Large-scale DNS and DNSSEC data sets for network security research

Roland M. van Rijswijk; Anna Sperotto; Aiko Pras

Large-scale DNS and DNSSEC data sets for network security research

Roland M. van Rijswijk, Anna Sperotto, Aiko Pras

Research output: Book/Report › Report › Professional

62 Downloads (Pure)

Abstract

The Domain Name System protocol is often abused to perform denial-of-service attacks. These attacks, called DNS amplification, rely on two properties of the DNS. Firstly, DNS is vulnerable to source address spoofing because it relies on the asynchronous connectionless UDP protocol. Secondly, DNS queries are usually small whereas DNS responses may be much larger than the query. In recent years, the DNS has been extended to include security features based on public key cryptography. This extension, called DNSSEC, adds integrity and authenticity to the DNS and solves a serious vulnerability in the original protocol. A downside of DNSSEC is that it may further increase the potential DNS has for amplification attacks. This disadvantage is often cited by opponents of DNSSEC as a major reason not to deploy the protocol. Until recently, however, ground truth about how serious an issue this can be was never established. This technical report describes the data sets obtained during a study we carried out to establish this ground truth. We make these data sets available as open data under a permissive Creative Commons license. We believe these data sets have a lot of value beyond our research. They, for example, allow characterisations of EDNS0 implementations, provide information on IPv6 deployment (presence or absence of AAAA records) for a large number of domains in separate TLDs, etc.

Original language	English
Place of Publication	Enschede
Publisher	Centre for Telematics and Information Technology (CTIT)
Number of pages	10
Publication status	Published - Sept 2014

Publication series

Name	CTIT Technical Report Series
Publisher	University of Twente, Centre for Telematics and Information Technology (CTIT)
No.	TR-CTIT-14-13
ISSN (Print)	1381-3625

Keywords

DNSSEC
Attack
Measurements
Reflection attack
Amplification attack
Denial of service
DDoS
DNS
Network security

Access to Document

ReportFinal published version, 589 KB

Cite this

@book{d2e21fdcebb84b25bee5652a1ae0ea6f,

title = "Large-scale DNS and DNSSEC data sets for network security research",

abstract = "The Domain Name System protocol is often abused to perform denial-of-service attacks. These attacks, called DNS amplification, rely on two properties of the DNS. Firstly, DNS is vulnerable to source address spoofing because it relies on the asynchronous connectionless UDP protocol. Secondly, DNS queries are usually small whereas DNS responses may be much larger than the query. In recent years, the DNS has been extended to include security features based on public key cryptography. This extension, called DNSSEC, adds integrity and authenticity to the DNS and solves a serious vulnerability in the original protocol. A downside of DNSSEC is that it may further increase the potential DNS has for amplification attacks. This disadvantage is often cited by opponents of DNSSEC as a major reason not to deploy the protocol. Until recently, however, ground truth about how serious an issue this can be was never established. This technical report describes the data sets obtained during a study we carried out to establish this ground truth. We make these data sets available as open data under a permissive Creative Commons license. We believe these data sets have a lot of value beyond our research. They, for example, allow characterisations of EDNS0 implementations, provide information on IPv6 deployment (presence or absence of AAAA records) for a large number of domains in separate TLDs, etc.",

keywords = "DNSSEC, Attack, Measurements, Reflection attack, Amplification attack, Denial of service, DDoS, DNS, Network security",

author = "{van Rijswijk}, {Roland M.} and Anna Sperotto and Aiko Pras",

year = "2014",

month = sep,

language = "English",

series = "CTIT Technical Report Series",

publisher = "Centre for Telematics and Information Technology (CTIT)",

number = "TR-CTIT-14-13",

address = "Netherlands",

}

TY - BOOK

T1 - Large-scale DNS and DNSSEC data sets for network security research

AU - van Rijswijk, Roland M.

AU - Sperotto, Anna

AU - Pras, Aiko

PY - 2014/9

Y1 - 2014/9

N2 - The Domain Name System protocol is often abused to perform denial-of-service attacks. These attacks, called DNS amplification, rely on two properties of the DNS. Firstly, DNS is vulnerable to source address spoofing because it relies on the asynchronous connectionless UDP protocol. Secondly, DNS queries are usually small whereas DNS responses may be much larger than the query. In recent years, the DNS has been extended to include security features based on public key cryptography. This extension, called DNSSEC, adds integrity and authenticity to the DNS and solves a serious vulnerability in the original protocol. A downside of DNSSEC is that it may further increase the potential DNS has for amplification attacks. This disadvantage is often cited by opponents of DNSSEC as a major reason not to deploy the protocol. Until recently, however, ground truth about how serious an issue this can be was never established. This technical report describes the data sets obtained during a study we carried out to establish this ground truth. We make these data sets available as open data under a permissive Creative Commons license. We believe these data sets have a lot of value beyond our research. They, for example, allow characterisations of EDNS0 implementations, provide information on IPv6 deployment (presence or absence of AAAA records) for a large number of domains in separate TLDs, etc.

AB - The Domain Name System protocol is often abused to perform denial-of-service attacks. These attacks, called DNS amplification, rely on two properties of the DNS. Firstly, DNS is vulnerable to source address spoofing because it relies on the asynchronous connectionless UDP protocol. Secondly, DNS queries are usually small whereas DNS responses may be much larger than the query. In recent years, the DNS has been extended to include security features based on public key cryptography. This extension, called DNSSEC, adds integrity and authenticity to the DNS and solves a serious vulnerability in the original protocol. A downside of DNSSEC is that it may further increase the potential DNS has for amplification attacks. This disadvantage is often cited by opponents of DNSSEC as a major reason not to deploy the protocol. Until recently, however, ground truth about how serious an issue this can be was never established. This technical report describes the data sets obtained during a study we carried out to establish this ground truth. We make these data sets available as open data under a permissive Creative Commons license. We believe these data sets have a lot of value beyond our research. They, for example, allow characterisations of EDNS0 implementations, provide information on IPv6 deployment (presence or absence of AAAA records) for a large number of domains in separate TLDs, etc.

KW - DNSSEC

KW - Attack

KW - Measurements

KW - Reflection attack

KW - Amplification attack

KW - Denial of service

KW - DDoS

KW - DNS

KW - Network security

M3 - Report

T3 - CTIT Technical Report Series

BT - Large-scale DNS and DNSSEC data sets for network security research

PB - Centre for Telematics and Information Technology (CTIT)

CY - Enschede

ER -