Domain Name System (DNS)
Task 1 -
Find available RRs of SUTD's domain name
Send the same request from university's and your ISP's network
- Is this zone signed?
- What query type do you think is more profitable for a DNS amplification attack?
Send the same request to an open DNS recursive NS (choose one of the public DNS service providers)
- Do you observe any difference on the responses? If you do, can you explain why these differences occur?
- What RR types do you observe on the responses to figure out whether the zone is signed or not?
- Are they any difference between a direct query to their authoritative NS and a query through an open DNS recursive?
Task 2 -
Assess the amplification capabilities of the TLD Authoritative NSs.
Download the latest version of root.zone file and extract the pairs
Send directly to each Authoritative IPv4 address a DNS query about the domain_name and capture (sniffer) the responses. Choose the most profitable query type
Calculate the amplification factor with AF1
- IP packet
- UDP packet
- DNS packet (UDP payload)
Present the measurements in an appropriate figure or table.
Task 3 -
Assess the reflection capabilities of the TLD Authoritative NSs.
For the same pairs of , send directly to each of the NS a bunch of 500 DNS queries in a narrow time window. Again, choose the most profitable query type
Evaluate only unique IPv4 addresses, namely probe the same server (IPv4 address) for only one of the domain names that is authoritative
For each authoritative NS calculate percentage of successful responses
Calculate the cumulative amplification factor with AF2
- IP packet
- UDP packet
- DNS packet (OOP payload)
Present the measurements in an appropriate figure or table.
Task 4 -
Download the Top 1M (most visited) websites list from Statvoo (excel file)
From 1,000 websites
- What is the percentage of the domains that have enabled DNSSEC?
- What is the percentage of the authoritative that support recursive queries?
Assess the amplification and reflection capabilities of only the DNSSEC-enabled (repeat the same steps as T2 & T3 ONLY for these authoritatives)
Probably you will get better result if you query about the domain zone instead of the website's hostname (query about example.com instead of www.example.com)
Calculate the amplification factor with AF, & AF2 respectively
- IP packet
- UDP packet
- DNS packet (UDP payload)
Deliverables -
Report: Explain the steps for each task (T)
Executed commands
Answers to the questions
Measurements (figure or table)
Screenshots of the tool's output
Shell script or source code (separate files)
The submitted file(s) should be contained in a compress file (.zip or .rar) and named after your details (for example: firstname_lastname.zip) On the first page of the report mention you full name and student ID. Keep the pcap files, you may be asked to deliver them as well.
Purpose of project -
- To be familiarized with DNS service.
- To assess the role of TLD Authoritative nameservers as amplifiers.
- To assess the role of TLD Authoritative nameservers as reflectors.
- To estimate a globalized view of DNS amplification attack potentials.
Description
You should submit a report that explains the steps you have followed for each task (T), executed commands, your answers to the questions, the measurements, screenshots of the utilized tools' output and shell script or source code (deliver in separate files). The submitted file(s) should be contained in a compress file (.zip or .rar) and named after your details (for example: firstname_lastname.zip). Also, on the first page of the report mention you full name and student ID.
Attachment:- Assignment Files.rar