evaluation of trust relationships in the domain name
play

Evaluation of Trust Relationships in the Domain Name System Final - PowerPoint PPT Presentation

Chair of Network Architectures and Services Department of Informatics Technical University of Munich Evaluation of Trust Relationships in the Domain Name System Final Talk for Masters Thesis Frank Schmidt July 12, 2017 Chair of Network


  1. Chair of Network Architectures and Services Department of Informatics Technical University of Munich Evaluation of Trust Relationships in the Domain Name System Final Talk for Master’s Thesis Frank Schmidt July 12, 2017 Chair of Network Architectures and Services Department of Informatics Technical University of Munich

  2. Chair of Network Architectures and Services Department of Informatics Technical University of Munich DNS terms DNS : hierarchical distributed database for translating domain names to IP addresses zone : organisational unit of the DNS, serves information for names contained within zonefile : general format for specifying the contents of a zone delegation : transfer of responsibility from a parent zone to its child zone F. Schmidt — DNS Scanning 2

  3. Chair of Network Architectures and Services Department of Informatics Technical University of Munich DNS structure and Trust . net. de. ... de.net. denic.de. nic.de. ... l.de.net. ns1.denic.de. a.nic.de. A AAAA 81.91.170.1 2a02:568:121:6:2::2 F. Schmidt — DNS Scanning 3

  4. Chair of Network Architectures and Services Department of Informatics Technical University of Munich Custom resolver • focus on the resolution process and not on the reply • obtain information about the DNS infrastructure • query all available name servers found in the DNS • resilient against uncommon configurations and network errors • follow netiquette F. Schmidt — DNS Scanning 4

  5. Chair of Network Architectures and Services Department of Informatics Technical University of Munich Scanner overview Raw Internet Postgres Scanner Results Meta Input google.com. youtube.com. facebook.com. ... F. Schmidt — DNS Scanning 5

  6. Chair of Network Architectures and Services Department of Informatics Technical University of Munich Scanner internals • implemented in Go • query IPv4 and IPv6 name servers • gather DNSSEC information • store raw queries for for validation and after-the-fact analysis • zone completion tracking by SCC F. Schmidt — DNS Scanning 6

  7. Chair of Network Architectures and Services Department of Informatics Technical University of Munich Termination by SCC . net. de. ... de.net. denic.de. nic.de. ... l.de.net. ns1.denic.de. a.nic.de. AAAA A 81.91.170.1 2a02:568:121:6:2::2 F. Schmidt — DNS Scanning 7

  8. Chair of Network Architectures and Services Department of Informatics Technical University of Munich . info. dynamicnetworkservices.net. isc-sns.com. dyntld.net. ca. cira.ca. utoronto.ca. cs.utoronto.ca. utcc.utoronto.ca. eis.utoronto.ca. ubc.ca. bc.net. pch.net. risq.qc.ca. fr. cdec.polymtl.ca. ht. gra fi klif.ht. web.ht. inend.ht. F. Schmidt — DNS Scanning 8

  9. Chair of Network Architectures and Services Department of Informatics Technical University of Munich Performance General: • concurrency where possible • minimize allocations • expiry of unneeded information • profiling DNS: • reduce delegation queries to TLD name servers • exploit zone file information F. Schmidt — DNS Scanning 9

  10. Chair of Network Architectures and Services Department of Informatics Technical University of Munich DNS-in-a-Box Raw Internet Postgres Scanner Results Meta Input google.com. youtube.com. facebook.com. ... F. Schmidt — DNS Scanning 10

  11. Chair of Network Architectures and Services Department of Informatics Technical University of Munich DNS-in-a-Box • independent from the internet • reproducible scans • finds most bugs before scanning the internet • necessitated some resolver adaptations due to the optimizations • deterministic choice of name servers to query F. Schmidt — DNS Scanning 11

  12. Chair of Network Architectures and Services Department of Informatics Technical University of Munich Deterministic name server choice sort(parent_nameservers, key=fnv-1a(IP+domain_name+IP))[:3] F. Schmidt — DNS Scanning 12

  13. Chair of Network Architectures and Services Department of Informatics Technical University of Munich Performed scans • queried types: A/AAAA/MX/TXT • incrementally increased the number of domains • results based on scans of the Alexa list and a subset of the .com zone, consisting of 1M domains each • full debug output • arbitrary query limits scope query rate max outstanding queries name server 40 80 global 8000 24000 F. Schmidt — DNS Scanning 13

  14. Chair of Network Architectures and Services Department of Informatics Technical University of Munich Scan overview scan runtime [s] CPU [s] results Alexa list 5144 8457 6,2 GB .com sample 6191 7053 3,5 GB name servers Alexa name servers .com failed queries Alexa failed queries .com 10 4 number of active name servers 60 10 3 failed queries [%] 40 10 2 20 10 1 10 0 0 0 0 1 , 000 1 , 000 2 , 000 2 , 000 3 , 000 3 , 000 4 , 000 4 , 000 5 , 000 5 , 000 6 , 000 6 , 000 time [s] F. Schmidt — DNS Scanning 14

  15. Chair of Network Architectures and Services Department of Informatics Technical University of Munich Zone setups Alexa 1 .com number of zones [in M] 0 . 8 0 . 6 0 . 4 0 . 2 0 a h m s c l o e l l u l u s l f s d t t - t i e i h s d - o e c h r s e o o t d v s e e d t r e e d d F. Schmidt — DNS Scanning 15

  16. Chair of Network Architectures and Services Department of Informatics Technical University of Munich Trusted computing base 100 80 CDF [%] 60 40 20 Alexa .com 0 0 49 100 200 300 400 476 number of name servers F. Schmidt — DNS Scanning 16

  17. Chair of Network Architectures and Services Department of Informatics Technical University of Munich Name server influence Alexa 100 .info/.org .com number of names controlled [%] Cloudflare 10 GoDaddy .info/.org 1 0 . 1 0 . 01 1 10 100 1 , 000 10 , 000 rank F. Schmidt — DNS Scanning 17

  18. Chair of Network Architectures and Services Department of Informatics Technical University of Munich Nonexistent name servers Alexa 3 , 000 .com number of affected zones 2 , 000 1 , 000 0 erroneous trailing dot missing trailing dot special-use TLD abandoned domains IP in NS RR F. Schmidt — DNS Scanning 18

  19. Chair of Network Architectures and Services Department of Informatics Technical University of Munich Future work • closer investigation of “abandoned” domains • extend the scanner • CNAME/SOA/MX chasing • reverse lookups • DNSSEC validation • long term differential analysis F. Schmidt — DNS Scanning 19

  20. Chair of Network Architectures and Services Department of Informatics Technical University of Munich Thank you for your attention! Any questions? F. Schmidt — DNS Scanning 20

  21. Chair of Network Architectures and Services Department of Informatics Technical University of Munich Appendix allocated Alexa allocated .com progress .com progress Alexa 5 8 , 000 CPU time = sys + user [s] allocated memory [GB] 4 6 , 000 3 4 , 000 2 2 , 000 1 0 0 0 0 1 , 000 1 , 000 2 , 000 2 , 000 3 , 000 3 , 000 4 , 000 4 , 000 5 , 000 5 , 000 6 , 000 6 , 000 time [s] time [s] F. Schmidt — DNS Scanning 21

  22. Chair of Network Architectures and Services Department of Informatics Technical University of Munich F. Schmidt — DNS Scanning 22

Recommend


More recommend