際際滷

際際滷Share a Scribd company logo

Dns system-ahmadullah-alnoor-at-af sig-2017-by-nitpaa

National IT Professionals Association of Afghanistan
National IT Professionals Association of Afghanistan

The Presentation is based on Sessions attending during ICANN 58 which was held in Copenhagen, Denmark.

1 of 33
Download to read offline
AGENDA Introduction Disclaimer Attribution Internet (Naming,Addressing, Routing) Domain Name System (DNS) DNS Abuse
INTRODUCTION Ahmadullah Alnoor Software Engineer Microsoft Development Center, Copenhagen, Denmark Masters in Distributed Systems, KTH, Stockholm, Sweden NITPAA Member
DISCLAIMER The views expressed in this Presentation are Personal and do not necessarily reflect the views of my employer. This Presentation is not from Microsoft.
ATTRIBUTION The Presentation is based on Sessions attending during ICANN 58 which was held in Copenhagen, Denmark. Visit https://schedule.icann.org/ for the source materials.
INTERNET Naming,Addressing, Routing
NAMING Name identifies an Object Examples of Names are Kabul, www.bing.com Name says What something is or Who someone is Name does not say Where something or someone is
ADDRESSING Address identifies a Location Examples of address are (34.5553属 N, 69.2075属 E), 13.107.21.200 Name Resolution maps a Name to an Address Address says Where someone or something is Address does not say How to reach the address.
ROUTING Route says How to reach an Address Examples of Route are Road Signs, RoutingTables Route to Address is set before Traffic Arrives Traffic moves through the Route in steps or hops Traffic trusts each step/hop
DNS How DNS works?
WHY DNS Numbers are hard to remember. IP Addresses are many. 3.4 Billion IPv4 addresses, many many more IPv6 addresses Names are easier to remember
A DISTRIBUTED DATABASE Data is maintained locally and available globally. Scalable Maintainable Performant Resilient
NAME RESOLUTION The process of translating a (host) name to an (IP) address The process of translating an (IP) address to a (host) name
ARCHITECTURE
STRUCTURE
FQDN Fully Qualified Domain Name www.example.com.
ZONES
ZONE FILE + RR Zone file contains all data for the Zone Zone data is stored as Resource Records
ZONE FILE SAMPLE
NAME SERVERS
GLUE
ROOT SERVERS Stub Resolvers, Recursive Resolves and Authoritative Name Servers cooperate. Resolvers have a hints file pointing to Root Name Servers.
RESOLUTION PROCESS
CACHING
DNS ABUSE What is DNS Abuse?
MALICIOUS CONDUCT Misuse of DNS Infrastructure, Protocol and Processes Data Corruption Denial of Service PrivacyViolation
DOMAIN NAME ABUSE Phishing Malware Scams Illegal Goods Counterfeit Goods Fake Trademark Protection Fake Domain Sales
CACHE POISONING Change the DNS Cache in the Recursive Resolver to return fake records https://www.ipa.go.jp/files/000013084.png
DISTRIBUTED DENIAL OF SERVICE (DDOS) Many Bots/Zombie machines sends DNS Queries to a specific Name Server https://www.incapsula.com/images/illustrations/ddos-mini-site/nxdomain-dns-ddos.jpeg
DDOS AMPLIFICATION Using UDP (User Datagram Protocol) to generate traffic to a specific Name Server http://securityskeptic.typepad.com/.a/6a0120a55f18a4970c0153907539c1970b-pi

More Related Content

Dns system-ahmadullah-alnoor-at-af sig-2017-by-nitpaa

  • 1. AGENDA Introduction Disclaimer Attribution Internet (Naming,Addressing, Routing) Domain Name System (DNS) DNS Abuse
  • 2. INTRODUCTION Ahmadullah Alnoor Software Engineer Microsoft Development Center, Copenhagen, Denmark Masters in Distributed Systems, KTH, Stockholm, Sweden NITPAA Member
  • 3. DISCLAIMER The views expressed in this Presentation are Personal and do not necessarily reflect the views of my employer. This Presentation is not from Microsoft.
  • 4. ATTRIBUTION The Presentation is based on Sessions attending during ICANN 58 which was held in Copenhagen, Denmark. Visit https://schedule.icann.org/ for the source materials.
  • 6. NAMING Name identifies an Object Examples of Names are Kabul, www.bing.com Name says What something is or Who someone is Name does not say Where something or someone is
  • 7. ADDRESSING Address identifies a Location Examples of address are (34.5553属 N, 69.2075属 E), 13.107.21.200 Name Resolution maps a Name to an Address Address says Where someone or something is Address does not say How to reach the address.
  • 8. ROUTING Route says How to reach an Address Examples of Route are Road Signs, RoutingTables Route to Address is set before Traffic Arrives Traffic moves through the Route in steps or hops Traffic trusts each step/hop
  • 10. WHY DNS Numbers are hard to remember. IP Addresses are many. 3.4 Billion IPv4 addresses, many many more IPv6 addresses Names are easier to remember
  • 11. A DISTRIBUTED DATABASE Data is maintained locally and available globally. Scalable Maintainable Performant Resilient
  • 12. NAME RESOLUTION The process of translating a (host) name to an (IP) address The process of translating an (IP) address to a (host) name
  • 15. FQDN Fully Qualified Domain Name www.example.com.
  • 16. ZONES
  • 17. ZONE FILE + RR Zone file contains all data for the Zone Zone data is stored as Resource Records
  • 20. GLUE
  • 21. ROOT SERVERS Stub Resolvers, Recursive Resolves and Authoritative Name Servers cooperate. Resolvers have a hints file pointing to Root Name Servers.
  • 23.
  • 24.
  • 25.
  • 27.
  • 28. DNS ABUSE What is DNS Abuse?
  • 29. MALICIOUS CONDUCT Misuse of DNS Infrastructure, Protocol and Processes Data Corruption Denial of Service PrivacyViolation
  • 30. DOMAIN NAME ABUSE Phishing Malware Scams Illegal Goods Counterfeit Goods Fake Trademark Protection Fake Domain Sales
  • 31. CACHE POISONING Change the DNS Cache in the Recursive Resolver to return fake records https://www.ipa.go.jp/files/000013084.png
  • 32. DISTRIBUTED DENIAL OF SERVICE (DDOS) Many Bots/Zombie machines sends DNS Queries to a specific Name Server https://www.incapsula.com/images/illustrations/ddos-mini-site/nxdomain-dns-ddos.jpeg
  • 33. DDOS AMPLIFICATION Using UDP (User Datagram Protocol) to generate traffic to a specific Name Server http://securityskeptic.typepad.com/.a/6a0120a55f18a4970c0153907539c1970b-pi