Title | DNS to the rescue: Discerning Content and Services in a Tangled Web |
Publication Type | Conference Paper |
Year of Publication | 2012 |
Authors | Bermudez, I N., M. Mellia, M. M. Munafo', R. Keralapura, and A. Nucci |
Conference Name | Internet Measurement Conference 2012 |
Date Published | 11/2012 |
Publisher | ACM |
Conference Location | Boston, MA |
ISBN Number | 978-1-4503-1705-4 |
Keywords | DNS, mPlane, passive measurement, WP2 |
Abstract | A careful perusal of the Internet evolution reveals two major trends - explosion of cloud-based services and video stream- ing applications. In both of the above cases, the owner (e.g., CNN, YouTube, or Zynga) of the content and the organiza- tion serving it (e.g., Akamai, Limelight, or Amazon EC2) are decoupled, thus making it harder to understand the associ- ation between the content, owner, and the host where the content resides. This has created a tangled world wide web that is very hard to unwind, impairing ISPs’ and network administrators’ capabilities to control the traffic flowing in their networks. In this paper, we present DN-Hunter, a system that lever- ages the information provided by DNS traffic to discern the tangle. Parsing through DNS queries, DN-Hunter tags traf- fic flows with the associated domain name. This association has several applications and reveals a large amount of use- ful information: (i) Provides a fine-grained traffic visibility even when the traffic is encrypted (i.e., TLS/SSL flows), thus enabling more effective policy controls, (ii) Identifies flows even before the flows begin, thus providing superior net- work management capabilities to administrators, (iii) Un- derstand and track (over time) different CDNs and cloud providers that host content for a particular resource, (iv) Discern all the services/content hosted by a given CDN or cloud provider in a particular geography and time interval, and (v) Provides insights into all applications/services run- ning on any given layer-4 port number. We conduct extensive experimental analysis and show re- sults from real traffic traces (including FTTH and 4G ISPs) that support our hypothesis. Simply put, the information provided by DNS traffic is one of the key components re- quired for understanding the tangled web, and bringing the ability to effectively manage network traffic back to the op- erators. |
URL | http://dl.acm.org/citation.cfm?id=2398776.2398819&coll=DL&dl=GUIDE&CFID=225051145&CFTOKEN=42401286 |
DOI | 10.1145/2398776.2398819 |
Citation Key | Ber2012 |
Refereed Designation | Refereed |