DNSwitness: A Generic Platform For DNS-based Measurements
|
|
- Ernest Blake
- 7 years ago
- Views:
Transcription
1 DNSwitness: A Generic Platform For DNS-based Measurements Journée «Mesures Internet», Paris, 24 April 2012 {Samia.Mtimet, Stephane.Bortzmeyer, Mohsen.Souissi} (at) afnic.fr
2 Overview Motivation Principles & Requirements Architecture Past & Current Uses Some results Conclusion & Prospective work 2
3 Motivation DNS registry is seated on a gold mine of DNS data What does DNS tell us? There is precious information to extract and use Our marketing team, technical team, management ask various questions we may have the answer for: How many of our domains are used for only? What has the penetration rate of IPv6, DNSSEC or phenomenon X evolved over the last N years? Could you assess the technical quality of a given portfolio of DNS zones? We focus on things that we can obtain by starting with the DNS Either from the DNS itself Or by further exploring 3
4 Principles & Requirements Generic Can do many different surveys Most known tools deal only with one survey Automatic Works unattended (from cron, for instance), for periodic runs, Store raw results Not just aggregates For long-term analysis Free Software Usable by small and medium actors Run it yourself, and keep your own data, share aggregated & anonymized results No data to be sent to a centralized analysis fabric 4
5 Global Architecture DNSwitness Platform: 2 main (free) software components DNSdelve, for active measurement What we send out : active DNS queries sent to domains Go on a fishing trip! Typically: sampling in a zone TLD file vs comprehensive walk DNSmezzo, for passive measurement What comes in: DNS queries sent name servers, passively monitored Who s knocking at our door? Sampling by default (might take all the traffic for a given window of time) A database to store results To allow long-term surveys and study the evolution To do benchmark with other partners based on uniform indicators/metrics 5
6 Architecture: Active Measurements Component (DNSdelve) A framework To gather information from the DNS zones delegated by a registry To get start points to explore the Internet for further information Composed of A generic basis: Handles zone file parsing and parallel querying of the zones Modules dedicated for targeted surveys: Perform the actual queries: ask explicit questions to the DNS Examples: IPv6, DNSSEC, SPF modules already available 6
7 Architecture: Passive Measurements Component (DNSmezzo) Capture DNS traffic, analyze content and store in a Database By sniffing the DNS traffic on a server (port mirroring, tcpdump ) Storing structured info (what we have learnt) in a rdbms Do measurements/statistics by querying the DB Periodically, unattended or on-demand runs Examples: Top N domains queried for (and more specifically those which yield a NXDOMAIN answer) Percentage of queries targeting AAAA (wrt A) records Percentage of traffic transported on IPv6 (wrt IPv4) How many queries use EDNS0 and for which sizes? Percentage of recursive name servers patched against Kaminsky attack (SPR) 7
8 Similar Work (DNS-based) Active measurements The Health of the Internet in Sweden (annual reports): Passive Measurements: IIS.se dns2db ISC SIE DSC 8
9 Past & Current DNSwitness Uses Feeding the French Annual DNS Industry Report with IPv6 figures Contribution to the OECD Report on IPv6 Deployment Measurements in the world As a platform for Internet Resilience measurements in France Observatoire de la Résilience de l Internet en France Jointly with ANSSI (the French Network and Information Security Agency) AFNIC s contribution: from the DNS perspective Results unveiled at the DNS-OARC meeting (while waiting for the 1 st edition of the report to be published): Surveys on demand (AFNIC or third parties) 9
10 Active measurements results IPv6 penetra,on rate in domains under.fr 45,00% 40,00% 35,00% 30,00% 25,00% 20,00% 15,00% DNS Web Mail IPv6- Enabled IPv6- Full 10,00% 5,00% 0,00% Q1-09 Q2-09 Q3-09 Q4-10 Q1-11 Q2-11 Q3-11 Q4-11 Q1-12 Q
11 Active measurements results (2) Name Server distribu,on per for zones under.fr 30% 36% AS x AS y AS z AS t 3% AS u Autres 4% 11% 16% 11
12 Active measurements results (3) Name Server distribu,on per country for zones under.fr 1% 1% 4% 11% France 13% Allemagne USA Grande- Bretagne Suisse Autres 71% 12
13 Passive measurements results % of DNS transport in IPv4 vs IPv6 100% 0,60 0,60 99% 98% 2,20 3,47 97% 96% 95% 94% IPv6 transport (%) IPv4 transport (%) 93% 92% 91% 90%
14 Passive measurements results (2) 100% DNS Query type distribu,on for domain names under.fr 90% 80% 70% 8,06 7,29 6,85 8,68 9,17 8,45 7,65 7,57 60% 50% 40% Others (%) MX (%) NS (%) AAAA (%) A (%) 30% 20% 10% 0%
15 Passive measurements results (3) 300 Number of DNSSEC- signed delega,ons (DS) Nb DS
16 Conclusion & Prospective Work DNSwitness is a generic measurements platform used in different contexts for different needs It has served multiple purposes so far The platform is running in production at AFNIC premises Will evolve continuously in order to answer new needs Collaboration with researchers Define metrics and get periodic measurements Put together results and get a joint analysis activity for a complete and long-term view New developments for: Additional resilience indicators measurements Additional services penetration rate measurements Added-value services for AFNIC and third parties 16
17 Merci! Twitter Facebook : afnic.fr
A versatile platform for DNS metrics with its application to IPv6
A versatile platform for DNS metrics with its application to IPv6 Stéphane Bortzmeyer AFNIC bortzmeyer@nic.fr RIPE 57 - Dubai - October 2008 1 A versatile platform for DNS metrics with its application
More informationDNSwitness: recent developments and the new passive monitor
1 DNSwitness: recent developments and the new passive monitor / DNSwitness: recent developments and the new passive monitor Stéphane Bortzmeyer AFNIC bortzmeyer@nic.fr RIPE 59 - Lisbon - October 2009 2
More informationLesson 13: DNS Security. Javier Osuna josuna@gmv.com GMV Head of Security and Process Consulting Division
Lesson 13: DNS Security Javier Osuna josuna@gmv.com GMV Head of Security and Process Consulting Division Introduction to DNS The DNS enables people to use and surf the Internet, allowing the translation
More informationF-Root's DNSSEC Signing Plans. Keith Mitchell Internet Systems Consortium DNS-OARC NANOG48, Austin, 24 th Feb 2010
F-Root's DNSSEC Signing Plans Keith Mitchell Internet Systems Consortium DNS-OARC NANOG48, Austin, 24 th Feb 2010 What is ISC? Internet Systems Consortium, Inc. Headquartered in Redwood City, California
More informationDNSSEC. Introduction. Domain Name System Security Extensions. AFNIC s Issue Papers. 1 - Organisation and operation of the DNS
AFNIC s Issue Papers DNSSEC Domain Name System Security Extensions 1 - Organisation and operation of the DNS 2 - Cache poisoning attacks 3 - What DNSSEC can do 4 - What DNSSEC cannot do 5 - Using keys
More informationDNS and BIND. David White
DNS and BIND David White DNS: Backbone of the Internet Translates Domains into unique IP Addresses i.e. developcents.com = 66.228.59.103 Distributed Database of Host Information Works seamlessly behind
More informationDNS Cache Poisoning Vulnerability Explanation and Remedies Viareggio, Italy October 2008
DNS Cache Poisoning Vulnerability Explanation and Remedies Viareggio, Italy October 2008 Kim Davies Internet Assigned Numbers Authority Internet Corporation for Assigned Names & Numbers Agenda How do you
More informationUse Domain Name System and IP Version 6
Use Domain Name System and IP Version 6 What You Will Learn The introduction of IP Version 6 (IPv6) into an enterprise environment requires some changes both in the provisioned Domain Name System (DNS)
More informationPEQ-DNS A Platform for DNS Quality Monitoring
PEQ-DNS A Platform for DNS Quality Monitoring DNS Monitoring Challenges [1/2] The DNS is a complex distributed system that requires a distributed (per DNS server) monitoring system Monitoring usually focuses
More informationNANOG DNS BoF. DNS DNSSEC IPv6 Tuesday, February 1, 2011 NATIONAL ENGINEERING & TECHNICAL OPERATIONS
NANOG DNS BoF DNS DNSSEC IPv6 Tuesday, February 1, 2011 NATIONAL ENGINEERING & TECHNICAL OPERATIONS The Role Of An ISP In DNSSEC Valida;on ISPs act in two different DNSSEC roles, both signing and valida;ng
More informationDNSSEC Applying cryptography to the Domain Name System
DNSSEC Applying cryptography to the Domain Name System Gijs van den Broek Graduate Intern at SURFnet Overview First half: Introduction to DNS Attacks on DNS Second half: DNSSEC Questions: please ask! DNSSEC
More informationResponse Policy Zones for the Domain Name System (DNS RPZ) By Paul Vixie, ISC (et.al.) 2010 World Tour
Response Policy Zones for the Domain Name System (DNS ) By Paul Vixie, ISC (et.al.) 2010 World Tour Overview Motivation for DNS Response Policy Zones Relationship to DNS RBL (DNSBL) Constraints and Goals
More informationCopyright 2012 http://itfreetraining.com
In order to find resources on the network, computers need a system to look up the location of resources. This video looks at the DNS records that contain information about resources and services on the
More informationDNS at NLnet Labs. Matthijs Mekking
DNS at NLnet Labs Matthijs Mekking Topics NLnet Labs DNS DNSSEC Recent events NLnet Internet Provider until 1997 The first internet backbone in Holland Funding research and software projects that aid the
More informationInternet-Praktikum I Lab 3: DNS
Kommunikationsnetze Internet-Praktikum I Lab 3: DNS Mark Schmidt, Andreas Stockmayer Sommersemester 2015 kn.inf.uni-tuebingen.de Motivation for the DNS Problem IP addresses hard to remember for humans
More informationIPv6 support in the DNS
IPv6 support in the DNS How important is the DNS? Getting the IP address of the remote endpoint is necessary for every communication between TCP/IP applications Humans are unable to memorize millions of
More informationF5 and Infoblox DNS Integrated Architecture Offering a Complete Scalable, Secure DNS Solution
F5 and Infoblox DNS Integrated Architecture Offering a Complete Scalable, Secure DNS Solution As market leaders in the application delivery market and DNS, DHCP, and IP Address Management (DDI) market
More informationCDN SERVICE ICSS ROUTE MANAGED DNS DEUTSCHE TELEKOM AG INTERNATIONAL CARRIER SALES AND SOLUTIONS (ICSS)
CDN SERVICE ICSS ROUTE MANAGED DNS DEUTSCHE TELEKOM AG INTERNATIONAL CARRIER SALES AND SOLUTIONS (ICSS) CDN FEATURE ICSS ROUTE ICSS ROUTE IS OUR NEW OFFERING TO HELP YOU MANAGE YOUR DOMAIN NAME SYSTEM
More informationJPNIC Public Forum. Paul Vixie. Chairman, Internet Software Consortium. January 21, 2003
JPNIC Public Forum Paul Vixie Chairman, Internet Software Consortium January 21, 2003 1 Paul Vixie has been contributing to Internet protocols and UNIX systems as a protocol designer and software architect
More informationDNSSEC - Why Network Operators Should Care And How To Accelerate Deployment
DNSSEC - Why Network Operators Should Care And How To Accelerate Deployment Dan York, CISSP Senior Content Strategist, Internet Society Eurasia Network Operators' Group (ENOG) 4 Moscow, Russia October
More informationSAC 049 SSAC Report on DNS Zone Risk Assessment and Management
SAC 049 SSAC Report on DNS Zone Risk Assessment and Management A Report from the ICANN Security and Stability Advisory Committee (SSAC) 03 June 2011 SAC049 1 Preface This is a Report of the Security and
More informationDomain Name System (DNS) Fundamentals
Domain Name System (DNS) Fundamentals Mike Jager Network Startup Resource Center mike.jager@synack.co.nz These materials are licensed under the Creative Commons Attribution-NonCommercial 4.0 International
More informationThe Root of the Matter: Hints or Slaves
The Root of the Matter: Hints or Slaves David Malone October 21, 2003 Abstract We consider the possibility of having a name server act as a slave to the root zone, rather than caching
More informationNext Steps In Accelerating DNSSEC Deployment
Next Steps In Accelerating DNSSEC Deployment Dan York, CISSP Senior Content Strategist, Internet Society DNSSEC Deployment Workshop, ICANN 45 Toronto, Canada October 17, 2012 Internet Society Deploy360
More informationMeasuring DNS Source Port Randomness
Measuring DNS Source Port Randomness Duane Wessels DNS-OARC 1st CAIDA/WIDE/CASFI Workshop August 15, 2008 CAIDA+WIDE+CASFI #1 0 DNS-OARC DNS sucks. Okay, I m paraphrashing... Kaminsky Use random source
More information10233B: Designing and Deploying Messaging Solutions with Microsoft Exchange Server 2010
Course: 10233B: Designing and Deploying Messaging Solutions with Microsoft Exchange Server 2010 Description: About this Course This five-day, instructor-led course provides you with the knowledge and skills
More information2008 DNS Cache Poisoning Vulnerability Cairo, Egypt November 2008
2008 DNS Cache Poisoning Vulnerability Cairo, Egypt November 2008 Kim Davies Manager, Root Zone Services Internet Corporation for Assigned Names & Numbers How does the DNS work? A typical DNS query The
More informationIPv6 and DNS. Secure64
IPv6 and DNS Secure64 About me Stephan Lagerholm Director and Founder of TXv6TF. Secure64 Software Corp. Sponsor of the event. Agenda: DNS and IPv6 basics DNS64 (RFC 6147) 464XLAT (RFC 6877) Heuristic
More informationDomain Name System 2015-04-28 17:49:44 UTC. 2015 Citrix Systems, Inc. All rights reserved. Terms of Use Trademarks Privacy Statement
Domain Name System 2015-04-28 17:49:44 UTC 2015 Citrix Systems, Inc. All rights reserved. Terms of Use Trademarks Privacy Statement Contents Domain Name System... 4 Domain Name System... 5 How DNS Works
More informationtesting and presenting Internet Health Anne-Marie Eklund Löwinder Quality & Security Manager amel@iis.se
testing and presenting Internet Health Anne-Marie Eklund Löwinder Quality & Security Manager amel@iis.se Three years of trial and learning From quite rudimentary tools 2007 to a flexible reusable tool
More informationDNSSEC Deployment Activity in Japan - Introduction of DNSSEC Japan - Yoshiki Ishida, Yoshiro Yoneya, Tsuyoshi Toyono, Miki Takata DNSSEC Japan
DNSSEC Deployment Activity in Japan - Introduction of DNSSEC Japan - Yoshiki Ishida, Yoshiro Yoneya, Tsuyoshi Toyono, Miki Takata DNSSEC Japan Agenda Background Introduction of DNSSEC Japan Accomplishments
More informationResponse Policy Zones
Response Policy Zones Taking Back the DNS, V2.0 Paul Vixie Chairman and Chief Scientist Internet Systems Consortium Abstract DNS works as well for the bad guys (criminals, spammers, spies) as for respectable
More informationTHE MASTER LIST OF DNS TERMINOLOGY. v 2.0
THE MASTER LIST OF DNS TERMINOLOGY v 2.0 DNS can be hard to understand and if you re unfamiliar with the terminology, learning more about DNS can seem as daunting as learning a new language. To help people
More informationLab - Observing DNS Resolution
Objectives Part 1: Observe the DNS Conversion of a URL to an IP Address Part 2: Observe DNS Lookup Using the nslookup Command on a Web Site Part 3: Observe DNS Lookup Using the nslookup Command on Mail
More informationDomain Name System (DNS) Session-1: Fundamentals. Ayitey Bulley abulley@ghana.com
Domain Name System (DNS) Session-1: Fundamentals Ayitey Bulley abulley@ghana.com Computers use IP addresses. Why do we need names? Names are easier for people to remember Computers may be moved between
More informationIPv6 and DNS. Secure64
IPv6 and DNS Secure64 About me Stephan Lagerholm Director and Founder of TXv6TF. Secure64 Software Corp. Sponsor of the event. AGENDA DNS and IPv6 basics IETF progress: DNS64 (RFC 6147) 464XLAT (RFC 6877)
More informationPresented by Greg Lindsay Technical Writer Windows Server Information Experience. Presented at: Seattle Windows Networking User Group April 7, 2010
Presented by Greg Lindsay Technical Writer Windows Server Information Experience Presented at: Seattle Windows Networking User Group April 7, 2010 Windows 7 DNS client DNS devolution Security-awareness:
More informationDNSSEC update TF Mobility, Vienna
DNSSEC update TF Mobility, Vienna Roland van Rijswijk roland.vanrijswijk [at] surfnet.nl February 18th 2010 Overview - Introduction - DNSSEC validation on resolvers - Update on what we ve learned so far
More informationFAQ (Frequently Asked Questions)
FAQ (Frequently Asked Questions) Specific Questions about Afilias Managed DNS What is the Afilias DNS network? How long has Afilias been working within the DNS market? What are the names of the Afilias
More informationHow to Add Domains and DNS Records
How to Add Domains and DNS Records Configure the Barracuda NextGen X-Series Firewall to be the authoritative DNS server for your domains or subdomains to take advantage of Split DNS or dead link detection.
More informationResearch Article Improving DNS Security Using Active Firewalling with Network Probes
Distributed Sensor Networks Volume 2012, Article ID 684180, 7 pages doi:10.1155/2012/684180 Research Article Improving DNS Security Using Active Firewalling with Network Probes Joao Afonso 1 and Pedro
More informationSecuring DNS Infrastructure Using DNSSEC
Securing DNS Infrastructure Using DNSSEC Ram Mohan Executive Vice President, Afilias rmohan@afilias.info February 28, 2009 Agenda Getting Started Finding out what DNS does for you What Can Go Wrong A Survival
More informationDNSSEC for Everybody: A Beginner s Guide
DNSSEC for Everybody: A Beginner s Guide San Francisco, California 14 March 2011 4:00 to 5:00 p.m. Colonial Room The Schedule 2 This is Ugwina. She lives in a cave on the edge of the Grand Canyon... This
More informationA Plan for the Continued Development of the DNS Statistics Collector
A Plan for the Continued Development of the DNS Statistics Collector Background The DNS Statistics Collector ( DSC ) software was initially developed under the National Science Foundation grant "Improving
More informationTHE MASTER LIST OF DNS TERMINOLOGY. First Edition
THE MASTER LIST OF DNS TERMINOLOGY First Edition DNS can be hard to understand and if you re unfamiliar with the terminology, learning more about DNS can seem as daunting as learning a new language. To
More informationMonitoring cache poisoning attacks
Monitoring cache poisoning attacks 2008 OARC Workshop Tsuyoshi TOYONO and Keisuke ISHIBASHI NTT Information Sharing Platform Labs. NTT 1 Outline Motivation Issues on caching servers Monitoring tool: Methodology
More informationdnstap: high speed DNS logging without packet capture Robert Edmonds (edmonds@fsi.io) Farsight Security, Inc.
: high speed DNS logging without packet capture Robert Edmonds (edmonds@fsi.io) Farsight Security, Inc. URL http://.info Documentation Presentations Tutorials Mailing list Downloads Code repositories Slide
More informationOverview of DNSSEC deployment worldwide
The EURid Insights series aims to analyse specific aspects of the domainname environment. The reports are based on surveys, studies and research conducted by EURid in cooperation with industry experts
More informationCorporate I.T. Services Limited Updating your Network Infrastructure Technology Skills to Windows Server 2008 (Beta 3)
Updating your Network Infrastructure Technology Skills to Windows Server 2008 (Beta 3) Course 6415A: Three days; Instructor-Led Introduction This 3 day instructor-led course provides students with an understanding
More informationInternet Measurement Research
Internet Measurement Research Matthäus Wander Kassel, October 1, 2013 Overview How to get measurement data? Research projects Case studies of past projects Ideas and inspiration
More informationIPv6 Support in the DNS. Workshop Name Workshop Location, Date
IPv6 Support in the DNS Workshop Name Workshop Location, Date Agenda How important is the DNS? DNS Resource Lookup DNS Extensions for IPv6 Lookups in an IPv6-aware DNS Tree About Required IPv6 Glue in
More informationpage 1 DNS Rate Limiting W. Matthijs Mekking matthijs@nlnetlabs.nl http://www.nlnetlabs.nl/ 28 Feb 2013 Stichting NLnet Labs
page 1 DNS Rate Limiting W. Matthijs Mekking matthijs@nlnetlabs.nl page 2 One slide DNS Root www.nlnetlabs.nl A Referral: nl NS www.nlnetlabs.nl A 213.154.224.1 www.nlnetlabs.nl A www.nlnetlabs.nl A 213.154.224.1
More informationHow To Guide Edge Network Appliance How To Guide:
How To Guide Edge Network Appliance How To Guide: ActiveDNS v 4.01 Edge Network Appliance How To Guide: ActiveDNS 2007 XRoads Networks 17165 Von Karman, Suite 112 888-9-XROADS v 4.01 updated 09/11/07 Table
More informationLISTSERV LDAP Documentation
LISTSERV LDAP Documentation L Soft Sweden AB 2007 28 November 2007 Overview LISTSERV version 15.5 can interface to LDAP servers to authenticate user logins, to insert LDAP attributes in mail merge distributions
More informationHTG XROADS NETWORKS. Network Appliance How To Guide: EdgeDNS. How To Guide
HTG X XROADS NETWORKS Network Appliance How To Guide: EdgeDNS How To Guide V 3. 2 E D G E N E T W O R K A P P L I A N C E How To Guide EdgeDNS XRoads Networks 17165 Von Karman Suite 112 888-9-XROADS V
More informationDNSSEC in your workflow
DNSSEC in your workflow Presentation roadmap Overview of problem space Architectural changes to allow for DNSSEC deployment Deployment tasks Key maintenance DNS server infrastructure Providing secure delegations
More informationAlienVault Unified Security Management (USM) 4.x-5.x. Deployment Planning Guide
AlienVault Unified Security Management (USM) 4.x-5.x Deployment Planning Guide USM 4.x-5.x Deployment Planning Guide, rev. 1 Copyright AlienVault, Inc. All rights reserved. The AlienVault Logo, AlienVault,
More informationDNS SECURITY TROUBLESHOOTING GUIDE
DNS SECURITY TROUBLESHOOTING GUIDE INTERNET DEPLOYMENT OF DNS SECURITY 27 November 2006 Table of Contents 1. INTRODUCTION...3 2. DNS SECURITY SPECIFIC FAILURE MODES...3 2.1 SIGNATURES...3 2.1.1 Signature
More informationDNS Measurements, Monitoring & Quality Control
DNS Measurements, Monitoring & Quality Control Universität Bielefeld pk@techfak.uni-bielefeld.de CENTR General Assembly Budapest, 2003-06-02 CENTR GA 2003-06-02 DNS Monitoring 1 of 18 The Monitor Some
More informationSTOP WASTING TIME! IT S TIME FOR THE DOMAIN EXPERT
STOP WASTING TIME! IT S TIME FOR THE DOMAIN EXPERT Realtime Register has been active in the web hosting and domain name industry for more than 10 years and has been ICANN accredited since 2004. We serve
More informationDNSSEC Explained. Marrakech, Morocco June 28, 2006
DNSSEC Explained Marrakech, Morocco June 28, 2006 Ram Mohan rmohan@afilias.info Agenda Getting Started Finding out what DNS does for you What Can Go Wrong A Survival Guide to DNSSEC Why Techies Created
More informationDeploying DNSSEC: From End-Customer To Content
Deploying DNSSEC: From End-Customer To Content March 28, 2013 www.internetsociety.org Our Panel Moderator: Dan York, Senior Content Strategist, Internet Society Panelists: Sanjeev Gupta, Principal Technical
More informationMeasures to Protect (University) Domain Registrations and DNS Against Attacks. Dave Piscitello, ICANN dave.piscitello@icann.org
Measures to Protect (University) Domain Registrations and DNS Against Attacks Dave Piscitello, ICANN dave.piscitello@icann.org Why are we talking about Domain names and DNS? Domain names and URLs define
More informationRSSAC Recommendation on Measurements of the Root Server System RSSAC 002
RSSAC Recommendation on Measurements of the Root Server System RSSAC 002 Table of Contents Introduction... 3 Measurement Parameters... 3 The latency in the distribution system... 4 The size of the overall
More informationIEEE IoT IoT Scenario & Use Cases: Social Sensors
IEEE IoT IoT Scenario & Use Cases: Social Sensors Service Description More and more, people have the possibility to monitor important parameters in their home or in their surrounding environment. As an
More informationHow To Load balance traffic of Mail server hosted in the Internal network and redirect traffic over preferred Interface
How To Load balance traffic of Mail server hosted in the Internal network and redirect traffic over preferred Interface How To Configure load sharing and redirect mail server traffic over preferred Gateway
More informationDNS & IPv6. Agenda 4/14/2009. MENOG4, 8-9 April 2009. Raed Al-Fayez SaudiNIC CITC rfayez@citc.gov.sa, www.nic.net.sa. DNS & IPv6.
DNS & IPv6 MENOG4, 8-9 April 2009 Raed Al-Fayez SaudiNIC CITC rfayez@citc.gov.sa, www.nic.net.sa Agenda DNS & IPv6 Introduction What s next? SaudiNIC & IPv6 About SaudiNIC How a cctld Registry supports
More informationDNS Security: New Threats, Immediate Responses, Long Term Outlook. 2007 2008 Infoblox Inc. All Rights Reserved.
DNS Security: New Threats, Immediate Responses, Long Term Outlook 2007 2008 Infoblox Inc. All Rights Reserved. A Brief History of the Recent DNS Vulnerability Kaminsky briefs key stakeholders (CERT, ISC,
More informationGlobal Server Load Balancing (GSLB) Concepts
Global Server Load Balancing (GSLB) Concepts Section Section Objectives GSLB Overview GSLB Configuration Options GSLB Components Server Mode Configuration 2 Global Server Load Balancing (GSLB) Key ACOS
More informationPart 5 DNS Security. SAST01 An Introduction to Information Security 2015-09-21. Martin Hell Department of Electrical and Information Technology
SAST01 An Introduction to Information Security Part 5 DNS Security Martin Hell Department of Electrical and Information Technology How DNS works Amplification attacks Cache poisoning attacks DNSSEC 1 2
More informationTECHNICAL WHITE PAPER. Infoblox and the Relationship between DNS and Active Directory
TECHNICAL WHITE PAPER Infoblox and the Relationship between DNS and Active Directory Infoblox DNS in a Microsoft Environment Infoblox is the first, and currently only, DNS/DHCP/IP address management (DDI)
More informationComputer Networks: DNS a2acks CS 1951e - Computer Systems Security: Principles and Prac>ce. Domain Name System
Computer Networks: DNS a2acks CS 1951e - Computer Systems Security: Principles and Prac>ce 18/02/15 Networks: DNS attacks 1 Domain Name System The domain name system (DNS) is an applica>on- layer protocol
More informationDNS Tampering and Root Servers
DNS Tampering and Root Servers AMS-IX: 24 Nov 2010 Renesys Corporation Martin A. Brown Doug Madory Alin Popescu Earl Zmijewski Overview Brief overview of Domain Name System (DNS) Demonstrating Great Firewall
More informationWhere is Hong Kong in the secure Internet infrastructure development. Warren Kwok, CISSP Internet Society Hong Kong 12 August 2011
The Internet is for Everyone. Become an ISOC Member. Cyber Security Symposium 2011 Where is Hong Kong in the secure Internet infrastructure development Warren Kwok, CISSP Internet Society Hong Kong 12
More informationMonitoring the DNS. Gustavo Lozano Event Name XX XXXX 2015
Monitoring the DNS Gustavo Lozano Event Name XX XXXX 2015 Agenda 1 2 3 Components of the DNS Monitoring gtlds Monitoring other components of the DNS 4 5 Monitoring system Conclusion 2 Components of the
More informationEVILSEED: A Guided Approach to Finding Malicious Web Pages
+ EVILSEED: A Guided Approach to Finding Malicious Web Pages Presented by: Alaa Hassan Supervised by: Dr. Tom Chothia + Outline Introduction Introducing EVILSEED. EVILSEED Architecture. Effectiveness of
More informationRoot zone update for TLD managers Mexico City, Mexico March 2009
Root zone update for TLD managers Mexico City, Mexico March 2009 Kim Davies Manager, Root Zone Services Internet Corporation for Assigned Names & Numbers A quick census 280 delegated 11 testing 280 delegated
More informationGlossary of Technical Terms Related to IPv6
AAAA Record An AAAA record stores a 128-bit Internet Protocol version 6 (IPv6) address, which does not fit the standard A record format. For example, 2007:0db6:85a3:0000:0000:6a2e:0371:7234 is a valid
More informationFinal. Dr. Paul Twomey President and Chief Executive Officer Internet Corporation for Assigned Names and Numbers (ICANN)
Final Dr. Paul Twomey President and Chief Executive Officer Internet Corporation for Assigned Names and Numbers (ICANN) Opening Speech to the Second International Forum Partnership Among State, Business
More informationPolicy on publishing and access to information. concerning.fr TLD registrations
Policy on publishing and access to information 1. Introduction 1.1. Definitions As the registry for the.fr TLD, and in accordance with Article L45 of the French Electronic Communications and Telecommunications
More informationThe Domain Name System
The Domain Name System Antonio Carzaniga Faculty of Informatics University of Lugano October 9, 2012 2005 2007 Antonio Carzaniga 1 IP addresses and host names Outline DNS architecture DNS process DNS requests/replies
More informationHacking Techniques & Intrusion Detection
Hacking Techniques & Intrusion Detection Winter Semester 2012/2013 Dr. Ali Al-Shemery aka: B!n@ry Footprinting Walking the trails to a target Outline External Footprinting Identify External Ranges Passive,
More informationSection 1 Overview... 4. Section 2 Home... 5
ecogent User Guide 2012 Cogent Communications, Inc. All rights reserved. Every effort has been made to ensure that the information in this User Guide is accurate. Information in this document is subject
More informationWHITE PAPER. Best Practices DNSSEC Zone Management on the Infoblox Grid
WHITE PAPER Best Practices DNSSEC Zone Management on the Infoblox Grid What Is DNSSEC, and What Problem Does It Solve? DNSSEC is a suite of Request for Comments (RFC) compliant specifications developed
More informationState of the "DNS privacy" project. Stéphane Bortzmeyer AFNIC bortzmeyer@nic.fr
State of the "DNS privacy" project Stéphane Bortzmeyer AFNIC bortzmeyer@nic.fr 1 / 1 State of the "DNS privacy" project Stéphane Bortzmeyer AFNIC bortzmeyer@nic.fr Warsaw OARC workshop May 2014: talk of
More informationIPV6 SERVICES DEPLOYMENT
IPV6 SERVICES DEPLOYMENT LINX IPv6 Technical Workshop - March 2009 Jaco Engelbrecht Group Platforms Manager, clara.net DNS root zone goes AAAA! On 4 th February 2008 IANA added AAAA records for the A,
More informationDecoding DNS data. Using DNS traffic analysis to identify cyber security threats, server misconfigurations and software bugs
Decoding DNS data Using DNS traffic analysis to identify cyber security threats, server misconfigurations and software bugs The Domain Name System (DNS) is a core component of the Internet infrastructure,
More informationDNS. The Root Name Servers. DNS Hierarchy. Computer System Security and Management SMD139. Root name server. .se name server. .
Computer System Security and Management SMD139 Lecture 5: Domain Name System Peter A. Jonsson DNS Translation of Hostnames to IP addresses Hierarchical distributed database DNS Hierarchy The Root Name
More informationIPv6 Traffic - An Indicator of rapid Networking Growth
Measuring deployment of IPv6 Paris, 6 April 2010 Karine Perset, OECD OECD reports: - Measuring Deployment of IPv6, April 2010 - Economic Considerations in the Management of IPv4 and in the Deployment of
More informationDNS traffic analysis -- Issues of IPv6 and CDN --
DNS traffic analysis -- Issues of IPv6 and CDN -- Kazunori Fujiwara ^, Akira Sato, Kenichi Yoshida University of Tsukuba ^Japan Registry Services Co., Ltd (JPRS) July 29, 2012 IEPG meeting at Vancouver
More informationOverview. Implementation of the international transaction log. Overall ITL role and approach. Support from ITL developer/operator
Implementation of the international transaction log Andrew Howard David Sturt Climate Change Secretariat www.unfccc.int ITL-Administrator@unfccc.int 1 st meeting Registry System Administrators Forum Bonn,
More informationDNS FLOODER V1.1. akamai s [state of the internet] / Threat Advisory
GSI ID: 1065 DNS FLOODER V1.1 RISK FACTOR - HIGH 1.1 OVERVIEW / PLXSert has observed the release and rapid deployment of a new DNS reflection toolkit for distributed denial of service (DDoS) attacks. The
More informationSecurity Monitoring of DNS traffic
Security Monitoring of DNS traffic Bojan Zdrnja CompSci 780, University of Auckland, May 2006. b.zdrnja@auckland.ac.nz Abstract The Domain Name System (DNS) is a critical part of the Internet. This paper
More informationDesigning and Deploying Messaging Solutions with Microsoft Exchange Server 2010 Service Pack 2 MOC 10233
Designing and Deploying Messaging Solutions with Microsoft Exchange Server 2010 Service Pack 2 MOC 10233 Course Outline Module 1: Introduction to Designing a Microsoft Exchange Server 2010 Deployment This
More informationProtecting DNS Critical Infrastructure Solution Overview. Radware Attack Mitigation System (AMS) - Whitepaper
Protecting DNS Critical Infrastructure Solution Overview Radware Attack Mitigation System (AMS) - Whitepaper Table of Contents Introduction...3 DNS DDoS Attacks are Growing and Evolving...3 Challenges
More informationDefending your DNS in a post-kaminsky world. Paul Wouters <paul@xelerance.com>
Defending your DNS in a post-kaminsky world Paul Wouters Overview History of DNS and the Kaminsky attack Various DNS problems explained Where to address the DNS problem Nameservers,
More informationMail 8.2 for Apple OSX: Configure IMAP/POP/SMTP
Mail 8.2 for Apple OSX: Configure IMAP/POP/SMTP April 10, 2015 Table of Contents Introduction... 3 Email Settings... 3 IMAP... 3 POP... 3 SMTP... 3 Process Overview... 3 Anatomy of an Email Address...
More informationnetkit lab dns Università degli Studi Roma Tre Dipartimento di Informatica e Automazione Computer Networks Research Group Version Author(s)
Università degli Studi Roma Tre Dipartimento di Informatica e Automazione Computer Networks Research Group netkit lab dns Version Author(s) E-mail Web Description 2.2 G. Di Battista, M. Patrignani, M.
More informationTable of Contents DNS. How to package DNS messages. Wire? DNS on the wire. Some advanced topics. Encoding of domain names.
Table of Contents DNS Some advanced topics Karst Koymans Informatics Institute University of Amsterdam (version 154, 2015/09/14 10:44:10) Friday, September 11, 2015 DNS on the wire Encoding of domain names
More informationModule 2. Configuring and Troubleshooting DNS. Contents:
Configuring and Troubleshooting DNS 2-1 Module 2 Configuring and Troubleshooting DNS Contents: Lesson 1: Installing the DNS Server Role 2-3 Lesson 2: Configuring the DNS Server Role 2-9 Lesson 3: Configuring
More information