Impact of configuration errors on DNS robustness
Proceedings of the 2004 conference on Applications, technologies, architectures, and protocols for computer communications
Passive Monitoring of DNS Anomalies
DIMVA '07 Proceedings of the 4th international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
A day at the root of the internet
ACM SIGCOMM Computer Communication Review
Context-aware clustering of DNS query traffic
Proceedings of the 8th ACM SIGCOMM conference on Internet measurement
Detecting algorithmically generated malicious domain names
IMC '10 Proceedings of the 10th ACM SIGCOMM conference on Internet measurement
An empirical study of orphan DNS servers in the internet
IMC '10 Proceedings of the 10th ACM SIGCOMM conference on Internet measurement
Identifying suspicious activities through DNS failure graph analysis
ICNP '10 Proceedings of the The 18th IEEE International Conference on Network Protocols
Detecting malware domains at the upper DNS hierarchy
SEC'11 Proceedings of the 20th USENIX conference on Security
Monitoring the initial DNS behavior of malicious domains
Proceedings of the 2011 ACM SIGCOMM conference on Internet measurement conference
DNS Traffic Analysis: Issues of IPv6 and CDN
SAINT '12 Proceedings of the 2012 IEEE/IPSJ 12th International Symposium on Applications and the Internet
An empirical reexamination of global DNS behavior
Proceedings of the ACM SIGCOMM 2013 conference on SIGCOMM
| Hi-index | 0.00 |
We analyze domain name system (DNS) errors (i.e., ServFail, Refused and NX Domain errors) in DNS traffic captured at an external connection link of an academic network in Japan and attempt to understand the causes of such errors. Because DNS errors that are responses to erroneous queries have a large impact on DNS traffic, we should reduce as many of them as possible. First, we show that ServFail and Refused errors are generated by queries from a small number of local resolvers and authoritative nameservers that do not relate to ordinary users. Second, we demonstrate that NX Domain errors have several query patterns due to mostly anti-virus/anti-spam systems as well as meaningless queries (i.e., mis-configuration). By analyzing erroneous queries leading to NX Domain errors with the proposed heuristic rules to identify the main causes of such errors, we successfully classify them into nine groups that cover approximately 90% of NX Domain errors with a low false positive rate. Furthermore, we find malicious domain names similar to Japanese SNS sites from the results. We discuss the main causes of these DNS errors and how to reduce them from the results of our analysis.