DNS Server Research Articles

Encryption of Query in DNS Message

DNS is an integral part of the internet infrastructure. It’s one of the principal elements in all IP communications. Since its invention in 1983, the protocol has evolved to overcome its various limitations. This article proposes a new solution to secure DNS protocol which consists on encrypting query in DNS message between ‘master’ and ‘slave’ servers. We will see first an overview of the name resolution via DNS protocol. We will give the basic information about the resolution process in DNS. Then, we will expose some DNS vulnerabilities such as the creation or modification of messages and cache poisoning. After that, we will propose a new solution that will help to ensure the confidentiality in exchanges between DNS server and client and will also ensure the availability of the DNS architecture. Finally, we will conclude with an analysis of the benefits and the weaknesses of this solution.

A survey of botnet detection based on DNS

Botnet is a thorny and a grave problem of today's Internet, resulting in economic damage for organizations and individuals. Botnet is a group of compromised hosts running malicious software program for malicious purposes, known as bots. It is also worth mentioning that the current trend of botnets is to hide their identities (i.e., the command and control server) using the DNS services to hinder their identification process. Fortunately, different approaches have been proposed and developed to tackle the problem of botnets; however, the problem still rises and emerges causing serious threat to the cyberspace-based businesses and individuals. Therefore, this paper comes up to explore the various botnet detection techniques through providing a survey to observe the current state of the art in the field of botnet detection techniques based on DNS traffic analysis. To the best of our knowledge, this is the first survey to discuss DNS-based botnet detection techniques in which the problems, existing solutions and the future research direction in the field of botnet detection based on DNS traffic analysis for effective botnet detection mechanisms in the future are explored and clarified.

Client Side Pharming Attacks Detection using Authoritative Domain Name Servers

Pharming attacks can be performed at the client-side or into the internet. In pharming attack, attackers need not targeting individual user. If pharming is performed by modifying the DNS entries, than it will be affecting to all users who is accessing the web page through that DNS. We propose an approach to protect user at client-side from pharming attacks by comparing IP addresses, using information provided by local DNS server and a list of IP's provided by the domain's Authenticated Name Servers which are the most trusted DNS servers for a domain. General Terms DNS security, DNS queries, DNS Poisoning, Pharming attacks

Detecting Malware Based on DNS Graph Mining

Malware remains a major threat to nowadays Internet. In this paper, we propose a DNS graph mining-based malware detection approach. A DNS graph is composed of DNS nodes, which represent server IPs, client IPs, and queried domain names in the process of DNS resolution. After the graph construction, we next transform the problem of malware detection to the graph mining task of inferring graph nodes’ reputation scores using the belief propagation algorithm. The nodes with lower reputation scores are inferred as those infected by malwares with higher probability. For demonstration, we evaluate the proposed malware detection approach with real-world dataset. Our real-world dataset is collected from campus DNS servers for three months and we built a DNS graph consisting of 19,340,820 vertices and 24,277,564 edges. On the graph, we achieve a true positive rate 80.63% with a false positive rate 0.023%. With a false positive of 1.20%, the true positive rate was improved to 95.66%. We detected 88,592 hosts infected by malware or C&C servers, accounting for the percentage of 5.47% among all hosts. Meanwhile, 117,971 domains are considered to be related to malicious activities, accounting for 1.5% among all domains. The results indicate that our method is efficient and effective in detecting malwares.

WIRELESS LAN INTRUSION DETECTION BY USING STATISTICAL TIMING APPROACH

Today as we all are habitual of using internet through wired or wireless LAN Networks, but using internet through Wireless LAN becomes harder as the threat of unauthorized access point is increasing day by day. In This paper we are focusing on different types of rogue access points (APs) that are masquerading and attracting people to get associate with them or to connect with them. We are implementing a solution to avoid people or users from connecting to the unauthorized access point by using experimental time dependent scheme. Our detection technique is a client-oriented method that uses the complete tour time between the DNS server and user that perfectly determine that whether an access point with which the user has connected is the legitimate access point or a unauthorized access point. In this paper we are implementing concept using .Net framework and sql server, Which gives us the characteristics like robust, accuracy and effectiveness for detecting rogue or unauthorized access point without getting any help from WLAN administrator. In this simulation technique we will get accurate values so that we can distinguish between rogue access point and legitimate access point

Efficient suspicious URL filtering based on reputation

Enormous web pages are visited each day over a network and malicious websites might infect user machines. To identify malicious web sites, the most reliable approach is honeypot, an execution-based method. The vast amount of http traffic makes sandboxing all the web pages impossible. It is not practical in the real environments as it consumes too much computational resource and time. Only 1.3% of websites are malicious. Crawler-based approach might be not easy to find malicious websites effectively, as it has no clue if they are visited by users. Therefore, the proposed system examines only user web requests, not from crawler, in order to catch the real drive-by download web attacks. The challenge is that the web traffic is huge in real networks and an efficient filtering is desired to process large scale user requests efficiently.Based on our observation, the domains of drive-by download attacks often are unreliable and exhibit distinct attributes from the normal. To classify massive volume of web traffic in a real network, this study proposes a two-stage drive-by download attack detection mechanism: first identifying suspicious websites based on domain reputation and then sandboxing only the suspicious ones to reduce the detection time. Such detection not only reduces the required computation resources and time, but also remains the efficiency benefited from sandbox-based detection. As WHOIS database is not reliable for not every domain query can be resolved. Therefore, this study relies on queries from DNS server and proposes novel reputation attributes to distinguish the benign and the suspicious. The experimental results show that the proposed filtering yields the accuracy of 94% in simulated real network environment and efficiently saves more than 12 times of the computing time with the comparison of an improved sandboxing approach. Such two-stage detection system implemented in a real network environment with 560 thousand URL requests per day demonstrates its practicality and efficiency under large scale web requests. During the deployment on the real network, unknown malicious websites are identified which are not listed in the public accessible blacklist websites.

A pharming attack hybrid detection model based on IP addresses and web content

Pharming is an advanced form of attack intended to redirect a website's traffic to another, bogus site. Using traditional phishing detecting technologies cannot detect pharming attacks effectively. At present, few research works against pharming attacks have been done and the solutions are relatively rough. Pharming has become of major concern to businesses hosting ecommerce and online banking websites. Sophisticated measures known as anti-pharming are strong required to protect against this serious threat. In this paper we proposed a client pharming attack hybrid detection model which is based on web content and IP addresses. The proposed solution is divided into two steps. At the first step, multiple DNS servers are used to verify the authenticity of the resolved IP address which is corresponding to URL of the webpage. We will step into the second stage when the IP address is identified as suspicious. We present an algorithm to build a classifier which can detect whether the user suffered pharming attacks. The simulation results show that detection rate of the proposed hybrid model is more than 99%.

APLIKASI SETTING DNS SERVER BERBASIS WEB PADA LINUX UBUNTU SERVER

With many Linux Operating System, automatically many Linux users. From the start of the installation of the Operating System, Linux has 2 modes for zoom (Interface), the TEXT mode and mode GUI (Graphic User Interface). To TEXT mode is usually used for servers that promotes speed and efficiency of hard drive capacity. For GUI mode is used for desktop computers, because it is easy to operate with excellence zoom an image. Based on the above background, it is concluded several issues, among others: 1.Bagaimana how application installation on Linux Ubuntu Server? 2.Bagaimana how to configure Ubuntu Server Linux server remotely? 3Bagaimana how WEB-based DNS server settings on Ubuntu Linux Server? The purpose of the study is as follows: 1.Mempermudah setting up a server without having to be in front of the server machine. 2.Mensetting server does not use the text but using the GUI. 3. No need additional applications, just using the WEB Browser to run it. Keywords : Ubuntu, mode text, mode gui, DNS, Web Server

Domain Names Based on Fault Tree Analysis

The success rate of domain name resolution has a direct influence on the service of DNS. Analytical performance of DNS server is the key to measure the satisfaction degree of users when they access to the network. This article establishes the dependence model for the domain name server. In order to get DNS fault model and analytical model, this article uses Fault Tree Analysis theory to describe the relationship of tree basic events and target events of fault tree of dependency. On the basis of fault tree model, dependencies of domain names are qualitative analyzed, including number of sets and element composition of fault model and analytical model. This study provided a theoretical basis for DNS dependencies and technical support for the DNS vulnerability analysis. It has a great importance for domain name system security.

Network stack specialization for performance

Contemporary network stacks are masterpieces of generality, supporting many edge-node and middle-node functions. Generality comes at a high performance cost: current APIs, memory models, and implementations drastically limit the effectiveness of increasingly powerful hardware. Generality has historically been required so that individual systems could perform many functions. However, as providers have scaled services to support millions of users, they have transitioned toward thousands (or millions) of dedicated servers, each performing a few functions. We argue that the overhead of generality is now a key obstacle to effective scaling, making specialization not only viable, but necessary. We present Sandstorm and Namestorm, web and DNS servers that utilize a clean-slate userspace network stack that exploits knowledge of application-specific workloads. Based on the netmap framework, our novel approach merges application and network-stack memory models, aggressively amortizes protocol-layer costs based on application-layer knowledge, couples tightly with the NIC event model, and exploits microarchitectural features. Simultaneously, the servers retain use of conventional programming frameworks. We compare our approach with the FreeBSD and Linux stacks using the nginx web server and NSD name server, demonstrating 2--10x and 9x improvements in web-server and DNS throughput, lower CPU usage, linear multicore scaling, and saturated NIC hardware.

Performance Evaluation of ENUM Name Servers

ENUM is a protocol for mapping E.164 telephone numbers into Internet URIs. In this paper, we present a performance evaluation of ENUM name servers considering the new requirements and challenges imposed on traditional DNS servers with the incorporation of ENUM protocol. We defined three performance metrics for this performance evaluation: query throughput, response time, and CPU usage. Using a benchmarking testbed, we eval-uated four name servers implementations (BIND, MyDNS-NG, NSD and PowerDNS) in different scenarios considering distinct size of database and types of records being queried. Moreover, we improved the existing methodology for this kind of evaluation, since we identified the limitations of DNSPerf and proposed a new procedure for the evaluation. Results show that BIND and NSD servers achieved a high query throughput with great scalability features. On the other hand, PowerDNS server had a lower throughput and high sensibil-ity to database size. MyDNS-NG server presented a quite low query throughput and poor scalability and, therefore, it is not suitable for ENUM purposes. These results bring to light a new reality for studies of ENUM servers, since they have not been evaluated in such a extended scenarios and size of the database.

DNS ANY Request Cannon Activity in DNS Query Packet Traffic

We statistically investigated the total ANY resource record (RR) based DNS query request packet traffic from the Internet to the top domain DNS server in a university campus network through January 1st, 2011 to December 31st, 2012. The obtained results are: (1) We found a significant increase in the inbound ANY RR based DNS query request traffic at November 28th, 2011. (2) In the DNS query request packet traffic, we observed only a query keyword of the campus domain name. (3) We found a correlation between the total inbound DNS query request packet traffic and the DNS query request packet traffic including the query keyword. (4) Also, we carried out the loading test sending ANY, A, and PTR RR unique DNS queries to a test DNS server, we observed no difference among the vmstat parameters, and the load value was 0.10-0.20. These results indicate that the ANY RR based DNS request packet traffic is quite strange. However, it should be meaningless activity.

Domain Registration Date Retrieval System for Improving Spam Mail Discrimination

Recently, many spam mails associated with One-click fraud, Phishing, and so on have been sent to unspecified large number of e-mail users. According to some previous works, most spam mails contained some URLs whose domains were registered relatively recently, such that the age of the domain used in the URL in the messages would be a good criterion for spam mail discrimination. However, it is difficult to obtain the age or the registration date of a specific domain for each message by WHOIS service since most WHOIS services would block frequent queries. In this paper, we propose a domain registration date retrieval system, which updates zone files of some Top Level Domains (TLDs) every day, keeps track of the registration date for new domains, and works as a DNS server that replys with the registration date of the queried domain. According to the performance evaluation, the prototype system could update the registration date for all the domains of com TLD in two hours.

Research of the DNS Server Deployment in Multi-Export Network

Most of college campus network to access the CERNET and CHINANET and CNC, respectively, more than export way access to the Internet. How to effectively use more export resources, improve the network speed and reliability aspects worthy of in-depth study, etc. In this paper, a model of campus network, combined with DNS service program of the new features and rational deployment of how many export server in the network domain name, put forward a reasonable solution.

A Quick Query Methods for ONS System based on EPC

EPCGlobal proposed for the domain name (DNS) service based on the object name service (ONS) design standards, prone to slow query response ONS system, data logging, storage space, cannot meet a single product inquiry and other issues. This paper presents a separate DNS service, the use of regular expressions and match data records stored ONS system design and implementation, test results show that independent of the DNS service ONS system has a data record storage space and query response speed, meet single product inquiries and so on.

DNS Based Approach Load Balancing In Distributed Web Server System

In this paper, we consider the high level scheduling and load sharing properties offered by the Domain Name System, as implemented in popular DNS software packages. We explore the performance and capabilities of high-level DNS-based load balancing, where we draw special attention to the choice of caching policy (time-to-live) for DNS data. Further, we analyze the use of a database-supported DNS service for allowing highly dynamical query responses, and show that this approach has both potentially negative (single point of failure) and positive (improved balancing flexibility) properties. The objective of this paper is we discuss the performance requirements of the DNS, and argue that the robustness and performance of the DNS could be improved and also discuss the impact of TTL on response time in DNS

Penerapan Server Web Hosting Berbasis Linux Ubuntu pada Jaringan Komputer SD Negeri 15 Pangkalpinang

The purpose of this research is to implement Server Web Hosting based Linux Ubuntu in Computer System/network of Elementary School 15 (SDN 15) Pangkalpinang, because there is not available of Computer Server Web Hosting as storage media of website based application and school website at Elementary School 15 Pangkalpinang, makes the school wants to create a unit of Server Web Hosting. The research methods of this thesis is analitic method and design method where at analitic method , writer analyzes the needs and with the analysis writer designs the steps to be done. Then , kind of this research is applied research, it means to give solution of a certain problem practically and to support development activities or implementation of a system , such as database, programming language, network concept. In order that project implementation is on time , so project model is used. The result of this is Server Web Hosting which can give services like DNS Server, FTP Server, File Server, Mail Server that can be accessed by clients through certain links. The conclusion, after server is implementatied can facilitate every one to access any informations from Elementary School 15 fast and easily anytime.

Design and Analysis of Client Control System Using DNS Control Firewall

In this paper, the client control system designed for infringement blocking system development. In order words, infected with harmful files on your computer by using a usercentered information systems development and security through the design of a control system using DNS control firewall client access to the site randomly for acts that can block the under solving techniques. Design of the client control system was classified as Dynamic intrusion prevention system module design, Embedded domain name service system module design, Interlocking DNS service module design and Cert & Analysis module design. Finally, through simulation, an average of 14% was measured by abnormal packet ratio.

The Design of Intelligent DNS Server on Campus Network

Multiple export link in campus network, The common DNS server analyze campus network Web server domain to education network IP address, there is no good use of multiple export link. According to the users network, the intelligent DNS server designed in this paper can analyze different IP address. when different operator's network user access campus network Web server, It is through their own operators network, not all users must pass through the education network, therefore, the intelligent DNS server can effectively solve Multiple export link in campus network.

Research on Design and Security Strategy of DNS

DNS service plays a very important role in the Internet; each host must pass it to query the IP address of the destination host, and can communicate with each other. DNS uses a distributed database structure and server/client mode, which is stored domain name in the server and allowed a client to access the required data. DNS can resolve the host name to the corresponding IP address, while it also can resolve IP address to a host name. With the development of information technology, the network attacks become more and more frequent occurrence in the Internet. So DNS system has suffered a series of attacks frequently, and the communication is severely affected in the Internet. Therefore, the security problems of DNS are increasingly concerned about. The paper describes the composition, features and working principle of DNS system. According to the security risks of the system, it proposes the corresponding security strategy and designs a reliable and safe DNS.