Detecting DNS Root Manipulation
نویسندگان
چکیده
We present techniques for detecting unauthorized DNS root servers in the Internet using primarily endpoint-based measurements from RIPE Atlas, supplemented with BGP routing announcements from RouteViews and RIPE RIS. The first approach analyzes the latency to the root server and the second approach looks for route hijacks. We demonstrate the importance and validity of these techniques by measuring the only root server (“B”) not widely distributed using anycast. Our measurements establish the presence of several DNS proxies and a DNS root mirror.
منابع مشابه
Detecting Active Bot Networks Based on DNS Traffic Analysis
Abstract—One of the serious threats to cyberspace is the Bot networks or Botnets. Bots are malicious software that acts as a network and allows hackers to remotely manage and control infected computer victims. Given the fact that DNS is one of the most common protocols in the network and is essential for the proper functioning of the network, it is very useful for monitoring, detecting and redu...
متن کاملGlobal Measurement of DNS Manipulation
Despite the pervasive nature of Internet censorship and the continuous evolution of how and where censorship is applied, measurements of censorship remain comparatively sparse. Understanding the scope, scale, and evolution of Internet censorship requires global measurements, performed at regular intervals. Unfortunately, the state of the art relies on techniques that, by and large, require user...
متن کاملDNS measurements at a root server
The Domain Name System (DNS) domain names to be used in network transactions (email, web requests, etc.) instead of IP addresses. The root of the DNS distributed database is managed by 13 root nameservers. We passively measure the performance of one of them: F.root-servers.net. These measurements show an astounding number of bogus queries: from 60-85% of observed queries were repeated from the ...
متن کاملDecreasing Access Time to Root Servers by Running One on Loopback
Some DNS recursive resolvers have longer-than-desired round-trip times to the closest DNS root server. Some DNS recursive resolver operators want to prevent snooping of requests sent to DNS root servers by third parties. Such resolvers can greatly decrease the round-trip time and prevent observation of requests by running a copy of the full root zone on a loopback address (such as 127.0.0.1). T...
متن کاملOn the problem of optimization of DNS root servers’ placement
The Domain Name System (DNS) is a critical component of the modern Internet. It provides a critical link between human users and Internet routing infrastructure by mapping host names to IP addresses. The DNS is a hierarchy of distributed system of servers anchored at 13 DNS root servers. In this paper we examine the macroscopic connectivity between the DNS root servers and the worldwide populat...
متن کامل