Internet
CMPE 80N: Introduction to Networking and the Internet Katia Obraczka Computer Engineering UCSC Baskin Engineering Lecture 11 CMPE 80N Spring'10 1 Announcements Guest lecture on intellectual property and
More informationServices: DNS domain name system
Services: DNS domain name system David Morgan Buying numbers and names numbers are IP addresses you buy them from an ISP the ISP makes sure those addresses go to your place the names are domain names you
More informationConfiguring DNS. Finding Feature Information
The Domain Name System (DNS) is a distributed database in which you can map hostnames to IP addresses through the DNS protocol from a DNS server. Each unique IP address can have an associated hostname.
More informationUnderstanding DNS: Essential knowledge for all IT professionals
Understanding DNS: Essential knowledge for all IT professionals The Domain Name System (DNS) is one of the most important components of Internet infrastructure. If DNS is unavailable, you ll have difficulty
More informationUnderstanding DNS (the Domain Name System)
Understanding DNS (the Domain Name System) A white paper by Incognito Software January, 2007 2007 Incognito Software Inc. All rights reserved. Understanding DNS (the Domain Name System) Introduction...2
More informationDNS: Domain Name System
DNS: Domain Name System People: many identifiers: SSN, name, passport # Internet hosts, routers: IP address (32 bit) - used for addressing datagrams name, e.g., ww.yahoo.com - used by humans Q: map between
More informationPart 5 DNS Security. SAST01 An Introduction to Information Security 2015-09-21. Martin Hell Department of Electrical and Information Technology
SAST01 An Introduction to Information Security Part 5 DNS Security Martin Hell Department of Electrical and Information Technology How DNS works Amplification attacks Cache poisoning attacks DNSSEC 1 2
More informationDomain Name System Richard T. B. Ma
Domain Name System Richard T. B. Ma School of Computing National University of Singapore CS 3103: Compute Networks and Protocols Names Vs. Addresses Names are easier for human to remember www.comp.nus.edu.sg
More informationCopyright 2012 http://itfreetraining.com
This video looks at how the DNS name space is broken up and divided between servers. This allows the DNS name space to be controlled while still allowing individual administrator to have the power to make
More informationDomain Name Server. Training Division National Informatics Centre New Delhi
Domain Name Server Training Division National Informatics Centre New Delhi Domain Name Service (DNS) I. History of DNS II. DNS structure and its components III. Functioning of DNS IV. Possible Configurations
More informationDNS: How it works. DNS: How it works (more or less ) DNS: How it Works. Technical Seminars Spring 2010 1. Paul Semple psemple@rm.
DNS: How it works Paul Semple psemple@rm.com DNS: How it works (more or less ) Paul Semple psemple@rm.com 1 Objectives What DNS is and why we need it DNS on Windows Server networks / Community Connect
More informationICP. Cache Hierarchies. Squid. Squid Cache ICP Use. Squid. Squid
Caching & CDN s 15-44: Computer Networking L-21: Caching and CDNs HTTP APIs Assigned reading [FCAB9] Summary Cache: A Scalable Wide- Area Cache Sharing Protocol [Cla00] Freenet: A Distributed Anonymous
More informationGlobal Server Load Balancing
White Paper Overview Many enterprises attempt to scale Web and network capacity by deploying additional servers and increased infrastructure at a single location, but centralized architectures are subject
More informationInternet-Praktikum I Lab 3: DNS
Kommunikationsnetze Internet-Praktikum I Lab 3: DNS Mark Schmidt, Andreas Stockmayer Sommersemester 2015 kn.inf.uni-tuebingen.de Motivation for the DNS Problem IP addresses hard to remember for humans
More informationCS 355. Computer Networking. Wei Lu, Ph.D., P.Eng.
CS 355 Computer Networking Wei Lu, Ph.D., P.Eng. Chapter 2: Application Layer Overview: Principles of network applications? Introduction to Wireshark Web and HTTP FTP Electronic Mail: SMTP, POP3, IMAP
More informationAuthority Server Selection of DNS Caching Resolvers
Authority Server Selection of DNS Caching Resolvers ABSTRACT Yingdi Yu UCLA yingdi@cs.ucla.edu Matt Larson Verisign mlarson@verisign.com Operators of high-profile DNS zones utilize multiple authority servers
More informationThe Domain Name System (DNS)
The Domain Name System (DNS) Each Internet host is assigned a host name and an IP address Host names are structured character strings, e.g., www.cs.iastate.edu IP addresses are 32 bit integers, e.g., 129.186.3.6
More informationdnsperf DNS Performance Tool Manual
dnsperf DNS Performance Tool Manual Version 2.0.0 Date February 14, 2012 Copyright 2002-2012, Inc. - All Rights Reserved This software and documentation is subject to and made available pursuant to the
More informationDNS Domain Name System
DNS Domain Name System Domain names and IP addresses People prefer to use easy-to-remember names instead of IP addresses Domain names are alphanumeric names for IP addresses e.g., neon.cs.virginia.edu,
More informationDomain Name System (or Service) (DNS) Computer Networks Term B10
Domain Name System (or Service) (DNS) Computer Networks Term B10 DNS Outline DNS Hierarchial Structure Root Name Servers Top-Level Domain Servers Authoritative Name Servers Local Name Server Caching and
More information[Home] [Current Edition] [Compendium] [Forum] [Web Archive] [Email Archive] [Guestbook] [Subscribe] [Advertising Rates]
[Home] [Current Edition] [Compendium] [Forum] [Web Archive] [Email Archive] [Guestbook] [Subscribe] [Advertising Rates] Alternate Architecture for Domain Name System to foil Distributed Denial of Service
More informationHow To Map Between Ip Address And Name On A Domain Name System (Dns)
Computer Networks: Domain Name Service (DNS) CS 3516 D- term 2013 Instructor: Krishna Venkatasubramanian Quiz 2 DNS: domain name system people: many identifiers: SSN, name, passport # Internet hosts, routers:
More informationDomain Name System 2015-04-28 17:49:44 UTC. 2015 Citrix Systems, Inc. All rights reserved. Terms of Use Trademarks Privacy Statement
Domain Name System 2015-04-28 17:49:44 UTC 2015 Citrix Systems, Inc. All rights reserved. Terms of Use Trademarks Privacy Statement Contents Domain Name System... 4 Domain Name System... 5 How DNS Works
More informationCSIS 3230 Computer Networking Principles, Spring 2012 Lab 7 Domain Name System (DNS)
CSIS 3230 Computer Networking Principles, Spring 2012 Lab 7 Domain Name System (DNS) By Michael Olan, Richard Stockton College (last update: March 2012) Purpose At this point, all hosts should be communicating
More informationDefending your DNS in a post-kaminsky world. Paul Wouters <paul@xelerance.com>
Defending your DNS in a post-kaminsky world Paul Wouters Overview History of DNS and the Kaminsky attack Various DNS problems explained Where to address the DNS problem Nameservers,
More informationInformation- Centric Networks. Section # 3.2: DNS Issues Instructor: George Xylomenos Department: Informatics
Information- Centric Networks Section # 3.2: DNS Issues Instructor: George Xylomenos Department: Informatics Funding These educational materials have been developed as part of the instructors educational
More informationDistributed Systems. 09. Naming. Paul Krzyzanowski. Rutgers University. Fall 2015
Distributed Systems 09. Naming Paul Krzyzanowski Rutgers University Fall 2015 October 7, 2015 2014-2015 Paul Krzyzanowski 1 Naming things Naming: map names to objects Helps with using, sharing, and communicating
More informationDistributed Systems 19. Content Delivery Networks (CDN) Paul Krzyzanowski pxk@cs.rutgers.edu
Distributed Systems 19. Content Delivery Networks (CDN) Paul Krzyzanowski pxk@cs.rutgers.edu 1 Motivation Serving web content from one location presents problems Scalability Reliability Performance Flash
More informationThe Internet Domain Name System Explained for Non- Experts
The Internet Domain Name System Explained for Non- Experts Internet Society Member Briefing #16 By Daniel Karrenberg The Internet Domain Name System Explained for Non-Experts Dear non-experts, This is
More informationDomain Name System (DNS) Reading: Section in Chapter 9
Domain Name System (DNS) Reading: Section in Chapter 9 RFC 1034, STD 13 Name Syntax and rules for delegating authority over names Specify implementation of a distributed system that maps names to addresses
More informationCMPE 80N: Introduction to Networking and the Internet
CMPE 80N: Introduction to Networking and the Internet Katia Obraczka Computer Engineering UCSC Baskin Engineering Lecture 10 CMPE 80N Fall'10 1 Announcements Forum assignment #2 posted. Due Nov. 5 th.
More informationAn Intrusion Detection System for Kaminsky DNS Cache poisoning
An Intrusion Detection System for Kaminsky DNS Cache poisoning Dhrubajyoti Pathak, Kaushik Baruah Departement of CSE, IIT Guwahati drbj153@alumni.iitg.ernet.in, b.kaushik@iitg.ernet.in Abstract : Domain
More information