Home / Industry

Join Paul Vixie & Robert Edmonds at the Upcoming Distinguished Speaker Series

Verisign Labs Distinguished Speaker Series is a quarterly forum to bring together members of the technical community to network and listen to distinguished speakers about issues related to internet technology.

Discussion: Passive DNS Collection and Analysis – the "DNSTAP" Approach

DNS is a high volume low latency datagram protocol at the heart of the Internet — it enables almost all other traffic flows. Any analysis of network traffic for security purposes will necessarily include contemporaneous DNS traffic which might have resulted from or directed that traffic. Netflow by itself can answer the question, "what happened?" but it cannot by itself answer the equally important question, "why?"

Collecting DNS query and response data has always been challenging due to the impedance mismatch between DNS as an asynchronous datagram service and available synchronous persistent storage systems. Success in DNS telemetry has historically come from the PCAP/BPF approach, where the collection agent reassembles packets seen 'on the wire' into DNS transaction records, with complete asynchrony from the DNS server itself. It is literally and always preferable to drop transactions from the telemetry path than to impact the operation a production DNS server in any way.

BPF/PCAP is not a panacea, though, since the complexity of state-keeping means that most passive DNS collectors are blind to TCP transactions, and all are blind to data elements which don't appear on the wire, such as cache purge or cache expiration events, or to "view" identifiers or current delegation point. The Farsight Security team has therefore designed a new open source and open protocol system called "dnstap" with a transmission/reception paradigm that preserves the necessary lossiness of DNS transaction collection while avoiding the state-keeping of BPF/PCAP based systems.

The upcoming event will cover passive DNS including collection, sharing, post-processing, database construction, and access, using the Farsight Security system as a model. "dnstap" will be introduced in that context, including a status report and road-map.

Speakers

Paul Vixie – Dr. Paul Vixie is the CEO of Farsight Security. He previously served as President, Chairman and Founder of Internet Systems Consortium (ISC), as President of MAPS, PAIX and MIBH, as CTO of Abovenet/MFN, and on the boards of several for-profit and non-profit companies. He has served on the ARIN Board of Trustees since 2005, where he served as Chairman in 2008 and 2009, and is a founding member of ICANN Root Server System Advisory Committee (RSSAC) and ICANN Security and Stability Advisory Committee (SSAC). He operated the ISC's F-Root name server for many years, and is a member of Cogent's C-Root team. He is a sysadmin for Op Sec Trust.

Vixie has been contributing to Internet protocols and UNIX systems as a protocol designer and software architect since 1980. He wrote Cron (for BSD and Linux), and is considered the primary author and technical architect of BIND 4.9 and BIND 8, and he hired many of the people who wrote BIND 9. He has authored or co-authored a dozen or so RFCs, mostly on DNS and related topics, and of Sendmail: Theory and Practice (Digital Press, 1994). His technical contributions include DNS Response Rate Limiting (RRL), DNS Response Policy Zones (RPZ), and Network Telemetry Capture (NCAP). He earned his Ph.D. from Keio University for work related to DNS and DNSSEC.

Robert Edmonds – Robert Edmonds is a software developer at Farsight Security. He is responsible for maintaining several core components of Farsight's Security Information Exchange (SIE) and DNSDB products, including the 'nmsg' network message encapsulation library, the 'mtbl' immutable sorted string table library, and the 'wdns' low-level DNS library. His current projects include the development of 'dnstap', a framework for exporting event data from DNS software, and the ongoing maintenance of 'protobuf-c', a C implementation of the "Protocol Buffers" data serialization format.


Event Date & Time

Wednesday, December 17, 2014
8:30 a.m. – 10:30 a.m.

Event Location

Verisign Reston Headquarters
12061 Bluemont Way
Reston, VA 20190
(703) 948-3200

Agenda

Breakfast/Networking (8:30 – 9:00 am)
Presentation (9:00 – 10:00 am)
Networking (10:00 – 10:30 am)

Registration Page

Questions? Contact Verisign’s Events Team at eventsteam@verisign.com

Verisign

About Verisign – Verisign, a global leader in domain names and internet security, enables internet navigation for many of the world's most recognized domain names and provides protection for websites and enterprises around the world. Verisign ensures the security, stability and resiliency of key internet infrastructure and services, including the .com and .net domains and two of the internet's root servers, as well as performs the root-zone maintainer functions for the core of the internet's Domain Name System (DNS). Learn More

Related topics: DNS

 
   

Don't miss a thing – get the Weekly Wrap delivered to your inbox.

Related Blogs

Related News

Explore Topics

Dig Deeper

IP Addressing

Sponsored by Avenue4 LLC

Mobile Internet

Sponsored by Afilias Mobile & Web Services

Cybersecurity

Sponsored by Verisign

DNS Security

Sponsored by Afilias

Promoted Posts

Buying or Selling IPv4 Addresses?

ACCELR/8 is a transformative IPv4 market solution developed by industry veterans Marc Lindsey and Janine Goodman that enables organizations buying or selling blocks as small as /20s to keep pace with the evolving demands of the market by applying processes that have delivered value for many of the largest market participants. more»

Industry Updates – Sponsored Posts

Global Domain Name Registrations Reach 329.3 Million, 2.3 Million Growth in Last Quarter of 2016

Neustar to be Acquired by Private Investment Group Led by Golden Gate Capital

Don't Gamble With Your DNS

Verisign Releases Q2 2016 DDoS Trends Report - Layer 7 DDoS Attacks a Growing Trend

How Savvy DDoS Attackers Are Using DNSSEC Against Us

Radix Adds Dyn as a DNS Service Provider

Dyn Partners with the Internet Systems Consortium to Host Global F-Root Nameservers

Is Your TLD Threat Mitigation Strategy up to Scratch?

Domain Management Handbook from MarkMonitor

What Holds Firms Back from Choosing Cloud-Based External DNS?

Computerworld Names Afilias' Ram Mohan a Premier 100 Technology Leader

Protect Your Privacy - Opt Out of Public DNS Data Collection

Measuring DNS Performance for the User Experience

Introducing Verisign Public DNS: A Free Recursive DNS Service That Respects Your Privacy

Internet Grows to 296 Million Domain Names in Q2 2015

Protect Your Network From BYOD Malware Threats With The Verisign DNS Firewall

Introducing the Verisign DNS Firewall

Verisign Named to the Online Trust Alliance's 2015 Honor Roll

3 Key Steps for SMBs to Protect Their Website and Critical Internet Services

Key Considerations for Selecting a Managed DNS Provider