260 likes | 363 Views
Paper Presentation – CAP 6135. Outline. Review - DNS Proposed Solution Simulation Results / Evaluation Discussion. Domain Name System - DNS. DNS is a name resolution service which resolves host names into IP address DNS is a distributed database application with a hierarchical structure
E N D
Outline • Review - DNS • Proposed Solution • Simulation Results / Evaluation • Discussion
Domain Name System - DNS • DNS is a name resolution service which resolves host names into IP address • DNS is a distributed database application with a hierarchical structure • DNS Benefits • Convenience: names are easier to remember • Consistency: IP address can change but server names can remain constant • Simplicity: One naming convention
Domain Name System - DNS • Key Components of DNS • DNS name space • Name servers • DNS Zones • Resource Records
Step 1: Your PC sends a resolution request to its configured DNS Server, typically at your ISP. Tell me the Address of “www.google.com”
Step 2: Your ISPs recursive name server starts by asking one of the root servers predefined in its “hints” file. Tell me the Address of “www.google.com” I don’t know the address but I know who’s authoritative for the ”com” domain ask them
Step 3: Your ISPs recursive name server then asks one of the “com” name servers as directed. Tell me the Address of “www.google.com” I don’t know the address but I know who’s authoritative for the ”google.com” domain ask them
Step 4: Your ISPs recursive name server then asks one of the “google.com” name servers as directed. Tell me the Address of “www.google.com” The Address of www.google.com is 216.239.53.99
Step 5: ISP DNS server then send the answer back to your PC. The DNS server will “remember” the answer for a period of time. The Address of www.google.com is 216.239.53.99
Step 6: Your PC can then make the actual HTTP request to the web server. Send me the www.google.com.au web page Here it is!
Summary The actual web request DNS
Caching • Huge volume of request • DNS resolution process allows for caching for a given period of time after a successful answer • Determined by a value called the time to live (TTL) • TTL is set by the administrator of the DNS server
Caching Summary The actual web request DNS
Proposed Solution • DNS resolvers cache responses to improve lookup performance and reduce lookup overhead • A resolver can use cached responses upto the time-to-live (TTL) value associated with the response • Modify resolvers - do not expunge cached records with TTL value expired • Expired records evicted from cache and stored “stale cache” • Resolvers use stale cache to answer queries for unavailable zone • Allows the resolution process to continue
Evaluation • DNS traffic • Cornell Computer Science Dept – Internet • ~1300 hosts • 65 days • 84,580,513 DNS queries • 53,848,115 DNS responses • 4,478,731 unique names • Stale cache size: 1 to 30 days • Attack duration: 3, 6, 12 and 24 hours.
Fraction of Queries (for two-level names) Answered and Accurate Records
Fraction of Queries (for three-level names) Answered and Accurate Records
Discussion • Pros • DNS Robustness • Simplicity. • Does not change the basic protocol operation and infrastructure • Does not impose any load on DNS • Does not impact the latency of query resolution • Incremental Deployment • Motivation for Deployment
Discussion • Objections • DNS caching semantics and the possibility of inaccurate information being used • Autonomy for zone operators • Attackers attempting to force the use of inaccurate information • Resolution latency in the face of an attack
References • Mitigating DNS DoS Attacks, Hitesh Ballani, Paul Francis, CCS 2008 • Wikipedia • Amplified DNS DDoS Attacks and Mitigation, www.cert-in.org.in • www.cs.rpi.edu/~hollingd/netprog/notes/dns • www.aptld.org