2016/6/91 TWNIC 委辦 DNSSEC 測試計畫 國立中央大學電算中心 103/01/09

©2013 Computer Center, National Central University. 2016/6/92 報告大綱 1.Cache server 封包萃取 / 分析 2.Plug-in 設定種類 3. DNSSEC 測試網站 Query 次數統計圖 Query IP 主機數統計圖

©2013 Computer Center, National Central University.  原始 tcpdump 封包  萃取的 query 封包  整理過的 query 封包 2016/6/93 1. Cache server 封包分析

©2013 Computer Center, National Central University. 2016/6/94 原始 tcpdump 封包 21:01: IP domain > : /8/8 CNAME photos-c.ak.facebook.com.edgesuite.net., CNAME a997.dspmm1.akamai.net., A , A (465) edgesuite a997.dspmm1.akamai...d L...d L...i l...n0dspmm1.p.i l...n4dspmm1.p.i l...n3dspmm1.p.i l...n2dspmm1.p.i l...n1dspmm1.p.i l...n7dspmm1.p.i l...n5dspmm1.p.i l...n6dspmm1.p./......Z....EQ EQ l EQ l..X.Q..F l...EQ Z....E.$ EQ. 21:01: IP domain > : 65378*- 3/0/1 A , A , CNAME tw- tw.frontpage.wg1.b.yahoo.com. (109) frontpage.wg1.b.yahoo.com......tw-tw ,...{ ,..t..g ,......) :01: IP > domain: 18226% [1au] A? tw-tw.frontpage.wg1.b.yahoo.com. (60) frontpage.wg1.b.yahoo.com ) :01: IP domain > : 19203*- 2/4/5 CNAME lb1.c0367.sandai.net., A (236).ns1.xunlei.= ns3.b ns4.b ns2.b.^ :.9h :='..w { y....) :01: IP > domain: 16635% [1au] A? lb1.c0367.sandai.net. (49) 21:01: IP > domain: A? js1.pingle.com.tw. (35) E..?\.....#..s.-.s...T.5.+.J_ js1.pingle.com.tw :01: IP > domain: A? t1.gstatic.com. (32) E..<\.....#..s.-.s...c.5.(x t1.gstatic.com :01: IP domain > : 16173*- 1/0/1 A (85) 21:01: IP domain > : /2/2 CNAME global-cache.internal.query.g03.yahoodns.net., CNAME us-cache.internal.query.a01.yaho odns.net., A (221) 21:01: IP domain > : 65517* 0/1/1 (99) E......n.PR.K...s k ns1.d00.net /.ns2.zj01.com. hostmaster X..Q )

©2013 Computer Center, National Central University. 2016/6/95 萃取的 query 封包 20:01: > domain A? query 20:01: domain > /2/2 A response 20:01: domain > response 20:01: domain > /5/3 CNAME dwqnxoctpqg36.cloudfront.net., A , A , A , A , A , A , A , A response 20:01: > domain AAAA? ws12.gti.mcafee.com. query 20:01: > domain A? ws12.gti.mcafee.com. query 20:01: domain > /3/3 A response 20:01: > domain 59990% [1au] AAAA? ws12.gti.mcafee.com. query 20:01: > domain A? a.root-servers.net. query 20:01: domain > /13/12 A response 20:01: > domain A? h.conf.f.360.cn. query 20:01: > domain 11922% [1au] A? h.conf.f.360.cn. query 20:01: > domain 23455% [1au] AAAA? pseric.soft4fun.netdna-cdn.com. query 20:01: domain > response 20:01: domain > /2/2 A response 20:01: > domain A? ffs.solidstatenetworks.net. query 20:01: domain > NXDomain 0/1/0 response 20:01: > domain AAAA? fbcdn-profile-a.akamaihd.net. query 20:01: > domain A? pic.adver.com.tw. query 20:01: domain > /8/1 CNAME fbcdn-profile-a.akamaihd.net.edgesuite.net., CNAME fbcdn-profile-a.ak.fbcdn.akamaihd.ne t.akadns.net., CNAME a2047.dspl.akamai.net., CNAME a2047.dspl.akamai.net.0.1.cn.akamaitech.net., AAAA 2600:1406:1::48f6:3543, AAAA 2600:1406:1::48f6:3509, AAAA 2600:1406 :1::48f6:3510 response 20:01: > domain A? union.tanx.com. query 20:01: domain > /3/3 A response 20:01: > domain 21689% [1au] A? apir.webrep.avast.com. query 20:01: > domain AAAA? pic.adver.com.tw. query 20:01: domain > response 20:01: > domain 37464% [1au] A? union.tanx.split.taobao.com. query 20:01: > domain query

©2013 Computer Center, National Central University. 2016/6/96 整理過的 query 封包 QR :21254+: :A?:fbexternal-a.akamaihd.net. RS :21254: :4/8/8:CNAME:fbexternal-a.akamaihd.net.edgesuite.net., QR :59066+: :AAAA?:fbexternal-a.akamaihd.net. RS :59066: :4/8/8:CNAME:fbexternal-a.akamaihd.net.edgesuite.net., RS :33734: :response RS :43904: :2/4/1:CNAME:s3-website-us-east-1.amazonaws.com., QR :21500+: :AAAA?:trafficjack.s3-website-us-east-1.amazonaws.com. RS :21500: :1/1/0:CNAME:s3-website-us-east-1.amazonaws.com. QR :17899+: :A?:tools.google.com. QR :39462%: :1au:A?:tools.l.google.com. RS :23201: :response RS :24977: :12/6/6:CNAME:xml.ws.126.ccgslb.net., QR :2421+: :AAAA?:xml.ws.126.net. RS :2421: :2/1/0:CNAME:xml.ws.126.ccgslb.net., QR :54091+: :A?:q.soft.360.cn. RS :54091: :4/5/6:CNAME:soft.360.cn., QR :18942+: :A?:crl.microsoft.com. RS :18942: :4/8/8:CNAME:crl. QR :26254+: :A?:developer.android.com. QR :37462+: :AAAA?:developer.android.com. RS :26254: :17/4/4:CNAME:www3.l.google.com., RS :37462: :2/4/4:CNAME:www3.l.google.com., QR :6164+: :A?:i.simpli.fi. QR :64880+: :AAAA?:i.simpli.fi. RS :64880: :1/1/0:CNAME:china.i.simpli.fi. RS :6164: :2/6/6:CNAME:china.i.simpli.fi., RS :7503: :response QR :49023%: :1au:A?:cc00068.h.cnc.ccgslb.net. RS :7363: :response RS :18455: :response RS :40247: :response RS :38576: :1/0/0:CNAME:ocsp.verisign.net. RS :59683: :response

©2013 Computer Center, National Central University. 2. Plug-in 設定種類 2016/6/97

©2013 Computer Center, National Central University. 3. DNSSEC 測試網站  DNSSEC 測試網站 單時 Query 紀錄查詢 單日 Query 紀錄查詢 單日 Query IP 主機數統計圖 Top-500 查詢主機排行 ** 2016/6/98

©2013 Computer Center, National Central University. 2016/6/99

©2013 Computer Center, National Central University. 2016/6/910

©2013 Computer Center, National Central University. 2016/6/911 Thank You!