applications: domain name system mitra nasri ece department, university of tehran fall 2009
TRANSCRIPT
![Page 1: Applications: Domain Name System Mitra Nasri ECE Department, University of Tehran Fall 2009](https://reader035.vdocuments.net/reader035/viewer/2022070323/56649e235503460f94b114ec/html5/thumbnails/1.jpg)
Applications:Domain Name System
Mitra Nasri
ECE Department, University of Tehran
Fall 2009
![Page 2: Applications: Domain Name System Mitra Nasri ECE Department, University of Tehran Fall 2009](https://reader035.vdocuments.net/reader035/viewer/2022070323/56649e235503460f94b114ec/html5/thumbnails/2.jpg)
Table of Content
Internet Applications (Application Mix) DNS Measurement
Properties Challenges Tools DNS in Other Applications State of the Art
Mitra Nasri, Internet Measurement, Applications (Chapter 7), DNS 2
![Page 3: Applications: Domain Name System Mitra Nasri ECE Department, University of Tehran Fall 2009](https://reader035.vdocuments.net/reader035/viewer/2022070323/56649e235503460f94b114ec/html5/thumbnails/3.jpg)
Internet Applications
Why do we study Internet applications? Applications are the visible part of the Internet Infrastructure supportes the flow of the traffic of
different applications
Mitra Nasri, Internet Measurement, Applications (Chapter 7), DNS 3
User
We want to examines the flow of Application’s Traffic over the Infrastructure
Application Mix
![Page 4: Applications: Domain Name System Mitra Nasri ECE Department, University of Tehran Fall 2009](https://reader035.vdocuments.net/reader035/viewer/2022070323/56649e235503460f94b114ec/html5/thumbnails/4.jpg)
Application we will study
Mitra Nasri, Applications (Chapter 7), DNS 4
Web1 client <-> 1
ServerP2PN Peers
D N S
Online GamesClients and some central servers
Application Mix
![Page 5: Applications: Domain Name System Mitra Nasri ECE Department, University of Tehran Fall 2009](https://reader035.vdocuments.net/reader035/viewer/2022070323/56649e235503460f94b114ec/html5/thumbnails/5.jpg)
Application Mix
FTP (1980s) It was transporting files in an Anonymous mode (unknown
clients).
Clients should know the server address.
In 1980s, Email and Telnet was based on FTP.
Network News Groups (1980s a bit after FTP)
WWW over HTTP protocol (1990) Became the majority of traffic after 1998.
P2P (end of 1990s) Napster had an Attractive content and young clients
Mitra Nasri, Applications (Chapter 7), DNS 5
Application Mix
![Page 6: Applications: Domain Name System Mitra Nasri ECE Department, University of Tehran Fall 2009](https://reader035.vdocuments.net/reader035/viewer/2022070323/56649e235503460f94b114ec/html5/thumbnails/6.jpg)
Table of Content
Internet Applications (Application Mix)DNS Measurement
Properties Challenges Tools DNS in Other Applications State of the Art
Mitra Nasri, Internet Measurement, Applications (Chapter 7), DNS 6
![Page 7: Applications: Domain Name System Mitra Nasri ECE Department, University of Tehran Fall 2009](https://reader035.vdocuments.net/reader035/viewer/2022070323/56649e235503460f94b114ec/html5/thumbnails/7.jpg)
DNS Measurement Introduction Definition
DNS is a database distributed across servers that handles
name and address resolution on a hierarchical basis.
DNS uses UDP protocol Traffic in DNS is a query and a response both can fit in a
single datagram.
UDP scales much better for DNS app.
Note that zone transfers use TCP.
Mitra Nasri, Applications (Chapter 7), DNS 7
DNS | Introduction
![Page 8: Applications: Domain Name System Mitra Nasri ECE Department, University of Tehran Fall 2009](https://reader035.vdocuments.net/reader035/viewer/2022070323/56649e235503460f94b114ec/html5/thumbnails/8.jpg)
Mitra Nasri, Applications (Chapter 7), DNS 8
DNS | Introduction
![Page 9: Applications: Domain Name System Mitra Nasri ECE Department, University of Tehran Fall 2009](https://reader035.vdocuments.net/reader035/viewer/2022070323/56649e235503460f94b114ec/html5/thumbnails/9.jpg)
DNS Routing (by Iteration)
Mitra Nasri, Applications (Chapter 7), DNS 9
DNS | Introduction
![Page 10: Applications: Domain Name System Mitra Nasri ECE Department, University of Tehran Fall 2009](https://reader035.vdocuments.net/reader035/viewer/2022070323/56649e235503460f94b114ec/html5/thumbnails/10.jpg)
Table of Content
Internet Applications (Application Mix)DNS Measurement
Properties Challenges Tools DNS in Other Applications State of the Art
Mitra Nasri, Internet Measurement, Applications (Chapter 7), DNS 10
![Page 11: Applications: Domain Name System Mitra Nasri ECE Department, University of Tehran Fall 2009](https://reader035.vdocuments.net/reader035/viewer/2022070323/56649e235503460f94b114ec/html5/thumbnails/11.jpg)
DNS Properties of Interest to MeasureMeasured Property Why Where
Fraction of Internet traffic Guides other issues Across Internet
Availability Critical to infrastructure Root and Authoritative servers
Number of entities Performance Remote reverse engineering
Response latency Performance Targeted set of servers
TTL assigned CDN serer selection At sampled Local DNS server
Extent of caching Performance At multiple sites
Software configurations Correctness / Variance Locally
Location of DNS servers Mapping Globally
Characteristics of queries Correctness Local DNS servers
Validity of queries Access control Locally
Frequency of lookups Application popularity Locally
Mitra Nasri, Applications (Chapter 7), DNS 11
DNS | Properties
![Page 12: Applications: Domain Name System Mitra Nasri ECE Department, University of Tehran Fall 2009](https://reader035.vdocuments.net/reader035/viewer/2022070323/56649e235503460f94b114ec/html5/thumbnails/12.jpg)
Fraction of Internet Traffic
Traffic Type for DNS Queries, Responses, Forwarding of queries and responses.
Fraction of Internet traffic of an application.
DNS is below 5% of current Internet traffic.
Mitra Nasri, Applications (Chapter 7), DNS 12
DNS | Properties
![Page 13: Applications: Domain Name System Mitra Nasri ECE Department, University of Tehran Fall 2009](https://reader035.vdocuments.net/reader035/viewer/2022070323/56649e235503460f94b114ec/html5/thumbnails/13.jpg)
Availability
Availability is Critical for DNS servers DNS servers are in the front line of Attack on
the Internet. They are the weakest link in the chain!
Mitra Nasri, Applications (Chapter 7), DNS 13
DNS | Properties
![Page 14: Applications: Domain Name System Mitra Nasri ECE Department, University of Tehran Fall 2009](https://reader035.vdocuments.net/reader035/viewer/2022070323/56649e235503460f94b114ec/html5/thumbnails/14.jpg)
Number of Entities
Entities: Clients and Local DNS servers: most of them are
hidden due to DNS caching. Authoritative DNS servers and Root Servers: Root
servers are usually static and well-known.
Mitra Nasri, Applications (Chapter 7), DNS 14
DNS | Properties
![Page 15: Applications: Domain Name System Mitra Nasri ECE Department, University of Tehran Fall 2009](https://reader035.vdocuments.net/reader035/viewer/2022070323/56649e235503460f94b114ec/html5/thumbnails/15.jpg)
Response Latency
Response Latency is the time between the issuance of a DNS request and the receipt of the response.
It is related to availability of DNS servers and DNS caching.
Studies have explored the distribution of delays for popular servers or authoritative servers of popular domains.
Mitra Nasri, Applications (Chapter 7), DNS 15
DNS | Properties
Request Issuance Response ReceiptTime
Response Latency
![Page 16: Applications: Domain Name System Mitra Nasri ECE Department, University of Tehran Fall 2009](https://reader035.vdocuments.net/reader035/viewer/2022070323/56649e235503460f94b114ec/html5/thumbnails/16.jpg)
TTL and Extent of Caching
A Time-To-Live value is the validity duration of the mapping
returned by authoritative DNS server and caching DNS server.
Web browsers do their own caching of DNS mappings.
TTLs represent a trade-off between:
Speed (to avoid repeated issuance of the same query)
Overall number of DNS messages
Mitra Nasri, Applications (Chapter 7), DNS 16
DNS | Properties
![Page 17: Applications: Domain Name System Mitra Nasri ECE Department, University of Tehran Fall 2009](https://reader035.vdocuments.net/reader035/viewer/2022070323/56649e235503460f94b114ec/html5/thumbnails/17.jpg)
Software Configuration
Bad Configuration result in: Performance Problems Internal Information leak
Violating privacy of clients Providing information for competitors
Measuring such property requires to be aware of software implementation variants.
Mitra Nasri, Applications (Chapter 7), DNS 17
DNS | Properties
![Page 18: Applications: Domain Name System Mitra Nasri ECE Department, University of Tehran Fall 2009](https://reader035.vdocuments.net/reader035/viewer/2022070323/56649e235503460f94b114ec/html5/thumbnails/18.jpg)
Location of DNS Server
Physical and Topological locations of DNS servers on the internet can provide a rough map of where the clients are. Clients tend to be close to their local DNS servers
Mitra Nasri, Applications (Chapter 7), DNS 18
DNS | Properties
![Page 19: Applications: Domain Name System Mitra Nasri ECE Department, University of Tehran Fall 2009](https://reader035.vdocuments.net/reader035/viewer/2022070323/56649e235503460f94b114ec/html5/thumbnails/19.jpg)
Characteristics of Queries
The most common query type is the “name to address translation”.
But how much are there other types of queries? Address to name translation
Mitra Nasri, Applications (Chapter 7), DNS 19
DNS | Properties
![Page 20: Applications: Domain Name System Mitra Nasri ECE Department, University of Tehran Fall 2009](https://reader035.vdocuments.net/reader035/viewer/2022070323/56649e235503460f94b114ec/html5/thumbnails/20.jpg)
Validity of Queries
Security -> limited access for some users through Access Control Lists (ACLs).
An estimation of the amount of failed queries (e.g. for sites in ACLs) is an interesting property.
Mitra Nasri, Applications (Chapter 7), DNS 20
DNS | Properties
![Page 21: Applications: Domain Name System Mitra Nasri ECE Department, University of Tehran Fall 2009](https://reader035.vdocuments.net/reader035/viewer/2022070323/56649e235503460f94b114ec/html5/thumbnails/21.jpg)
Frequency and Count of Lookups Site Popularity view point:
The number of lookups for an address may be an indication of its popularity.
From the traffic view point: The amount of traffic that stays within a
network as opposed to the fraction that is visible outside, indicates the extent of caching.
Mitra Nasri, Applications (Chapter 7), DNS 21
DNS | Properties
![Page 22: Applications: Domain Name System Mitra Nasri ECE Department, University of Tehran Fall 2009](https://reader035.vdocuments.net/reader035/viewer/2022070323/56649e235503460f94b114ec/html5/thumbnails/22.jpg)
Table of Content
Internet Applications (Application Mix)DNS Measurement
Properties
Challenges Tools DNS in Other Applications State of the Art
Mitra Nasri, Internet Measurement, Applications (Chapter 7), DNS 22
![Page 23: Applications: Domain Name System Mitra Nasri ECE Department, University of Tehran Fall 2009](https://reader035.vdocuments.net/reader035/viewer/2022070323/56649e235503460f94b114ec/html5/thumbnails/23.jpg)
DNS Measurement Challenges Degree of control exercised by local administrators is considerable
makes hard the measurement from outside.
Lots of hidden entities Lots of cached data
Mitra Nasri, Applications (Chapter 7), DNS 23
DNS | Challenges
![Page 24: Applications: Domain Name System Mitra Nasri ECE Department, University of Tehran Fall 2009](https://reader035.vdocuments.net/reader035/viewer/2022070323/56649e235503460f94b114ec/html5/thumbnails/24.jpg)
Hidden Data (1)
There is no information about Clients behind a local DNS No published directory of local or authoritative
DNS servers Configuration parameters of local DNS servers
and its effect of more hidden data
Mitra Nasri, Applications (Chapter 7), DNS 24
DNS | Challenges
![Page 25: Applications: Domain Name System Mitra Nasri ECE Department, University of Tehran Fall 2009](https://reader035.vdocuments.net/reader035/viewer/2022070323/56649e235503460f94b114ec/html5/thumbnails/25.jpg)
Hidden Data (2)
From traffic view point: local DNS servers hide information (e.g. traffic data) of their
clients from the outside world.
Access Control Lists prevent lookups behind a network.
Firewalls typically don’t allow UDP packets on the DNS port.
Some organizations handle their internal DNS requests on their
own.
Mitra Nasri, Applications (Chapter 7), DNS 25
DNS | Challenges
![Page 26: Applications: Domain Name System Mitra Nasri ECE Department, University of Tehran Fall 2009](https://reader035.vdocuments.net/reader035/viewer/2022070323/56649e235503460f94b114ec/html5/thumbnails/26.jpg)
More Challenges
Hidden Layer As “any cast” is not implemented in many of DNS servers one
can not measure all nodes from single or a few locations. “Any cast” allows delivery of a datagram to one server in a set of
servers.
Hidden Entities Although “iterative mode” for DNS lookup allows a client to
contact directly to some servers, DNS caching may hide outside world from it and vice versa.
Mitra Nasri, Applications (Chapter 7), DNS 26
DNS | Challenges
![Page 27: Applications: Domain Name System Mitra Nasri ECE Department, University of Tehran Fall 2009](https://reader035.vdocuments.net/reader035/viewer/2022070323/56649e235503460f94b114ec/html5/thumbnails/27.jpg)
Table of Content
Internet Applications (Application Mix)DNS Measurement
Properties Challenges
Tools DNS in Other Applications State of the Art
Mitra Nasri, Internet Measurement, Applications (Chapter 7), DNS 27
![Page 28: Applications: Domain Name System Mitra Nasri ECE Department, University of Tehran Fall 2009](https://reader035.vdocuments.net/reader035/viewer/2022070323/56649e235503460f94b114ec/html5/thumbnails/28.jpg)
DNS Measurement Tools
Source/ Name of the Tool
Primary function
Passive Measurement
•Netflow logs•DNS update logs•Graph representation•NeTraMet
•Local characterization of DNS traffic•Traffic characterization•Classifying DNS entities•DNS spectroscopy
Active Monitoring
•dnsstat•dnstop•dsc
•Local DNS statistics•Local DNS statistics, highlighting unusual events•Local DNS statistics filtered to aid troubleshooting
Active Measurement
•fpdns•dnschecker
• Identifying DNS implementation•Identifying nodes in DNS resolution path
Mitra Nasri, Applications (Chapter 7), DNS 28
DNS | Tools
![Page 29: Applications: Domain Name System Mitra Nasri ECE Department, University of Tehran Fall 2009](https://reader035.vdocuments.net/reader035/viewer/2022070323/56649e235503460f94b114ec/html5/thumbnails/29.jpg)
Passive Measurement for Characterization (1)
Types of offline useful data here: DNS Logs
Usually available at root servers Rare at clients or local servers Good for Intrusion Detection at servers
Traffic Data (in the form of Netflow) Just by examining UDP/TCP traffic at port 53 Usually is presented by a directional graph
Packet Traces Can be done by mirroring DNS port and running
tcpdump on another host (not interfering root servers!)
Mitra Nasri, Applications (Chapter 7), DNS 29
DNS | Tools
![Page 30: Applications: Domain Name System Mitra Nasri ECE Department, University of Tehran Fall 2009](https://reader035.vdocuments.net/reader035/viewer/2022070323/56649e235503460f94b114ec/html5/thumbnails/30.jpg)
Passive Measurement for Characterization (2)
NeTraMet (Network Traffic Flow Management Tool)
NeTraMet has passive access to packets. It is good to examine traffic at a narrow set of machines (13 root
servers). It is capable of logging time of request/response, the source and
destination IP address, the type of DNS query, and optional information.
TCPDrip Can capture packet traces and/or anonymize traces.
A flow is an arbitrary collection of bi-directional packets with a large number of attributes (+40).
Mitra Nasri, Applications (Chapter 7), DNS 30
DNS | Tools
![Page 31: Applications: Domain Name System Mitra Nasri ECE Department, University of Tehran Fall 2009](https://reader035.vdocuments.net/reader035/viewer/2022070323/56649e235503460f94b114ec/html5/thumbnails/31.jpg)
Active Monitoring for Characterization (1) dnsstat (CADIA group)
Monitors port 53 and presents statistics about DNS queries.
It has to be able to see all DNS related traffic to the monitored entity (client or server), because it works in the same LAN.
Some dnsstat’s results on root servers: 75% of DNS queries are Name to Address translation. 8% are IP to Name conversions. It helped to optimizing the placement of DNS root servers.
Mitra Nasri, Applications (Chapter 7), DNS 31
DNS | Tools
![Page 32: Applications: Domain Name System Mitra Nasri ECE Department, University of Tehran Fall 2009](https://reader035.vdocuments.net/reader035/viewer/2022070323/56649e235503460f94b114ec/html5/thumbnails/32.jpg)
dnstop (Measurement Factory group) Uses the libpcap library on top of
tcpdump generated traces to display DNS-Related information similar to dnsstat (with some additional info).
It can show buggy DNS server implementations which allows bad queries such as IP to IP translation.
Mitra Nasri, Applications (Chapter 7), DNS 32
DNS | ToolsActive Monitoring for Characterization (2)
![Page 33: Applications: Domain Name System Mitra Nasri ECE Department, University of Tehran Fall 2009](https://reader035.vdocuments.net/reader035/viewer/2022070323/56649e235503460f94b114ec/html5/thumbnails/33.jpg)
Active Monitoring for Characterization(3)
dsc (an extension on dnstop) Collects statistics at busy DNS servers into XML format files and
displays them graphically. It can gather data on an alternate machine to which the DNS
server is connected over a switch and using port mirroring. It is good for busy servers.
It can generate a graphical representation of rate of DNS replies and their length in byte.
Mitra Nasri, Applications (Chapter 7), DNS 33
DNS | Tools
![Page 34: Applications: Domain Name System Mitra Nasri ECE Department, University of Tehran Fall 2009](https://reader035.vdocuments.net/reader035/viewer/2022070323/56649e235503460f94b114ec/html5/thumbnails/34.jpg)
Active Measurement for Characterization (1)
They impose additional load to DNS servers so should be used carefully.
fpdns (a Perl script) It is capable of generating a rough fingerprint of DNS servers. It checks a variety of hypotheses much like a reverse engineering
tool by sending queries remotely. Results obtained using fpdns show that: 70% of name servers use BIND.
BIND (Berkeley Internet Name Domain) is an implementation of the DNS protocols and provides an openly redistributable reference implementation of the major components.
Mitra Nasri, Applications (Chapter 7), DNS 34
DNS | Tools
![Page 35: Applications: Domain Name System Mitra Nasri ECE Department, University of Tehran Fall 2009](https://reader035.vdocuments.net/reader035/viewer/2022070323/56649e235503460f94b114ec/html5/thumbnails/35.jpg)
Active Measurement for Characterization (1)
Fpdns Results: 70% of name servers use BIND.
BIND (Berkeley Internet Name Domain) is an implementation of the
DNS protocols and provides an openly redistributable reference
implementation of the major components.
98% of errors were query time out.
In German DNSs, more than 55000 DNS servers
exists while 87% of them use BIND.
Mitra Nasri, Applications (Chapter 7), DNS 35
DNS | Tools
![Page 36: Applications: Domain Name System Mitra Nasri ECE Department, University of Tehran Fall 2009](https://reader035.vdocuments.net/reader035/viewer/2022070323/56649e235503460f94b114ec/html5/thumbnails/36.jpg)
Active Measurement for Characterization (3)
dnschecker Lists all servers involved in a query resolution.
Checks correctness of response, changes in DNS records, paths taken by a DNS query and etc.
Gives an indication of server load balancing done and fraction of queries that would be answered by authoritative server.
Mitra Nasri, Applications (Chapter 7), DNS 36
DNS | Tools
![Page 37: Applications: Domain Name System Mitra Nasri ECE Department, University of Tehran Fall 2009](https://reader035.vdocuments.net/reader035/viewer/2022070323/56649e235503460f94b114ec/html5/thumbnails/37.jpg)
Performance Measurement Tools (1)
Goals: How the query is spread over the root and top-
level DNS servers
How well the queries are handled
The actual impact of DNS on clients
The role plaid by caching and its effectiveness
Mitra Nasri, Applications (Chapter 7), DNS 37
DNS | Tools
![Page 38: Applications: Domain Name System Mitra Nasri ECE Department, University of Tehran Fall 2009](https://reader035.vdocuments.net/reader035/viewer/2022070323/56649e235503460f94b114ec/html5/thumbnails/38.jpg)
Performance Measurement Tools (2) Methods:
Passive: Metrics are Availability, latency, number and rate of queries
handled at a busy server and extent of caching. It involves examining DNS logs at the application level.
Active: The goal is to get apparent latency felt by clients. It has been done via distributed tools to different client
locations.
Mitra Nasri, Applications (Chapter 7), DNS 38
DNS | Tools
![Page 39: Applications: Domain Name System Mitra Nasri ECE Department, University of Tehran Fall 2009](https://reader035.vdocuments.net/reader035/viewer/2022070323/56649e235503460f94b114ec/html5/thumbnails/39.jpg)
Table of Content
Internet Applications (Application Mix)DNS Measurement
Properties Challenges Tools
DNS in Other Applications State of the Art
Mitra Nasri, Internet Measurement, Applications (Chapter 7), DNS 39
![Page 40: Applications: Domain Name System Mitra Nasri ECE Department, University of Tehran Fall 2009](https://reader035.vdocuments.net/reader035/viewer/2022070323/56649e235503460f94b114ec/html5/thumbnails/40.jpg)
Use of DNS in other Applications
Technique Use in Application
Content distribution Locating nearest replica
Load balancing Server selection
Examining nearness to clients Estimating latency between nodes
Piggybacking small messages Reducing latency in Web transaction
Examining lookup frequency Inferring popularity of applications
Blackhole lists and spam Spam avoidance
Tunneling non-DNS traffic through firewall
Attacks
Mitra Nasri, Applications (Chapter 7), DNS 40
DNS | DNS in Other Applications
![Page 41: Applications: Domain Name System Mitra Nasri ECE Department, University of Tehran Fall 2009](https://reader035.vdocuments.net/reader035/viewer/2022070323/56649e235503460f94b114ec/html5/thumbnails/41.jpg)
How Akamai (A Content Distribution Network) Works
Mitra Nasri, Applications (Chapter 7), DNS 41
DNS | DNS in Other Applications
End-user
cnn.com (content provider) DNS root server Akamai server
1 2 3
4
Akamai high-level DNS server
Akamai low-level DNS server
Nearby matchingAkamai server
11
67
8
9
10
Get index.html
12
Get foo.jpg
5
Get /cnn.com/foo.jpg
![Page 42: Applications: Domain Name System Mitra Nasri ECE Department, University of Tehran Fall 2009](https://reader035.vdocuments.net/reader035/viewer/2022070323/56649e235503460f94b114ec/html5/thumbnails/42.jpg)
Table of Content
Internet Applications (Application Mix)DNS Measurement
Properties Challenges Tools DNS in Other Applications
State of the Art
Mitra Nasri, Internet Measurement, Applications (Chapter 7), DNS 42
![Page 43: Applications: Domain Name System Mitra Nasri ECE Department, University of Tehran Fall 2009](https://reader035.vdocuments.net/reader035/viewer/2022070323/56649e235503460f94b114ec/html5/thumbnails/43.jpg)
State of the Art
Results in DNS Characterization
Results in DNS Performance
Using DNS for Other Applications
Mitra Nasri, Internet Measurement, Applications (Chapter 7), DNS 43
DNS | State of the Art
![Page 44: Applications: Domain Name System Mitra Nasri ECE Department, University of Tehran Fall 2009](https://reader035.vdocuments.net/reader035/viewer/2022070323/56649e235503460f94b114ec/html5/thumbnails/44.jpg)
Results in DNS Characterization DNS was introduced in 1984 when there were barely 1000
hosts. -> in 1992, 14% of Internet traffic -> in 2001, 23% of queries had no result -> in 2003, 100 million query per day
Two types of research in the area: Techniques to solve previous challenges Demonstration of the problem of unreachability of some data.
Mitra Nasri, Internet Measurement, Applications (Chapter 7), DNS 44
DNS | State of the Art
DNS
![Page 45: Applications: Domain Name System Mitra Nasri ECE Department, University of Tehran Fall 2009](https://reader035.vdocuments.net/reader035/viewer/2022070323/56649e235503460f94b114ec/html5/thumbnails/45.jpg)
Graph-based characterization of DNS Entities
45
DNS | State of the Art | Results in DNS characterization
![Page 46: Applications: Domain Name System Mitra Nasri ECE Department, University of Tehran Fall 2009](https://reader035.vdocuments.net/reader035/viewer/2022070323/56649e235503460f94b114ec/html5/thumbnails/46.jpg)
Closer Look at DNS Root Servers
In late 2002, 150 million query was gathered in one day from a Root Server using port mirroring.
Nearly 400,000 unique source IP addresses were seen during that day.
They found that one organization was responsible for more than 15% of the traffic because of its bad configurations.
70% of queries was Identical Name to Address translations which were generated by Robots!
They also found that only 2% of the queries were really legitimate.
46
DNS | State of the Art | Results in DNS characterization
![Page 47: Applications: Domain Name System Mitra Nasri ECE Department, University of Tehran Fall 2009](https://reader035.vdocuments.net/reader035/viewer/2022070323/56649e235503460f94b114ec/html5/thumbnails/47.jpg)
Results in DNS Performance
2002: a wide area research modified BIND (for auto logging capability) and installed the new version on 75 machines.
Performance Measures were Time to complete a lookup, RTT to server, number of retries, average
response time and etc.
Results: While success of results were consistent, response time varied
significantly. 20-30% of time spent in top-level domain name servers while root servers
had no delay. ¼ of the queries were aliases. Root servers will be able to handle the load of Denial of Service whereas
top-level domain servers can not.
Mitra Nasri, Internet Measurement, Applications (Chapter 7), DNS 47
DNS | State of the Art
![Page 48: Applications: Domain Name System Mitra Nasri ECE Department, University of Tehran Fall 2009](https://reader035.vdocuments.net/reader035/viewer/2022070323/56649e235503460f94b114ec/html5/thumbnails/48.jpg)
Results in DNS Performance
2003: NeTraMet were used for two days.
Performance Measures were Response time, The choice of server that were selected,
repeated queries and query rates.
Results: Distribution of response times had a long tail and were correlated
to the geographical distance from measurement point to the root server.
They found a server that was sending a query for .net every two minutes!
Mitra Nasri, Internet Measurement, Applications (Chapter 7), DNS 48
DNS | State of the Art
![Page 49: Applications: Domain Name System Mitra Nasri ECE Department, University of Tehran Fall 2009](https://reader035.vdocuments.net/reader035/viewer/2022070323/56649e235503460f94b114ec/html5/thumbnails/49.jpg)
Using DNS for Other Applications (1) Using nearness of DNS Servers to Clients
“King Tool Set” Assumptions: A large number of IP hosts are topologically close to their authoritative
name servers. Latency between any two name servers can be accurately measured by
using Recursive DNS queries. Latency between end hosts can be approximated as the latency between
their name servers
Mitra Nasri, Internet Measurement, Applications (Chapter 7), DNS 49
DNS | State of the Art
![Page 50: Applications: Domain Name System Mitra Nasri ECE Department, University of Tehran Fall 2009](https://reader035.vdocuments.net/reader035/viewer/2022070323/56649e235503460f94b114ec/html5/thumbnails/50.jpg)
Using DNS for Other Applications (2) piggybacking on DNS (in DNS-Enhanced Web [2003])
Use of available space in DNS queries and DNS responses. 40 byte in DNS query, 512 byte in UDP response. Embed a HTTP request into available spaces in UDP packet.
Mitra Nasri, Internet Measurement, Applications (Chapter 7), DNS 50
DNS | State of the Art
Good for Content Distribution Networks
Delivering small images in DNS packets
![Page 51: Applications: Domain Name System Mitra Nasri ECE Department, University of Tehran Fall 2009](https://reader035.vdocuments.net/reader035/viewer/2022070323/56649e235503460f94b114ec/html5/thumbnails/51.jpg)
Using DNS for Other Applications (3) Relative popularity of DNS.
If a particular application is Popular, then hits periodically on DNS caches.
It indicates what applications are popular in different sub-classes at the same time.
It can be used in assigning TTL to the local DNS servers.
dnscache (A different kind of snooping) An easy way to locate a list of misspellings is to query caches to see if
they occur often enough. It is useful for domain typo-squatters to suggest domain owners to by
new bad-spelled domains.
Mitra Nasri, Internet Measurement, Applications (Chapter 7), DNS 51
DNS | State of the Art
![Page 52: Applications: Domain Name System Mitra Nasri ECE Department, University of Tehran Fall 2009](https://reader035.vdocuments.net/reader035/viewer/2022070323/56649e235503460f94b114ec/html5/thumbnails/52.jpg)
Using DNS for Other Applications (4) Blackhole lists and Spam
We can blackhole the domain of the spamming server by asking DNS resolvers not to reply to queries about those domains.
Reverse MX (RMX Group) Step 1: DNS asks for domains that are authorized for
sending mail behalf of popular mail servers. “DNS: Dear popular mail servers, please introduce your
authorized domains to me”
Step 2: Each mail receiver queries DNS to check about validity of “From domain” of the email sender.“SMTP server: Dear DNS, is this “From domain”, a valid one?”
Mitra Nasri, Internet Measurement, Applications (Chapter 7), DNS 52
DNS | State of the Art
DNS
![Page 53: Applications: Domain Name System Mitra Nasri ECE Department, University of Tehran Fall 2009](https://reader035.vdocuments.net/reader035/viewer/2022070323/56649e235503460f94b114ec/html5/thumbnails/53.jpg)
Using DNS for Other Applications (5) Tunneling non-DNS traffic through Firewalls
As DNS is critical for most of Internet applications and it usually uses UDP, it became a good gateway for hackers and creators of Trojan horses to pass the firewalls.
Hackers can bypass firewalls using DNS-like-packets and sending a split file in a sequence of these queries.
Mitra Nasri, Internet Measurement, Applications (Chapter 7), DNS 53
DNS | State of the Art
![Page 54: Applications: Domain Name System Mitra Nasri ECE Department, University of Tehran Fall 2009](https://reader035.vdocuments.net/reader035/viewer/2022070323/56649e235503460f94b114ec/html5/thumbnails/54.jpg)
Mitra Nasri, Applications (Chapter 7), DNS 54