DNS Removals - Changing a TLD server‘s address - Peter Koch OARC DNS Operational Meeting Ottawa, 25-SEP-2008.

Slides:



Advertisements
Similar presentations
Testing IPv6 Address Records in the DNS Root APNIC 23 February 2007 Geoff Huston Chief Scientist APNIC.
Advertisements

1 VeriSign Site Finder Scott Hollenbeck SECSAC Open Meeting 7 October 2003.
Authoritative-only server & TSIG cctld-workshop Nairobi,12-15 october 2005
© NLnet Labs, Licensed under a Creative Commons Attribution 3.0 Unported License.Creative Commons Attribution 3.0 Unported License Introduction.
DNS and TCP Sequence Numbers (Again!) EE122 Discussion 10/24/2011.
DNS Session 4: Delegation and reverse DNS Joe Abley AfNOG 2006 workshop.
DNS Security Extension (DNSSEC). Why DNSSEC? DNS is not secure –Applications depend on DNS ►Known vulnerabilities DNSSEC protects against data spoofing.
6.033 Lecture 14 DNS and Content Delivery Networks Sam Madden Key ideas: Domain name service Content delivery networks Network overlays.
McGraw-Hill©The McGraw-Hill Companies, Inc., Chapter 25 Domain Name System.
Recursive Server. Overview Recursive Service Root server list localhost in-addr.arpa named.conf.
Domain Name System: DNS
1 The State and Challenges of the DNSSEC Deployment Eric Osterweil Michael Ryan Dan Massey Lixia Zhang.
Domain Name System ( DNS )  DNS is the system that provides name to address mapping for the internet.
TCP/IP Protocol Suite 1 Chapter 17 Upon completion you will be able to: Domain Name System: DNS Understand how the DNS is organized Know the domains in.
Domain Name Services Oakton Community College CIS 238.
11.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 11: Introducing WINS, DNS,
Domain Name System (DNS) Ayitey Bulley Session-1: Fundamentals.
NET0183 Networks and Communications Lecture 25 DNS Domain Name System 8/25/20091 NET0183 Networks and Communications by Dr Andy Brooks.
Tony Kombol ITIS Who knows this? Who controls this? DNS!
CS 4396 Computer Networks Lab
Chapter 16 – DNS. DNS Domain Name Service This service allows client machines to resolve computer names (domain names) to IP addresses DNS works at the.
Domain Names System The Domain Name System (DNS) is a hierarchical distributed naming system for computers, services, or any resource connected to the.
Computer Networks: Domain Name System. The domain name system (DNS) is an application-layer protocol for mapping domain names to IP addresses Vacation.
Microsoft Windows Server 2003 TCP/IP Protocols and Services Technical Reference Slide: 1 Lesson 17 Domain Name System (DNS)
Geoff Huston APNIC Labs
70-291: MCSE Guide to Managing a Microsoft Windows Server 2003 Network Chapter 7: Domain Name System.
14 DNS : The Domain Name System. 14 Introduction - Problem Computers are used to work with numbers Humans are used to work with names ==> IP addresses.
October 15, 2002Serguei A. Mokhov, 1 Intro to DNS SOEN321 - Information Systems Security.
Chapter 17 Domain Name System
TCP/IP Protocol Suite 1 Chapter 17 Upon completion you will be able to: Domain Name System: DNS Understand how the DNS is organized Know the domains in.
DNS ITL see: Douglas Comer: Internetworking with TCP/IP, volume I” pages
Module 8 DNS Tools & Diagnostics. Objectives Understand dig and nslookup Understand BIND toolset Understand BIND logs Understand wire level messages.
© Janice Regan, CMPT 128, CMPT 371 Data Communications and Networking DNS 0.
1 Kyung Hee University Chapter 18 Domain Name System.
Tony Kombol ITIS DNS! overview history features architecture records name server resolver dnssec.
Port and Message ID Analysis of Resolvers Querying.com/.net Name Servers David Blacka Matt Larson September 24, 2008 DNS OARC Meeting, Ottawa, Canada.
CPSC 441: DNS 1. DNS: Domain Name System Internet hosts: m IP address (32 bit) - used for addressing datagrams m “name”, e.g., - used by.
Domain Name System (DNS). DNS Server Service Overview of Domain Name System What Is a Domain Namespace? Standards for DNS Naming.
* Agenda  What is the DNS ?  Poisoning the cache  Short term solution  Long term solution.
A study of caching behavior with respect to root server TTLs Matthew Thomas, Duane Wessels October 3 rd, 2015.
Module 8 DNS Tools & Diagnostics. Dig always available with BIND (*nix) and windows Nslookup available on windows and *nix Dig on windows – unpack zip,
Computer Networks Fall, 2007 Prof Peterson. CIS 235: Networks Fall, 2007 Western State College How’s it going??
Publishing zone scan data using an open data portal Sebastian Castro OARC Workshop Montreal – Oct 2015.
McGraw-Hill©The McGraw-Hill Companies, Inc., 2000 Chapter 18 Domain Name System (DNS)
DNS Security 1. Fundamental Problems of Network Security Internet was designed without security in mind –Initial design focused more on how to make it.
Microsoft Windows Server 2003 TCP/IP Protocols and Services Technical Reference Slide: 1 Lesson 18 Windows Internet Name Service (WINS)
AfNOG-2003 Domain Name System (DNS) Ayitey Bulley
ITU ccTLD Workshop March 3, 2003 A Survey of ccTLD DNS Vulnerabilities.
Domain Name System (DNS) Joe Abley AfNOG Workshop, AIS 2014, Djibouti Session-1: Fundamentals.
TCP/IP Protocol Suite 1 Chapter 17 Upon completion you will be able to: Domain Name System: DNS Understand how the DNS is organized Know the domains in.
Internet Naming Service: DNS* Chapter 5. The Name Space The name space is the structure of the DNS database –An inverted tree with the root node at the.
WHAT IS DNS??????????.
So DNS is A client-server application that maps domain names into their corresponding IP addresses with the help of name servers. Mapping domain names.
Short Intro to DNS (part of Tirgul 9) Nir Gazit. What is DNS? DNS = Domain Name System. For translation of host names to IPs. A Distributed Database System.
Monitoring, analyzing and cleaning DNS configuration errors across European NRENs Slavko Gajin University of Belgrade, Serbia
1 Lecture A.3: DNS Security r Domain Name Service r Security Problems in DNS.
© 2013 Infoblox Inc. All Rights Reserved. Paul UKNOF 26 – 13 Sep 2013, London Paul Ebersman.
Using Digital Signature with DNS. DNS structure Virtually every application uses the Domain Name System (DNS). DNS database maps: –Name to IP address.
1 CMPT 471 Networking II DNS © Janice Regan,
Session-1: Fundamentals
Domain Name System (DNS)
Domain Name System: DNS
Domain Name System Tony Kombol ITIS 3110.
Testing DNS resolvers (as) in real world
IMPLEMENTING NAME RESOLUTION USING DNS
Networking Applications
Data Communications and Networking DNS
The Domain Name System.
Presentation transcript:

DNS Removals - Changing a TLD server‘s address - Peter Koch OARC DNS Operational Meeting Ottawa, 25-SEP-2008

2 Changed address of S.DE.NET > Same AS, no significant RTT change This is a DE only name server Captured query traffic Determine dominant source for the address Count queries and queriers Find Query Swing Find Stalking Resolvers cf. work for B and J root servers What we did

3 Server ‘ s name appears in the authoritative NS RRSet at DE zone apex in the delegation in the parent zone Server ‘ s address originates from Authoritative data in DE.NET Root zone glue data spread through TLD referrals [additional section for authoritative DE responses] Surprise, wait … How does DNS traffic go to S.DE.NET?

4 Change of authoritative data in DE.NET zone effective : UTC TTL was 3600 Change of „ glue “ in the NET zone effective : UTC TTL was Root zone delegation change (glue) effective : UTC TTL was Timeline

5 ; > DiG 8.4 > s.de.net. ;; res options: init defnam dnsrch ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: ;; flags: qr; QUERY: 1, ANSWER: 1, AUTHORITY: 5, ADDITIONAL: 2 ;; QUERY SECTION: ;; s.de.net, type = A, class = IN ;; ANSWER SECTION: s.de.net IN A ;; AUTHORITY SECTION: de.net IN NS ns1.denic.de. de.net IN NS ns2.denic.de. de.net IN NS ns3.denic.de. de.net IN NS ns4.denic.net. de.net IN NS ns5.denic.net. ;; ADDITIONAL SECTION:[…] The Unexpected Glue Entry

6 Observations on (auth data change)

7 DSC on

8 Stats on

9 Authoritative data less dominant than referral (from root) data Additional section filled from glue No immediate correlation with root zone dist? We have many „ first contacts “ But: This is for an out-of-domain server Special handling of NET zone needs to be considered DE is largely, but not solely a delegation only zone Sensor died due to real world move Preliminary Conclusions

10 After seven 7 months, query rate is still high Die-hard dropcatchers Resolvers with (outdated) copies of the root zone! … or abandoned alternate root system Open Recursive Name Servers Weird high TTLs on TLD NS RRSet and A RRSets s.de.net IN A fpdns identifies „non-standard“ software Trivia

11 DSC >

Traffic to old address

Stalker distribution

14 Investigate some resolvers in more detail Especially the „ open “ ones Investigate „ first contacts “ Early cache expiry? No cache at all? Redo experiment with different server name Within nic.de Future Work

15 ?/! Peter Koch, DENIC eG

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.