Towards a Passive DNS Monitoring System

The domain name system (DNS) is a complex distributed database on which several Internet services rely on. As its monitoring is critical, researchers and internet service providers continuously monitor DNS traffic for identifying anomalies, measuring performance, and generating usage statistics.

This paper looks at DNS traffic from a different perspective; it covers the design and implementation of a passive DNS monitoring system whose goal is to understand trends, characterize economical relationships, and also track suspicious activities. The system described on this paper manages the .it country code Top Level Domain (ccTLD). Deployed on .it authoritative name servers, it is currently permanently monitoring all the .it DNS traffic. 


SAC 2012, Riva del Garda, 2012

