dns observatory
play

DNS Observatory: The Big Picture of the DNS Pawe Foremski Oliver - PowerPoint PPT Presentation

May 20, 2023 •1.03k likes •1.33k views

DNS Observatory: The Big Picture of the DNS Pawe Foremski Oliver Gasser Giovane C. M. Moura Farsight Security / IITiS PAN Technical University of Munich SIDN Labs / TU Delft pjf@fsi.io gasser@net.in.tum.de giovane.moura@sidn.nl ACM IMC

  1. DNS Observatory: The Big Picture of the DNS Paweł Foremski Oliver Gasser Giovane C. M. Moura Farsight Security / IITiS PAN Technical University of Munich SIDN Labs / TU Delft pjf@fsi.io gasser@net.in.tum.de giovane.moura@sidn.nl ACM IMC 2019, October 2019, Amsterdam

  2. What’s DNS Observatory? 1. Observe recursive -> authoritative DNS traffic 2. Track the most popular values in queries (eg. IPs) 3. Characterize each “big player” with a set of features Goals: ● Gain insight into DNS & Internet events ● Diagnose DNS in the wild , suggest improvements ● Ongoing work! Published first paper -> let people know http://pngimg.com/download/66494 (CC BY-NC 4.0) 2

  3. What’s DNS Observatory? #2 ● Source: Farsight Security Information Exchange (SIE) ○ Contributors! ISPs, DNS providers, hosting farms, etc. ○ Hundreds of resolvers around the world ○ ~200k / sec real-time observations (passive DNS) ● This paper dataset: January - April 2019 ○ total: 1.6 trillion DNS transactions ○ eg. 1-minute sample = 2.6 million unique domains (queried FQDNs) ● Why important vs. existing works? ○ Passive (instead of active + lists) ○ Many vantage points (instead of an ISP or a TLD) ○ Real-time stream processing http://pngimg.com/download/66494 (CC BY-NC 4.0) 3

  4. In more detail… 4

  5. DNS Objects & Traffic Features ● Authoritative DNS servers ● Counts of queries and responses, eg. all, answered, SUCCESS, NXDOMAIN, NODATA, (IP address) has NS records, DNSSEC-signed, etc. ● Effective TLDs and SLDs ● Cardinality estimates (HyperLogLog, …), eg. (Public Suffix List) distinct FQDNs, TLDs, SLDs, QTYPEs, IPs seen in ● Fully-Qualified Domain Names ANSWER, authoritative server IPs ● QTYPEs ● Histogram estimates (percentiles, top-k, …), eg. (A, AAAA, MX, RRSIG, …) server response delay, number of network hops, response size, record TTLs, est. hierarchy level ● IPv4 / IPv6 records (A, AAAA, ANY) ● ... ...more coming! 5

  6. Big Picture 6

  7. Traffic distribution: top 100K nameservers (95% obs.) 7

  8. Traffic distribution: top 100K nameservers (95% obs.) NXD 21% Data 64% Nodata 5% 8

  9. Traffic distribution: top 100K FQDNs (23% obs.) NXD 1.5% Data 70% Nodata 10% 9

  10. Traffic distribution: top AS names (>50% obs.) 10

  11. Traffic distribution: QTYPEs (99.5% obs.) 11

  12. Performance: response delay & network hops 12

  13. Performance: roots & gTLDs 13

  14. How many auth. nameservers on the Internet? 14

  15. Happy Eyeballs 15

  16. Happy Eyeballs v2 (HE) 1. Send concurrent A and AAAA queries 2. Collect responses 3. Start IP address race, give preference to IPv6 16

  17. Happy Eyeballs v2 (HE): RFC 8305 1. Send concurrent A and AAAA queries 2. Collect responses 3. Start IP address race, give preference to IPv6 Both queries SHOULD be made as soon after one another as possible, with the AAAA query made first and immediately followed by the A query. If a positive A response is received first (...), the client SHOULD wait a short time for the AAAA response to ensure that preference is given to IPv6 (...). This delay will be referred to as the "Resolution Delay". The recommended value for the Resolution Delay is 50 milliseconds. 17

  18. TTL = 10-15 min HE vs. DNS: seen in the wild Negative TTL = 15 seconds 18

  19. Why read? 19

  20. Didn’t say & Take-aways ● How TTLs impact query volumes? ● DNS Observatory provides birds-eye ● How to predict upcoming DNS changes? view on the DNS ● Did we see many QNAME minimization (qmin) deployments? ● ~50% of seen DNS transactions: ● How DNS could be improved for HE? ○ Top 1K nameservers ○ Top 10 AS owners ● We invite you (academic researchers) to access the data ● Consider HE effects of low negative ● Long-term goal: make parts publicly caching TTLs available 20

  21. Paweł Foremski Farsight Security / IITiS PAN pjf@fsi.io @pforemski DNS Observatory: Oliver Gasser The Big Picture Technical University of Munich gasser@net.in.tum.de of the DNS Giovane C. M. Moura SIDN Labs / TU Delft giovane.moura@sidn.nl ACM Internet Measurement Conference 2019 October 2019, Amsterdam 21

  22. Backup slides 22

  23. User privacy? Drop transaction details (eg. EDNS0) Aggregate, Traffic “above” drop unpopular stuff resolvers 23

  24. Traffic distribution: top 100K SLDs (69% obs.) NXD 19% Data 68% Nodata 7% 24

  25. Impact on query rate 25

  26. Upcoming change? 26

  27. Data representativeness 27

  28. Example: 1-minute snapshot 28

  29. Example: time series for .com (30 days) 29

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

HELIO, a Heliospheric virtual observatory J. Aboudarham, LESIA, Paris Observatory, VO-PDC,

HELIO, a Heliospheric virtual observatory J. Aboudarham, LESIA, Paris Observatory, VO-PDC,

http://www.helio-vo.eu HELIO, a Heliospheric virtual observatory J. Aboudarham, LESIA, Paris Observatory, VO-PDC, France R.D. Bentley, MSSL/UCL, UK A. Csillaghy, FHNW, Switzerland Great range of data Radio imaging Detail Flux, count rate,

145 views • 11 slides
Submarine Cabled Real-time Seafloor Observatory and Subsea Engineering ROV for Observatory

Submarine Cabled Real-time Seafloor Observatory and Subsea Engineering ROV for Observatory

conference & convention enabling the next generation of networks & services Submarine Cabled Real-time Seafloor Observatory and Subsea Engineering ROV for Observatory Construction Katsuyoshi KAWAGUCHI Japan Agency for Marine-Earth

611 views • 26 slides
What The Observatory Tool is and how it can be useful for YOU The Global Internet

What The Observatory Tool is and how it can be useful for YOU The Global Internet

TECHNICAL DEVELOPMENT OF THE ONLINE PLATFORM FOR THE GLOBAL INTERNET POLICY OBSERVATORY SMART 2014/0026 What The Observatory Tool is and how it can be useful for YOU The

547 views • 20 slides
Measurement of the UHECRs flux and composition with Pierre Auger Observatory OBSERVATORY Ioana

Measurement of the UHECRs flux and composition with Pierre Auger Observatory OBSERVATORY Ioana

Measurement of the UHECRs flux and composition with Pierre Auger Observatory OBSERVATORY Ioana C. Mari s for the Pierre Auger Collaboration Outline Ultra high energy cosmic rays Pierre Auger Observatory Energy spectrum

973 views • 42 slides
The GTC and Calar Alto Virtual Observatory Archives E. Solano, J. M. Alacid, F.

The GTC and Calar Alto Virtual Observatory Archives E. Solano, J. M. Alacid, F.

The GTC and Calar Alto Virtual Observatory Archives E. Solano, J. M. Alacid, F. Jimnez-Esteban, A. Velasco Centro de Astrobiologa (INTA-CSIC) Spanish Virtual Observatory Outline Introduction The Spanish Virtual Observatory

375 views • 19 slides
Observatory Library Washington DC Dec 11, 2014 Special Presentation 1 2 3 4 U. S. Naval

Observatory Library Washington DC Dec 11, 2014 Special Presentation 1 2 3 4 U. S. Naval

Sally Bosken US Naval Observatory Library Washington DC Dec 11, 2014 Special Presentation 1 2 3 4 U. S. Naval Observatory Library 5 U.S. Naval Observatory Mission since mid 1800s Determine positions and motions of celestial

218 views • 20 slides
Development of Astro Tourism in Shamakhy Astrophysical Observatory Shamakhy Astrophysical

Development of Astro Tourism in Shamakhy Astrophysical Observatory Shamakhy Astrophysical

Development of Astro Tourism in Shamakhy Astrophysical Observatory Shamakhy Astrophysical Observatory named after N.Tusi of Azerbaijan National Academy of Sciences Vienna November - 2017 1 Shamakhy Astrophysical Observatory named after

404 views • 17 slides
High Redshift (proto)Clusters Observatory of Paris 5-7 October 2016 Observatory of Paris

High Redshift (proto)Clusters Observatory of Paris 5-7 October 2016 Observatory of Paris

High Redshift (proto)Clusters Observatory of Paris 5-7 October 2016 Observatory of Paris International Center for Scientific workshops (CIAS) CEA/IRFU Internet, coffee breaks etc Internet Co ff ee breaks USB key - Talk pdf

667 views • 18 slides
30 Years of the McDonald Observatory Planet Search Paul Robertson 1 , 2 , 3 , Michael Endl 3 ,

30 Years of the McDonald Observatory Planet Search Paul Robertson 1 , 2 , 3 , Michael Endl 3 ,

Twenty years of giant exoplanets - Proceedings of the Haute Provence Observatory Colloquium, 5-9 October 2015 Edited by I. Boisse, O. Demangeon, F. Bouchy & L. Arnold 30 Years of the McDonald Observatory Planet Search Paul Robertson 1 , 2 , 3 ,

78 views • 5 slides
Science Initiatives of the US Virtual Observatory Robert Hanisch Space Telescope Science

Science Initiatives of the US Virtual Observatory Robert Hanisch Space Telescope Science

Science Initiatives of the US Virtual Observatory Robert Hanisch Space Telescope Science Institute Director, Virtual Astronomical Observatory The VAO is operated by the VAO, LLC. 2 US VO efforts National Virtual Observatory (NVO)

498 views • 21 slides
WELCOME TO THE WELCOME TO THE PIERRE AUGER PIERRE AUGER OBSERVATORY! OBSERVATORY!

WELCOME TO THE WELCOME TO THE PIERRE AUGER PIERRE AUGER OBSERVATORY! OBSERVATORY!

WELCOME TO THE WELCOME TO THE PIERRE AUGER PIERRE AUGER OBSERVATORY! OBSERVATORY! OBSERVATORIO PIERRE AUGER ISAPP, MALARGE, 2019 ISAPP, MALARGE, 2019 Ingo Allekotte Project Manager ingo@cab.cnea.gov.ar A BIT OF HISTORY A BIT OF

849 views • 50 slides
Collabora'ons between NCU and NAOJ 1. Improvements of the Maidanak observatory 2. The HSC survey

Collabora'ons between NCU and NAOJ 1. Improvements of the Maidanak observatory 2. The HSC survey

Collabora'ons between NCU and NAOJ 1. Improvements of the Maidanak observatory 2. The HSC survey for small solar system bodies Fumi Yoshida NAOJ Maidanak Observatory, Uzbekistan 1.5m 1m 60cm History of a research collaboraHon between NAOJ and

591 views • 13 slides
Very-High-Energy Gamma-Ray Astronomy with the ALTO observatory

Very-High-Energy Gamma-Ray Astronomy with the ALTO observatory

Very-High-Energy Gamma-Ray Astronomy with the ALTO observatory http://alto-gamma-ray-observatory.org Yvonne Becherini, Satyendra Thoudam* - Linnaeus University (Sweden) Michael Punch - APC Laboratory, Paris (France), IN2P3/CNRS & Linnaeus

384 views • 15 slides
THE IAC80 TELESCOPE DATA TO THE VIRTUAL OBSERVATORY Cristina Zurita & IAC Support Astronomers

THE IAC80 TELESCOPE DATA TO THE VIRTUAL OBSERVATORY Cristina Zurita & IAC Support Astronomers

THE IAC80 TELESCOPE DATA TO THE VIRTUAL OBSERVATORY Cristina Zurita & IAC Support Astronomers Group THE IAC80 Telescope@Teide Observatory The IAC80 telescope, at T eide Observatory since 1991 82 cm diameter. The first of its class

951 views • 30 slides
Application of Fengyun Satellite Products at the Hong Kong Observatory SO CHI-KUEN, HONG KONG

Application of Fengyun Satellite Products at the Hong Kong Observatory SO CHI-KUEN, HONG KONG

Application of Fengyun Satellite Products at the Hong Kong Observatory SO CHI-KUEN, HONG KONG OBSERVATORY EMAIL: CKSO@HKO.GOV.HK Outlines Introduction to Hong Kong Observatory FY satellite reception in HKO Data visualization and

824 views • 22 slides
A new view of the X-ray Sky through the Virtual Observatory Janet Evans, Ian Evans, and the CSC

A new view of the X-ray Sky through the Virtual Observatory Janet Evans, Ian Evans, and the CSC

A new view of the X-ray Sky through the Virtual Observatory Janet Evans, Ian Evans, and the CSC team Chandra X-ray Observatory July 23, 1999 Chandra Source Catalog Release 2 Mining the high-resolution X-ray sky Source positions, calibrated

359 views • 21 slides
CS 557 - Lecture 22 DNS Security DNS Security Introduction and Requirements, RFC 4033, 2005 Fall

CS 557 - Lecture 22 DNS Security DNS Security Introduction and Requirements, RFC 4033, 2005 Fall

CS 557 - Lecture 22 DNS Security DNS Security Introduction and Requirements, RFC 4033, 2005 Fall 2013 The Domain Name System Virtually every application uses Root the Domain Name System (DNS). DNS database maps: edu mil ru Name to

923 views • 47 slides
ECE 650 Systems Programming & Engineering Spring 2018 Dynamic Host Configuration Protocol

ECE 650 Systems Programming & Engineering Spring 2018 Dynamic Host Configuration Protocol

ECE 650 Systems Programming & Engineering Spring 2018 Dynamic Host Configuration Protocol (DHCP) and Domain Name System (DNS) Tyler Bletsch Duke University Slides are adapted from Brian Rogers (Duke) Dynamic Host Configuration Protocol

722 views • 25 slides
DNS (Domain Name System) Tutorial @ IETF-70 (DNS for protocol designers) lafur Gumundsson

DNS (Domain Name System) Tutorial @ IETF-70 (DNS for protocol designers) lafur Gumundsson

DNS (Domain Name System) Tutorial @ IETF-70 (DNS for protocol designers) lafur Gumundsson OGUD consulting Peter Koch DENIC eG 2007-12-02 DNS Tutorial @ IETF-70 1 ogud@ogud.com & pk@denic.de Tutorial Overview Goal: Give

736 views • 54 slides
Domain Name System (DNS) Smith College, CSC 249 Feb 6, 2017 1 TODAY: Domain Name System q The

Domain Name System (DNS) Smith College, CSC 249 Feb 6, 2017 1 TODAY: Domain Name System q The

Domain Name System (DNS) Smith College, CSC 249 Feb 6, 2017 1 TODAY: Domain Name System q The directory system for the Internet v Used by other application layer protocols v via socket programming q Maps a hostname to an IP address v Host

431 views • 19 slides
The DNS as a directory for identities ICANN DNS Symposium 2018, Montreal Vittorio Bertola

The DNS as a directory for identities ICANN DNS Symposium 2018, Montreal Vittorio Bertola

The DNS as a directory for identities ICANN DNS Symposium 2018, Montreal Vittorio Bertola <vittorio.bertola@open-xchange.com> 1 Premise: We need proper online identities Traditionally, we only had accounts And they were not

302 views • 18 slides
Passive DNS Collection and Analysis The 'dnstap' (& fstrm) Approach Farsight Security, Inc.

Passive DNS Collection and Analysis The 'dnstap' (& fstrm) Approach Farsight Security, Inc.

Passive DNS Collection and Analysis The 'dnstap' (& fstrm) Approach Farsight Security, Inc. December 2014 Importance of Measuring DNS High volume low latency datagram protocol Channel 202; 40 sources; 1,657,398,226,932 bytes/day;

196 views • 19 slides
Encapsulation End-to-End Argument Source Transport Saltzer, Reed & Clark, 1981 src &

Encapsulation End-to-End Argument Source Transport Saltzer, Reed & Clark, 1981 src &

Encapsulation End-to-End Argument Source Transport Saltzer, Reed & Clark, 1981 src & dst ports + Network src & dst IP addresses + message M Application src & dst MAC addresses Link segment H T M Transport datagram H N

354 views • 6 slides
Ne Needle in a Haystack: : Tracking Do Down Elite Ph Phishing g Dom Domains in the Wild Ke

Ne Needle in a Haystack: : Tracking Do Down Elite Ph Phishing g Dom Domains in the Wild Ke

Ne Needle in a Haystack: : Tracking Do Down Elite Ph Phishing g Dom Domains in the Wild Ke Tian, Steve T.K. Jan , Hang Hu, Danfeng Yao, Gang Wang Computer Science, Virginia Tech Phishing is a Big Th Threat Phishing: fraudulent attempt

411 views • 30 slides

More recommend