and DNS data mining Making Windows DNS Server Cloud Ready ~Kumar - - PowerPoint PPT Presentation

and dns data mining
SMART_READER_LITE
LIVE PREVIEW

and DNS data mining Making Windows DNS Server Cloud Ready ~Kumar - - PowerPoint PPT Presentation

Oct 10, 2023 154 likes •296 views

DNS Traffic Management and DNS data mining Making Windows DNS Server Cloud Ready ~Kumar Ashutosh, Microsoft Windows DNS Server Widely deployed in enterprises Fair presence in the DNS resolver space Standards compliant and

slide-1
SLIDE 1

DNS Traffic Management and DNS data mining

Making Windows DNS Server Cloud Ready ~Kumar Ashutosh, Microsoft

slide-2
SLIDE 2

Windows DNS Server

▪ Widely deployed in enterprises ▪ Fair presence in the DNS resolver space ▪ Standards compliant and interoperable ▪ Secure and scalable

slide-3
SLIDE 3

Needs of DNS server in cloud

▪ Policy based traffic management ▪ Audit and billing mechanism for DNS service ▪ The DNS data mine and analytics ▪ Security and High availability

slide-4
SLIDE 4

Policy based Traffic Management

▪ DNS Policy is Windows DNS Server construct that allows DNS administrators to control the DNS Query processing in order to achieve :

▪ Global Traffic Management, ▪ Application Load Balancing, ▪ Intelligent DNS responses based on communication protocol (IPV4 or V6) or transport protocol (UDP and TCP), ▪ Applying tenant specific filters for black holing, parental control etc. ▪ Split-Brain DNS Deployment … and much more

slide-5
SLIDE 5

Anatomy of a policy

Criteria

Any combination of Client Subnet, Server Interface IP, FQDN, Internet protocol (IPV4/V6), Transport Protocol (UDP/TCP), Time Of Day, Query Type

Action

If policy matches what action to take : ALLOW, DENY, IGNORE

? ?

Content

If Action is allow, what data to respond with and in what ratio.

slide-6
SLIDE 6

Capabilities

High Availability

Improve availability of critical applications by failover policies

Traffic Management

Location aware responses

Load Balancing

Application Load Balancing based on the performance

  • f host

? ?

Filters

Black Hole and Filters

Time of day

Time of day based policies

Split Brain

Split Brain DNS

slide-7
SLIDE 7

DNS Audit Trail

What changed?

  • Zone
  • Server
  • Record

What?

Who changed?

  • DC admin
  • Tenant admin

Who?

  • For Reporting
  • Audit Trails
  • diagnostics

When?

slide-8
SLIDE 8

DNS Data mine

Actionable Information Pattern discovery Data Preparation Data collection

slide-9
SLIDE 9

DNS Data mine : Data Collection

▪ Collect data from every DNS server ▪ Centralized system for collection ▪ Real time collection with minimal performance impact ▪ Kinds of Data collected:

▪ All DNS transactions

▪ Queries/responses ▪ XFR ▪ Dynamic updates

▪ Server state

▪ Health indicators ▪ Performance counters

slide-10
SLIDE 10

DNS Data mine : Data Preparation

▪ Cleaning the data ▪ Data transformation

▪ Creating relational databases for different purposes ▪ Related calculations – like amplification factor, frequency etc. ▪ Collation of data across the server farm ▪ Correlation of data

▪ Across multiple servers ▪ Between single user ▪ Relationship with state of the server.

▪ Rolling over with knowledge transfer.

slide-11
SLIDE 11

DNS Data mine: Pattern Discovery

▪ Domain name analysis, ▪ Amplification analysis ▪ User behaviour analysis ▪ Client subnet analysis ▪ Security analysis

slide-12
SLIDE 12

DNS Data mine: Actionable Information

▪ User behaviour analytics ▪ Load model ▪ DDoS detection

slide-13
SLIDE 13

Thank You