Skip to Main Content
Frequently Asked Questions
Submit an ETD
Global Search Box
Need Help?
Keyword Search
Participating Institutions
Advanced Search
School Logo
Files
File List
Rami_Dissertation.pdf (4.01 MB)
ETD Abstract Container
Abstract Header
ISSUES IN SECURITY AND PERFORMANCE OF THE DNS ECOSYSTEM
Author Info
Al-Dalky, Rami Yousef Hasan HASAN
Permalink:
http://rave.ohiolink.edu/etdc/view?acc_num=case1567118673903965
Abstract Details
Year and Degree
, Doctor of Philosophy, Case Western Reserve University, EECS - Computer and Information Sciences.
Abstract
The Domain Name System (DNS) is a critical component of the Internet infrastructure that plays a vital role in most Internet transactions. DNS has evolved into a complex system whose many components have unclear effect on the performance of the DNS system itself and the overall experience of Internet users. Moreover, DNS presents a number of entry points to malicious actors who can use them to launch a range of attacks not just against DNS but other parts of the Internet. In this dissertation, we present a mechanism to eliminate one such attack vector, and illuminate various DNS characteristics critical for user experience on the Internet. We first investigate three performance issues that have an impact on the end-user experience. In the first issue, we study the characteristics of resolvers pools, where multiple resolvers participate in the resolution of a single query, and we find that pools are varied in size and resolvers in a pool can be geographically disperse. This can negatively affect the content delivery networks (CDNs) effort in redirecting end-users to the ”best” edge-servers, a process normally referred to as ”client-to-edge-server mapping”. In the second issue, we look at the behavior of resolvers related to EDNS-Client- Subnet (ECS), an extension to DNS that allows the resolvers to convey end-user subnet information in DNS queries so that authoritative nameservers could use this information to improve client-to-edge-server mapping. We find a range of erroneous and detrimental behaviors that may reduce the effectiveness of DNS caching, diminish ECS benefits, and in some cases turn ECS into an obstacle to authoritative nameservers’ ability to optimize the client-to-edge-server mapping. In the third issue, we investigate the performance implications of using IPv6 for DNS interactions specifically in terms of DNS latency and the quality of mapping of the responses that are returned from recursive resolvers. We find that public resolvers differ drastically depending on the IP version employed by the clients for DNS interactions. Moreover, we observe IPv6 penalty in the latency between clients and their assigned edge-servers which can be substantial for some resolvers and regions. Finally, we present a practical challenge-response technique that protects authoritative nameservers frombeing used in DoS attacks andworks in the presence of resolver pools. In summary, our study improves our understanding of the DNS ecosystem. We believe that the findings in this dissertation will help guide DNS evolution tol improve DNS security and performance, leading to better Internet experience for end-users.
Committee
Michael Rabinovich (Advisor)
Subject Headings
Computer Science
;
Information Systems
Recommended Citations
Refworks
EndNote
RIS
Mendeley
Citations
Al-Dalky, R. Y. H. H. (n.d.).
ISSUES IN SECURITY AND PERFORMANCE OF THE DNS ECOSYSTEM
[Doctoral dissertation, Case Western Reserve University]. OhioLINK Electronic Theses and Dissertations Center. http://rave.ohiolink.edu/etdc/view?acc_num=case1567118673903965
APA Style (7th edition)
Al-Dalky, Rami Yousef Hasan.
ISSUES IN SECURITY AND PERFORMANCE OF THE DNS ECOSYSTEM.
Case Western Reserve University, Doctoral dissertation.
OhioLINK Electronic Theses and Dissertations Center
, http://rave.ohiolink.edu/etdc/view?acc_num=case1567118673903965.
MLA Style (8th edition)
Al-Dalky, Rami Yousef Hasan. "ISSUES IN SECURITY AND PERFORMANCE OF THE DNS ECOSYSTEM." Doctoral dissertation, Case Western Reserve University. Accessed MAY 14, 2024. http://rave.ohiolink.edu/etdc/view?acc_num=case1567118673903965
Chicago Manual of Style (17th edition)
Abstract Footer
Document number:
case1567118673903965
Download Count:
91
Copyright Info
© , all rights reserved.
This open access ETD is published by Case Western Reserve University School of Graduate Studies and OhioLINK.