DNS performance and the effectiveness of caching
IEEE/ACM Transactions on Networking (TON)
A Precise and Efficient Evaluation of the Proximity Between Web Clients and Their Local DNS Servers
ATEC '02 Proceedings of the General Track of the annual conference on USENIX Annual Technical Conference
Proactive caching of DNS records: addressing a performance bottleneck
Computer Networks: The International Journal of Computer and Telecommunications Networking
Understanding the network-level behavior of spammers
Proceedings of the 2006 conference on Applications, technologies, architectures, and protocols for computer communications
The web is smaller than it seems
Proceedings of the 7th ACM SIGCOMM conference on Internet measurement
Botnet Detection by Monitoring Group Activities in DNS Traffic
CIT '07 Proceedings of the 7th IEEE International Conference on Computer and Information Technology
Passive Monitoring of DNS Anomalies
DIMVA '07 Proceedings of the 4th international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
Characterizing Dark DNS Behavior
DIMVA '07 Proceedings of the 4th international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
Impact of configuration errors on DNS robustness
IEEE Journal on Selected Areas in Communications - Special issue on network infrastructure configuration
CAPTCHA: using hard AI problems for security
EUROCRYPT'03 Proceedings of the 22nd international conference on Theory and applications of cryptographic techniques
Comparing DNS resolvers in the wild
IMC '10 Proceedings of the 10th ACM SIGCOMM conference on Internet measurement
On building inexpensive network capabilities
ACM SIGCOMM Computer Communication Review
Touring DNS open houses for trends and configurations
IEEE/ACM Transactions on Networking (TON)
Manufacturing compromise: the emergence of exploit-as-a-service
Proceedings of the 2012 ACM conference on Computer and communications security
On Botnets That Use DNS for Command and Control
EC2ND '11 Proceedings of the 2011 Seventh European Conference on Computer Network Defense
Hi-index | 0.00 |
The Domain Name System (DNS) allows clients to use resolvers, sometimes called caches, to query a set of authoritative servers to translate host names into IP addresses. Prior work has proposed using the interaction between these DNS resolvers and the authoritative servers as an access control mechanism. However, while prior work has examined the DNS from many angles, the resolver component has received little scrutiny. Essential factors for using a resolver in an access control system, such as whether a resolver is part of an ISP’s infrastructure or running on an end-user’s system, have not been examined. In this study, we examine DNS resolver behavior and usage, from query patterns and reactions to nonstandard responses to passive association techniques to pair resolvers with their client hosts. In doing so, we discover evidence of security protocol support, misconfigured resolvers, techniques to fingerprint resolvers, and features for detecting automated clients. These measurements can influence the implementation and design of these resolvers and DNS-based access control systems.