Monitoring {DNS} with Open-Source Solutions

2011

An abbreviation for Domain Name System, DNS is a system employed for naming computers and network services. This system is organized into a hierarchical scheme of domains. Naming service provided by DNS is used in TCP/IP networks, such as the Internet, to easily locate computers and services like mail exchanger servers, through user-friendly names. When a user enters a DNS name in an application, DNS services resolves this name to other information associated with the name, such as an IP address. This paper presents the evaluation of a DNS server performance in the experimental backgrounds to establish the fact that frequent caching of results will improve the response time of the queries. It also simulates the client –server DNS model on OPNET. It thus proposes a performance-enhancing model for its better throughput keeping in mind, the various execution measures of DNS server like parallel requests, traffic distribution and least response time, which were tested on the DNS server.

… , 2009. ICC'09. IEEE …, 2009

The domain name service (DNS) provides a critical function in directing Internet traffic. Defending DNS servers from bandwidth attacks is assisted by the ability to effectively mine DNS log data for statistical patterns. Processing DNS log data can be classified as a ...

2010 IEEE Globecom Workshops, 2010

The ever-increasing complexity and diversity of the Internet pose several challenges to network operators and administrators and, in general, Internet users. More specifically, because of the diversity in applications and usage patterns; the prevalence of dynamic IP addresses and applications that do not conform to standard configuration (e.g. VoIP to bypass firewalls), monitoring and securing networks and end hosts is no longer a trivial task. In this paper, we propose Host and netwOrk System Profiler and Internet Traffic AnaLysis (HOSPITAL): a tool for the summarization, characterization of traffic and the troubleshooting of potential suspicious activities. HOSPITAL provides the network operator as well as the user with knowledge about applications, communicating parties, services required/provided, etc, at different levels of granularity (e.g. individual hosts, /24 blocks, a large enterprise, etc), all presented concisely with an easy to use web interface. Moreover, HOSPITAL is a lightweight self-contained tool that incurs little overhead with configuration and customization capabilities for users and developers.

Journal of emerging technologies and innovative research, 2021

This study aims to develop a system design that is integrated with a MICROTIK ROUTERBOARD connected to a PI HOLE that has been installed into the Ubuntu linux operating system that has been paired to a RASPBERRY B+ device that works to control the flow of data lines and disconnects both the client and the server and the action to skip , drop, reject, encrypt and log activity logs. The benefits obtained from the development of this system are to make it easier for admins in network management as well as incoming and outgoing traffic on the network. This research was conducted by designing, manufacturing and implementing system components including routerboard as a process controller, access point as a 2.4Ghz signal transmitter, Pi-hole is a program that allows everyone to create their own DNS server which acts as a sinkhole for the majority of advertisements and trackers on the internet.

2000

Over a million computers implement the Internet's Domain Name System or DNS, making it the world's most distributed database and the Internet's most significant source of wide-area RPC-like traffic.

2018 IEEE International Conference on Communications (ICC), 2018

The Domain Name System (DNS) is responsible for mapping human readable domain names to internet protocol (IP) addresses. DNS is a ubiquitous part of internet and intranet communication, making it a convenient and comprehensive source for data to infer network health, performance, and security. A victim of its own success, monitoring real-time DNS traffic is a challenge due to sheer volume: huge amounts of DNS packets flow through a typical enterprise in a single day. In this paper, we describe eyeDNS, a scalable and extensible system for near real-time aggregation, storage, analysis, and visualization of DNS traffic collected by a hardware back-end. We report on eyeDNS's deployment and data collection on a large public university's network over a timeframe of 15 months. Moreover, we leveraged data from the following 6 months to validate findings made during the initial timeframe. With fast query response, aggregation, and visualization of DNS data, eyeDNS helped identify instances of anomalous network use, malware-specific behaviors, and scamming activities. eyeDNS is currently being used by the university's security personnel and has demonstrated its effectiveness in extracting trends and outliers from large volumes of DNS data collected from a diverse environment, where even commercial tools struggle to provide timely and actionable analysis.

Information Security …, 1998

Determining how you were attacked is essential to developing a response or countermeasure. Usually, a system or network manager presented with a successful intrusion has very little information with which to work: a possibly corrupted system log, a firewall log, and perhaps some tcpdump output.

2008 Third International Conference on Systems and Networks Communications, 2008

In this paper we propose a solution to strengthen the security of Domain Name System (DNS) servers associated with one or more Top Level Domains (I'LD). The proposed solution has been developed and tested at FCCN, the TLD manager for the .PT domain. Through the implementation of network probes that monitor the network in real-time, we are able to dynamically prevent, detect or limit the scope of attempted intrusions or other types of attacks to the DNS service. The platform relies heavily on crosscorrelation allowing data from a particular sensor to be shared with the others. Administration tasks such as setting up alarms or pelforming statistical analysis are made through a web-based interface.