DNS is a valuable source of information about websites and domains
Yelena Voronina opened the session by saying that DNS analytics is a matter of security. “If security systems work properly users simply won’t notice it,” she said.
Alexei Lukatsky (Cisco) started his remarks by giving real examples of malicious domains and software. He pointed out that DNS allows users to obtain far more data than other services. For example, it is possible to determine whether a domain was created by a robot or a human, or to retrieve data on parked domains along with the contacts of their owners or registrars. “Most malicious websites are hosted by the same systems. Analytics allows for detecting connections between malicious domains through analyzing links between autonomous systems and their owners,” Alexei said. He added that all phishing domains take advantage of people’s desire to save or make money. DNS is becoming a valuable source of information on malefactors.
Alain Durand (ICANN) spoke about exposing malefactors by using software developed specifically for this purpose and with the help of partner companies that collect data on malicious activity. “We can provide software for data collection which will help the global community to fight malicious websites,” Alain said. “This project has shown quite good progress, and we are currently looking for partners to boost its efficiency as much as possible.”
Pavel Khramtsov (MSK-IX) gave an extensive account of the MSK-IX data analytics project. Authoritative DNS is a fast, secure and reliable DNS cloud for domain zones and websites. Pavel reported that at present, MSK-IX manages a geographically distributed cloud of DNS servers to support root domain zones and high-maintenance domains. The DNS network is also used by the administrator of the Russian ccTLDs .RU and .РФ, top-level domain registrants, government bodies and corporations. This helps the hardware and network components of the architecture to remain fail-safe. It also allows for monitoring operations continuously, conducting regular security audits and ensuring protection against DDoS attacks.
The report by Quoc-Anh Pham (GoDaddyRegistry) focused on supporting TLDs in different languages. As was seen from his slides on the main principles of this work, the most important aspect is obtaining data from TLDs to analyze traffic efficiently. Moreover, if the server is known, this work can expose a network misconfiguration that is about to be transformed into a botnet. These technologies are already available.
Alexander Venedyukhin (Technical Center of Internet) concluded the session by speaking about applying the DNS analytics to various tasks and projects.