Shrug Daemon Doing DNS the Hard Way Since 2015 - - PowerPoint PPT Presentation

shrug daemon
SMART_READER_LITE
LIVE PREVIEW

Shrug Daemon Doing DNS the Hard Way Since 2015 - - PowerPoint PPT Presentation

Oct 09, 2022 637 likes •714 views

Shrug Daemon Doing DNS the Hard Way Since 2015 https://en.wikipedia.org/wiki/Ayn_Rand#/media/File:Objectivist1.jpg Problem Statement RIPE Atlas probes have 2 DNS resolvers: Resolver local to probe RIPE Atlas central resolvers

slide-1
SLIDE 1

Shrug Daemon

“Doing DNS the Hard Way Since 2015”

https://en.wikipedia.org/wiki/Ayn_Rand#/media/File:Objectivist1.jpg

slide-2
SLIDE 2

Problem Statement

  • RIPE Atlas probes have 2 DNS resolvers:

– Resolver local to probe – RIPE Atlas central resolvers

  • Does not support alternate root servers

– The Yeti project, as a fine example

  • RIPE Atlas probes can send any DNS packet

– Almost. ;)

slide-3
SLIDE 3

Building a Resolver

https://commons.wikimedia.org/wiki/File:DNS_hierarchy.png

Just like you learned in school: 1.Start at root 2.Ask for record 3.If you get answer, done! 4.If you get delegation, follow that

slide-4
SLIDE 4

Building a Resolver... in RIPE Atlas

  • Use Cousteau and Sagan libraries
  • Start from roots.txt (IANA or Yeti)
  • Make DNS measurements from a probe
  • Use the parsed result to follow the

delegation chain

  • Champagne
slide-5
SLIDE 5

Live Demo

slide-6
SLIDE 6

Further Ideas

  • May be useful in detecting DNS censorship
  • Next steps

– Using the tool and collecting some data! – Possible “full” resolution?

  • Crazy ideas

– Use tun/tap interface to forward DNS packets to a

RIPE Atlas measurement

https://github.com/shane-kerr/ripe-atlas-shrugd