September 29, 2017 to October 3, 2017
Fairmont San Jose
US/Pacific timezone

A Study of DNS Rate Limiting Deployment

Sep 29, 2017, 3:30 PM
Regency 2 Ballroom (Fairmont San Jose)

Regency 2 Ballroom

Fairmont San Jose

170 S Market Street, San Jose, 95113, CA, USA
Standard Presentation Public Workshop Public Workshop


Dr Casey Deccio (Brigham Young University)


Domain Name System (DNS) authoritative servers are a critical component of Internet infrastructure, and as such, they are deliberately accessible to any Internet computer, as a means to find the Internet services they wish to access. Such accessibility can attract ill-intended users to use these same servers with malicious intent, a primary example being DNS reflection-based Distributed Denial-of-Service (DDoS) attacks. One preventative measure used to combat DDoS attacks is for DNS operators to enable a rate-limiting mechanism to mitigate the effects of the potential attack. In this talk we present a study of the deployment of DNS rate limiting across authoritative servers for TLDs and many of the popular domains, in an effort to better understand the mechanisms being deployed to protect the DNS and other critical infrastructure. We demonstrate the impact of deployment and its impact, measured as a factor of amplification reduction. An improved understanding of existing defense mechanisms will allow us to propose improvements to the Internet infrastructure that will ultimately yield a more stable and secure internet.
Talk Duration 30 Minutes

Primary author

Dr Casey Deccio (Brigham Young University)

Presentation materials