An empirical study of orphan DNS servers in the internet

Authors:
Andrew J. Kalafut;Minaxi Gupta;Christopher A. Cole;Lei Chen;Nathan E. Myers
Affiliations:
Grand Valley State University, Allendale, MI, USA;Indiana University, Bloomington, IN, USA;Indiana University, Bloomington, IN, USA;Indiana University, Bloomington, IN, USA;Indiana University, Bloomington, IN, USA
Venue:
IMC '10 Proceedings of the 10th ACM SIGCOMM conference on Internet measurement
Year:
2010

Citing 1
Cited 1

Phishing Infrastructure Fluxes All the Way

IEEE Security and Privacy

Towards classification of DNS erroneous queries

Proceedings of the 9th Asian Internet Engineering Conference

Quantified Score

Hi-index	0.00

Visualization

Abstract

An orphan DNS server is a DNS server which has an address record in the DNS, even though the domain in which it resides has no DNS records itself and hence does not exist. For example, the DNS server ns.foo.com would be an orphan DNS server if it had an address record, but the domain foo.com did not exist. In this paper, we undertake the first systematic study of the prevalence of orphan DNS servers in the Internet. We also examine who is using them and what they are used for. We find that certain top-level domains (TLDs) account for a disproportionate number of orphans. We also find that some orphans are used for malicious activities and as placeholders for records from deleted domains, while others likely only exist due to simple configuration errors. Our study points to the need for better scrutiny of orphan DNS servers so they cannot be misused.