Title : Increasing DNS Security and Stability through a Control Plane for Top - level Domain
نویسندگان
چکیده
We present a control plane for operators of Top-level Domains (TLDs) in the Domain Name System (DNS), such as “.org” and “.nl”, that enables them to increase the security and stability of their TLD by taking on the role of a threat intelligence provider. Our control plane is a novel system that extends a TLD operator’s traditional services and detects potential threats in the TLD by continuously analyzing the TLD operator’s two key datasets: the typically large amounts of DNS traffic that it handles and its database of registered domain names. The control plane shares information on discovered threats with other players in the TLD’s ecosystem and can also use it to dynamically scale the TLD operator’s DNS infrastructure. The control plane builds on a set of open source modules that we have developed on top of a Hadoop-based data storage cluster. They for instance enable TLD operators to run and develop threat detectors and to easily import their DNS traffic into the control plane. Our control plane uses policies to protect the privacy of TLD users and is based on our operational experience of running the .nl TLD (The Netherlands), which we are also using as the use case for our implementation.
منابع مشابه
Operational Implications of the DNS Control Plane
The Domain Name System (DNS) [7] provides vital mapping services for the Internet. It maps domain names such as ucla.edu to values ranging from IP addresses to email servers to geographic locations and more. Virtually every Internet application relies on looking up some form of DNS data. This article first describes a dichotomy that exists between DNS’ well structured and ordered data plane (th...
متن کاملOrr Sommerfeld Solver Using Mapped Finite Di?erence Scheme for Plane Wake Flow
Linear stability analysis of the three dimensional plane wake flow is performed using a mapped finite di?erence scheme in a domain which is doubly infinite in the cross–stream direction of wake flow. The physical domain in cross–stream direction is mapped to the computational domain using a cotangent mapping of the form y = ?cot(??). The Squire transformation [2], proposed by Squire, is also us...
متن کاملDNS for Fun and Profit
The DNS is a well studied and well known application service protocol. Systems and appliances around the net have been using DNS for years and many security issues have been discussed. Recently, two things have again droven the attention to this old horse. First, after more than a decade of work, DNS Security extensions (DNSSEC) have finally reached a level of maturity that deployment is in the...
متن کاملAn approach to evaluation of common DNS misconfigurations
DNS is a basic Internet service which almost all other user services depend on. However, what has been perceived in practice are a lot of inconsistencies and errors in the configuration of servers that cause different problems. The majority of such cases are included in this research with the aim of identifying and classifying the major problems of DNS availability, performance and security. In...
متن کاملBehavior of DNS' Top Talkers, a .com/.net View
This paper provides the first systematic study of DNS data taken from one of the 13 servers for the .com/.net registry. DNS’ generic Top Level Domains (gTLDs) such .com and .net serve resolvers from throughout the Internet and respond to billions of DNS queries every day. This study uses gTLD data to characterize the DNS resolver population and profile DNS query types. The results show a small ...
متن کامل