DNSwitness: A Generic Platform For DNS-based Measurements

Similar documents
A versatile platform for DNS metrics with its application to IPv6

DNSwitness: recent developments and the new passive monitor

Lesson 13: DNS Security. Javier Osuna GMV Head of Security and Process Consulting Division

F-Root's DNSSEC Signing Plans. Keith Mitchell Internet Systems Consortium DNS-OARC NANOG48, Austin, 24 th Feb 2010

DNSSEC. Introduction. Domain Name System Security Extensions. AFNIC s Issue Papers. 1 - Organisation and operation of the DNS

DNS and BIND. David White

DNS Cache Poisoning Vulnerability Explanation and Remedies Viareggio, Italy October 2008

Use Domain Name System and IP Version 6

NANOG DNS BoF. DNS DNSSEC IPv6 Tuesday, February 1, 2011 NATIONAL ENGINEERING & TECHNICAL OPERATIONS

DNSSEC Applying cryptography to the Domain Name System

Response Policy Zones for the Domain Name System (DNS RPZ) By Paul Vixie, ISC (et.al.) 2010 World Tour

Copyright

DNS at NLnet Labs. Matthijs Mekking

Internet-Praktikum I Lab 3: DNS

IPv6 support in the DNS

F5 and Infoblox DNS Integrated Architecture Offering a Complete Scalable, Secure DNS Solution

CDN SERVICE ICSS ROUTE MANAGED DNS DEUTSCHE TELEKOM AG INTERNATIONAL CARRIER SALES AND SOLUTIONS (ICSS)

JPNIC Public Forum. Paul Vixie. Chairman, Internet Software Consortium. January 21, 2003

DNSSEC - Why Network Operators Should Care And How To Accelerate Deployment

SAC 049 SSAC Report on DNS Zone Risk Assessment and Management

Domain Name System (DNS) Fundamentals

Next Steps In Accelerating DNSSEC Deployment

10233B: Designing and Deploying Messaging Solutions with Microsoft Exchange Server 2010

IPv6 and DNS. Secure64

Domain Name System :49:44 UTC Citrix Systems, Inc. All rights reserved. Terms of Use Trademarks Privacy Statement

DNSSEC Deployment Activity in Japan - Introduction of DNSSEC Japan - Yoshiki Ishida, Yoshiro Yoneya, Tsuyoshi Toyono, Miki Takata DNSSEC Japan

Response Policy Zones

THE MASTER LIST OF DNS TERMINOLOGY. v 2.0

Lab - Observing DNS Resolution

Domain Name System (DNS) Session-1: Fundamentals. Ayitey Bulley

IPv6 and DNS. Secure64

Presented by Greg Lindsay Technical Writer Windows Server Information Experience. Presented at: Seattle Windows Networking User Group April 7, 2010

FAQ (Frequently Asked Questions)

How to Add Domains and DNS Records

Securing DNS Infrastructure Using DNSSEC

DNSSEC for Everybody: A Beginner s Guide

A Plan for the Continued Development of the DNS Statistics Collector

THE MASTER LIST OF DNS TERMINOLOGY. First Edition

dnstap: high speed DNS logging without packet capture Robert Edmonds Farsight Security, Inc.

Overview of DNSSEC deployment worldwide

Internet Measurement Research

IPv6 Support in the DNS. Workshop Name Workshop Location, Date

page 1 DNS Rate Limiting W. Matthijs Mekking matthijs@nlnetlabs.nl 28 Feb 2013 Stichting NLnet Labs

How To Guide Edge Network Appliance How To Guide:

LISTSERV LDAP Documentation

HTG XROADS NETWORKS. Network Appliance How To Guide: EdgeDNS. How To Guide

DNSSEC in your workflow

AlienVault Unified Security Management (USM) 4.x-5.x. Deployment Planning Guide

DNS SECURITY TROUBLESHOOTING GUIDE

DNS Measurements, Monitoring & Quality Control

Deploying DNSSEC: From End-Customer To Content

Measures to Protect (University) Domain Registrations and DNS Against Attacks. Dave Piscitello, ICANN

IEEE IoT IoT Scenario & Use Cases: Social Sensors

How To Load balance traffic of Mail server hosted in the Internal network and redirect traffic over preferred Interface

DNS & IPv6. Agenda 4/14/2009. MENOG4, 8-9 April Raed Al-Fayez SaudiNIC CITC rfayez@citc.gov.sa, DNS & IPv6.

DNS Security: New Threats, Immediate Responses, Long Term Outlook Infoblox Inc. All Rights Reserved.

Global Server Load Balancing (GSLB) Concepts

Part 5 DNS Security. SAST01 An Introduction to Information Security Martin Hell Department of Electrical and Information Technology

TECHNICAL WHITE PAPER. Infoblox and the Relationship between DNS and Active Directory

Computer Networks: DNS a2acks CS 1951e - Computer Systems Security: Principles and Prac>ce. Domain Name System

DNS Tampering and Root Servers

Where is Hong Kong in the secure Internet infrastructure development. Warren Kwok, CISSP Internet Society Hong Kong 12 August 2011

Monitoring the DNS. Gustavo Lozano Event Name XX XXXX 2015

EVILSEED: A Guided Approach to Finding Malicious Web Pages

Glossary of Technical Terms Related to IPv6

Final. Dr. Paul Twomey President and Chief Executive Officer Internet Corporation for Assigned Names and Numbers (ICANN)

The Domain Name System

Hacking Techniques & Intrusion Detection

Section 1 Overview Section 2 Home... 5

WHITE PAPER. Best Practices DNSSEC Zone Management on the Infoblox Grid

State of the "DNS privacy" project. Stéphane Bortzmeyer AFNIC

IPV6 SERVICES DEPLOYMENT

Decoding DNS data. Using DNS traffic analysis to identify cyber security threats, server misconfigurations and software bugs

DNS. The Root Name Servers. DNS Hierarchy. Computer System Security and Management SMD139. Root name server. .se name server. .

DNS traffic analysis -- Issues of IPv6 and CDN --

Overview. Implementation of the international transaction log. Overall ITL role and approach. Support from ITL developer/operator

DNS FLOODER V1.1. akamai s [state of the internet] / Threat Advisory

Security Monitoring of DNS traffic

Designing and Deploying Messaging Solutions with Microsoft Exchange Server 2010 Service Pack 2 MOC 10233

Protecting DNS Critical Infrastructure Solution Overview. Radware Attack Mitigation System (AMS) - Whitepaper

Defending your DNS in a post-kaminsky world. Paul Wouters <paul@xelerance.com>

Mail 8.2 for Apple OSX: Configure IMAP/POP/SMTP

netkit lab dns Università degli Studi Roma Tre Dipartimento di Informatica e Automazione Computer Networks Research Group Version Author(s)

Table of Contents DNS. How to package DNS messages. Wire? DNS on the wire. Some advanced topics. Encoding of domain names.

Module 2. Configuring and Troubleshooting DNS. Contents:

Transcription:

DNSwitness: A Generic Platform For DNS-based Measurements Journée «Mesures Internet», Paris, 24 April 2012 {Samia.Mtimet, Stephane.Bortzmeyer, Mohsen.Souissi} (at) afnic.fr

Overview Motivation Principles & Requirements Architecture Past & Current Uses Some results Conclusion & Prospective work 2

Motivation DNS registry is seated on a gold mine of DNS data What does DNS tell us? There is precious information to extract and use Our marketing team, technical team, management ask various questions we may have the answer for: How many of our domains are used for e-mail only? What has the penetration rate of IPv6, DNSSEC or phenomenon X evolved over the last N years? Could you assess the technical quality of a given portfolio of DNS zones? We focus on things that we can obtain by starting with the DNS Either from the DNS itself Or by further exploring 3

Principles & Requirements Generic Can do many different surveys Most known tools deal only with one survey Automatic Works unattended (from cron, for instance), for periodic runs, Store raw results Not just aggregates For long-term analysis Free Software Usable by small and medium actors Run it yourself, and keep your own data, share aggregated & anonymized results No data to be sent to a centralized analysis fabric 4

Global Architecture DNSwitness Platform: 2 main (free) software components DNSdelve, for active measurement What we send out : active DNS queries sent to domains Go on a fishing trip! Typically: sampling in a zone TLD file vs comprehensive walk DNSmezzo, for passive measurement What comes in: DNS queries sent name servers, passively monitored Who s knocking at our door? Sampling by default (might take all the traffic for a given window of time) A database to store results To allow long-term surveys and study the evolution To do benchmark with other partners based on uniform indicators/metrics 5

Architecture: Active Measurements Component (DNSdelve) A framework To gather information from the DNS zones delegated by a registry To get start points to explore the Internet for further information Composed of A generic basis: Handles zone file parsing and parallel querying of the zones Modules dedicated for targeted surveys: Perform the actual queries: ask explicit questions to the DNS Examples: IPv6, DNSSEC, SPF modules already available 6

Architecture: Passive Measurements Component (DNSmezzo) Capture DNS traffic, analyze content and store in a Database By sniffing the DNS traffic on a server (port mirroring, tcpdump ) Storing structured info (what we have learnt) in a rdbms Do measurements/statistics by querying the DB Periodically, unattended or on-demand runs Examples: Top N domains queried for (and more specifically those which yield a NXDOMAIN answer) Percentage of queries targeting AAAA (wrt A) records Percentage of traffic transported on IPv6 (wrt IPv4) How many queries use EDNS0 and for which sizes? Percentage of recursive name servers patched against Kaminsky attack (SPR) 7

Similar Work (DNS-based) Active measurements The Health of the Internet in Sweden (annual reports): https://www.iis.se/en/internet-for-alla/halsolaget Passive Measurements: IIS.se dns2db http://opensource.iis.se/trac/dns2db ISC SIE https://sie.isc.org/ DSC http://dns.measurement-factory.com/tools/dsc/ 8

Past & Current DNSwitness Uses Feeding the French Annual DNS Industry Report with IPv6 figures http://www.afnic.fr/fr/ressources/publications/observatoire-du-marche-des-noms-de-domaine-enfrance-3.html Contribution to the OECD Report on IPv6 Deployment Measurements in the world http://www.oecd.org/dataoecd/48/51/44953210.pdf As a platform for Internet Resilience measurements in France Observatoire de la Résilience de l Internet en France Jointly with ANSSI (the French Network and Information Security Agency) AFNIC s contribution: from the DNS perspective Results unveiled at the DNS-OARC meeting (while waiting for the 1 st edition of the report to be published): https://www.dns-oarc.net/files/workshop-201203/oarc-london-2012.pdf Surveys on demand (AFNIC or third parties) 9

Active measurements results IPv6 penetra,on rate in domains under.fr 45,00% 40,00% 35,00% 30,00% 25,00% 20,00% 15,00% DNS Web Mail IPv6- Enabled IPv6- Full 10,00% 5,00% 0,00% Q1-09 Q2-09 Q3-09 Q4-10 Q1-11 Q2-11 Q3-11 Q4-11 Q1-12 Q2-12 10

Active measurements results (2) Name Server distribu,on per for zones under.fr 30% 36% AS x AS y AS z AS t 3% AS u Autres 4% 11% 16% 11

Active measurements results (3) Name Server distribu,on per country for zones under.fr 1% 1% 4% 11% France 13% Allemagne USA Grande- Bretagne Suisse Autres 71% 12

Passive measurements results % of DNS transport in IPv4 vs IPv6 100% 0,60 0,60 99% 98% 2,20 3,47 97% 96% 95% 94% IPv6 transport (%) IPv4 transport (%) 93% 92% 91% 90% 2009 2010 2011 2012 13

Passive measurements results (2) 100% DNS Query type distribu,on for domain names under.fr 90% 80% 70% 8,06 7,29 6,85 8,68 9,17 8,45 7,65 7,57 60% 50% 40% Others (%) MX (%) NS (%) AAAA (%) A (%) 30% 20% 10% 0% 2011-07 2011-10 2011-11 2011-12 2012-01 2012-02 2012-03 2012-04 14

Passive measurements results (3) 300 Number of DNSSEC- signed delega,ons (DS) 250 200 150 Nb DS 100 50 0 2011-11 2012-04 15

Conclusion & Prospective Work DNSwitness is a generic measurements platform used in different contexts for different needs It has served multiple purposes so far The platform is running in production at AFNIC premises Will evolve continuously in order to answer new needs Collaboration with researchers Define metrics and get periodic measurements Put together results and get a joint analysis activity for a complete and long-term view New developments for: Additional resilience indicators measurements Additional services penetration rate measurements Added-value services for AFNIC and third parties 16

Merci! www.afnic.fr contact@afnic.fr Twitter : @AFNIC Facebook : afnic.fr

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information