Fault tree method for DNS name resolution fault analyse

doi:10.16511/j.cnki.qhdxxb.2017.25.022

Abstract
Figures/Tables
References
Related Articles
Metrics

Download: PDF(1100 KB)
Export: BibTeX | EndNote | Reference Manager | ProCite | RefWorks

Abstract The domain name system (DNS) is an important part of the internet with core function being to resolve the domain name. The DNS servers must be stable to ensure the availability of the domain name resolution process and accurate resolution results. A domain name resolution fault analysis method is presented in this paper to resolve name resolution problems. Firstly, a name dependency graph is constructed according to the dependency relationship of the name resolution. Then a fault tree analysis is used to mine the DNS servers that give success for name resolution and the DNS servers that fail to give correct results. A single domain name and the Alex Top 50 000 domain names were analyzed using this method to show that there are unreasonable dependencies in the configurations of individual domain names which lead to some unnecessary resolution procedures and increase the DNS server load.

Keywords domain name system (DNS) domain name resolution fault tree analysis

ZTFLH:

TP393

Issue Date: 15 July 2017

	Service

	E-mail this article
	E-mail Alert
	RSS
	Articles by authors

	XU Haiyan
	WANG Yingkang
	DU Yuejin
	YAN Jianen
	ZHANG Zhaoxin

Cite this article:

XU Haiyan,WANG Yingkang,DU Yuejin, et al. Fault tree method for DNS name resolution fault analyse[J]. Journal of Tsinghua University(Science and Technology), 2017, 57(7): 680-686.

URL:

http://jst.tsinghuajournals.com/EN/10.16511/j.cnki.qhdxxb.2017.25.022 OR http://jst.tsinghuajournals.com/EN/Y2017/V57/I7/680

[1]	Lee B S, Yu S T, Sekiya Y, et al. Availability and effectiveness of root DNS servers: A long term study [C]//Network Operations and Management Symposium. Osaka, Japan: IEEE, 2010: 862-865.
[2]	Casalicchio E, Caselli M, Coletta A. Measuring the global domain name system [J]. IEEE Network, 2013, 27(1): 25-31.
[3]	Krishnan S, Monrose F. An empirical study of the performance, security and privacy implications of domain name prefetching [C]//International Conference on Dependable Systems & Networks. Hong Kong, China: IEEE, 2011: 61-72.
[4]	Son S, Shmatikov V. The hitchhiker's guide to DNS cache poisoning [C]//Security and Privacy in Communication Networks International ICST Conference. Singapore: Springer, 2010: 466-483.
[5]	Dagon D. Large-scale DNS data analysis [C]//ACM Conference on Computer and Communications Security. Raleigh, NC, USA: ACM, 2012: 1054-1055.
[6]	Kadir A F A, Othman R A R, Aziz N A. Behavioral analysis and visualization of fast-flux DNS [C]//European Intelligence and Security Informatics Conference. Odense, Denmark: IEEE, 2012: 250-253.
[7]	Deccio C, Sedayao J, Kant K, et al. Quantifying and improving DNSSEC availability [C]//Proceedings of the International Conference on Computer Communication and Networks. Hawaii, USA: IEEE, 2011: 1-7.
[8]	Choi H, Lee H. Identifying botnets by capturing group activities in DNS traffic [J]. Computer Networks, 2012, 56(1): 20-33.
[9]	Ramasubramanian V. Perils of transitive trust in the domain name system [C]//Proceedings of the 5th ACM SIGCOMM conference on Internet Measurement. Berkeley, CA, USA: ACM, 2005: 379-384.
[10]	Deccio C T, Chen C C, Sedayao J, et al. Quality of name resolution in the domain name system [C]//IEEE International Conference on Network Protocols. Princeton, NJ, USA: IEEE, 2009: 113-122.
[11]	Deccio C. Quantifying and Improving DNS Availability [D]. Davis: University of California Davis, 2010.
[12]	Fujiwara K, Sato A, Yoshida K. DNS traffic analysis: Issues of IPv6 and CDN [C]//IEEE/IPSJ 12th International Symposium on Applications and the Internet. Izmir, Turkey: IEEE, 2012: 129-137.
[13]	RFC1034. Domain Names: Concepts and Facilities [S]. Fremont: IETF, 1987.
[14]	RFC1035. Domain Names: Implementation and Specification [S]. Fremont: IETF, 1987.
[15]	罗航. 故障树分析的若干关键问题研究 [D]. 成都: 电子科技大学, 2011.LUO Hang. Research on Several Key Problems Based on Fault Tree Analysis [D]. Chengdu: University of Electronic Science and Technology of China, 2011. (in Chinese)

[1]	XIA Zhuoqun, LI Wenhuan, JIANG Lalin, XU Ming. Path analysis attack prediction method for electric power CPS[J]. Journal of Tsinghua University(Science and Technology), 2018, 58(2): 157-163.
[2]	ZHAO Jun, BAO Congxiao, LI Xing. OpenFlow based software overlay router[J]. Journal of Tsinghua University(Science and Technology), 2018, 58(2): 164-169.
[3]	ZHANG Ting, WANG Yi, YANG Tong, LU Jianyuan, LIU Bin. Design and implementation of an evaluation platform for NDN name lookup algorithms[J]. Journal of Tsinghua University(Science and Technology), 2018, 58(1): 1-7.
[4]	XU Hongping, LIU Yang, YI Hang, YAN Xiaotao, KANG Jian, ZHANG Wenjin. Abnormal traffic flow identification for a measurement and control network for launch vehicles[J]. Journal of Tsinghua University(Science and Technology), 2018, 58(1): 20-26,34.
[5]	GAO Yang, MA Yangyang, ZHANG Liang, WANG Meilin, WANG Weiping. Synchronization control of cyber physical systems during malicious stochastic attacks[J]. Journal of Tsinghua University(Science and Technology), 2018, 58(1): 14-19.
[6]	XU Mingwei, GAO Bingjie. Two-dimensional routing based inter-domain traffic engineering model[J]. Journal of Tsinghua University(Science and Technology), 2017, 57(12): 1233-1238.
[7]	JIANG Zhuo, WU Qian, LI Hewu, WU Jianping. Link on-off prediction based multipath transfer optimization for aircraft[J]. Journal of Tsinghua University(Science and Technology), 2017, 57(12): 1239-1244.
[8]	ZHANG Yu, PAN Xiaoming, LIU Qingzhong, CAO Junkuo, LUO Ziqiang. APT attacks and defenses[J]. Journal of Tsinghua University(Science and Technology), 2017, 57(11): 1127-1133.
[9]	HAN Xinhui, WEI Shuang, YE Jiayi, ZHANG Chao, YE Zhiyuan. Detect use-after-free vulnerabilities in binaries[J]. Journal of Tsinghua University(Science and Technology), 2017, 57(10): 1022-1029.
[10]	CAO Laicheng, HE Wenwen, LIU Yufei, GUO Xian, FENG Tao. Cooperative dynamic data possession scheme across a cloud storage environment[J]. Journal of Tsinghua University(Science and Technology), 2017, 57(10): 1048-1055.
[11]	LIU Wu, WANG Yongke, SUN Donghong, REN Ping, LIU Ke. Login authentication vulnerability mining and improved login authentication method based on an open source intelligent terminal[J]. Journal of Tsinghua University(Science and Technology), 2017, 57(9): 897-902.
[12]	MA Rui, ZHU Tianbao, MA Ke, HU Changzhen, ZHAO Xiaolin. Single-witness-based distributed detection for node replication attack[J]. Journal of Tsinghua University(Science and Technology), 2017, 57(9): 909-913,920.
[13]	YAN Jianen, ZHANG Zhaoxin, XU Haiyan, ZHANG Hongli. Detection of IRC Botnet C&C channels using the instruction syntax[J]. Journal of Tsinghua University(Science and Technology), 2017, 57(9): 914-920.
[14]	CHEN Yu, WANG Na, WANG Jindong. An n-fold reduction of linguistic variables based on the triangular fuzzy numbers[J]. Journal of Tsinghua University(Science and Technology), 2017, 57(8): 892-896.
[15]	YANG Hongyu, LI Hang. Malicious node detection model for wireless Mesh networks[J]. Journal of Tsinghua University(Science and Technology), 2017, 57(7): 687-694.

Viewed

Full text

Abstract

Cited

Shared

Discussed