a deep dive into dns query failures
play

A Deep Dive into DNS Query Failures Donghui Yang 1,2 , Zhenyu Li 1 , - PowerPoint PPT Presentation

Oct 10, 2022 •242 likes •595 views

A Deep Dive into DNS Query Failures Donghui Yang 1,2 , Zhenyu Li 1 , Gareth Tyson 3 1 Institute of Computing Technology, Chinese Academy of Sciences 2 University of Chinese Academy of Sciences 3 Queen Mary University of London Why to study DNS

  1. A Deep Dive into DNS Query Failures Donghui Yang 1,2 , Zhenyu Li 1 , Gareth Tyson 3 1 Institute of Computing Technology, Chinese Academy of Sciences 2 University of Chinese Academy of Sciences 3 Queen Mary University of London

  2. Why to study DNS Query Failures • Failures prevent access to any services dependent on domain names • High-level observation: 13.5% of DNS queries fail resolver server

  3. Passive DNS Data LDNS end user’s anonymized IP address, BGP prefix, ASN, recursive resolver’s IP address, DNS query type, resource records, timestamp • 14-day samples (each sample consists of 10-minute logs) , ~3.1 billion logs

  4. Identification of Failed Queries • No RCODE: we turn to a heuristic method to filter out logs that are attributed to NXDOMAINs • Check if the requested domain (QNAME) contains a valid answer – e.g., for an A query, at least one RR in the response is an A record of the QNAME • Extract failed queries of the four most popular types of records that constitute 99.5% of all queries • Filter out logs attributed to NXDOMAINs by removing logs containing domains that have never succeeded in the whole dataset – 2.8 billion logs remain for subsequent analyses

  5. A Primer on DNS Failures • A queries account for the majority and are successfully resolved most frequently • Other query types manifest lower success rates – Surprisingly low success rate for AAAA queries

  6. Failures Across Domains • A queries exhibit high success rates – Nevertheless, as many as 7% of domains experience a success rate <50%

  7. Failures Across Domains • AAAA queries: ~60% domains have never been successfully resolved – Infrastructural limitations in how DNS supports IPv6

  8. Failures Across Domains • The concentrate of failures on a small set of domains

  9. Failures Across Domains • For most categories, >80% of the failures are attributed to the top 3 SLDs • Some domain types are paramount in increasing failure rates – proxy, porn, parked domains……

  10. Failures Across Resolvers • The majority of resolvers serving A queries have very high success rates

  11. Failures Across Resolvers • Some resolvers may not be IPv6 ready during our observation period

  12. Failures Across Resolvers • Testing public resolvers: #queries (success rate)

  13. Failures Across Resolvers • Testing public resolvers: #queries (success rate) • GoogleDNS dominates the most used public DNS service

  14. Failures Across Resolvers • Testing public resolvers: #queries (success rate) • GoogleDNS dominates the most used public DNS service • Various success rates: DNSPOD vs OpenDNS

  15. Failures Across Resolvers • Testing public resolvers: #queries (success rate) • GoogleDNS dominates the most used public DNS service • Various success rates: DNSPOD vs OpenDNS • AAAA queries: notably lower success rate across all resolvers

  16. Failures Across Resolvers • Testing public resolvers: #queries (success rate) • GoogleDNS dominates the most used public DNS service • Various success rates: DNSPOD vs OpenDNS • AAAA queries: notably lower success rate across all resolvers • Why do public DNS resolvers differ in success rates?

  17. Failures Across Resolvers • Comparing domains received between each pair of resolver • Low similarity with each other – Different request patterns AliDNS – taobao.com – alipay.com 114DNS – akadns.net – akamaiedge.net

  18. Failures Across Resolvers • Comparing infrastructures – Compare the success rates of the same domains handled by different resolvers • Domains resolved by 114DNS and ISP are most likely to fail

  19. Failures Across Resolvers • Comparing infrastructures – Compare the success rates of the same domains handled by different resolvers • DNSPOD and 360DNS have higher success rates

  20. Failures Across TLDs • Specifically explore two camps of TLDs – The new generic Top Level Domains – Those that have Internationalized Domain Name • They show lower success rates, maybe because – Such gTLDs attract certain types of domain registrant – The presence of malicious domains which are unreliable

  21. Failures Across TLDs • The majority of domains map to a relatively small set of prefixes

  22. Failures Across TLDs • some /24 network segments serve a large number of domains

  23. Failures Across TLDs

  24. Failures Across TLDs • Extremely low rate of successful resolutions today

  25. Failures Across TLDs • The number of queries is close to the number of FQDNs – These domains are short-lived and change frequently

  26. Failures Across TLDs Corresponding to domains classified as malicious • Two blacklists from VirusTotal and Qihoo 360 • Label a domain as malicious if any of the two blacklists classify it as so

  27. Failures Across TLDs • Malicious SLDs hosted in subnet 3 have a larger impact

  28. Failures Across TLDs • The subnets host different sites mapping to different TLDs

  29. Implications on Systems Design • Active measurement system – Distinguish between resolvers that support and do not support AAAA queries – Test whether a domain supports AAAA queries – Measure the success rates Other resolvers … … resolver Send DNS queries

  30. Implications on Systems Design • Active measurement system – Localization performance close to the user far from the user servers resolver

  31. Implications on Systems Design • Such an active measurement system is useful for content publishers, ISPs and end users • For publishers – help locate their content • For ISPs – help estimate the IPv6 traffic • For users – help to choose more suitable resolvers

  32. Implications on Systems Design • Extracting features from domain names may not work well for detecting malicious new gTLD domains • To build a malicious new gTLD domain detection system , we could use features like – DNS query frequency – the number of FQDNs of an SLD – the resolved IP addresses – the corresponding ASes

  33. Conclusion • Findings: based on analysis using passive DNS logs covering over 3B queries from 3 ISPs in China – A small number of domains are responsible for the majority of failures – Domains and resolvers need to be upgraded for better IPv6 support – Diverse failure rates across the DNS resolvers – New gTLDs have higher failure rates largely because of malicious domains • Implications: we propose two potential systems that could build on our findings – Active measurement system – Malicious new gTLD domain detection system

  34. Thank you!

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

DEEP DIVE DEEP DIVE INT INTO O SEO SEO Private and Confidential. Property of Whereoware, LLC.

DEEP DIVE DEEP DIVE INT INTO O SEO SEO Private and Confidential. Property of Whereoware, LLC.

DEEP DIVE DEEP DIVE INT INTO O SEO SEO Private and Confidential. Property of Whereoware, LLC. MEET THE SPEAKERS TEYA TUCCIO-FLICK CHRISTINA DAVES Partner, Search and Analytics Founder Whereoware PR for Anyone DEEP DIVE INTO SEO 2

729 views • 54 slides
DataPower DataPower-MQ Integration MQ Integration Deep Dive Deep Dive Robin Wiley (Robin

DataPower DataPower-MQ Integration MQ Integration Deep Dive Deep Dive Robin Wiley (Robin

DataPower DataPower-MQ Integration MQ Integration Deep Dive Deep Dive Robin Wiley (Robin Wiley Training) Capitalware's MQ Technical Conference v2.0.1.6 Your Presenter: Robin Wiley Senior Instructor, IBM Messaging Products MQ

457 views • 35 slides
RTGEN (AGC) &amp; ICCP Deep Dive February 23, 2012 Shari Brown and Matt Beck CBA Project Staff

RTGEN (AGC) &amp; ICCP Deep Dive February 23, 2012 Shari Brown and Matt Beck CBA Project Staff

RTGEN (AGC) &amp; ICCP Deep Dive February 23, 2012 Shari Brown and Matt Beck CBA Project Staff Section 1 INTRODUCTION: RTGEN (AGC) AND ICCP DISCUSSION TOPICS 3 RTGEN (AGC) and ICCP Deep Dive for CBA This Deep Dive will provide details for

784 views • 27 slides
A Deep Dive into the Dark Web Coen Schuijt UvA OS3 February 5 th , 2019 February 5 th , 2019

A Deep Dive into the Dark Web Coen Schuijt UvA OS3 February 5 th , 2019 February 5 th , 2019

A Deep Dive into the Dark Web Coen Schuijt UvA OS3 February 5 th , 2019 February 5 th , 2019 Coen Schuijt (UvA OS3) A Deep Dive into the Dark Web 1 / 28 Outline 1 Introduction Related work Research Questions 2 Methodologies Surface

473 views • 28 slides
Next Generation ACO Model Open Door Forum: Financial Deep Dive March 31, 2015 Agenda

Next Generation ACO Model Open Door Forum: Financial Deep Dive March 31, 2015 Agenda

Next Generation ACO Model Open Door Forum: Financial Deep Dive March 31, 2015 Agenda Preliminary Financial Timeline Financial Model Deep Dive Benchmark Prospective Benchmark Example Example Discount Calculations Risk

917 views • 28 slides
A Deep Dive into the kude@ga.co Shi Oku

A Deep Dive into the kude@ga.co Shi Oku

Stes Bais sen.bais@ga.co Kut el A Deep Dive into the kude@ga.co Shi Oku Interprocedural

1.48k views • 91 slides
Interactive Deep-dive : Visualizing Terrorism Data Ella Kim, Leah Kim Project Idea Evolution of

Interactive Deep-dive : Visualizing Terrorism Data Ella Kim, Leah Kim Project Idea Evolution of

Interactive Deep-dive : Visualizing Terrorism Data Ella Kim, Leah Kim Project Idea Evolution of terrorism in the Middle East + Interactive Data Visualization + Interactive Data Deep Dive Prior Work Static visualization No interactivity

242 views • 6 slides
2019 System Goals Deep-Dive Data Carmelo Barbaro Executive Director, Poverty Lab Urban Labs,

2019 System Goals Deep-Dive Data Carmelo Barbaro Executive Director, Poverty Lab Urban Labs,

2019 System Goals Deep-Dive Data Carmelo Barbaro Executive Director, Poverty Lab Urban Labs, University of Chicago Data Deep Dive System Goal 2: Reduce the time people remain homeless. System Goal 3: Homeless dedicated units should all be

419 views • 13 slides
Using the Assessment Findings to Dive Headfirst into the Deep End St. Louis City May 11, 2015

Using the Assessment Findings to Dive Headfirst into the Deep End St. Louis City May 11, 2015

NO PLACE FOR KIDS Using the Assessment Findings to Dive Headfirst into the Deep End St. Louis City May 11, 2015 Prepared with Support From: Juvenile Justice Strategy Group INTERVIEWS &amp; SURVEYS DATA ANALYSES

593 views • 42 slides
Demystifying the transition Deep Dive of the Transitional Provisions Trademarks Branch

Demystifying the transition Deep Dive of the Transitional Provisions Trademarks Branch

Demystifying the transition Deep Dive of the Transitional Provisions Trademarks Branch Canadian Intellectual Property Office IPIC Conference October 12, 2018 Fairmont Chateau Laurier, Ottawa, Ontario (Source: Brand Canada) Building a

769 views • 43 slides
2019 CoC System Goals Deep-Dive for r Goal 1 Laura Bass, Director of Programs, Facing Forward to

2019 CoC System Goals Deep-Dive for r Goal 1 Laura Bass, Director of Programs, Facing Forward to

2019 CoC System Goals Deep-Dive for r Goal 1 Laura Bass, Director of Programs, Facing Forward to End Homelessness Carmelo Barbaro, Executive Director, Poverty Lab, University of Chicago 2019 CoC System Goals Deep-Dive for Goal 1 Goal 1

285 views • 7 slides
offMetro Deep Dive and Strategic Analysis TEAM TWO FAB FOUR LAUREN BETHEA MACKENZIE

offMetro Deep Dive and Strategic Analysis TEAM TWO FAB FOUR LAUREN BETHEA MACKENZIE

offMetro Deep Dive and Strategic Analysis TEAM TWO FAB FOUR LAUREN BETHEA MACKENZIE CLAPPERTON BRITTANY NAUMAN CLARISSA TORRES Objectives: Develop Strategies to Grow Readership Based on an understanding of industry standards and

360 views • 17 slides
Deep Dive Strengthening practice and addressing industry challenges January 29, 2018 1 Thank

Deep Dive Strengthening practice and addressing industry challenges January 29, 2018 1 Thank

Impact Measurement &amp; Management Deep Dive Strengthening practice and addressing industry challenges January 29, 2018 1 Thank you for joining us today! Please note: All participants are muted. Use the chat function to submit

432 views • 32 slides
SCE 2018 GRC Deep Dive on SCE T estimony on Poles November 2, 2016 1 Summary Pole

SCE 2018 GRC Deep Dive on SCE T estimony on Poles November 2, 2016 1 Summary Pole

SCE 2018 GRC Deep Dive on SCE T estimony on Poles November 2, 2016 1 Summary Pole inspection, assessment, maintenance, and replacement continue to be a major focus for SCE given: Their impact on public and worker safety Their

841 views • 32 slides
Concurrent &amp; Multicore OCaml: A deep dive KC Sivaramakrishnan 1 &amp; Stephen Dolan 1 Leo

Concurrent &amp; Multicore OCaml: A deep dive KC Sivaramakrishnan 1 &amp; Stephen Dolan 1 Leo

Concurrent &amp; Multicore OCaml: A deep dive KC Sivaramakrishnan 1 &amp; Stephen Dolan 1 Leo White 2 , Jeremy Yallop 1,3 , Armal Guneau 4 , Anil Madhavapeddy 1,3 1 2 3 4 Concurrency Parallelism Concurrency Programming technique

859 views • 52 slides
My Brothers Keeper Community Challenge Deep Dive Milestone 5 Successfully Entering the

My Brothers Keeper Community Challenge Deep Dive Milestone 5 Successfully Entering the

My Brothers Keeper Community Challenge Deep Dive Milestone 5 Successfully Entering the Workforce 0 Agenda Introduction MBK Webinar Overview Cradle-to-College-to-Career Approach 2 Driving Systemic Change in Your Community

400 views • 15 slides
Worldwide Security and Resiliency of Cyber Infrastructures: the Role of the Domain Name System

Worldwide Security and Resiliency of Cyber Infrastructures: the Role of the Domain Name System

Worldwide Security and Resiliency of Cyber Infrastructures: the Role of the Domain Name System Dr. Igor Nai Fovino Head of the Research Department Global Cyber Security Center The Global Cyber Security Center, is an International not-for-profit

615 views • 33 slides
The DNS security mess D. J. Bernstein University of Illinois at Chicago The Domain Name

The DNS security mess D. J. Bernstein University of Illinois at Chicago The Domain Name

The DNS security mess D. J. Bernstein University of Illinois at Chicago The Domain Name System tue.nl wants to see http://www.utwente.nl . Browser at tue.nl The web server www.utwente.nl has IP address

1.46k views • 120 slides
Network Information System Saher Hasan Mohammed Department of Computer Science SIUC

Network Information System Saher Hasan Mohammed Department of Computer Science SIUC

Network Information System Saher Hasan Mohammed Department of Computer Science SIUC smohammed@csmail.cs.siu.edu Outline Introduction Getting Acquainted with NIS Configuration Details Configuring NIS Server NIS Server

706 views • 27 slides
Applications Remember this? Application Transport Network Link Physical CSE 461 University

Applications Remember this? Application Transport Network Link Physical CSE 461 University

Applications Remember this? Application Transport Network Link Physical CSE 461 University of Washington 2 Application Communication Needs Vary widely; build on Transport services; some use multiple transport protocols (e.g., Zoom)

687 views • 49 slides
CS101 Lecture 9: Internetworking Internet Protocol IP Addresses Routing Domain Name Services

CS101 Lecture 9: Internetworking Internet Protocol IP Addresses Routing Domain Name Services

10/2/12 CS101 Lecture 9: Internetworking Internet Protocol IP Addresses Routing Domain Name Services Aaron Stevens (azs@bu.edu) 2 October 2012 Computer Science What Youll Learn Today Computer Science What is the Internet? What

546 views • 13 slides
Domain Name System (DNS) Recap DNS is a distributed database Resolver asks Cache for

Domain Name System (DNS) Recap DNS is a distributed database Resolver asks Cache for

Domain Name System (DNS) Recap DNS is a distributed database Resolver asks Cache for information Session-3: Configuration of Authoritative Nameservers Cache traverses the DNS delegation tree to find Authoritative name server which

579 views • 9 slides
Application Layer in the Internet

Application Layer in the Internet

Application Layer in the Internet 15 February, 2001

512 views • 11 slides
Internet 101 U.S. National Cybersecurity, Technical Breakout #1 10/5/04 presented by: Martin

Internet 101 U.S. National Cybersecurity, Technical Breakout #1 10/5/04 presented by: Martin

Internet 101 U.S. National Cybersecurity, Technical Breakout #1 10/5/04 presented by: Martin Casado Network vs. Internet a network is a system of computers that talk over some communication medium: phone line (analogue modem, DSL),

748 views • 30 slides

More recommend