Re: DNS based Destination Selection

[Cedric de Launois <delaunois@info.ucl.ac.be>]

Le jeu 19/06/2003 à 15:45, Jay Ford a écrit :
> On Thu, 19 Jun 2003, Cedric de Launois wrote:
> > > My quick reactions:
> > >    o  DNS is too high a level for (srcaddr,dstaddr) selection;
> > >       not everything goes by name
> >
> > Indeed. We thought of this mechanism in the NAROS solution. We perfomed
> > recently a quick evaluation of this solution (use of DNS to influence
> > an external source's destination decision making). First results
> > clearly show this is too high level : 70 to 90% of the traffic
> > flows we analyzed were NOT preceeded by a DNS request ! (This
> > is only an approximation since it is hard to see which DNS request
> > is associated with which flow). This is due to the spread of p2p
> > applications : lots of flows without any DNS lookup.
> 
> Wow.  I wouldn't have expected the no-preceding-DNS percentage to be that
> high.  I guess I was more right than I knew.  ;^)

I was also surprised. However, these values are rough approximations.
Factors that can explain these high percentages are :
- the trace contains lots of p2p traffic, that generates lots
  of flows without using DNS.
- attacks from the Internet : port scans etc. The trace should be
  cleaned up...
- caching on host applications
- associating a DNS request to a flow is a non-trivial task. The
  evaluation method used is far from perfect.

However, the values show that we can't rely on DNS to perform 
(srcaddr,dstaddr) selection.