Journal Articles

Permanent URI for this collectionhttps://idr.nitk.ac.in/handle/123456789/19884

Browse

Author: search.filters.author.Adiwal, S.

Search Results

Now showing 1 - 3 of 3
  • No Thumbnail Available
    Item
    Revisiting the Performance of DNS Queries on a DNS Hierarchy Testbed over Dual-Stack
    (Oxford University Press, 2021) Adiwal, S.; Rajendran, B.; Shetty D, P.; Palaniappan, G.
    The exponential growth of IoT devices and their need to use IPv6 addresses has the potential to create load stress on the existing DNS infrastructure and it is imperative that DNS servers to be deployed on IPv6 networks. The DNS query latency from a particular Internet vantage point for IPv4 and IPv6 network cannot be compared directly due to variations in the number of hops of query on IPv4 and IPv6 communication networks. Moreover, there is no assurance that DNS server in the hierarchy is hosted on a dual-stack. This work brings out the DNS query resolution latency over the IPv4 and IPv6 protocol stacks with better accuracy. The experiments are carried out by setting up a complete DNS hierarchy (ROOT, TLD, STLD, TTLD and recursive resolver) on dual IP stack (IPv4 and IPv6), enabling both forward and reverse lookup tree on a live testbed, ensuring a constant number of hops between the recursive resolver and each of the DNS servers in the hierarchy. This live testbed is a first of its kind and is made available for Internet researchers. The operational issues encountered during this deployment and service provisioning are discussed and documented in this paper. This paper also gives a clear illustration and provides reference guidelines for the DNS hierarchy setup, and also aims to bridge the knowledge gap required for deploying DNS over IPv6. © 2021 The British Computer Society.
  • No Thumbnail Available
    Item
    A Quantitative Method for Measuring Health of Authoritative Name Servers
    (IGI Global, 2022) Adiwal, S.; Rajendran, B.; Shetty D, P.D.
    The domain name system (DNS) is regarded as one of the critical infrastructure components of the global internet because a large-scale DNS outage would effectively take a typical user offline. Therefore, the internet community should ensure that critical components of the DNS ecosystem—that is, root name servers, top-level domain registrars and registries, authoritative name servers, and recursive resolvers—function smoothly. To this end, the community should monitor them periodically and provide public alerts about abnormal behavior. The authors propose a novel quantitative approach for evaluating the health of authoritative name servers – a critical, core, and a large component of the DNS ecosystem. The performance is typically measured in terms of response time, reliability, and throughput for most of the internet components. This research work proposes a novel list of parameters specifically for determining the health of authoritative name servers: DNS attack permeability, latency comparison, and DNSSEC validation. The aim is to understand the general behavior of authoritative name servers, detect sluggishness in their performance, and arrive at a score of their health through the aforesaid parameters. The effectiveness of identified parameters is evaluated by devising the corresponding probing algorithms and experimented with them among the authoritative name servers serving the world’s top 500 domains. This approach could be used periodically to assess and take necessary measures to protect authoritative domain name servers from abuse. © © 2022, IGI Global.
  • No Thumbnail Available
    Item
    DNS Intrusion Detection (DID) — A SNORT-based solution to detect DNS Amplification and DNS Tunneling attacks
    (Elsevier B.V., 2023) Adiwal, S.; Rajendran, B.; Shetty D, P.S.; Sudarsan, S.D.
    Domain Name System (DNS) plays a critical role in the Internet ecosystem, translating numerical IP addresses to memorable domain names and vice versa. The malicious user targets DNS by taking advantage of vulnerabilities in DNS. The most complex attacks in the DNS attacks vector include Distributed Denial of Service (DDoS) based DNS amplification attacks and sophisticated DNS tunneling attacks. An Intrusion Detection System (IDS) is a solution available to monitor the traffic for intrusion in the network but not exclusively for DNS intrusions. In this research paper, we present – DNS Intrusion Detection (DID), a system integrated into SNORT – a prominent open-source IDS, to detect major DNS-related attacks. We developed novel IDS signatures for various tools used in the tunneling, amplification, and DoS attacks and added them to the existing ruleset file of IDS to detect DNS-based intrusions. Our approach successfully identifies empirical DNS attacks carried out by various known tools available over the Internet. Evaluation of DID showed a high detection rate and a very low false-positive rate. © 2023 The Author(s)