Presentation is loading. Please wait.

Presentation is loading. Please wait.

DNS: Revising the Current Protocol Matt Gustafson Matt Weaver CS522 Computer Communications University of Colorado, Colorado Springs.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "DNS: Revising the Current Protocol Matt Gustafson Matt Weaver CS522 Computer Communications University of Colorado, Colorado Springs."— Presentation transcript:

1 DNS: Revising the Current Protocol Matt Gustafson Matt Weaver CS522 Computer Communications University of Colorado, Colorado Springs

2 Goal Modify the current DNS so that a site under attack can communicate with the DNS server to redirect clients through a proxy server

3 Intro to DNS Client queries a local name server through a program called the resolver Local Name Server then queries foreign name servers until IP address is found Local Name Server returns IP address to client

4 Queries Resolver sends one or more queries to name servers Queries are just UDP datagrams Name server responds by either answering the question posed in the query, referring the requester to another set of name servers, or signaling an error

5 Resource Records Name servers answer queries by looking through their resource records (RR’s) using a program called BIND. Resource Records contain (among other things) --owner – where RR is found --type – type of resource – host address, name of an alias, pointer to another name server, or mail exchange info --TTL – describes how long a RR can be cached before it should be discarded

6 RR’s (continued) Name servers contain RR’s for each machine in their name space. There may be several RRs for a particular domain name. When queried, they return matching RR’s, or if the desired IP address is not in their name space they will return an RR that points toward a name server with the desired information

7 Solution Add a new type under the field “type” in the resource records and call it “PROXY” Add a completely new field called “ALT” which would contain either a 0 or a 1

8 How it Works Name server would first retrieve all the matching RR’s Before sending it back to the resolver, it would first check to see if the “ALT” bit was checked(equal to 1) If it was, it would return the IP address listed under “PROXY” If the “ALT” bit equaled 0 it would then return the normal IP address

9 Difficulties For this to work, there needs to be a way for a machine to notify its name server that it is under attack and to set its “ALT” field in its resource record to 1. BIND 9 supports dynamic updates, but since all DNS transactions are carried in a UDP header, this is too easy to falsify, so anyone could change RRs. One possible solution: have a “heart beat” messaging system. Each name server would send out a “pulse” to each machine in its name space in a round robin fashion. If the machine did not reply it would set its resource record “set” bit to 1.

10 Conclusion This isn’t foolproof. There are still ways around this. Although implementing changes to BIND may take a relatively short amount of time development wise, the real problem with this is that all name servers and resolvers have to support these changes. Modern DNS is all based on RFC 1035, which was written in 1987.

Download ppt "DNS: Revising the Current Protocol Matt Gustafson Matt Weaver CS522 Computer Communications University of Colorado, Colorado Springs."

Similar presentations

Chapter 16. Windows Internet Name Service(WINS) Network Basic Input/Output System (NetBIOS) N etBIOS over TCP/IP (NetBT) provides commands and support.

Chapter 16. Windows Internet Name Service(WINS) Network Basic Input/Output System (NetBIOS) N etBIOS over TCP/IP (NetBT) provides commands and support.
IPv6 – IPv4 Network Address, Port & Protocol Translation & Multithreaded DNS Gateway Navpreet Singh, Abhinav Singh, Udit Gupta, Vinay Bajpai, Toshu Malhotra.

IPv6 – IPv4 Network Address, Port & Protocol Translation & Multithreaded DNS Gateway Navpreet Singh, Abhinav Singh, Udit Gupta, Vinay Bajpai, Toshu Malhotra.
Sergei Komarov. DNS  Mechanism for IP hostname resolution  Globally distributed database  Hierarchical structure  Comprised of three components.

Sergei Komarov. DNS  Mechanism for IP hostname resolution  Globally distributed database  Hierarchical structure  Comprised of three components.
Internet Control Protocols Savera Tanwir. Internet Control Protocols ICMP ARP RARP DHCP.

Internet Control Protocols Savera Tanwir. Internet Control Protocols ICMP ARP RARP DHCP.
Domain Name System. DNS is a client/server protocol which provides Name to IP Address Resolution.

Domain Name System. DNS is a client/server protocol which provides Name to IP Address Resolution.
1 Internet Networking Spring 2006 Tutorial 8 DNS and DHCP as UDP applications.

1 Internet Networking Spring 2006 Tutorial 8 DNS and DHCP as UDP applications.
Domain Name System (or Service) (DNS) Computer Networks Computer Networks Term B10.

Domain Name System (or Service) (DNS) Computer Networks Computer Networks Term B10.
EEC-484/584 Computer Networks Lecture 6 Wenbing Zhao

EEC-484/584 Computer Networks Lecture 6 Wenbing Zhao
Domain Name System: DNS

Domain Name System: DNS
Chapter 23: ARP, ICMP, DHCP IS333 Spring 2015.

Chapter 23: ARP, ICMP, DHCP IS333 Spring 2015.
TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 19 Domain Name System (DNS)

TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 19 Domain Name System (DNS)
CPSC 441: DNS1 Instructor: Anirban Mahanti Office: ICT 745 Class Location: ICT 121 Lectures: MWF 12:00 – 12:50 Notes derived.

CPSC 441: DNS1 Instructor: Anirban Mahanti Office: ICT Class Location: ICT 121 Lectures: MWF 12:00 – 12:50 Notes derived.
25.1 Chapter 25 Domain Name System Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.

25.1 Chapter 25 Domain Name System Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
Domain Name System ( DNS )  DNS is the system that provides name to address mapping for the internet.

Domain Name System ( DNS )  DNS is the system that provides name to address mapping for the internet.
TCP/IP Protocol Suite 1 Chapter 17 Upon completion you will be able to: Domain Name System: DNS Understand how the DNS is organized Know the domains in.

TCP/IP Protocol Suite 1 Chapter 17 Upon completion you will be able to: Domain Name System: DNS Understand how the DNS is organized Know the domains in.
Domain Name System Security Extensions (DNSSEC) Hackers 2.

Domain Name System Security Extensions (DNSSEC) Hackers 2.
DNS Security Brad Pokorny The University of Minnesota Informal Security Seminar 4/18/03.

DNS Security Brad Pokorny The University of Minnesota Informal Security Seminar 4/18/03.
1 Spring Semester 2009, Dept. of Computer Science, Technion Internet Networking recitation #2 DNS and DHCP.

1 Spring Semester 2009, Dept. of Computer Science, Technion Internet Networking recitation #2 DNS and DHCP.
21.1 Chapter 21 Network Layer: Address Mapping, Error Reporting, and Multicasting Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction.

21.1 Chapter 21 Network Layer: Address Mapping, Error Reporting, and Multicasting Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction.
CS 4396 Computer Networks Lab

CS 4396 Computer Networks Lab

Similar presentations

Ads by Google