Evaluation of Trust Relationships in the Domain Name System Final - - PowerPoint PPT Presentation

evaluation of trust relationships in the domain name
SMART_READER_LITE
LIVE PREVIEW

Evaluation of Trust Relationships in the Domain Name System Final - - PowerPoint PPT Presentation

Sep 12, 2022 253 likes •491 views

Chair of Network Architectures and Services Department of Informatics Technical University of Munich Evaluation of Trust Relationships in the Domain Name System Final Talk for Masters Thesis Frank Schmidt July 12, 2017 Chair of Network

slide-1
SLIDE 1

Chair of Network Architectures and Services Department of Informatics Technical University of Munich

Evaluation of Trust Relationships in the Domain Name System

Final Talk for Master’s Thesis Frank Schmidt

July 12, 2017 Chair of Network Architectures and Services Department of Informatics Technical University of Munich

slide-2
SLIDE 2

Chair of Network Architectures and Services Department of Informatics Technical University of Munich

DNS terms

DNS: hierarchical distributed database for translating domain names to IP addresses zone: organisational unit of the DNS, serves information for names contained within zonefile: general format for specifying the contents of a zone delegation: transfer of responsibility from a parent zone to its child zone

  • F. Schmidt — DNS Scanning

2

slide-3
SLIDE 3

Chair of Network Architectures and Services Department of Informatics Technical University of Munich

DNS structure and Trust

. net. de. de.net. denic.de. nic.de. l.de.net. ns1.denic.de. a.nic.de. ... ...

81.91.170.1 2a02:568:121:6:2::2

A AAAA

  • F. Schmidt — DNS Scanning

3

slide-4
SLIDE 4

Chair of Network Architectures and Services Department of Informatics Technical University of Munich

Custom resolver

  • focus on the resolution process and not on the reply
  • obtain information about the DNS infrastructure
  • query all available name servers found in the DNS
  • resilient against uncommon configurations and network errors
  • follow netiquette
  • F. Schmidt — DNS Scanning

4

slide-5
SLIDE 5

Chair of Network Architectures and Services Department of Informatics Technical University of Munich

Scanner overview

Scanner Input Meta Postgres Results Raw Internet

google.com. youtube.com. facebook.com. ...

  • F. Schmidt — DNS Scanning

5

slide-6
SLIDE 6

Chair of Network Architectures and Services Department of Informatics Technical University of Munich

Scanner internals

  • implemented in Go
  • query IPv4 and IPv6 name servers
  • gather DNSSEC information
  • store raw queries for for validation and after-the-fact analysis
  • zone completion tracking by SCC
  • F. Schmidt — DNS Scanning

6

slide-7
SLIDE 7

Chair of Network Architectures and Services Department of Informatics Technical University of Munich

Termination by SCC

. net. de. de.net. denic.de. nic.de. l.de.net. ns1.denic.de. a.nic.de. ... ...

81.91.170.1 2a02:568:121:6:2::2

A AAAA

  • F. Schmidt — DNS Scanning

7

slide-8
SLIDE 8

Chair of Network Architectures and Services Department of Informatics Technical University of Munich

inend.ht. web.ht. ht. grafiklif.ht. cdec.polymtl.ca. fr. dyntld.net. pch.net. . risq.qc.ca. ca. bc.net. ubc.ca. eis.utoronto.ca. utcc.utoronto.ca. cs.utoronto.ca. utoronto.ca. cira.ca. isc-sns.com. dynamicnetworkservices.net. info.

  • F. Schmidt — DNS Scanning

8

slide-9
SLIDE 9

Chair of Network Architectures and Services Department of Informatics Technical University of Munich

Performance

General:

  • concurrency where possible
  • minimize allocations
  • expiry of unneeded information
  • profiling

DNS:

  • reduce delegation queries to TLD name servers
  • exploit zone file information
  • F. Schmidt — DNS Scanning

9

slide-10
SLIDE 10

Chair of Network Architectures and Services Department of Informatics Technical University of Munich

Scanner Input Meta Postgres Results Raw DNS-in-a-Box Internet

google.com. youtube.com. facebook.com. ...

  • F. Schmidt — DNS Scanning

10

slide-11
SLIDE 11

Chair of Network Architectures and Services Department of Informatics Technical University of Munich

DNS-in-a-Box

  • independent from the internet
  • reproducible scans
  • finds most bugs before scanning the internet
  • necessitated some resolver adaptations due to the optimizations
  • deterministic choice of name servers to query
  • F. Schmidt — DNS Scanning

11

slide-12
SLIDE 12

Chair of Network Architectures and Services Department of Informatics Technical University of Munich

Deterministic name server choice

sort(parent_nameservers, key=fnv-1a(IP+domain_name+IP))[:3]

  • F. Schmidt — DNS Scanning

12

slide-13
SLIDE 13

Chair of Network Architectures and Services Department of Informatics Technical University of Munich

Performed scans

  • queried types: A/AAAA/MX/TXT
  • incrementally increased the number of domains
  • results based on scans of the Alexa list and a subset of the .com

zone, consisting of 1M domains each

  • full debug output
  • arbitrary query limits

scope query rate max outstanding queries name server 40 80 global 8000 24000

  • F. Schmidt — DNS Scanning

13

slide-14
SLIDE 14

Chair of Network Architectures and Services Department of Informatics Technical University of Munich

Scan overview

scan runtime [s] CPU [s] results Alexa list 5144 8457 6,2 GB .com sample 6191 7053 3,5 GB

1,000 2,000 3,000 4,000 5,000 6,000 100 101 102 103 104 time [s] number of active name servers 1,000 2,000 3,000 4,000 5,000 6,000 20 40 60 failed queries [%] name servers Alexa name servers .com failed queries Alexa failed queries .com

  • F. Schmidt — DNS Scanning

14

slide-15
SLIDE 15

Chair of Network Architectures and Services Department of Informatics Technical University of Munich

Zone setups

a l l d i s c

  • v

e r e d h

  • s

t e d m u l t i

  • h
  • s

t e d s e l f

  • h
  • s

t e d c l u s t e r e d 0.2 0.4 0.6 0.8 1 number of zones [in M] Alexa .com

  • F. Schmidt — DNS Scanning

15

slide-16
SLIDE 16

Chair of Network Architectures and Services Department of Informatics Technical University of Munich

Trusted computing base

100 200 300 400 20 40 60 80 100 49 476 number of name servers CDF [%] Alexa .com

  • F. Schmidt — DNS Scanning

16

slide-17
SLIDE 17

Chair of Network Architectures and Services Department of Informatics Technical University of Munich

Name server influence

1 10 100 1,000 10,000 0.01 0.1 1 10 100 .info/.org Cloudflare GoDaddy .info/.org rank number of names controlled [%] Alexa .com

  • F. Schmidt — DNS Scanning

17

slide-18
SLIDE 18

Chair of Network Architectures and Services Department of Informatics Technical University of Munich

Nonexistent name servers

abandoned domains erroneous trailing dot missing trailing dot IP in NS RR special-use TLD 1,000 2,000 3,000 number of affected zones Alexa .com

  • F. Schmidt — DNS Scanning

18

slide-19
SLIDE 19

Chair of Network Architectures and Services Department of Informatics Technical University of Munich

Future work

  • closer investigation of “abandoned” domains
  • extend the scanner
  • CNAME/SOA/MX chasing
  • reverse lookups
  • DNSSEC validation
  • long term differential analysis
  • F. Schmidt — DNS Scanning

19

slide-20
SLIDE 20

Chair of Network Architectures and Services Department of Informatics Technical University of Munich

Thank you for your attention!

Any questions?

  • F. Schmidt — DNS Scanning

20

slide-21
SLIDE 21

Chair of Network Architectures and Services Department of Informatics Technical University of Munich

Appendix

1,000 2,000 3,000 4,000 5,000 6,000 1 2 3 4 5 time [s] allocated memory [GB] 1,000 2,000 3,000 4,000 5,000 6,000 2,000 4,000 6,000 8,000 time [s] CPU time = sys + user [s] allocated Alexa allocated .com progress Alexa progress .com

  • F. Schmidt — DNS Scanning

21

slide-22
SLIDE 22

Chair of Network Architectures and Services Department of Informatics Technical University of Munich

  • F. Schmidt — DNS Scanning

22