Abstract
The Internet Domain Naming System (DNS) is one of the pillars for the Internet and has been the subject of various Distributed Denial-of-Service (DDoS) attacks over the years. As a countermeasure, the DNS infrastructure has been engineered with a series of replication measures, such as relying on multiple authoritative name servers and using IP anycast. Even though these measures have been in place, we have seen that, when servers rely on third-party DNS providers for reliable services, there may be certain levels of infrastructure centralization. In this case, an attack against a DNS target might affect other authoritative DNS servers sharing part of the infrastructure with the intended victim. However, measuring such levels of infrastructure sharing is a daunting task, given that researchers typically do not have access to DNS provider internals. In this paper, we introduce a methodology and associated tool dnstracker that allows measuring, to various degrees, the level of both concentration and shared infrastructure using active DNS measurements. As a case study, we analyze the authoritative name servers of all domains of the Alexa Top 1 Million most visited websites. Our results show that, in some cases, up to 12.000 authoritative name servers share the same underlying infrastructure of a third-party DNS provider. As such, in the event of an attack, those authoritative DNS servers have increased the probability of suffering from collateral damage.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Anycast vs. DDoS: evaluating the november 2015 root DNS event. In: Proceedings of the 2016 ACM on Internet Measurement Conference - IMC 2016. No. November 2015 (2016). https://doi.org/10.1145/2987443.2987446
Alexa: Alexa Top 1 Million, January 2018. http://s3.amazonaws.com/alexa-static/top-1m.csv.zip
Allman, M.: Comments on DNS robustness. In: ACM Internet Measurement Conference, (November 2018, to appear)
Bates, S., Bowers, J., Greenstein, S., Weinstock, J., Zittrain, J.: Evidence of decreasing internet entropy: the lack of redundancy in DNS resolution by major websites and services. Technical report, National Bureau of Economic Research (2018)
Elz, R., Bush, R., Bradner, S., Patton, M.: Selection and Operation of Secondary DNS Servers. RFC 2182 (Best Current Practice), July 1997. https://doi.org/10.17487/RFC2182, https://www.rfc-editor.org/rfc/rfc2182.txt
Fielding, R.T.: Architectural styles and the design of network-based software architectures. Ph.D. thesis, University of California, Irvine (2000)
Hilton, S.: Dyn analysis summary of Friday October 21 attack. Dyn blog, October 2016. https://dyn.com/blog/dyn-analysis-summary-of-friday-october-21-attack/
McPherson, D., Oran, D., Thaler, D., Osterweil, E.: Architectural considerations of IP Anycast. RFC 7094 (Informational), January 2014. https://doi.org/10.17487/RFC7094. https://www.rfc-editor.org/rfc/rfc7094.txt
Mockapetris, P.: Domain names - concepts and facilities. STD 13, Internet Engineering Task Force, November 1987
Moura, G.C.M., de O. Schmidt, R., Heidemann, J., de Vries, W.B., Müller, M., Wei, L., Hesselman, C.: Anycast vs. DDoS: evaluating the november 2015 root DNS event. In: Proceedings of the ACM Internet Measurement Conference, November 2016. https://doi.org/10.1145/2987443.2987446, https://www.isi.edu/%7ejohnh/PAPERS/Moura16b.html
Mugali, A.A., Simpson, A.W., Walker, S.K., et al.: System and method for detecting DNS traffic anomalies. uS Patent 9,172,716, 27 Oct 2015
Vixie, P., Sneeringer, G., Schleifer, M.: Events of 21-oct-2002, October 2002. http://c.root-servers.org/october21.txt
Perdisci, R., Corona, I., Giacinto, G.: Early detection of malicious flux networks via large-scale passive DNS traffic analysis. IEEE Trans. Dependable Secure Comput. 9(5), 714–726 (2012)
Perlroth, N.: Hackers used new weapons to disrupt major websites across U.S. New York Times p. A1, 22 Oct 2016. http://www.nytimes.com/2016/10/22/business/internet-problems-attack.html
RIPE Network Coordination Centre: RIPE Atlas. https://atlas.ripe.net/
Root Server Operators: Events of 2015-11-30, November 2015. http://root-servers.org/news/events-of-20151130.txt
Root Server Operators: Events of 2016-06-25. Technical report, Root Server Operators, 29 June 2016. http://www.root-servers.org/news/events-of-20160625.txt
Weinberg, M., Wessels, D.: Review and analysis of attack traffic against A-root and J-root on 30 November and 1 December 2015. In: DNS OARC 24 – Buenos Aires, Argentina, April 2016. https://indico.dns-oarc.net/event/22/session/4/contribution/7
Acknowledgement
We thank CNPq for the financial support. This research has been supported by call Universal 01/2016 (CNPq), project NFV Mentor process 423275/2016-0.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Zembruzki, L., Jacobs, A.S., Landtreter, G.S., Granville, L.Z., Moura, G.C.M. (2020). 
: Measuring Centralization of DNS Infrastructure in the Wild.
In: Barolli, L., Amato, F., Moscato, F., Enokido, T., Takizawa, M. (eds) Advanced Information Networking and Applications. AINA 2020. Advances in Intelligent Systems and Computing, vol 1151. Springer, Cham. https://doi.org/10.1007/978-3-030-44041-1_76
Download citation
DOI: https://doi.org/10.1007/978-3-030-44041-1_76
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-44040-4
Online ISBN: 978-3-030-44041-1
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)