Paper Presentation – CAP 6135

Page 2 Outline Review - DNS Proposed Solution Simulation Results / Evaluation Discussion

Page 3 Domain Name System - DNS DNS is a name resolution service which resolves host names into IP address DNS is a distributed database application with a hierarchical structure DNS Benefits – Convenience: names are easier to remember – Consistency: IP address can change but server names can remain constant – Simplicity: One naming convention

Page 4 Domain Name System - DNS Key Components of DNS – DNS name space – Name servers – DNS Zones – Resource Records

Page 5 DNS Namespace

Page 6 Step 1: Your PC sends a resolution request to its configured DNS Server, typically at your ISP. Tell me the Address of “

Page 7 Step 2: Your ISPs recursive name server starts by asking one of the root servers predefined in its “hints” file. Tell me the Address of “ I don’t know the address but I know who’s authoritative for the ”com” domain ask them

Page 8 Step 3: Your ISPs recursive name server then asks one of the “com” name servers as directed. Tell me the Address of “ I don’t know the address but I know who’s authoritative for the ”google.com” domain ask them

Page 9 Step 4: Your ISPs recursive name server then asks one of the “google.com” name servers as directed. Tell me the Address of “ The Address of is

Page 10 Step 5: ISP DNS server then send the answer back to your PC. The DNS server will “remember” the answer for a period of time. The Address of is

Page 11 Step 6: Your PC can then make the actual HTTP request to the web server. Here it is! Send me the web page

Page 12 Summary The actual web request DNS

Page 13 Caching Huge volume of request DNS resolution process allows for caching for a given period of time after a successful answer Determined by a value called the time to live (TTL) TTL is set by the administrator of the DNS server

Page 14 Summary The actual web request DNS Caching

Page 15 Proposed Solution DNS resolvers cache responses to improve lookup performance and reduce lookup overhead A resolver can use cached responses upto the time-to-live (TTL) value associated with the response Modify resolvers - do not expunge cached records with TTL value expired Expired records evicted from cache and stored “stale cache” Resolvers use stale cache to answer queries for unavailable zone Allows the resolution process to continue

Page 16 Proposed Solution

Page 17 Proposed Solution

Page 18 Evaluation DNS traffic – Cornell Computer Science Dept – Internet – ~1300 hosts – 65 days – 84,580,513 DNS queries – 53,848,115 DNS responses – 4,478,731 unique names Stale cache size: 1 to 30 days Attack duration: 3, 6, 12 and 24 hours.

Page 19 Fraction of Queries Answered

Page 20 Fraction of Accurate Records in responses

Page 21 Fraction of Queries (for two-level names) Answered and Accurate Records

Page 22 Fraction of Queries (for three-level names) Answered and Accurate Records

Page 23 Stale cache memory footprint

Page 24 Discussion Pros – DNS Robustness – Simplicity. Does not change the basic protocol operation and infrastructure Does not impose any load on DNS Does not impact the latency of query resolution – Incremental Deployment – Motivation for Deployment

Page 25 Discussion Objections – DNS caching semantics and the possibility of inaccurate information being used – Autonomy for zone operators – Attackers attempting to force the use of inaccurate information – Resolution latency in the face of an attack

Page 26 References Mitigating DNS DoS Attacks, Hitesh Ballani, Paul Francis, CCS 2008 Wikipedia Amplified DNS DDoS Attacks and Mitigation,