PEQ-DNS A Platform for DNS Quality Monitoring

Similar documents
BEST PRACTICES FOR IMPROVING EXTERNAL DNS RESILIENCY AND PERFORMANCE

Implementing, Managing and Maintaining a Microsoft Windows Server 2003 Network Infrastructure: Network Services Course No.

How To - Configure Virtual Host using FQDN How To Configure Virtual Host using FQDN

USING TRANSACTION SIGNATURES (TSIG) FOR SECURE DNS SERVER COMMUNICATION

FAQ (Frequently Asked Questions)

Addressing SMTP-based Mass-Mailing Activity Within Enterprise Networks.

Core Protection Suite

DDOS in academic Networks. Herramientas para la seguridad prevención y mitigación de DDOS. CSUC. 3 de Abril 2014

Designing a Windows Server 2008 Network Infrastructure

Data Center Content Delivery Network

Module 1: Overview of Network Infrastructure Design This module describes the key components of network infrastructure design.

Preliminary Course Syllabus

Microsoft Windows Server 2008: MS-6435 Designing Network and Applications Infrastructure MCITP 6435

CALNET 3 Category 7 Network Based Management Security. Table of Contents

RIPE Database Terms and Conditions

Detecting and Refactoring Operational Smells within the Domain Name System

Troubleshooting BlackBerry Enterprise Service 10 version Instructor Manual

The Canadian Internet Registration Authority (CIRA) manages a 100% up time service - the.ca domain name registry for over 2.

PowerDNS Introduction

Course Outline: Designing a Windows Server 2008 Network Infrastructure

ARIN Online Users Forum

SAC 049 SSAC Report on DNS Zone Risk Assessment and Management

"Charting the Course... Implementing Citrix NetScaler 11 for App and Desktop Solutions CNS-207 Course Summary

Internet Technical Governance: Orange s view

Decoding DNS data. Using DNS traffic analysis to identify cyber security threats, server misconfigurations and software bugs

SMTP Settings. Magento Extension User Guide. Official extension page: SMTP Settings. User Guide: SMTP Settings

Response Policy Zones

How To Load balance traffic of Mail server hosted in the Internal network and redirect traffic over preferred Interface

Barracuda Load Balancer Online Demo Guide

STATE OF DNS AVAILABILITY REPORT

SESA Securing with Cisco Security Appliance Parts 1 and 2

Detecting Search Lists in Authoritative DNS

How To Integrate Hosted Security With Office 365 And Microsoft Mail Flow Security With Microsoft Security (Hes)

WPAD TECHNOLOGY WEAKNESSES. Sergey Rublev Expert in information security, "Positive Technologies"

Web Hosting 101. with Patrick McNeil

DNS (Domain Name System) is the system & protocol that translates domain names to IP addresses.

WHITE PAPER. DNS: Key Considerations Before Deploying Your Solution

How to set up the Integrated DNS Server for Inbound Load Balancing

Optimize Application Delivery Across Your Globally Distributed Data Centers

Table of Contents. Chapter 1: Installing Endpoint Application Control. Chapter 2: Getting Support. Index


Creating the Conceptual Design by Gathering and Analyzing Business and Technical Requirements

Implementing, Managing, and Maintaining a Microsoft Windows Server 2003 Network Infrastructure: Network Services (5 days)

2014 IANA FUNCTIONS CUSTOMER SERVICE SURVEY RESULTS. Survey by Ebiquity Report by Leo Vegoda & Marilia Hirano

Important Information

ANATOMY OF A DDoS ATTACK AGAINST THE DNS INFRASTRUCTURE

IPv6 for AT&T Broadband

Fundamentals of Windows Server 2008 Network and Applications Infrastructure

BT Internet Connect Global - Annex to the General Service Schedule

Global Server Load Balancing (GSLB) Concepts

The secret life of a DNS query. Igor Sviridov <sia@nest.org>

Internet Resiliency and Recovery

Application and service delivery with the Elfiq idns module

CIRA s experience in deploying IPv6

Products, Features & Services

Security of IPv6 and DNSSEC for penetration testers

Configuring an External Domain

ATTERCOPIA MANAGED HOSTING & DOMAIN SERVICES TERMS & CONDITIONS

NETGEAR ProSAFE WC9500 High Capacity Wireless Controller

Juniper Secure Analytics Release Notes

WebAddress Domain Registrar

DNS Cache Poisoning Vulnerability Explanation and Remedies Viareggio, Italy October 2008

Combining Global Load Balancing and Geo-location with Emissary TM

IPv6 Troubleshooting for Helpdesks

DNSwitness: A Generic Platform For DNS-based Measurements

Apache Traffic Server Extensible Host Resolution

REPUTATION-BASED MAIL FLOW CONTROL

Copyright

DNS Root NameServers

BB2798 How Playtech uses predictive analytics to prevent business outages

Where is Hong Kong in the secure Internet infrastructure development. Warren Kwok, CISSP Internet Society Hong Kong 12 August 2011

How To Protect A Dns Authority Server From A Flood Attack

Glossary of Technical Terms Related to IPv6

Enterprise Buyer Guide

OpenSRS Service DNS Configuration Guide

Enterprise Architecture Office Resource Document Design Note - Domain Name System (DNS)

Transforming the Internet: from IPv4 to IPv6

IBM. Vulnerability scanning and best practices

CLOUD SERVICE SCHEDULE Newcastle

DNS Rex Do you need an aggressive benchmark?

1 Basic Configuration of Cisco 2600 Router. Basic Configuration Cisco 2600 Router

Firewall Configuration. Firewall Configuration. Solution Firewall Principles

Service Description DDoS Mitigation Service

Microsoft Dynamics CRM 2015 with NetScaler for Global Server Load Balancing

Services Deployment. Administrator Guide

A versatile platform for DNS metrics with its application to IPv6

Network Management and Monitoring Software

CNS-207 Implementing Citrix NetScaler 10.5 for App and Desktop Solutions

Monitoring Windows Event Logs

WHAT SERVICES ARE ACCESSIBLE VIA IPV6? Mark Prior Liaison Asia Pacific Research & Education Community Juniper Networks


OVERVIEW OF THE DNS AND GLOSSARY OF TERMS

DNS Record Injection Vulnerabilities in Home Routers

OVERVIEW OF THE DNS AND GLOSSARY OF TERMS

How To Set Up An Ip Firewall On Linux With Iptables (For Ubuntu) And Iptable (For Windows)

Network Layers. CSC358 - Introduction to Computer Networks

Simple security is better security Or: How complexity became the biggest security threat

Copyright

GURL. Reverse. Geolocation. Using. Lookup

TEAL: Transparent Archiving Library

Transcription:

PEQ-DNS A Platform for DNS Quality Monitoring

DNS Monitoring Challenges [1/2] The DNS is a complex distributed system that requires a distributed (per DNS server) monitoring system Monitoring usually focuses on aggregated metrics (e.g. number of good/bad queries, zone transfers) that are the key indicators of service provisioning health 2

DNS Monitoring Challenges [2/2] For network operators, DNS monitoring is a way to control that the name resolution is working well (as a service) For domain registries, in addition to running the cctld servers, it is compulsory to make sure that overall DNS infrastructure is in good health 3

DNS Health For Operators Provide DNS name resolution with: Low response time Robustness (no downtime) Ability to resist to attacks Filter invalid DNS packets (e.g. buffer overflow, invalid requests) in order to identify source of potential issues that might be mitigated 4

DNS Health For Registries In addition to the previous goals they also need to: Avoid distributing inaccurate information that might lead to bad service quality Identify invalid or inaccurate DNS registration records and report them to registrars Deploy a DNS infrastructure matching the expected service levels and robustness 5

Monitoring Health [1/2] Health monitoring requires: Validation of the information distributed by DNS servers by means of periodic checks of records consistency and configuration Monitoring DNS server response time, geographical location and service availability over time 6

Monitoring Health [2/2] A healthy DNS infrastructure must also: Place DNS servers on networks where service availability is granted even in case of disaster/security breach Monitor suspicious/excessive requests for slowing down/blocking the requestors Identify DNS scanners that load the infrastructure and might use the collected information for other purposes (e.g. spam) 7

What is PEQ-DNS? Years ago the.it Registry decided to start a project whose goal is DNS health monitoring PEQ-DNS is a distributed monitoring platform developed by the.it Registry aimed at measuring DNS health combining static registrations analysis with live traffic monitoring 8

Static DNS Validation [1/2] Identification of misconfigured DNS servers (e.g. lame delegation, zone check) Route analysis for reaching DNS servers in order to evaluate their resiliency to disasters (overlapping server discovery) Risk analysis (if a DNS fails, how many domains are affected by the failure) 9

Static DNS Validation [2/2] Risk in Case of Network Failure Risk in Case of Server Failure 10

PEQ-DNS Traffic Console 11

PEQ-DNS DNS Console [1/2] 12

PEQ-DNS DNS Console [2/2] Web User Web Console Live DNS Traffic SQL and TSDB (TimeSeries Database) 13

NXDomain [1/3] 14

NXDOMAIN [2/3] Per-query Statistics Client IP Client ASN DNS Request Query Number 15

Queries: ASN Statistics Per-ASN DNS Statistics NXDomain Queries Good Queries 16

DNS Clients Geolocation Information used for statistical purposes and for placing DNS in the most appropriate places for serving requests 17

NXDOMAIN vs Bad Requests In order to trigger alarms, we need to figure out whether a certain request was misspelled or completely wrong Alarms can be triggered only if false-positives are very limited. This can be achieved by identifying and insulating ordinary errors Levenshtein distance is used to compare the request with the real registered domain 18

Ordinary Errors (NXDOMAIN) Mispelled: rossoalicwe.it Correct: rossoalice.it Inexistent: ilballodelpimpolho.it Inexistent domain but ilballodelpimpolho is a popular Google match Human requests: www.film%20tv.it, www.ferrovie%20dello%20stato.it Electronic requests: _ldap._tcp $e52fced9-8106-48a0-9c86-69c5d32d8c92.domains._ msdcs.itcge.it Email addresses used in Web navigation zazzu89@hotmail.it 19

NXDOMAIN Analysis (Future) Domain Registration vs NXDOMAIN (%) 4 3 2 1 0 July August September October November 20

DNS Server Statistics 2,1 DNS server per Internet Domain (average) 7% 2% 93% 98% Domains with MX record Domains w/o MX record Domains with Web site Domains w/o Web site 21

DNS Server Statistics (cont) 5% 2% 95% 98% Domains with IPv4 DNS only Domains with IPv4/v6 DNS DNS Queries IPv4 DNS Queries IPv6 22

DNS Server Statistics (cont) 5% 46% 54% 95% Overlapping Non Overlapping Critical Overlapping Non Critical Overlapping 23

Registrars Ranking 24

Conclusions We developed a near-realtime open-source DNS monitoring system that Contrary to similar tools it s able to handle hundred of million flows/day using low-end commodity hardware. Collected data are used to highlight trends DNS usage We provide a feedback to registrars as well highlight service anomalies Your feedback is warmly welcome! 25

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information