^ Top

NANOG Meeting Presentation Abstract

DNSFlow and You: Lightweight Monitoring for DNS in the Modern Network
Meeting: NANOG55
Date / Time: 2012-06-05 4:15pm - 4:30pm
This item is webcast
Room: Bayshore Ballroom A-C
Presenters: Speakers:

Kyle Creyts, Merit Network, Inc.

Kyle Creyts is a Research Engineer for Merit Network, designing and developing analysis software and measurement frameworks for DNS, Netflow, BGP, and packet capture. In his time at Merit, his projects have been focused on network/information security, Internet measurement, and network activity analysis. He is pursuing a BSE in Information Assurance at Eastern Michigan University, and is actively involved in organizing a number of local and nationwide professional information security communities.
Abstract: These days, netflow enables lightweight monitoring of traffic flowing across networks. Carving the interesting data from packet headers, and discarding the "heavy" payload just makes sense. Why not take the easy way out? When you have almost as much insight into what is going on without the rest of the payload, and scaling payload inspection for many protocols is "hard" and resource intensive, why would you not discard the data you aren't interested in?

As DNS information has become much more closely tied to network interactions, even a crucial part of them, it is now much more important to have visibility into the DNS activity in your network. This presentation discusses a lightweight (think netflow) method of gaining insight into DNS activity in a network, several interesting uses of such "DNSFlow" data, as well as several plausible uses of DNSFlow data, and a method of sharing DNSFlow data with other operators. The target audience is anyone with DNS traffic traversing their network; both network-monitoring and security-related applications will be discussed.
Files: pdfDNSFlow and You: Lightweight Monitoring for DNS in the Modern Network(PDF)
youtubeDNSFlow and You: Lightweight Monitoring for DNS in the Modern Network
Sponsors: None.

Back to NANOG55 agenda.

NANOG55 Abstracts

  • MPLS OAM
    Speakers:
    Sam Aldrin, Huawei Technologies;
  • Track: DNS
    Speakers:
    Mehmet Akcin, ICANN; Duane Wessels, Verisign;
  • Track: DNS
    Speakers:
    Mehmet Akcin, ICANN; Duane Wessels, Verisign;

 

^ Back to Top