Traffic Measurement Based DNSSEC Analysis

Author

Wang, Yong ; Yun, Xiaochun ; Yao, Yao ; Xiong, Gang ; Li, Zhen

Author_Institution

Inst. of Comput. Technol., Grad. Univ. of Chinese Acad. of Sci., Beijing, China

fYear

2012

fDate

27-29 Oct. 2012

Firstpage

62

Lastpage

69

Abstract

Method of DNSSEC traffic measurement is introduced based on the identification of resource records in DNSSEC. Through the analysis of DNSSEC traffic in several levels which are resource record type, packet length, signature property, and IP features, characteristics of DNSSEC traffic can be concluded. Results show that above 78% of DNSSEC packets are NSEC3 packets, and this means there are too many useless DNSSEC queries, which would not be measured in DNS, but can be measured accurately in DNSSEC with the introduction of NSEC3. In addition to it, validation packets coming from root or top server are more than authority servers. From the analysis of DNSKEY responses, it can be referred the DNSSEC deploying ratio is 54% ignoring the cache of DNSSEC recursive server. The conclusions are helpful to the further deployment and application of DNSSEC.

Keywords

Internet; resource allocation; telecommunication traffic; DNSKEY responses; DNSSEC analysis; DNSSEC recursive server; IP features; NSEC3 packets; packet length; resource record type; signature property; traffic measurement; Bandwidth; Computer crime; IP networks; Pollution measurement; Public key; Servers; DNSKEY; DNSSEC; DNSSEC Traffic Analysis; DS; NSEC3; Traffic Measurement;

fLanguage

English

Publisher

ieee

Conference_Titel

Computer and Information Technology (CIT), 2012 IEEE 12th International Conference on

Conference_Location

Chengdu

Print_ISBN

978-1-4673-4873-7

Type

conf

DOI

10.1109/CIT.2012.37

Filename

6391875