skip to main content
US FlagAn official website of the United States government
dot gov icon
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
https lock icon
Secure .gov websites use HTTPS
A lock ( lock ) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Explore Research Products in the PAR
It may take a few hours for recently added research products to appear in PAR search results.


Title: A Comprehensive Study of DNS Operational Issues by Mining DNS Forums
Award ID(s):
2047476
PAR ID:
10378706
Author(s) / Creator(s):
 ;  ;  ;  
Publisher / Repository:
Institute of Electrical and Electronics Engineers
Date Published:
Journal Name:
IEEE Access
Volume:
10
ISSN:
2169-3536
Format(s):
Medium: X Size: p. 110807-110820
Size(s):
p. 110807-110820
Sponsoring Org:
National Science Foundation
More Like this
  1. (, IMC Internet Measurement Conference)
  2. ; ; ; (, Proceedings of the Twentieth ACM Workshop on Hot Topics in Networks)
  3. ; ; (, ACM)
    Authoritative DNS servers are susceptible to being leveraged in denial of service attacks in which the attacker sends DNS queries while masquerading as a victim---and hence causing the DNS server to send the responses to the victim. This reflection off innocent DNS servers hides the attackers identity and often allows the attackers to amplify their traffic by employing small requests to elicit large responses. Several challenge-response techniques have been proposed to establish a requester's identity before sending a full answer. However, none of these are practical in that they do not work in the face of ``resolver pools''---or groups of DNS resolvers that work in concert to lookup records in the DNS. In these cases a challenge transmitted to some resolver $$R_1$$ may be handled by a resolver $$R_2$$, hence leaving an authoritative DNS server wondering whether $$R_2$$ is in fact another resolver in the pool or a victim. We offer a practical challenge-response mechanism that uses challenge chains to establish identity in the face of resolver pools. We illustrate that the practical cost of our scheme in terms of added delay is small. 
    more » « less
  4. ; ; ; (, Computer communication review)
    A resilient domain name system (DNS) is essential for a resilient Internet. In this work, we propose an approach to measure authoritative DNS resilience at Internet-scale and showcase our method using comprehensive data from active DNS scans. 
    more » « less
  5. ; ; (, ACM Internet Measurement Conference (IMC))
  • Citation Formats
  • MLA
  • APA
  • Chicago
  • BibTeX
  • Save / Share this Record
  • Send to Email