dns nameserver database now at oarc
play

DNS Nameserver Database Now at OARC Duane Wessels The Measurement - PowerPoint PPT Presentation

Oct 17, 2023 •238 likes •394 views

DNS Nameserver Database Now at OARC Duane Wessels The Measurement Factory/CAIDA WIDE+CAIDA Workshop #9 January 19, 2008 WIDE+CAIDA 0 The Measurement Factory Motivation Measurement Factory and CAIDA were doing periodic sur- veys of

  1. DNS Nameserver Database Now at OARC Duane Wessels The Measurement Factory/CAIDA WIDE+CAIDA Workshop #9 January 19, 2008 WIDE+CAIDA 0 The Measurement Factory

  2. Motivation • Measurement Factory and CAIDA were doing periodic sur- veys of nameservers, collecting information such as: – fpdns fingerprint – VERSION.BIND – HOSTNAME.BIND – PTR record – TCP support • Also had separate survey/database of open resolvers. • Wanted to turn periodic surveys into continuously updating database. • Has been running for a year or so now. • Recently transitioned to OARC. WIDE+CAIDA 1 The Measurement Factory

  3. Database Tables • nameservers: Nameserver IP addresses • names: DNS Names • glue: “Glue” records • fpdns: fingerprint • hbind: hostname.bind records • vbind: version.bind records • asn: AS number • ptr: PTR record • openres: openresolver test result WIDE+CAIDA 2 The Measurement Factory

  4. Flow sniffer sniffer sniffer sniffer nameservers ptr asn fpdns hbind vbind openres WIDE+CAIDA 3 The Measurement Factory

  5. Flow • passive sniffers send nameserver IP addresses and DNS names to the database. • nameservers are checked for aliveness by querying for one of (a.root-servers.net, www.google.com, localhost). • Unresponsive nameservers are not probed any further. WIDE+CAIDA 4 The Measurement Factory

  6. Freshners • Most of the tables have “freshner” scripts that run continu- ously and keep the tables up-to-date. • For example, the fpdns freshner re-fingerprints a nameserver every 7 days. WIDE+CAIDA 5 The Measurement Factory

  7. Sample Database Queries I • Find some ISC-hosted nameservers: SELECT ptr.addr,ptr.ptrname FROM ptr,asn WHERE asn.asn=1280 AND ptr.addr=asn.addr ; addr | ptrname -----------------+--------------------------------- 204.152.191.230 | <no answers> 204.152.188.30 | lah1z.vix.com 204.152.186.173 | packman-ha.isc.org 204.152.186.179 | art.net 204.152.186.144 | white.flame.org 204.152.185.196 | <no answers> 204.152.184.202 | ns-us1.nic.at 204.152.184.203 | obsd.isc.org 204.152.186.45 | klapaucius.zer0.org 204.152.186.50 | boole.openldap.org 204.152.186.51 | galois.openldap.org 204.152.186.52 | cantor.openldap.org 204.152.186.58 | proxy8.monitor.dal.net WIDE+CAIDA 6 The Measurement Factory

  8. Sample Database Queries II • Who runs Nominet software? SELECT vbind.addr,ptr.ptrname,vbind_seq.str FROM vbind,vbind_seq,ptr WHERE vbind_seq.str like ’Nominum%’ AND vbind_seq.id=vbind.vbind_id AND vbind.addr=ptr.addr ; addr | ptrname | str -----------------+----------------------------------+------------------------- 192.220.125.193 | ns2.onlyhosting.net | Nominum ANS 2.5.0.0 192.220.125.164 | ns2.hileytech.net | Nominum ANS 2.5.0.0 212.74.78.48 | ns2.colt-telecom.nl | Nominum ANS 2.8.0.0 202.166.27.108 | ad202.166.27.108.magix.com.sg | Nominum ANS 2.8.1.2 192.220.125.129 | ns2.wanderers.com | Nominum ANS 2.5.0.0 192.220.125.64 | ns2.axinet.com | Nominum ANS 2.5.0.0 212.74.78.17 | ns0.be.colt.net | Nominum ANS 2.8.0.0 192.220.125.87 | ns2.warbler.com | Nominum ANS 2.5.0.0 192.220.125.19 | nsb.ntx.net | Nominum ANS 2.5.0.0 192.220.124.141 | dns1.webhost.be | Nominum ANS 2.5.0.0 WIDE+CAIDA 7 The Measurement Factory

  9. Sample Database Queries III • Which nameservers have IPv6 addresses? SELECT name,v6 FROM glue WHERE v6!= ’{}’ ; name | v6 -------------------------+----------------------------------- jupiter.luon.net | {2001:888:1d84::} ns1.uninet.net.id | {2001:dc6:ff8e::1} ns1.es.net | {2001:400:14:2::10} bofh.it | {2001:1418:13::42} dns2.nhinetworks.com | {::ffff:204.251.15.190} ns01.lindos.ch | {2001:1b50::82:195:225:110} dns1.consulintel.com | {2a01:48:20:0:200:1cff:feb5:c535} mx-in.itb.ac.id | {2001:d30:3:0:202:44ff:fe35:228c} dns.koli.uni-miskolc.hu | {2001:738:6001:3f00::1} skm.shonan.bunkyo.ac.jp | {2001:200:166:2001::2} WIDE+CAIDA 8 The Measurement Factory

  10. Fingerprints For Everyone • fpdns fingerprints are served as a “DNSBL”: $ dig +short 241.5.5.192.fpdns.measurement-factory.com txt "ISC BIND 9.2.3rc1 -- 9.4.0a0" • Could also serve additional data this way. WIDE+CAIDA 9 The Measurement Factory

  11. Is My Resolver Open? • dig it: $ dig +short amiopen.openresolvers.org txt "Your resolver at 66.75.164.90 is CLOSED" WIDE+CAIDA 10 The Measurement Factory

  12. dnsinfo.pl WIDE+CAIDA 11 The Measurement Factory

  13. Future Work • Document database and how OARC members and public can utilize it. • Use ISC’s SIE to feed database with addresses, zones, and names. – To the extent that this little database can take the increased load • Add tables and code to track relationships between name- servers and zones they serve. • Keep track of whether a nameserver is used to serve au- thoritative data, as a caching resolver (sorry, iterative mode resolver), or both. WIDE+CAIDA 12 The Measurement Factory

  14. The End

Recommend

DNS-OARC Wayne MacLaurin Executive Director DNS-OARC Members EP.NET DNS-OARC's Mandate

DNS-OARC Wayne MacLaurin Executive Director DNS-OARC Members EP.NET DNS-OARC's Mandate

DNS-OARC Wayne MacLaurin Executive Director DNS-OARC Members EP.NET DNS-OARC's Mandate Operations Analysis Research Operations (Data Collection) 6+ years of continuous DSC summary statistics gathering from root and major TLD

298 views • 11 slides
Tools Suite Keith Mitchell, Jerry Lundstr m https://www.dns-oarc.net/ OARC's Mission The

Tools Suite Keith Mitchell, Jerry Lundstr m https://www.dns-oarc.net/ OARC's Mission The

UKNOF37 Manchester April 2017 OARC's DNS Software Tools Suite Keith Mitchell, Jerry Lundstr m https://www.dns-oarc.net/ OARC's Mission The Domain Name System Operations Analysis and Research Center (DNS-OARC) is a non-profit, membership

586 views • 27 slides
DNS-OARC and the Open Knowledge Network Keith Mitchell DNS-OARC President WIE-KISMET Workshop

DNS-OARC and the Open Knowledge Network Keith Mitchell DNS-OARC President WIE-KISMET Workshop

DNS-OARC and the Open Knowledge Network Keith Mitchell DNS-OARC President WIE-KISMET Workshop December 2019 OARC's Mission Statement The Domain Name System Operations Analysis and Research Center (DNS-OARC) is a non-profit, membership

163 views • 12 slides
draft-dickinson-dnsop- nameserver-control-01 Stephen Morris stephen@isc.org 1 NSCP Function

draft-dickinson-dnsop- nameserver-control-01 Stephen Morris stephen@isc.org 1 NSCP Function

draft-dickinson-dnsop- nameserver-control-01 Stephen Morris stephen@isc.org 1 NSCP Function Breakdown Commands - start, stop, halt etc. Zone manipulation add/remove zone, ACL creation, etc. Parameters - control nameserver

326 views • 9 slides
DNS Session 3: Configuration of Recap Authoritative Nameservice DNS is a distributed database

DNS Session 3: Configuration of Recap Authoritative Nameservice DNS is a distributed database

DNS Session 3: Configuration of Recap Authoritative Nameservice DNS is a distributed database Resolver asks Cache for information Cache traverses the DNS delegation tree to find Authoritative nameserver which has the Ayitey Bulley

415 views • 7 slides
The Importance of Being an Earnest stub Challenges and solution for the versatile stub Willem

The Importance of Being an Earnest stub Challenges and solution for the versatile stub Willem

The Importance of Being an Earnest stub Challenges and solution for the versatile stub Willem Toorop 13 May 2017 OARC 26 (Madrid) From the ground-up security Authoritative . Authoritative net dns-oarc.net A dns-oarc.net A Recursive

597 views • 45 slides
A busy year! ICANN 45 Tech Day/DNS-OARC Toronto, Canada Canadian Internet Registration Authority

A busy year! ICANN 45 Tech Day/DNS-OARC Toronto, Canada Canadian Internet Registration Authority

A busy year! ICANN 45 Tech Day/DNS-OARC Toronto, Canada Canadian Internet Registration Authority (CIRA) Jacques Latour ICANN 45 Tech Day / DNS-OARC 15 Oct 2012 Topics for presentation Major Technical Projects: New network architecture

446 views • 16 slides
Domain Statistics Collector Tutorial Duane Wessels DNS-OARC Advanced ccTLD Workshop September

Domain Statistics Collector Tutorial Duane Wessels DNS-OARC Advanced ccTLD Workshop September

Domain Statistics Collector Tutorial Duane Wessels DNS-OARC Advanced ccTLD Workshop September 16, 2008 ams-cctld-advanced 0 DNS-OARC What is DSC? A system for collecting, transferring, viewing, and storing a variety of measurements

583 views • 33 slides
Measuring DNS Source Port Randomness Duane Wessels DNS-OARC 1st CAIDA/WIDE/CASFI Workshop

Measuring DNS Source Port Randomness Duane Wessels DNS-OARC 1st CAIDA/WIDE/CASFI Workshop

Measuring DNS Source Port Randomness Duane Wessels DNS-OARC 1st CAIDA/WIDE/CASFI Workshop August 15, 2008 CAIDA+WIDE+CASFI #1 0 DNS-OARC Kaminsky DNS sucks. Okay, Im paraphrashing... Use random source ports to protect from

394 views • 21 slides
Database Utilities 10/17/2007 DC/Win Database Utilities Opening Database Utilities From File on

Database Utilities 10/17/2007 DC/Win Database Utilities Opening Database Utilities From File on

Database Utilities 10/17/2007 DC/Win Database Utilities Opening Database Utilities From File on the Menu Bar DC/Win Database Utilities Options Vary Depending on Database Two Types of Databases Sequel (SQL) Database Access Database

460 views • 6 slides
conficker.[ccTLD] Eric Ziegast / ISC DNS-OARC/ICANN March 14th, 2011 We want the Internet to

conficker.[ccTLD] Eric Ziegast / ISC DNS-OARC/ICANN March 14th, 2011 We want the Internet to

conficker.[ccTLD] Eric Ziegast / ISC DNS-OARC/ICANN March 14th, 2011 We want the Internet to work better. RPZ SIE RPKI Changing how New method for S the security e c u r i n DNS-based policy f g r communities o B m G P r

261 views • 14 slides
RIR delegation reports and address-by-economy measurements DNS-OARC Workshop 25 July 2005

RIR delegation reports and address-by-economy measurements DNS-OARC Workshop 25 July 2005

RIR delegation reports and address-by-economy measurements DNS-OARC Workshop 25 July 2005 George Michaelson APNIC ggm@apnic.net Summary All RIR produce daily reports on resource allocations and assignments Consistent format, single

758 views • 22 slides
Expecting Larger Records When TLSA Is Deployed Paul Hoffman, VPN Consortium OARC 2011 Spring

Expecting Larger Records When TLSA Is Deployed Paul Hoffman, VPN Consortium OARC 2011 Spring

Expecting Larger Records When TLSA Is Deployed Paul Hoffman, VPN Consortium OARC 2011 Spring Workshop V.01 1 Overview What is DANE/TLSA What a TLSA request and resource record will probably look like Expectations for timing and

139 views • 9 slides
Advanced Database CS 525: Organization? Advanced Database =Database Implementation

Advanced Database CS 525: Organization? Advanced Database =Database Implementation

Advanced Database CS 525: Organization? Advanced Database =Database Implementation Organization =How to implement a database system and have fun doing it ;-) 01: Introduction Boris Glavic Slides: adapted from a course taught by

199 views • 7 slides
DATABASE SYSTEMS Database programming in a web environment Database System Course AGENDA FOR

DATABASE SYSTEMS Database programming in a web environment Database System Course AGENDA FOR

DATABASE SYSTEMS Database programming in a web environment Database System Course AGENDA FOR TODAY The final project Advanced Mysql Database programming Recap: DB servers in the web Web programming architecture HTTP on a need-to-know basis.

688 views • 54 slides
DNS(SEC) client analysis assisted by Bart Gijsen (TNO) DNS-OARC, San Francisco, March 2011

DNS(SEC) client analysis assisted by Bart Gijsen (TNO) DNS-OARC, San Francisco, March 2011

powered by DNS(SEC) client analysis assisted by Bart Gijsen (TNO) DNS-OARC, San Francisco, March 2011 Overview DNS traffic analysis CLIENT [8], [9] Resolver [7] (DNS proxy) Authoritative Authoritative Applic. Root DNS ) Root

568 views • 20 slides
2007 Day In The Life Mistakes We Dont Want To Repeat Duane Wessels The Measurement

2007 Day In The Life Mistakes We Dont Want To Repeat Duane Wessels The Measurement

2007 Day In The Life Mistakes We Dont Want To Repeat Duane Wessels The Measurement Factory/CAIDA WIDE+CAIDA Workshop #9 January 20, 2008 WIDE+CAIDA #9 0 The Measurement Factory OARC Disk Space Problem: The OARC server did not have

127 views • 12 slides
NEBC Database Course 2008 Database Servers Database Interfaces Tim Booth : tbooth@ceh.ac.uk

NEBC Database Course 2008 Database Servers Database Interfaces Tim Booth : tbooth@ceh.ac.uk

NEBC Database Course 2008 Database Servers Database Interfaces Tim Booth : tbooth@ceh.ac.uk What is an RDBMS? A PostgreSQL database is not just kept in a big file, like a spreadsheet. A program called the database server, or RDBMS,

323 views • 14 slides
DATABASE SYSTEMS Database programming in a web environment Database System Course, 2016-2017

DATABASE SYSTEMS Database programming in a web environment Database System Course, 2016-2017

DATABASE SYSTEMS Database programming in a web environment Database System Course, 2016-2017 AGENDA FOR TODAY The final project Advanced Mysql Database programming Recap: DB servers in the web Web programming architecture HTTP on a

845 views • 53 slides
Goals Database Administration All large and small databases need database Database

Goals Database Administration All large and small databases need database Database

PHP Miscellaneous $db-&gt;insert_id IT420: Database Management and Retrieves the ID generated for an Organization AUTO_INCREMENT column by the previous INSERT query Return value: Managing Multi-user The ID generated for an

140 views • 11 slides
Lect ure # 11 ADVANCED DATABASE SYSTEMS System Catalogs and Database Compression @

Lect ure # 11 ADVANCED DATABASE SYSTEMS System Catalogs and Database Compression @

Lect ure # 11 ADVANCED DATABASE SYSTEMS System Catalogs and Database Compression @ Andy_Pavlo // 15- 721 // Spring 2018 DATABASE TALK Oracle In-Memory Database Engine Monday February 26 th @ 4:30pm GHC 4401

709 views • 60 slides
This Lecture General Database Security Privileges Database Security Granting

This Lecture General Database Security Privileges Database Security Granting

This Lecture General Database Security Privileges Database Security Granting Revoking Views Database Systems SQL Insertion Attacks Michael Pound Further Reading The Manga Guide to Databases, Chapter 5 Database

285 views • 7 slides
Your Database Experts PRESENTATION MAP 3. About our company 4. Nearshoring Database

Your Database Experts PRESENTATION MAP 3. About our company 4. Nearshoring Database

Your Database Experts PRESENTATION MAP 3. About our company 4. Nearshoring Database Consulting was founded in 2009 as an outsourcing and Oracle Database 5. Forms to APEX migration specialised education centre with in-house

850 views • 19 slides
National Address Database National Address Database What is a National Address Database?

National Address Database National Address Database What is a National Address Database?

White House Initiative Open Government Partnership National Action Plan National Address Database National Address Database What is a National Address Database? How does it work? Why do we need a National Address Database? What

374 views • 18 slides

More recommend