The Domain Name System and Internet Still Survive Presented by: Ao-Jan Su.

Slides:



Advertisements
Similar presentations
IPv6 Glue Why registrars need to support it Elise Gerich VP, IANA.
Advertisements

Sergei Komarov. DNS  Mechanism for IP hostname resolution  Globally distributed database  Hierarchical structure  Comprised of three components.
TRAINING FOR PSION WORKABOUT PRO HANDSETS
DNS Security Overview AROC Guatemala July What’s the Problem? Until July of 2008 the majority of authoritative DNS servers worldwide were completely.
Domain Name System. DNS is a client/server protocol which provides Name to IP Address Resolution.
Perils of Transitive Trust in the Domain Name System Emin Gün Sirer joint work with Venugopalan Ramasubramanian Cornell University.
Perils of Transitive Trust in the Domain Name System Venugopalan Ramasubramanian Emin Gün Sirer Cornell University.
Computer Networks: Domain Name System. The domain name system (DNS) is an application-layer protocol for mapping domain names to IP addresses Vacation.
DNS Session 4: Delegation and reverse DNS Joe Abley AfNOG 2006 workshop.
1 DNS. 2 BIND DNS –Resolve names to IP address –Resolve IP address to names (reverse DNS) BIND –Berkeley Internet Name Domain system Version 4 is still.
The Domain Name System Overview Introduction DNS overview How DNS helps us? Summary.
Harness Your Internet Activity. DNS-Based DDoS Evolving Threat RIPE May 2015 Amsterdam Ralf Weber Bruce Van Nice.
Hitesh Ballani, Paul Francis(Cornell University) Presenter: Zhenhua Liu Date: Mar. 16 th, 2009.
DNS Domain Name Service america.pcs.cnu.edu->
DirectAccess is an Enterprise Solution: No support for Windows 7 Professional Requires two consecutive public IP addresses Cannot NAT to the DirectAccess.
1 [prop-038] Proposal to amend APNIC Lame DNS reverse delegation policy Policy SIG 7 Sep 2006 APNIC 22, Kaohsiung, Taiwan Terry Manderson.
G Robert Grimm New York University Pulling Back: How to Go about Your Own System Project?
Ensuring you IP Address is correct to be compatible with the recent WISCORS change effective no later than 12/31/2014 from The WISCORS Administration.
What’s New in WatchGuard XCS 10.0 Update 3 WatchGuard Training.
Concurrent node joins and Stabilization Παρουσίαση: Νίκος Κρεμμυδάς Πάνος Σκυβαλίδας.
Viruses, Phishing and Pharming Megan, Matt, Rishi.
The Domain Name System Presented by: Baolan Bo Bo Liangzhen LiangzhenShuguangWeihuaYujun Instructor: Dr. Sharon P. Hall.
Reconnaissance & Enumeration Baseline, Monitor, Detect, Analyze, Respond, & Recover Hervey Allen Chris Evans Phil Regnauld September 3 – 4, 2009 Santiago,
Providing A Subset of Whois Data Via DNS Shuang Zhu Xing Li CERNET Center.
Mapping Internet Addresses to Physical Addresses (ARP)
Welcome Today Our Topics are: DNS (The Potential Problem for Complete Anonymity) Transparent DNS Proxy (The Problem & The Solution) How To.
Chapter 16 – DNS. DNS Domain Name Service This service allows client machines to resolve computer names (domain names) to IP addresses DNS works at the.
Computer Networks: Domain Name System. The domain name system (DNS) is an application-layer protocol for mapping domain names to IP addresses Vacation.
CSUF Chapter 6 1. Computer Networks: Domain Name System 2.
Reading at University Academic Skills Unit Gill Byrne & Chris Ireland.
Digital Data Collection Training April 7, Abt Associates | pg 2 Contents Preparing Your Computer Protecting Data Entering Data Into Forms Saving.
By Chris Racki. Outline  Introduction  How DNS works  A typical DNS lookup  Caching for later  Vulnerabilities of DNS  Anatomy of a cache poisoning.
October 15, 2002Serguei A. Mokhov, 1 Intro to DNS SOEN321 - Information Systems Security.
資 管 Lee Lesson 13 IPv6 and Name Resolution. 資 管 Lee Lesson Objectives IPv6 name-to-address and address-to-name resolution IPv6 name resolution support.
1 Computer Communication & Networks Lecture 26 Application Layer: Domain Name System Waleed Ejaz.
Configuring Global Server Load Balancing (GSLB)
CORE 2: Information systems and Databases CENTRALISED AND DISTRIBUTED DATABASES.
DNS ITL see: Douglas Comer: Internetworking with TCP/IP, volume I” pages
DNS Security Pacific IT Pros Nov. 5, Topics DoS Attacks on DNS Servers DoS Attacks by DNS Servers Poisoning DNS Records Monitoring DNS Traffic Leakage.
Policies by FQDN WatchGuard Training.
Naming March 8, Networks What is naming?  Associations between some elements in a set of names and some elements in a set of values  Binding.
Karrenberg et. Al.. RIPE 43, September 2002, Ρόδος. DISTEL Domain Name Server Testing Lab Daniel Karrenberg with Alexis Yushin, Ted.
Domain Name System Refs: Chapter 9 RFC 1034 RFC 1035.
Perils of Transitive Trust in the Domain Name System Chen Xi Chen Xi.
Planning an Installation and d Upgrade. Learning Objectives  To learn how to plan an upgrade and installation.
24. DNS Domain Name System address 1. Name server domain name IP address ftp.cs.mit.eduxx.xx.xx.xx 24.2 Mapping Domain Names To.
* Agenda  What is the DNS ?  Poisoning the cache  Short term solution  Long term solution.
DNS Cache Poisoning. History 1993 – DNS protocol allowed attacker to inject false data which was then cached 1997 – BIND 16-bit transaction ids not randomized,
DNS Session 5 Additional Topics Joe Abley AfNOG 2006, Nairobi, Kenya.
Universal Acceptance of All TLDs ALAC 24 June 2012.
CS2910 Week 5, Class 2 Today DNS Muddy Points More HTTP Headers Review for Midterm Exam This coming Monday: Midterm Exam SE-2811 Slide design: Dr. Mark.
DNS Domain Name Systems Theory 1. HOW DNS WORKS Theory 2.
DNS Measurement at a Root Server Nevil Brownlee, kc Claffy and Evi Nemeth Presented by Zhengxiang Pan Mar. 27 th, 2003.
DNS Security 1. Fundamental Problems of Network Security Internet was designed without security in mind –Initial design focused more on how to make it.
OPTION section It is the first section of the named.conf User can use only one option statement and many option-value pair under the section. Syntax is.
ITU ccTLD Workshop March 3, 2003 A Survey of ccTLD DNS Vulnerabilities.
Selling a Product or Service Website. Website Objective Developing or Designing a Website 40 Questions and Questionnaire with 30 questions are to be filled.
Domain Name System INTRODUCTION to Eng. Yasser Al-eimad
WINS Monthly Meeting 06/05/2003 WINS Monthly Meeting 06/05/2003.
So DNS is A client-server application that maps domain names into their corresponding IP addresses with the help of name servers. Mapping domain names.
Basics of the Domain Name System (DNS) By : AMMY- DRISS Mohamed Amine KADDARI Zakaria MAHMOUDI Soufiane Oujda Med I University National College of Applied.
B101 Presentation on DNS By Thomas Shaw. What is the function of the DNS? Otherwise known as the Domain Name System It is one of the most important systems.
DNS Domain Name System. Lots of people use the internet for different reasons. DNS Plays a big role in the internet. The DNS translates domain names into.
Using Digital Signature with DNS. DNS structure Virtually every application uses the Domain Name System (DNS). DNS database maps: –Name to IP address.
What’s the relationship here?
DNS Session 5 Additional Topics
Unit 5: Providing Network Services
An Analysis of BGP Multiple Origin AS (MOAS) Conflicts
Homework 04 Announce: Due:
Cleaning Up the Internet of Evil Things
Presentation transcript:

The Domain Name System and Internet Still Survive Presented by: Ao-Jan Su

Please clarify Section 4. : Two recent survey by Pappas and Ramasubramanian… most domain names are served by a small number of nameservers. Abstract: The survey shows that a typical name depends on 46 servers on average. Which one is correct?

Ordered Records (Large TCB is not an important issue) Most DNS queries use the first entry in the ordered list It is very unlikely to ask Rochester for Cornell’s IP address ;; QUESTION SECTION: ;cornell.edu. IN A ;; ANSWER SECTION: cornell.edu IN A ;; AUTHORITY SECTION: cornell.edu IN NS dns.cit.cornell.edu. cornell.edu IN NS cudns.cit.cornell.edu. cornell.edu IN NS simon.cs.cornell.edu. cornell.edu IN NS bigred.cit.cornell.edu. cornell.edu IN NS cayuga.cs.rochester.edu.

Hijack FBI (DNS design ’ s fault?) reston-ns2.tel .net is running an old nameserver (BIND 8.2.4) It is the vulnerability of software (server) NOT the design of DNS. This problem can be easily detected and corrected (by scanning the versions of BIND in the nameservers periodically and keep the software up to date)

OK,.edu and.org are Lazy But, this also implies that hackers have very little interest in hijacking these domains. Or cs.northwestern.edu would be hijacked now! Same reason goes to Ukraine, Belarus, San Marino, Malta… BTW Can you give me some examples of domains with.aero and.int?

Conclusion Don’t blame on DNS for vulnerability (bugs) of BIND TCB is not a good representation of daily DNS operations (extreme conditions should not count the same weight as normal cases) However, I agree that.edu and.org nameservers should update their BIND as soon as possible

Thank you.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.