1. Paper Presentation – CAP 6135

2. Page 2 Outline Review - DNS Proposed Solution Simulation Results / Evaluation Discussion

3. Page 3 Domain Name System - DNS DNS is a name resolution service which resolves host names into IP address DNS is a distributed database application with a hierarchical structure DNS Benefits – Convenience: names are easier to remember – Consistency: IP address can change but server names can remain constant – Simplicity: One naming convention

4. Page 4 Domain Name System - DNS Key Components of DNS – DNS name space – Name servers – DNS Zones – Resource Records

5. Page 5 DNS Namespace

6. Page 6 Step 1: Your PC sends a resolution request to its configured DNS Server, typically at your ISP. Tell me the Address of “www.google.com”

7. Page 7 Step 2: Your ISPs recursive name server starts by asking one of the root servers predefined in its “hints” file. Tell me the Address of “www.google.com” I don’t know the address but I know who’s authoritative for the ”com” domain ask them

8. Page 8 Step 3: Your ISPs recursive name server then asks one of the “com” name servers as directed. Tell me the Address of “www.google.com” I don’t know the address but I know who’s authoritative for the ”google.com” domain ask them

9. Page 9 Step 4: Your ISPs recursive name server then asks one of the “google.com” name servers as directed. Tell me the Address of “www.google.com” The Address of www.google.com is 216.239.53.99

10. Page 10 Step 5: ISP DNS server then send the answer back to your PC. The DNS server will “remember” the answer for a period of time. The Address of www.google.com is 216.239.53.99

11. Page 11 Step 6: Your PC can then make the actual HTTP request to the web server. Here it is! Send me the www.google.com.au web page

12. Page 12 Summary The actual web request DNS

13. Page 13 Caching Huge volume of request DNS resolution process allows for caching for a given period of time after a successful answer Determined by a value called the time to live (TTL) TTL is set by the administrator of the DNS server

14. Page 14 Summary The actual web request DNS Caching

15. Page 15 Proposed Solution DNS resolvers cache responses to improve lookup performance and reduce lookup overhead A resolver can use cached responses upto the time-to-live (TTL) value associated with the response Modify resolvers - do not expunge cached records with TTL value expired Expired records evicted from cache and stored “stale cache” Resolvers use stale cache to answer queries for unavailable zone Allows the resolution process to continue

16. Page 16 Proposed Solution

17. Page 17 Proposed Solution

18. Page 18 Evaluation DNS traffic – Cornell Computer Science Dept – Internet – ~1300 hosts – 65 days – 84,580,513 DNS queries – 53,848,115 DNS responses – 4,478,731 unique names Stale cache size: 1 to 30 days Attack duration: 3, 6, 12 and 24 hours.

19. Page 19 Fraction of Queries Answered

20. Page 20 Fraction of Accurate Records in responses

21. Page 21 Fraction of Queries (for two-level names) Answered and Accurate Records

22. Page 22 Fraction of Queries (for three-level names) Answered and Accurate Records

23. Page 23 Stale cache memory footprint

24. Page 24 Discussion Pros – DNS Robustness – Simplicity. Does not change the basic protocol operation and infrastructure Does not impose any load on DNS Does not impact the latency of query resolution – Incremental Deployment – Motivation for Deployment

25. Page 25 Discussion Objections – DNS caching semantics and the possibility of inaccurate information being used – Autonomy for zone operators – Attackers attempting to force the use of inaccurate information – Resolution latency in the face of an attack

26. Page 26 References Mitigating DNS DoS Attacks, Hitesh Ballani, Paul Francis, CCS 2008 Wikipedia Amplified DNS DDoS Attacks and Mitigation, www.cert-in.org.in www.cs.rpi.edu/~hollingd/netprog/notes/dns www.aptld.org