1 / 26

Paper Presentation – CAP 6135

Paper Presentation – CAP 6135. Outline. Review - DNS Proposed Solution Simulation Results / Evaluation Discussion. Domain Name System - DNS. DNS is a name resolution service which resolves host names into IP address DNS is a distributed database application with a hierarchical structure

saniya
Télécharger la présentation

Paper Presentation – CAP 6135

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Paper Presentation – CAP 6135

  2. Outline • Review - DNS • Proposed Solution • Simulation Results / Evaluation • Discussion

  3. Domain Name System - DNS • DNS is a name resolution service which resolves host names into IP address • DNS is a distributed database application with a hierarchical structure • DNS Benefits • Convenience: names are easier to remember • Consistency: IP address can change but server names can remain constant • Simplicity: One naming convention

  4. Domain Name System - DNS • Key Components of DNS • DNS name space • Name servers • DNS Zones • Resource Records

  5. DNS Namespace

  6. Step 1: Your PC sends a resolution request to its configured DNS Server, typically at your ISP. Tell me the Address of “www.google.com”

  7. Step 2: Your ISPs recursive name server starts by asking one of the root servers predefined in its “hints” file. Tell me the Address of “www.google.com” I don’t know the address but I know who’s authoritative for the ”com” domain ask them

  8. Step 3: Your ISPs recursive name server then asks one of the “com” name servers as directed. Tell me the Address of “www.google.com” I don’t know the address but I know who’s authoritative for the ”google.com” domain ask them

  9. Step 4: Your ISPs recursive name server then asks one of the “google.com” name servers as directed. Tell me the Address of “www.google.com” The Address of www.google.com is 216.239.53.99

  10. Step 5: ISP DNS server then send the answer back to your PC. The DNS server will “remember” the answer for a period of time. The Address of www.google.com is 216.239.53.99

  11. Step 6: Your PC can then make the actual HTTP request to the web server. Send me the www.google.com.au web page Here it is!

  12. Summary The actual web request DNS

  13. Caching • Huge volume of request • DNS resolution process allows for caching for a given period of time after a successful answer • Determined by a value called the time to live (TTL) • TTL is set by the administrator of the DNS server

  14. Caching Summary The actual web request DNS

  15. Proposed Solution • DNS resolvers cache responses to improve lookup performance and reduce lookup overhead • A resolver can use cached responses upto the time-to-live (TTL) value associated with the response • Modify resolvers - do not expunge cached records with TTL value expired • Expired records evicted from cache and stored “stale cache” • Resolvers use stale cache to answer queries for unavailable zone • Allows the resolution process to continue

  16. Proposed Solution

  17. Proposed Solution

  18. Evaluation • DNS traffic • Cornell Computer Science Dept – Internet • ~1300 hosts • 65 days • 84,580,513 DNS queries • 53,848,115 DNS responses • 4,478,731 unique names • Stale cache size: 1 to 30 days • Attack duration: 3, 6, 12 and 24 hours.

  19. Fraction of Queries Answered

  20. Fraction of Accurate Records in responses

  21. Fraction of Queries (for two-level names) Answered and Accurate Records

  22. Fraction of Queries (for three-level names) Answered and Accurate Records

  23. Stale cache memory footprint

  24. Discussion • Pros • DNS Robustness • Simplicity. • Does not change the basic protocol operation and infrastructure • Does not impose any load on DNS • Does not impact the latency of query resolution • Incremental Deployment • Motivation for Deployment

  25. Discussion • Objections • DNS caching semantics and the possibility of inaccurate information being used • Autonomy for zone operators • Attackers attempting to force the use of inaccurate information • Resolution latency in the face of an attack

  26. References • Mitigating DNS DoS Attacks, Hitesh Ballani, Paul Francis, CCS 2008 • Wikipedia • Amplified DNS DDoS Attacks and Mitigation, www.cert-in.org.in • www.cs.rpi.edu/~hollingd/netprog/notes/dns • www.aptld.org

More Related