Resolvers Revealed: Characterizing DNS Resolvers and their Clients

The Domain Name System (DNS) allows clients to use resolvers, sometimes called caches, to query a set of authoritative servers to translate host names into IP addresses. Prior work has proposed using the interaction between these DNS resolvers and the authoritative servers as an access control mecha...

Full description

Saved in:
Bibliographic Details
Published in:ACM transactions on Internet technology 2013-07, Vol.12 (4), p.1-17
Main Authors: Shue, Craig A., Kalafut, Andrew J.
Format: Article
Language:English
Subjects:
Access control
Clients
Domain names
Internet
IP (Internet Protocol)
Query processing
Resolvers
Servers
Citations: Items that this one cites
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:The Domain Name System (DNS) allows clients to use resolvers, sometimes called caches, to query a set of authoritative servers to translate host names into IP addresses. Prior work has proposed using the interaction between these DNS resolvers and the authoritative servers as an access control mechanism. However, while prior work has examined the DNS from many angles, the resolver component has received little scrutiny. Essential factors for using a resolver in an access control system, such as whether a resolver is part of an ISP’s infrastructure or running on an end-user’s system, have not been examined. In this study, we examine DNS resolver behavior and usage, from query patterns and reactions to nonstandard responses to passive association techniques to pair resolvers with their client hosts. In doing so, we discover evidence of security protocol support, misconfigured resolvers, techniques to fingerprint resolvers, and features for detecting automated clients. These measurements can influence the implementation and design of these resolvers and DNS-based access control systems.
ISSN:1533-5399
1557-6051
DOI:10.1145/2499926.2499928