Large-scale DNS and DNSSEC data sets for network security research

    Research output: Book/ReportReportProfessional

    25 Downloads (Pure)

    Abstract

    The Domain Name System protocol is often abused to perform denial-of-service attacks. These attacks, called DNS amplification, rely on two properties of the DNS. Firstly, DNS is vulnerable to source address spoofing because it relies on the asynchronous connectionless UDP protocol. Secondly, DNS queries are usually small whereas DNS responses may be much larger than the query. In recent years, the DNS has been extended to include security features based on public key cryptography. This extension, called DNSSEC, adds integrity and authenticity to the DNS and solves a serious vulnerability in the original protocol. A downside of DNSSEC is that it may further increase the potential DNS has for amplification attacks. This disadvantage is often cited by opponents of DNSSEC as a major reason not to deploy the protocol. Until recently, however, ground truth about how serious an issue this can be was never established. This technical report describes the data sets obtained during a study we carried out to establish this ground truth. We make these data sets available as open data under a permissive Creative Commons license. We believe these data sets have a lot of value beyond our research. They, for example, allow characterisations of EDNS0 implementations, provide information on IPv6 deployment (presence or absence of AAAA records) for a large number of domains in separate TLDs, etc.
    Original languageUndefined
    Place of PublicationEnschede
    PublisherCentre for Telematics and Information Technology (CTIT)
    Number of pages10
    Publication statusPublished - Sep 2014

    Publication series

    NameCTIT Technical Report Series
    PublisherUniversity of Twente, Centre for Telematics and Information Technology (CTIT)
    No.TR-CTIT-14-13
    ISSN (Print)1381-3625

    Keywords

    • METIS-309621
    • EWI-25211
    • DNSSEC
    • Attack
    • IR-93979
    • Measurements
    • reflection at- tack
    • amplification attack
    • Denial of service
    • DDoS
    • DNS
    • Network Security

    Cite this

    van Rijswijk, R. M., Sperotto, A., & Pras, A. (2014). Large-scale DNS and DNSSEC data sets for network security research. (CTIT Technical Report Series; No. TR-CTIT-14-13). Enschede: Centre for Telematics and Information Technology (CTIT).
    van Rijswijk, Roland M. ; Sperotto, Anna ; Pras, Aiko. / Large-scale DNS and DNSSEC data sets for network security research. Enschede : Centre for Telematics and Information Technology (CTIT), 2014. 10 p. (CTIT Technical Report Series; TR-CTIT-14-13).
    @book{d2e21fdcebb84b25bee5652a1ae0ea6f,
    title = "Large-scale DNS and DNSSEC data sets for network security research",
    abstract = "The Domain Name System protocol is often abused to perform denial-of-service attacks. These attacks, called DNS amplification, rely on two properties of the DNS. Firstly, DNS is vulnerable to source address spoofing because it relies on the asynchronous connectionless UDP protocol. Secondly, DNS queries are usually small whereas DNS responses may be much larger than the query. In recent years, the DNS has been extended to include security features based on public key cryptography. This extension, called DNSSEC, adds integrity and authenticity to the DNS and solves a serious vulnerability in the original protocol. A downside of DNSSEC is that it may further increase the potential DNS has for amplification attacks. This disadvantage is often cited by opponents of DNSSEC as a major reason not to deploy the protocol. Until recently, however, ground truth about how serious an issue this can be was never established. This technical report describes the data sets obtained during a study we carried out to establish this ground truth. We make these data sets available as open data under a permissive Creative Commons license. We believe these data sets have a lot of value beyond our research. They, for example, allow characterisations of EDNS0 implementations, provide information on IPv6 deployment (presence or absence of AAAA records) for a large number of domains in separate TLDs, etc.",
    keywords = "METIS-309621, EWI-25211, DNSSEC, Attack, IR-93979, Measurements, reflection at- tack, amplification attack, Denial of service, DDoS, DNS, Network Security",
    author = "{van Rijswijk}, {Roland M.} and Anna Sperotto and Aiko Pras",
    year = "2014",
    month = "9",
    language = "Undefined",
    series = "CTIT Technical Report Series",
    publisher = "Centre for Telematics and Information Technology (CTIT)",
    number = "TR-CTIT-14-13",
    address = "Netherlands",

    }

    van Rijswijk, RM, Sperotto, A & Pras, A 2014, Large-scale DNS and DNSSEC data sets for network security research. CTIT Technical Report Series, no. TR-CTIT-14-13, Centre for Telematics and Information Technology (CTIT), Enschede.

    Large-scale DNS and DNSSEC data sets for network security research. / van Rijswijk, Roland M.; Sperotto, Anna; Pras, Aiko.

    Enschede : Centre for Telematics and Information Technology (CTIT), 2014. 10 p. (CTIT Technical Report Series; No. TR-CTIT-14-13).

    Research output: Book/ReportReportProfessional

    TY - BOOK

    T1 - Large-scale DNS and DNSSEC data sets for network security research

    AU - van Rijswijk, Roland M.

    AU - Sperotto, Anna

    AU - Pras, Aiko

    PY - 2014/9

    Y1 - 2014/9

    N2 - The Domain Name System protocol is often abused to perform denial-of-service attacks. These attacks, called DNS amplification, rely on two properties of the DNS. Firstly, DNS is vulnerable to source address spoofing because it relies on the asynchronous connectionless UDP protocol. Secondly, DNS queries are usually small whereas DNS responses may be much larger than the query. In recent years, the DNS has been extended to include security features based on public key cryptography. This extension, called DNSSEC, adds integrity and authenticity to the DNS and solves a serious vulnerability in the original protocol. A downside of DNSSEC is that it may further increase the potential DNS has for amplification attacks. This disadvantage is often cited by opponents of DNSSEC as a major reason not to deploy the protocol. Until recently, however, ground truth about how serious an issue this can be was never established. This technical report describes the data sets obtained during a study we carried out to establish this ground truth. We make these data sets available as open data under a permissive Creative Commons license. We believe these data sets have a lot of value beyond our research. They, for example, allow characterisations of EDNS0 implementations, provide information on IPv6 deployment (presence or absence of AAAA records) for a large number of domains in separate TLDs, etc.

    AB - The Domain Name System protocol is often abused to perform denial-of-service attacks. These attacks, called DNS amplification, rely on two properties of the DNS. Firstly, DNS is vulnerable to source address spoofing because it relies on the asynchronous connectionless UDP protocol. Secondly, DNS queries are usually small whereas DNS responses may be much larger than the query. In recent years, the DNS has been extended to include security features based on public key cryptography. This extension, called DNSSEC, adds integrity and authenticity to the DNS and solves a serious vulnerability in the original protocol. A downside of DNSSEC is that it may further increase the potential DNS has for amplification attacks. This disadvantage is often cited by opponents of DNSSEC as a major reason not to deploy the protocol. Until recently, however, ground truth about how serious an issue this can be was never established. This technical report describes the data sets obtained during a study we carried out to establish this ground truth. We make these data sets available as open data under a permissive Creative Commons license. We believe these data sets have a lot of value beyond our research. They, for example, allow characterisations of EDNS0 implementations, provide information on IPv6 deployment (presence or absence of AAAA records) for a large number of domains in separate TLDs, etc.

    KW - METIS-309621

    KW - EWI-25211

    KW - DNSSEC

    KW - Attack

    KW - IR-93979

    KW - Measurements

    KW - reflection at- tack

    KW - amplification attack

    KW - Denial of service

    KW - DDoS

    KW - DNS

    KW - Network Security

    M3 - Report

    T3 - CTIT Technical Report Series

    BT - Large-scale DNS and DNSSEC data sets for network security research

    PB - Centre for Telematics and Information Technology (CTIT)

    CY - Enschede

    ER -

    van Rijswijk RM, Sperotto A, Pras A. Large-scale DNS and DNSSEC data sets for network security research. Enschede: Centre for Telematics and Information Technology (CTIT), 2014. 10 p. (CTIT Technical Report Series; TR-CTIT-14-13).