1 / 10

DNS Measurement at a Root Server

DNS Measurement at a Root Server. Nevil Brownlee, kc Claffy and Evi Nemeth Presented by Zhengxiang Pan Mar. 27 th , 2003. Introduction. DNS: Domain Name System BIND: Berkeley Internet Name Domain System. Local Name Server. UDP. client. Local Name Server. Root Server. Local Name Server.

luka
Download Presentation

DNS Measurement at a Root Server

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. DNS Measurement at a Root Server Nevil Brownlee, kc Claffy and Evi Nemeth Presented by Zhengxiang Pan Mar. 27th, 2003

  2. Introduction • DNS: Domain Name System • BIND: Berkeley Internet Name Domain System Local Name Server UDP client Local Name Server Root Server Local Name Server

  3. Methodology Passive capture DNS packets at F.root-server.net Use Tcpdump & Error logs

  4. Results • A. query rate • Responds 93% of the input packets.

  5. Error taxonomy • B1. Repeated queries • Maybe the results of a broken nameserver or a broken client. • B2. Private Address Space • About 7% of the queries are asking for hostname associated with an RFC 1918 address. • 2% - 3% of the queries have the source IP address in RFC 1918 space.

  6. Error taxonomy • B3. Top Level Domains • In 1 hour trace of Jan. 7, 2001: • 16.5% of the servers asked only INVALID TLD • 37.1% of the servers asked at least one INVALID TLD

  7. Error taxonomy • B4. Bogus A Queries • A query: hostname  IP address • 12-18% A queries target IP address • B5. Source Port Zero • Port 0 is reserved and not valid in UDP / TCP. • Root servers never answer queries from port 0

  8. Error Taxonomy • B6. Dynamic Updates • DHCP can dynamic update local nameserver, should not try to update root servers.

  9. Results • Attacks • Spoofing source IP, using root server as reflector, flooding the attack target with answers it did not ask. • Scanning IP space. • Microsoft’s DNS woes • Jan. 24, 2001 Microsoft nameserves down, query load for Microsoft names go to over 25% of the total query load.

  10. Summary • Percentages of servers have bad behaviors: • 13% bogus A query • 35% invalid TLD • 35% leaking internal information • Strategy • Diagnose and repair bugs in implementation • Deploy negative answers

More Related