domain name systems
play

Domain Name Systems Chester Rebeiro IIT Madras Some of the slides - PowerPoint PPT Presentation

Jan 20, 2024 •218 likes •882 views

Domain Name Systems Chester Rebeiro IIT Madras Some of the slides borrowed from the book Computer Security: A Hands on Approach by Wenliang Du DNS Hierarchy Lookup records for mapping from domain names to IP addresses Root domain

  1. Domain Name Systems Chester Rebeiro IIT Madras Some of the slides borrowed from the book ‘Computer Security: A Hands on Approach’ by Wenliang Du

  2. DNS Hierarchy Lookup records for mapping from domain names to IP addresses Root domain iitm.ac.in. .edu .in .com .gov Top level domain gov ac res mil ernet Second level domain iitb iisc iitm iitk 2

  3. DNS Hierarchy Lookup records for mapping from domain names to IP addresses Domain: Is a subtree, sharing its domain Root domain iitm.ac.in. name with the name of the top most node in the subtree .edu .in .com .gov Top level domain gov ac res mil ernet Second level domain iitb iisc iitm iitk 3

  4. DNS Hierarchy Lookup records for mapping from domain names to IP addresses SubDomains: Root domain Is a domain that branches iitm.ac.in. off another. .edu .in .com .gov Top level domain gov ac res mil ernet Second level domain iitb iisc iitm iitk 4

  5. Root Domain iitm.ac.in. 13 root domains maintained by IANA .edu .in .com .gov Top level domain gov ac res mil ernet Second level domain iitb iisc iitm iitk 5

  6. Root Domain 10 in USA 1 in Netherlands 1 in Sweden 1 in Japan Why only 13 root servers? 567 mirrored root servers (9 mirrors in India – 2015) (3 J root servers; 2 L root servers; 1 I, 1 K, 1 F, and D root server) https://internetdemocracy.in/wp-content/uploads/2016/03/Dr.-Anja-Kovacs-and-Rajat-Rai-Handa-India-at-the-Internets- Root.pdf 6

  7. Top Level Domains Top level domain 1547 as on July 2017 Each TLD is managed by designated entities called iitm.ac.in. registries. (for example: .com, .net is managed by Verisign; .edu .in .com .gov .in is managed by National Internet Exchange of India) gov ac res co ernet iitb iisc iitm iitk https://en.wikipedia.org/wiki/INRegistry 7

  8. Top Level Domains Top level domain 1547 as on July 2017 iitm.ac.in. .edu .in .com .gov gov ac res co ernet iitb iisc iitm iitk https://en.wikipedia.org/wiki/INRegistry 8

  9. DNS Zone Zone: Is a domain (or subdomain) that branches is served by a Name server. .com A zone may be an entire domain with all its child domains, or a portion of a domain. example A zone can be the entire subtree starting at example.com Or the company may decide to have several sub zones, for example one at usa.example.com france uk usa newyork chicago 9

  10. Authoritative Name Servers Start of authority Each DNS Zone has at least one authoritative name server that publishes information about that zone. They are called `authoritative’ because they provide original and answers to DNS queries as opposed to obtaining answers from other DNS servers. 2 authorities. 1 primary and the other secondary 10

  11. DNS Query Process 11

  12. Local DNS Server and Iterative Query Process The iterative process starts from the ROOT Server. If it doesn’t know the IP address, it sends back the IP address of the nameservers of the next level server (.NET server) and then the last level server (example.net) which provides the answer.

  13. DNS Query Process http://www.iitm.ac.in Entered in web-browser 1 Local System: Lookup /etc/hosts file. Can the /etc/hosts file resolve (have the IP address) for www.iitm.ac.in? 13

  14. DNS Query Process http://www.iitm.ac.in Entered in web-browser 2 Local DNS Server: Lookup the local DNS server (server present in the LAN). How to identify the IP address of the Local DNS server? (/etc/resolv.conf) This needs to be configured or, can be found, if the system is configured for DHCP, then this file is automatically modified. If the local DNS server can resolve the address; then we are done. Else, the resolver would be activated. The resolver would need to query another DNS server, higher up in the hierarchy. 14

  15. DNS Query Process Directly send the query to this server. http://www.iitm.ac.in. 3 Resolver in Local DNS will query the Root Name Server à (from resolver) What is the IP address of www.iitm.ac.in ß (from root server)I don’t know the answer, you can ask any of these authorities . 15

  16. DNS Query Process http://www.iitm.ac.in. 4 Resolver in Local DNS will query the TLD à (from resolver) What is the IP address of www.iitm.ac.in ß (return)I don’t know the answer, you can ask any of these authorities . 16

  17. DNS Query Process http://www.iitm.ac.in. 5 Resolver in Local DNS will query the next level NS à What is the IP address of www.iitm.ac.in ß The SOA is dns1.iitm.ac.in . 17

  18. DNS Cache • The local DNS server will cache all responses from other DNS servers (to reduce queries) • TTL available with all responses, which determines when the entry would be removed from cache TTL 18

  19. DNS Cache • Due to caching • Most resolver queries do not need a query to the root server • 2% of all queries to the root-servers are legitimate • 75% were due to incorrect or non-existent caching • 12.5% to unknown TLDs • 7% were for lookups to IP addresses, as if, they were domain names https://en.wikipedia.org/wiki/Root_name_server 19

  20. Set Up DNS Zones on Local DNS Server Ø Utility in Linux: bind9 Ø Create zones: Create two zone entries in the DNS server by adding them to /etc/bind/named.conf . For forward lookup (Hostname à IP). For reverse lookup (IP à hostname).

  21. Zone File for Forward Lookup /etc/bind/example.net.db (The file name is specified in named.conf ) @: Represents the origin specified in named.conf (string after “zone”) [ example.net ]

  22. Zone File for Reverse Lookup /etc/bind/192.168.0.db : (The file name is specified in named.conf )

  23. Testing the setup Need to ensure that Resolv.conf is pointing to the recently setup DNS server

  24. DNS Queries http://www.zytrax.com/books/dns/ch15/ 24

  25. DNS Query Format Sent in the query and reflected back by the response Message Header Authoritative Answer 0: query, 1: inverse query; 2: status QR=0 query; QR=1 response http://www.zytrax.com/books/dns/ch15/ 25

  26. DNS Question Section Question Section http://www.zytrax.com/books/dns/ch15/ 26

  27. DNS Question Section Answer Section http://www.zytrax.com/books/dns/ch15/ 27

  28. DNS Question Section Authority Section This section mentions the servers that are the ultimate authority for answering DNS queries. Answers, may be obtained from the cache of other DNS servers. Can be used to check with the authoritative response. http://www.zytrax.com/books/dns/ch15/ 28

  29. Attacks on Local DNS Servers Cache Poisoning Attacks Local DNS server DNS hierarchy User machine 1 2 3 4 29

  30. Attacks on Local DNS Servers Cache Poisoning Attacks Local DNS server DNS hierarchy User machine 1 2 spoofed spoofed response response 30

  31. Attacks on Local DNS Servers Cache Poisoning Attacks Local DNS server DNS hierarchy Cache is poisoned User machine 1 2 spoofed spoofed response response Damage limited; user machine Considerable damage; DNS stores the does not store the result response and it can affect all systems in the network for a long time 31

  32. Attacks on Local DNS Servers Cache Poisoning Attacks Local DNS server DNS hierarchy Cache is poisoned User machine 1 2 4 3 spoof sniff www.example.net 32

  33. Local DNS Cache Poisoning Attack Goal: Forge DNS replies after seeing a query from Local DNS Server Technique: Sniffing and Spoofing

  34. Local DNS Cache Poisoning Attack Attack Result

  35. Inspect the Cache Run “ sudo rndc dumpdb –cache ” and check the contents ● of “ /var/cache/bind/dump.db ”. Clean the cache using “ sudo rndc flush ” before doing the ● attack.

  36. Targeting the Authority section ns.attacker.net Can target the authority section Any DNS query sent to the local DNS server will be (if needed) directed to the attacker’s ns.attacker.net

  37. Attacks on Local DNS Servers Cache Poisoning Attacks Local DNS server DNS hierarchy Cache is poisoned 1 2 3 spoof www.example.net What if we can’t sniff and can only spoof 37

  38. Cache Poisoning Without Sniffing Two difficulties in creating a valid spoof: 1. Need to guess the local DNS server’s source port (2^16 possibilities) 2. The response should have the same Message ID as the DNS query in step (2). (Brute force attack 2^32 à at 1000 spoofed queries / second, it will take 50 days to try all 2^32 possibilities 38

  39. Further Difficulties: the Local DNS server’s cache If the real response (3) cache arrives and it is cached 4 Local DNS server DNS hierarchy (4). Then subsequent 6 queries will read off the cache (5 à 6 à 7) and no query is made from the 1 2 Local DNS. 5 3 Thus, to make another 7 try, the attacker should wait till the cache is flushed. www.example.net 39

  40. Flaw in the Protocol ● When looking up sibling names like 1.google.com, and 2.google.com. ○ Attackers can do this and say they’re the official server for www.google.com, telling the local DNS server what www. needs to be, and the local DNS will believe the attacker. https://duo.com/blog/the-great-dns-vulnerability-of-2008-by-dan-kaminsky 40

  41. Kaminsky Attack How to keep trying spoofed DNS responses (2^32 times) without worrying about the cache effect? Kaminsky’s Idea: • Ask a different question every time, so caching the answer does not matter, and the local DNS server will send out a new query each time. • Provide forged answer in the Authority section 41

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Discrete-time Systems in the Time Domain Domain Chapter 4 Chapter 4 Sections 4.1 - 4.7 Dr.

Discrete-time Systems in the Time Domain Domain Chapter 4 Chapter 4 Sections 4.1 - 4.7 Dr.

Discrete-time Systems in the Time Domain Domain Chapter 4 Chapter 4 Sections 4.1 - 4.7 Dr. Iyad Jafar Outline Outline Definition Examples Classification of Discrete-time Systems Impulse and Step Responses Linear

594 views • 43 slides
The Domain Name Service, Etc. The Domain Name Service, Etc. Jeff Chase Duke University,

The Domain Name Service, Etc. The Domain Name Service, Etc. Jeff Chase Duke University,

The Domain Name Service, Etc. The Domain Name Service, Etc. Jeff Chase Duke University, Department of Computer Science CPS 212: Distributed Information Systems Today Today 1. Domain Name Service (DNS) illustrates: issues and structure

396 views • 22 slides
dt < | ( ) | h t (this has to do with system stability system stability (ECE

dt < | ( ) | h t (this has to do with system stability system stability (ECE

CT, LTI Systems CT, LTI Systems Consider the following CT LTI system: Chapter 5 Chapter 5 ( ) ( ) ( ) x t h t y t Frequency Domain Analysis Frequency Domain Analysis of Systems of Systems Assumption: the impulse response h ( t

406 views • 11 slides
dt < | ( ) | h t (this has to do with system stability system stability)

dt < | ( ) | h t (this has to do with system stability system stability)

Chapter 5 Chapter 5 Frequency Domain Analysis Frequency Domain Analysis of Systems of Systems CT, LTI Systems CT, LTI Systems Consider the following CT LTI system: ( ) ( ) ( ) y t x t h t Assumption: the impulse response h ( t

408 views • 28 slides
Problem Domain Collaborative filtering (CF)-based recommender systems (RS). Issue:

Problem Domain Collaborative filtering (CF)-based recommender systems (RS). Issue:

ClustKNN : A Highly Scalable Hybrid Model-& Memory-Based CF Algorithm Al Mamunur Rashid, Shyong K. Lam, George Karypis, and John Riedl University of Minnesota Problem Domain Collaborative filtering (CF)-based recommender systems (RS).

730 views • 19 slides
DNA STRAND DISPLACEMENT DNA STRAND DISPLACEMENT = Adenine = long domain = Thymine = short

DNA STRAND DISPLACEMENT DNA STRAND DISPLACEMENT = Adenine = long domain = Thymine = short

16 th 1 ENUMERATION, CONDENSATION AND SIMULATION ENUMERATION, CONDENSATION AND SIMULATION OF PSEUDOKNOT-FREE OF PSEUDOKNOT-FREE DOMAIN-LEVEL DNA STRAND DISPLACEMENT SYSTEMS DOMAIN-LEVEL DNA STRAND DISPLACEMENT SYSTEMS Stefan Badelt , Casey

953 views • 37 slides
1 Inter-Domain Routing Network comprised of many Autonomous Systems (ASes) or domains 23

1 Inter-Domain Routing Network comprised of many Autonomous Systems (ASes) or domains 23

CSE/EE 461 Lecture 11 Inter-domain Routing This Lecture Focus How do we make routing scale? Application Presentation Inter-domain routing Session ASes and BGP Transport Network Data Link Physical sdg // CSE/EE 461,

395 views • 5 slides
1 DNS: The Politics DNS: The Politics DNS: The Big Issues DNS: The Big Issues He who controls

1 DNS: The Politics DNS: The Politics DNS: The Big Issues DNS: The Big Issues He who controls

Today Today 1. Domain Name Service (DNS) illustrates: issues and structure for large-scale naming systems naming contexts The Domain Name Service, Etc. The Domain Name Service, Etc. use of hierarchy for scalability decentralized

279 views • 4 slides
Visual Domain Specific Languages for Actuarial Models: An Industrial Experience Report Workshop

Visual Domain Specific Languages for Actuarial Models: An Industrial Experience Report Workshop

Visual Domain Specific Languages for Actuarial Models: An Industrial Experience Report Workshop on Domain Specific Languages for Financial Systems ACM/IEEE 16th International Conference on Model Driven Engineering Languages and Systems (MODELS

991 views • 39 slides
Unsupervised Clustering Approaches for Domain Adaptation in Speaker Recognition Systems Stephen

Unsupervised Clustering Approaches for Domain Adaptation in Speaker Recognition Systems Stephen

Unsupervised Clustering Approaches for Domain Adaptation in Speaker Recognition Systems Stephen H. Shum Douglas A. Reynolds Daniel Garcia-Romero Alan McCree Unsupervised Clustering Approaches for Domain Adaptation in Speaker Recognition

437 views • 25 slides
Variability Modeling in the Real: A Perspective from the Operating Systems Domain 25 th IEEE/ACM

Variability Modeling in the Real: A Perspective from the Operating Systems Domain 25 th IEEE/ACM

Variability Modeling in the Real: A Perspective from the Operating Systems Domain 25 th IEEE/ACM International Conference on Automated Software Engineering ASE 2010 Antwerp, Belgium, Sept. 22 nd , 2010 Thorsten Berger, Steven She, Rafael Lotufo,

1.19k views • 93 slides
Learning to Ask k Questions in Open- do domain main Conversatio tional nal Systems ms with

Learning to Ask k Questions in Open- do domain main Conversatio tional nal Systems ms with

Learning to Ask k Questions in Open- do domain main Conversatio tional nal Systems ms with ith Typ yped Decoders Tsinghua University Shandong University Yansen Wang, Chenyi Liu, Minlie Huang , Liqiang Nie. xiachongfeng As Aski king

135 views • 11 slides
Experimental Comparison of Complex Event Processing Systems in the Maritime Domain A.

Experimental Comparison of Complex Event Processing Systems in the Maritime Domain A.

Experimental Comparison of Complex Event Processing Systems in the Maritime Domain A. Troupiotis-Kapeliaris 1 , K. Chatzikokolakis 2 , D. Zissis 2 , 3 and E. Alevizos 1 , 4 1 NCSR Demokritos, Greece 2 MarineTraffic, Greece 3 University of the

381 views • 11 slides
Automatic verification of counter systems via domain-specific multi-result supercompilation

Automatic verification of counter systems via domain-specific multi-result supercompilation

Automatic verification of counter systems via domain-specific multi-result supercompilation Andrei V. Klimov Ilya G. Klyuchnikov Sergei A. Romanenko Keldysh Institute of Applied Mathematics Russian Academy of Sciences 2012-07 / Meta 2012

843 views • 40 slides
Assessment of Fictitious Domain method for Linear Stability Analysis of Fluid-Structure systems

Assessment of Fictitious Domain method for Linear Stability Analysis of Fluid-Structure systems

Assessment of Fictitious Domain method for Linear Stability Analysis of Fluid-Structure systems J. Moulin, J-L. Pfister, M.Carini, O.Marquet Office National dEtudes et de Recherches Arospatiales, Dpartement Arodynamique Fondamentale et

727 views • 44 slides
Software Acquisition Best Practices: Experiences from the Space Systems Domain Suellen Eslinger

Software Acquisition Best Practices: Experiences from the Space Systems Domain Suellen Eslinger

Acquisition of Software-Intensive Systems Conference Software Acquisition Best Practices: Experiences from the Space Systems Domain Suellen Eslinger Software Acquisition and Process Office Software Engineering Subdivision The Aerospace

404 views • 27 slides
Server Virtualization with Windows Server Hyper-V and System Center Orin Thomas @orinthomas

Server Virtualization with Windows Server Hyper-V and System Center Orin Thomas @orinthomas

Veeam 74-409 Study Webinar Server Virtualization with Windows Server Hyper-V and System Center Orin Thomas @orinthomas http://hyperv.veeam.com/

1.39k views • 92 slides
Outline Problem Definition Dynamic Resource Management Vulnerability VMware Distributed

Outline Problem Definition Dynamic Resource Management Vulnerability VMware Distributed

When dynamic VM migration falls under the control of VM user Kahi hina na LAZ AZRI, Sylvie LANIEPCE, Haiming ZHENG IMT/OLPS/ASE/SEC/NPS Orange Labs, Caen Jalel Ben-Othman L2TI laboratory Paris13 Symposium sur la scurit des

294 views • 13 slides
Study of an API Migration for two XML APIs Thiago Bartholomei Krzysztof Czarnecki Ralf Lmmel

Study of an API Migration for two XML APIs Thiago Bartholomei Krzysztof Czarnecki Ralf Lmmel

Study of an API Migration for two XML APIs Thiago Bartholomei Krzysztof Czarnecki Ralf Lmmel Tijs van der Storm API migration Source API uses Application API X Transformation Target API uses Application API Y API migration --

535 views • 25 slides
HOWDY! DSA IT Liaisons Communications Committee 9/1/2020 Agenda Tech Tip: Preservation

HOWDY! DSA IT Liaisons Communications Committee 9/1/2020 Agenda Tech Tip: Preservation

HOWDY! DSA IT Liaisons Communications Committee 9/1/2020 Agenda Tech Tip: Preservation Holds Annual Security Assessment Update Windows Feature Update 1909 Microsoft 365 Updates Webcam Analysis Mobile Device

452 views • 23 slides
Scanning (and some other no-tech hacking) Todays Class Scanning the Internet for research

Scanning (and some other no-tech hacking) Todays Class Scanning the Internet for research

Scanning (and some other no-tech hacking) Todays Class Scanning the Internet for research Scanning the Internet for research Other no-tech hacking Definitions: domain name: google.com unm.edu a registrable

542 views • 19 slides
Networking: Application Layer Summer 2013 Cornell University 1 Today DNS End-to-End

Networking: Application Layer Summer 2013 Cornell University 1 Today DNS End-to-End

CS 4410 Operating Systems Networking: Application Layer Summer 2013 Cornell University 1 Today DNS End-to-End Argument 2 DNS When a user wants to communicate with a remote node, is it easier to remember 69.63.176.13 or

538 views • 8 slides
Services Stephen James Clients vs Servers Clients consume services Servers provide

Services Stephen James Clients vs Servers Clients consume services Servers provide

Services Stephen James Clients vs Servers Clients consume services Servers provide services However, there will typically be services running on both clients and servers What are protocols? Rules that define a common

524 views • 30 slides
Semantics 1 / 21 Outline What is semantics? Denotational semantics Semantics of naming What

Semantics 1 / 21 Outline What is semantics? Denotational semantics Semantics of naming What

Semantics 1 / 21 Outline What is semantics? Denotational semantics Semantics of naming What is semantics? 2 / 21 What is the meaning of a program? Recall: aspects of a language syntax : the structure of its programs semantics : the

551 views • 21 slides

More recommend