论文信息 - Characterizing large DNS traces using graphs

Characterizing large DNS traces using graphs

The increasing deployment of overlay networks that rely on DNS tricks has led to added interest in examining DNS traffic. In this paper we report on a characterization of DNS traffic gathered over a period of several weeks at Internet Gateway Routers (IGRs) in the AT&T Common Backbone. The characterization is carried out using several novel techniques to identify clients, local DNS servers, and authoritative DNS servers. Our techniques include passive and active measurements, graph-based analysis, examination of outliers, and explicit checks against data obtained from several external sources. Our contribution is the reduction of a very large data set (over 1 terabyte of raw data) into a significantly smaller representation that is ideally suited for answering protocol-specific semantic queries quickly. After categorizing the addresses, we use the network aware clustering technique to group local DNS servers. By juxtaposing the DNS server clusters with clusters formed by Web clients obtained from a large portal Web site, we determine the distribution of identified DNS servers in busy clusters. A variety of applications are examined, ranging from identifying suspected zombies to helping Content Distribution Networks in mapping location of DNS servers.

[1] David S. Johnson,et al. Dimacs series in discrete mathematics and theoretical computer science , 1996 .

[2] Kiem-Phong Vo. Cdt: A Container Data Type Library , 1997, Softw. Pract. Exp..

[3] Balachander Krishnamurthy,et al. On network-aware clustering of Web clients , 2000, SIGCOMM.

[4] Balachander Krishnamurthy,et al. Web Protocols and Practice - HTTP/1.1, Networking Protocols, Caching, and Traffic Measurement , 2001 .

[5] Anja Feldmann,et al. Deriving traffic demands for operational IP networks: methodology and experience , 2000, SIGCOMM.

[6] Anja Feldmann,et al. Deriving traffic demands for operational IP networks: methodology and experience , 2001, TNET.

[7] Balachander Krishnamurthy,et al. Web protocols and practice , 2001 .

[8] Balachander Krishnamurthy,et al. Looking for Science in the Art of Network Measurement , 2001, IWDC.

[9] Balachander Krishnamurthy,et al. On the use and performance of content distribution networks , 2001, IMW '01.

[10] Anees Shaikh,et al. On the effectiveness of DNS-based server selection , 2001, Proceedings IEEE INFOCOM 2001. Conference on Computer Communications. Twentieth Annual Joint Conference of the IEEE Computer and Communications Society (Cat. No.01CH37213).