Evaluating the Impact of Name Resolution Dependence on the DNS

In the process of resolving domain names to IP addresses, there exist complex dependence relationships between domains and name servers. This paper studies the impact of the resolution dependence on the DNS through constructing a domain name resolution network based on large-scale actual data. The core nodes of the resolution network are mined from different perspectives by means of four methods. Then, both core attacks and random attacks on the network are simulated for further vulnerability analysis. The experimental results show that when the top 1% of the core nodes in the network are attacked, 46.19% of the domain names become unresolved, and the load of the residual network increases by nearly 195%, while only 0.01% of domain names fail to be resolved and the load increases with 18% in the same attack scale of the random mode. For these key nodes, we need to take effective security measures to prevent them from being attacked. The simulation experiment also proves that the resolution network is a scale-free network, which exhibits robustness against random failure and vulnerability against intentional attacks. These findings provide new references for the configuration of the DNS.

[1]  Prasant Mohapatra,et al.  Quantifying and Improving DNSSEC Availability , 2011, 2011 Proceedings of 20th International Conference on Computer Communications and Networks (ICCCN).

[2]  Massimo Marchiori,et al.  Error and attacktolerance of complex network s , 2004 .

[3]  Paul V. Mockapetris,et al.  Domain names - implementation and specification , 1987, RFC.

[4]  Wilfried N. Gansterer,et al.  Mining agile DNS traffic using graph analysis for cybercrime detection , 2016, Comput. Networks.

[5]  Aiko Pras,et al.  Making the Case for Elliptic Curves in DNSSEC , 2015, CCRV.

[6]  Emiliano Casalicchio,et al.  Measuring the global domain name system , 2013, IEEE Network.

[7]  P. Bonacich Power and Centrality: A Family of Measures , 1987, American Journal of Sociology.

[8]  Bruce M. Maggs,et al.  A Longitudinal, End-to-End View of the DNSSEC Ecosystem , 2017, USENIX Security Symposium.

[9]  Scott A. Smolka,et al.  Formal Analysis of the Kaminsky DNS Cache-Poisoning Attack Using Probabilistic Model Checking , 2010, 2010 IEEE 12th International Symposium on High Assurance Systems Engineering.

[10]  David Dagon Large-scale DNS data analysis , 2012, CCS '12.

[11]  Javier Bustos-Jiménez,et al.  Detecting anomalies in DNS protocol traces via Passive Testing and Process Mining , 2014, 2014 IEEE Conference on Communications and Network Security.

[12]  Vinod Yegneswaran,et al.  Reexamining DNS From a Global Recursive Resolver Perspective , 2016, IEEE/ACM Transactions on Networking.

[13]  Craig A. Shue,et al.  The best bang for the byte: Characterizing the potential of DNS amplification attacks , 2017, Comput. Networks.

[14]  Duanbing Chen,et al.  Vital nodes identification in complex networks , 2016, ArXiv.

[15]  Akira Sato,et al.  DNS Traffic Analysis: Issues of IPv6 and CDN , 2012, 2012 IEEE/IPSJ 12th International Symposium on Applications and the Internet.

[16]  Giovane C. M. Moura,et al.  Anycast vs. DDoS: Evaluating the November 2015 Root DNS Event , 2016, Internet Measurement Conference.

[17]  Prasant Mohapatra,et al.  Quantifying DNS namespace influence , 2012, Comput. Networks.

[18]  Prasant Mohapatra,et al.  Quantifying and improving dns availability , 2010 .

[19]  Heejo Lee,et al.  PsyBoG: A scalable botnet detection method for large-scale DNS traffic , 2016, Comput. Networks.

[20]  Kimberly C. Claffy,et al.  Two Days in the Life of the DNS Anycast Root Servers , 2007, PAM.

[21]  Sora Lee,et al.  Preventing DNS Amplification Attacks Using the History of DNS Queries with SDN , 2017, ESORICS.

[22]  Emin Gün Sirer,et al.  Perils of transitive trust in the domain name system , 2005, IMC '05.

[23]  Xin Wang,et al.  DNS Measurements at the .CN TLD Servers , 2009, 2009 Sixth International Conference on Fuzzy Systems and Knowledge Discovery.

[24]  Heejo Lee,et al.  Identifying botnets by capturing group activities in DNS traffic , 2012, Comput. Networks.