a deep dive into dns query failures
play

A Deep Dive into DNS Query Failures Donghui Yang 1,2 , Zhenyu Li 1 , - PowerPoint PPT Presentation

Oct 10, 2022 •242 likes •595 views

A Deep Dive into DNS Query Failures Donghui Yang 1,2 , Zhenyu Li 1 , Gareth Tyson 3 1 Institute of Computing Technology, Chinese Academy of Sciences 2 University of Chinese Academy of Sciences 3 Queen Mary University of London Why to study DNS

  1. A Deep Dive into DNS Query Failures Donghui Yang 1,2 , Zhenyu Li 1 , Gareth Tyson 3 1 Institute of Computing Technology, Chinese Academy of Sciences 2 University of Chinese Academy of Sciences 3 Queen Mary University of London

  2. Why to study DNS Query Failures • Failures prevent access to any services dependent on domain names • High-level observation: 13.5% of DNS queries fail resolver server

  3. Passive DNS Data LDNS end user’s anonymized IP address, BGP prefix, ASN, recursive resolver’s IP address, DNS query type, resource records, timestamp • 14-day samples (each sample consists of 10-minute logs) , ~3.1 billion logs

  4. Identification of Failed Queries • No RCODE: we turn to a heuristic method to filter out logs that are attributed to NXDOMAINs • Check if the requested domain (QNAME) contains a valid answer – e.g., for an A query, at least one RR in the response is an A record of the QNAME • Extract failed queries of the four most popular types of records that constitute 99.5% of all queries • Filter out logs attributed to NXDOMAINs by removing logs containing domains that have never succeeded in the whole dataset – 2.8 billion logs remain for subsequent analyses

  5. A Primer on DNS Failures • A queries account for the majority and are successfully resolved most frequently • Other query types manifest lower success rates – Surprisingly low success rate for AAAA queries

  6. Failures Across Domains • A queries exhibit high success rates – Nevertheless, as many as 7% of domains experience a success rate <50%

  7. Failures Across Domains • AAAA queries: ~60% domains have never been successfully resolved – Infrastructural limitations in how DNS supports IPv6

  8. Failures Across Domains • The concentrate of failures on a small set of domains

  9. Failures Across Domains • For most categories, >80% of the failures are attributed to the top 3 SLDs • Some domain types are paramount in increasing failure rates – proxy, porn, parked domains……

  10. Failures Across Resolvers • The majority of resolvers serving A queries have very high success rates

  11. Failures Across Resolvers • Some resolvers may not be IPv6 ready during our observation period

  12. Failures Across Resolvers • Testing public resolvers: #queries (success rate)

  13. Failures Across Resolvers • Testing public resolvers: #queries (success rate) • GoogleDNS dominates the most used public DNS service

  14. Failures Across Resolvers • Testing public resolvers: #queries (success rate) • GoogleDNS dominates the most used public DNS service • Various success rates: DNSPOD vs OpenDNS

  15. Failures Across Resolvers • Testing public resolvers: #queries (success rate) • GoogleDNS dominates the most used public DNS service • Various success rates: DNSPOD vs OpenDNS • AAAA queries: notably lower success rate across all resolvers

  16. Failures Across Resolvers • Testing public resolvers: #queries (success rate) • GoogleDNS dominates the most used public DNS service • Various success rates: DNSPOD vs OpenDNS • AAAA queries: notably lower success rate across all resolvers • Why do public DNS resolvers differ in success rates?

  17. Failures Across Resolvers • Comparing domains received between each pair of resolver • Low similarity with each other – Different request patterns AliDNS – taobao.com – alipay.com 114DNS – akadns.net – akamaiedge.net

  18. Failures Across Resolvers • Comparing infrastructures – Compare the success rates of the same domains handled by different resolvers • Domains resolved by 114DNS and ISP are most likely to fail

  19. Failures Across Resolvers • Comparing infrastructures – Compare the success rates of the same domains handled by different resolvers • DNSPOD and 360DNS have higher success rates

  20. Failures Across TLDs • Specifically explore two camps of TLDs – The new generic Top Level Domains – Those that have Internationalized Domain Name • They show lower success rates, maybe because – Such gTLDs attract certain types of domain registrant – The presence of malicious domains which are unreliable

  21. Failures Across TLDs • The majority of domains map to a relatively small set of prefixes

  22. Failures Across TLDs • some /24 network segments serve a large number of domains

  23. Failures Across TLDs

  24. Failures Across TLDs • Extremely low rate of successful resolutions today

  25. Failures Across TLDs • The number of queries is close to the number of FQDNs – These domains are short-lived and change frequently

  26. Failures Across TLDs Corresponding to domains classified as malicious • Two blacklists from VirusTotal and Qihoo 360 • Label a domain as malicious if any of the two blacklists classify it as so

  27. Failures Across TLDs • Malicious SLDs hosted in subnet 3 have a larger impact

  28. Failures Across TLDs • The subnets host different sites mapping to different TLDs

  29. Implications on Systems Design • Active measurement system – Distinguish between resolvers that support and do not support AAAA queries – Test whether a domain supports AAAA queries – Measure the success rates Other resolvers … … resolver Send DNS queries

  30. Implications on Systems Design • Active measurement system – Localization performance close to the user far from the user servers resolver

  31. Implications on Systems Design • Such an active measurement system is useful for content publishers, ISPs and end users • For publishers – help locate their content • For ISPs – help estimate the IPv6 traffic • For users – help to choose more suitable resolvers

  32. Implications on Systems Design • Extracting features from domain names may not work well for detecting malicious new gTLD domains • To build a malicious new gTLD domain detection system , we could use features like – DNS query frequency – the number of FQDNs of an SLD – the resolved IP addresses – the corresponding ASes

  33. Conclusion • Findings: based on analysis using passive DNS logs covering over 3B queries from 3 ISPs in China – A small number of domains are responsible for the majority of failures – Domains and resolvers need to be upgraded for better IPv6 support – Diverse failure rates across the DNS resolvers – New gTLDs have higher failure rates largely because of malicious domains • Implications: we propose two potential systems that could build on our findings – Active measurement system – Malicious new gTLD domain detection system

  34. Thank you!

Recommend

DEEP DIVE DEEP DIVE INT INTO O SEO SEO Private and Confidential. Property of Whereoware, LLC.

DEEP DIVE DEEP DIVE INT INTO O SEO SEO Private and Confidential. Property of Whereoware, LLC.

DEEP DIVE DEEP DIVE INT INTO O SEO SEO Private and Confidential. Property of Whereoware, LLC. MEET THE SPEAKERS TEYA TUCCIO-FLICK CHRISTINA DAVES Partner, Search and Analytics Founder Whereoware PR for Anyone DEEP DIVE INTO SEO 2

729 views • 54 slides
DataPower DataPower-MQ Integration MQ Integration Deep Dive Deep Dive Robin Wiley (Robin

DataPower DataPower-MQ Integration MQ Integration Deep Dive Deep Dive Robin Wiley (Robin

DataPower DataPower-MQ Integration MQ Integration Deep Dive Deep Dive Robin Wiley (Robin Wiley Training) Capitalware's MQ Technical Conference v2.0.1.6 Your Presenter: Robin Wiley Senior Instructor, IBM Messaging Products MQ

457 views • 35 slides
RTGEN (AGC) &amp; ICCP Deep Dive February 23, 2012 Shari Brown and Matt Beck CBA Project Staff

RTGEN (AGC) &amp; ICCP Deep Dive February 23, 2012 Shari Brown and Matt Beck CBA Project Staff

RTGEN (AGC) &amp; ICCP Deep Dive February 23, 2012 Shari Brown and Matt Beck CBA Project Staff Section 1 INTRODUCTION: RTGEN (AGC) AND ICCP DISCUSSION TOPICS 3 RTGEN (AGC) and ICCP Deep Dive for CBA This Deep Dive will provide details for

784 views • 27 slides
A Deep Dive into the Dark Web Coen Schuijt UvA OS3 February 5 th , 2019 February 5 th , 2019

A Deep Dive into the Dark Web Coen Schuijt UvA OS3 February 5 th , 2019 February 5 th , 2019

A Deep Dive into the Dark Web Coen Schuijt UvA OS3 February 5 th , 2019 February 5 th , 2019 Coen Schuijt (UvA OS3) A Deep Dive into the Dark Web 1 / 28 Outline 1 Introduction Related work Research Questions 2 Methodologies Surface

473 views • 28 slides
Next Generation ACO Model Open Door Forum: Financial Deep Dive March 31, 2015 Agenda

Next Generation ACO Model Open Door Forum: Financial Deep Dive March 31, 2015 Agenda

Next Generation ACO Model Open Door Forum: Financial Deep Dive March 31, 2015 Agenda Preliminary Financial Timeline Financial Model Deep Dive Benchmark Prospective Benchmark Example Example Discount Calculations Risk

917 views • 28 slides
A Deep Dive into the kude@ga.co Shi Oku

A Deep Dive into the kude@ga.co Shi Oku

Stes Bais sen.bais@ga.co Kut el A Deep Dive into the kude@ga.co Shi Oku Interprocedural

1.48k views • 91 slides
Interactive Deep-dive : Visualizing Terrorism Data Ella Kim, Leah Kim Project Idea Evolution of

Interactive Deep-dive : Visualizing Terrorism Data Ella Kim, Leah Kim Project Idea Evolution of

Interactive Deep-dive : Visualizing Terrorism Data Ella Kim, Leah Kim Project Idea Evolution of terrorism in the Middle East + Interactive Data Visualization + Interactive Data Deep Dive Prior Work Static visualization No interactivity

242 views • 6 slides
2019 System Goals Deep-Dive Data Carmelo Barbaro Executive Director, Poverty Lab Urban Labs,

2019 System Goals Deep-Dive Data Carmelo Barbaro Executive Director, Poverty Lab Urban Labs,

2019 System Goals Deep-Dive Data Carmelo Barbaro Executive Director, Poverty Lab Urban Labs, University of Chicago Data Deep Dive System Goal 2: Reduce the time people remain homeless. System Goal 3: Homeless dedicated units should all be

419 views • 13 slides
Using the Assessment Findings to Dive Headfirst into the Deep End St. Louis City May 11, 2015

Using the Assessment Findings to Dive Headfirst into the Deep End St. Louis City May 11, 2015

NO PLACE FOR KIDS Using the Assessment Findings to Dive Headfirst into the Deep End St. Louis City May 11, 2015 Prepared with Support From: Juvenile Justice Strategy Group INTERVIEWS &amp; SURVEYS DATA ANALYSES

593 views • 42 slides
Demystifying the transition Deep Dive of the Transitional Provisions Trademarks Branch

Demystifying the transition Deep Dive of the Transitional Provisions Trademarks Branch

Demystifying the transition Deep Dive of the Transitional Provisions Trademarks Branch Canadian Intellectual Property Office IPIC Conference October 12, 2018 Fairmont Chateau Laurier, Ottawa, Ontario (Source: Brand Canada) Building a

769 views • 43 slides
2019 CoC System Goals Deep-Dive for r Goal 1 Laura Bass, Director of Programs, Facing Forward to

2019 CoC System Goals Deep-Dive for r Goal 1 Laura Bass, Director of Programs, Facing Forward to

2019 CoC System Goals Deep-Dive for r Goal 1 Laura Bass, Director of Programs, Facing Forward to End Homelessness Carmelo Barbaro, Executive Director, Poverty Lab, University of Chicago 2019 CoC System Goals Deep-Dive for Goal 1 Goal 1

285 views • 7 slides
offMetro Deep Dive and Strategic Analysis TEAM TWO FAB FOUR LAUREN BETHEA MACKENZIE

offMetro Deep Dive and Strategic Analysis TEAM TWO FAB FOUR LAUREN BETHEA MACKENZIE

offMetro Deep Dive and Strategic Analysis TEAM TWO FAB FOUR LAUREN BETHEA MACKENZIE CLAPPERTON BRITTANY NAUMAN CLARISSA TORRES Objectives: Develop Strategies to Grow Readership Based on an understanding of industry standards and

360 views • 17 slides
Deep Dive Strengthening practice and addressing industry challenges January 29, 2018 1 Thank

Deep Dive Strengthening practice and addressing industry challenges January 29, 2018 1 Thank

Impact Measurement &amp; Management Deep Dive Strengthening practice and addressing industry challenges January 29, 2018 1 Thank you for joining us today! Please note: All participants are muted. Use the chat function to submit

432 views • 32 slides
SCE 2018 GRC Deep Dive on SCE T estimony on Poles November 2, 2016 1 Summary Pole

SCE 2018 GRC Deep Dive on SCE T estimony on Poles November 2, 2016 1 Summary Pole

SCE 2018 GRC Deep Dive on SCE T estimony on Poles November 2, 2016 1 Summary Pole inspection, assessment, maintenance, and replacement continue to be a major focus for SCE given: Their impact on public and worker safety Their

841 views • 32 slides
Concurrent &amp; Multicore OCaml: A deep dive KC Sivaramakrishnan 1 &amp; Stephen Dolan 1 Leo

Concurrent &amp; Multicore OCaml: A deep dive KC Sivaramakrishnan 1 &amp; Stephen Dolan 1 Leo

Concurrent &amp; Multicore OCaml: A deep dive KC Sivaramakrishnan 1 &amp; Stephen Dolan 1 Leo White 2 , Jeremy Yallop 1,3 , Armal Guneau 4 , Anil Madhavapeddy 1,3 1 2 3 4 Concurrency Parallelism Concurrency Programming technique

859 views • 52 slides
My Brothers Keeper Community Challenge Deep Dive Milestone 5 Successfully Entering the

My Brothers Keeper Community Challenge Deep Dive Milestone 5 Successfully Entering the

My Brothers Keeper Community Challenge Deep Dive Milestone 5 Successfully Entering the Workforce 0 Agenda Introduction MBK Webinar Overview Cradle-to-College-to-Career Approach 2 Driving Systemic Change in Your Community

400 views • 15 slides
to protect against disease, advance animal well-being and support livestock production Deep dive

to protect against disease, advance animal well-being and support livestock production Deep dive

How digitization improves our ability to protect against disease, advance animal well-being and support livestock production Deep dive into dairy farming and how digital tools are used to improve animal care and farm management Dr. Christian

167 views • 6 slides
A deep dive and comparison of Python drivers for Cassandra and Scylla Why and how we wrote a

A deep dive and comparison of Python drivers for Cassandra and Scylla Why and how we wrote a

A deep dive and comparison of Python drivers for Cassandra and Scylla Why and how we wrote a Python driver for Scylla EuroPython 2020 Bonjour ! Alexys Jacob Gentoo Linux developer - dev-db / mongodb / redis / scylla CTO at - sys-cluster

658 views • 42 slides
Java One 2015 Deep Dive T op Performance Mistakes And other Tips &amp; T ricks to make you

Java One 2015 Deep Dive T op Performance Mistakes And other Tips &amp; T ricks to make you

Java One 2015 Deep Dive T op Performance Mistakes And other Tips &amp; T ricks to make you a Performance Expert More on http://blog.dynatrace.com Andreas Grabner - @grabnerandi Safe Harbor AND MANY MORE 0.01ms 0.02ms 15

1.01k views • 78 slides
Welcome Agenda Welcome with Sue Coffey &amp; Erik Asgeirsson AICPA Workstream Panel

Welcome Agenda Welcome with Sue Coffey &amp; Erik Asgeirsson AICPA Workstream Panel

Welcome Agenda Welcome with Sue Coffey &amp; Erik Asgeirsson AICPA Workstream Panel Use Case Panel Tech &amp; Regulatory Update Deep Dive Topical Breakout Sessions Key Insights from Deep Dive Groups Open Discussion

390 views • 15 slides
H1: Deep Dive: FCIL Basics for Metadata Professionals: Collaborating to Ensure Access to Foreign

H1: Deep Dive: FCIL Basics for Metadata Professionals: Collaborating to Ensure Access to Foreign

H1: Deep Dive: FCIL Basics for Metadata Professionals: Collaborating to Ensure Access to Foreign and International Legal Materials Moderator: Ajaye Bloomstone, Acquisitions Librarian, LSU Law Library Speakers: George Prager, Head Cataloger,

1.19k views • 116 slides
A Deep Dive into the CARES Act Mike ODonnell mike@ColoradoLendingSource.org 303.657.0010 O

A Deep Dive into the CARES Act Mike ODonnell mike@ColoradoLendingSource.org 303.657.0010 O

A Deep Dive into the CARES Act Mike ODonnell mike@ColoradoLendingSource.org 303.657.0010 O 720-255-4091 C About us Ce Celebrating 30 years of lending, Co Colorado Lending Source cares about small business, creating long-te term allia

426 views • 27 slides
A Deep Dive Into DIR Fees Presented to the Virginia Pharmacists Association September 7, 2018

A Deep Dive Into DIR Fees Presented to the Virginia Pharmacists Association September 7, 2018

A Deep Dive Into DIR Fees Presented to the Virginia Pharmacists Association September 7, 2018 The strength of our numbers NCPA represents the interests of America's community pharmacists, including the owners of more than 22,000 independent

735 views • 47 slides
Deep Dive Into Mann-Whitney and Spearman Rank Deliverance Bougie Sr. Statistician August 2018

Deep Dive Into Mann-Whitney and Spearman Rank Deliverance Bougie Sr. Statistician August 2018

Deep Dive Into Mann-Whitney and Spearman Rank Deliverance Bougie Sr. Statistician August 2018 1 Deep Dive Into Mann-Whitney and Spearman Rank Mann-Whitney Statistical Analysis Why we use it. Getting technical. What do the

488 views • 24 slides

More recommend