The document discusses the fundamentals of internet naming, addressing, and routing, highlighting the role of the Domain Name System (DNS) in translating human-readable names to IP addresses for easier navigation. It also covers the architecture of DNS, including the resolution process and various types of DNS abuse, such as phishing and DDoS attacks. The content presents an overview of principles discussed during ICANN 58, emphasizing the importance of DNS in maintaining internet usability and security.

1. AGENDA
• Introduction
• Disclaimer
• Attribution
• Internet (Naming,Addressing, Routing)
• Domain Name System (DNS)
• DNS Abuse

2. INTRODUCTION
• Ahmadullah Alnoor
• Software Engineer
• Microsoft Development Center, Copenhagen, Denmark
• Masters in Distributed Systems, KTH, Stockholm, Sweden
• NITPAA Member

3. DISCLAIMER
• The views expressed in this Presentation are Personal and
do not necessarily reflect the views of my employer.
• This Presentation is not from Microsoft.

4. ATTRIBUTION
• The Presentation is based on Sessions attending during
ICANN 58 which was held in Copenhagen, Denmark.
• Visit https://schedule.icann.org/ for the source materials.

5. INTERNET
Naming,Addressing, Routing

6. NAMING
• Name identifies an Object
• Examples of Names are … Kabul, www.bing.com
• Name says What something is or Who someone is
• Name does not say Where something or someone is

7. ADDRESSING
• Address identifies a Location
• Examples of address are … (34.5553° N, 69.2075° E),
13.107.21.200
• Name Resolution maps a Name to an Address
• Address says Where someone or something is
• Address does not say How to reach the address.

8. ROUTING
• Route says How to reach an Address
• Examples of Route are … Road Signs, RoutingTables
• Route to Address is set before Traffic Arrives
• Traffic moves through the Route in steps or hops
• Traffic trusts each step/hop

9. DNS
How DNS works?

10. WHY DNS
• Numbers are hard to remember. IP Addresses are many.
• 3.4 Billion IPv4 addresses, many many more IPv6 addresses
• Names are easier to remember

11. A DISTRIBUTED DATABASE
• Data is maintained locally and available globally.
• Scalable
• Maintainable
• Performant
• Resilient

12. NAME RESOLUTION
• The process of translating a (host) name to an (IP) address
• The process of translating an (IP) address to a (host) name

13. ARCHITECTURE

14. STRUCTURE

15. FQDN
Fully Qualified Domain Name – www.example.com.

16. ZONES

17. ZONE FILE + RR
• Zone file contains all data for the Zone
• Zone data is stored as Resource Records

18. ZONE FILE SAMPLE

19. NAME SERVERS

20. GLUE

21. ROOT SERVERS
• Stub Resolvers, Recursive Resolves and Authoritative
Name Servers cooperate.
• Resolvers have a hints file pointing to Root Name Servers.

22. RESOLUTION PROCESS

23. …

24. …

25. …

26. CACHING

27. …

28. DNS ABUSE
What is DNS Abuse?

29. MALICIOUS CONDUCT
• Misuse of DNS Infrastructure, Protocol and Processes
• Data Corruption
• Denial of Service
• PrivacyViolation

30. DOMAIN NAME ABUSE
• Phishing
• Malware
• Scams
• Illegal Goods
• Counterfeit Goods
• Fake Trademark Protection
• Fake Domain Sales

31. CACHE POISONING
• Change the DNS Cache in the Recursive Resolver to
return fake records
https://www.ipa.go.jp/files/000013084.png

32. DISTRIBUTED DENIAL OF SERVICE
(DDOS)
• Many Bots/Zombie machines sends DNS Queries to a
specific Name Server
https://www.incapsula.com/images/illustrations/ddos-mini-site/nxdomain-dns-ddos.jpeg

33. DDOS AMPLIFICATION
• Using UDP (User Datagram Protocol) to generate traffic to a specific
Name Server
http://securityskeptic.typepad.com/.a/6a0120a55f18a4970c0153907539c1970b-pi