Title :
Traffic Measurement Based DNSSEC Analysis
Author :
Wang, Yong ; Yun, Xiaochun ; Yao, Yao ; Xiong, Gang ; Li, Zhen
Author_Institution :
Inst. of Comput. Technol., Grad. Univ. of Chinese Acad. of Sci., Beijing, China
Abstract :
Method of DNSSEC traffic measurement is introduced based on the identification of resource records in DNSSEC. Through the analysis of DNSSEC traffic in several levels which are resource record type, packet length, signature property, and IP features, characteristics of DNSSEC traffic can be concluded. Results show that above 78% of DNSSEC packets are NSEC3 packets, and this means there are too many useless DNSSEC queries, which would not be measured in DNS, but can be measured accurately in DNSSEC with the introduction of NSEC3. In addition to it, validation packets coming from root or top server are more than authority servers. From the analysis of DNSKEY responses, it can be referred the DNSSEC deploying ratio is 54% ignoring the cache of DNSSEC recursive server. The conclusions are helpful to the further deployment and application of DNSSEC.
Keywords :
Internet; resource allocation; telecommunication traffic; DNSKEY responses; DNSSEC analysis; DNSSEC recursive server; IP features; NSEC3 packets; packet length; resource record type; signature property; traffic measurement; Bandwidth; Computer crime; IP networks; Pollution measurement; Public key; Servers; DNSKEY; DNSSEC; DNSSEC Traffic Analysis; DS; NSEC3; Traffic Measurement;
Conference_Titel :
Computer and Information Technology (CIT), 2012 IEEE 12th International Conference on
Conference_Location :
Chengdu
Print_ISBN :
978-1-4673-4873-7
DOI :
10.1109/CIT.2012.37
