SIE Passive DNS and the ISC DNS Database

DEF CON 18

Presented by: Paul Vixie
Date: Friday July 30, 2010
Time: 10:00 - 10:50
Location: Royale 1
Track: Track 2

Passive DNS replication is a technique invented by Florian Weimer for tracking changes to the domain name system. This session will introduce the problems faced by passive DNS replication in the areas of collection, analysis, and storage of DNS data at scale, and will introduce state-of-the-art solutions to these problems developed at ISC SIE. Components of SIE's passive DNS architecture will be showcased, including a specialized DNS capture tool, a tool for processing and deduplicating raw DNS message data, and the storage engine used to archive and index processed data. A bulk HTTP query API and web interface to the storage engine will also be demonstrated and made available.

Paul Vixie

Paul Vixie has been contributing to Internet protocols and UNIX systems as a protocol designer and software architect since 1980. Early in his career, he developed and introduced sends, proxynet, rtty, cron and other lesser-known tools. Paul is considered the primary modern author and technical architect of BINDv8 the Berkeley Internet Name Daemon Version 8, the open source reference implementation of the Domain Name System (DNS). Paul Vixie founded ISC in 1994. In his role as President, Paul ensures that ISC stays true to his original mission of developing and maintaining production quality open source reference implementations of core Internet protocols, such as BIND and DHCP, and evolving those standards. In 1995, Paul co-founded PAIX (Palo Alto Internet Exchange), which was sold to AboveNet in 1999, who in turn named Paul its Chief Technology Officer in 2000, and then President of the PAIX subsidiary in 2001. Paul also co-founded MAPS (Mail Abuse Prevention System), a California nonprofit company established in 1998 with the goal of stopping the Internet's email system from being abused by spammers. Along with Frederick Avolio, Paul co-wrote "Sendmail: Theory and Practice" (Digital Press, 1995). He has authored or co-authored more than a dozen RFCs, mostly on DNS and related topics. He is a member of ICANN RSSAC and ICANN DNSSAC, ARIN and a frequent participant in IETF and NANOG.


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats