域名系统测量研究综述
作者:
作者简介:

刘文峰(1992-),男,博士生,主要研究领域为域名系统,区块链.
张宇(1979-),男,博士,副教授,CCF高级会员,主要研究领域为互联网基础设施安全,网络拓扑测量,未来网络体系.
张宏莉(1973-),女,博士,教授,博士生导师,CCF专业会员,主要研究领域为网络信息安全, 信息内容安全.
方滨兴(1960-),男,博士,教授,博士生导师,CCF会士,主要研究领域为网络信息安全, 信息内容安全.

通讯作者:

张宇,yuzhang@hit.edu.cn

中图分类号:

TP393

基金项目:

国家重点研发计划 (SQ2018YFB1800702, 2016YFB0801303)


Survey on Domain Name System Measurement Research
Author:
Fund Project:

National Key Research and Development Project (SQ2018YFB1800702, 2016YFB0801303)

  • 摘要
  • | |
  • 访问统计
  • |
  • 参考文献 [150]
  • |
  • 相似文献 [20]
  • | | |
  • 文章评论
    摘要:

    域名系统(domain name system, DNS)测量研究是深入理解DNS的重要研究方式. 从组件、结构、流量、安全4个方面对近30年 (1992–2019) 的DNS测量研究工作梳理出18个主题. 首先, 介绍组件测量, 组件有解析器和权威服务器两种, 解析器测量包括公共解析器、开放解析器、解析器缓存、解析器选择策略4个主题, 权威服务器包括性能、任播部署、托管、误配置4个主题. 其次, 阐述结构测量, 包括桩解析器与解析器的依赖结构、解析器间依赖结构、域名解析依赖结构3个主题. 然后, 描述流量测量, 包括查询流量特征、异常根查询流量、流量拦截共3个主题. 最后综述了安全测量, 包括DNSSEC代价与隐患、DNSSEC部署进展、加密DNS部署、恶意域名检测4个主题.

    Abstract:

    Domain name system (DNS) measurement research is an important way to understand DNS. This paper reviews the DNS measurement work during 1992 and 2019 on 18 topics from four aspects of components, structure, traffic, and security. Firstly, in the aspect of components, the four resolver-related topics are on public resolver, open resolver, resolver caching, and resolver selection policy; the four authoritative-server-related topics are on performance, anycast deployment, hosting, and misconfigurations. Secondly, in the aspect of structure, there are three topics: the dependency structure between stub resolvers and resolvers, the dependency structure of resolvers, and the dependency structure of domain name resolution. Then, in the aspect of traffic, there are three topics: query traffic characteristics, abnormal root query traffic, and traffic interception. Moreover, in the aspect of security, there are four topics: DNSSEC cost and risk, DNSSEC deployment, DNS encryption deployment, and malicious domain name detection. Finally, future research topics are discussed.

    参考文献
    [1] Root server lists. https://root-servers.org
    [2] Verisign domain name industry brief Q1 2020. https://www.verisign.com/assets/domain-name-report-Q12020.pdf
    [3] DNS related RFCs. https://www.statdns.com/rfc
    [4] Brownlee N, Claffy K, Nemeth E. DNS Root/gTLD performance measurements. In: Proc. of the Passive and Active Measurement Workshop. USENIX, 2001. 241–256.
    [5] Liston R, Srinivasan S, Zegura E. Diversity in DNS performance measures. In: Proc. of the 2nd ACM SIGCOMM Workshop on Internet Measurment. Marseille: ACM, 2002. 19–31. [doi: 10.1145/637201.637204]
    [6] Liang JJ, Jiang J, Duan HX, Li K, Wu JP. Measuring query latency of top level DNS servers. In: Proc. of the 14th Int’l Conf. on Passive and Active Network Measurement. Hong Kong: Springer, 2013. 145–154. [doi: 10.1007/978-3-642-36516-4_15]
    [7] Lee T, Huffaker B, Fomenkov M. On the problem of optimization of DNS root servers’ placement. In: Proc. of the Int’l Workshop on Passive and Active Network Measurement. Springer, 2003.
    [8] Müller M, Moura GCM, de O Schmidt R, Heidemann J. Recursives in the wild: Engineering authoritative DNS servers. In: Proc. of the 2017 Internet Measurement Conf. London: ACM, 2017. 489–495. [doi: 10.1145/3131365.3131366]
    [9] Kührer M, Hupperich T, Bushart J, Rossow C, Holz T. Going wild: Large-scale classification of open DNS resolvers. In: Proc. of the Internet Measurement Conf. Tokyo: ACM, 2015. 355–368. [doi: 10.1145/2815675.2815683]
    [10] US-CERT. Vulnerability note: Multiple DNS implementations vulnerable to cache poisoning. 2008. http://www.kb.cert.org/vuls/id/800113
    [11] Bilge L, Kirda E, Kruegel C, Balduzzi M. EXPOSURE: Finding malicious domains using passive DNS analysis. In: Proc. of the 2011 Network and Distributed System Security Symp. 2011. 1–17.
    [12] Antonakakis M, Perdisci R, Dagon D, Lee W, Feamster N. Building a dynamic reputation system for DNS. In: Proc. of the 19th USENIX Security Symp. Washington: USENIX, 2010. 273–290.
    [13] RSSAC023: History of the root server system. 2016. https://www.icann.org/en/system/files/files/rssac-023-04nov16-en.pdf
    [14] Arends R, Austein R, Larson M, Massey D, Rose S. DNS security introduction and requirements. RFC4033, 2005. [doi: 10.17487/RFC4033]
    [15] Hu Z, Zhu L, Heidemann J, Mankin A, Wessels D, Hoffman P. Specification for DNS over transport layer security (TLS). RFC7858, 2016. [doi: 10.17487/RFC7858]
    [16] Hoffman PE, McManus P. Dns queries over https (DoH). RFC8484, 2018. [doi: 10.17487/RFC8484]
    [17] 王文通, 胡宁, 刘波, 刘欣, 李树栋. DNS安全防护技术研究综述. 软件学报, 2020, 31(7): 2205–2220. http://www.jos.org.cn/1000-9825/6046.htm
    Wang WT, Hu N, Liu B, Liu X, Li SD. Survey on technology of security enhancement for DNS. Ruan Jian Xue Bao/Journal of Software, 2020, 31(7): 2205–2220 (in Chinese with English abstract). http://www.jos.org.cn/1000-9825/6046.htm
    [18] Ramdas A, Muthukrishnan R. A survey on DNS security issues and mitigation techniques. In: Proc. of the 2019 Int’l Conf. on Intelligent Computing and Control Systems (ICCS). Madurai: IEEE, 2019. 781–784. [doi: 10.1109/ICCS45141.2019.9065354]
    [19] 王垚, 胡铭曾, 李斌, 闫伯儒. 域名系统安全研究综述. 通信学报, 2007, 28(9): 91–103.
    Wang Y, Hu MZ, Li B, Yin BR. Survey on domain name system security. Journal on Communications, 2007, 28(9): 91–103 (in Chinese with English abstract). [doi: 10.3321/j.issn: 1000-436x.2007.09.015]
    [20] 胡宁, 邓文平, 姚苏. 互联网DNS安全研究现状与挑战. 网络与信息安全学报, 2017, 3(3): 13–21.
    Hu N, Deng WP, Su Y. Issues and challenges of internet DNS security. Chinese Journal of Network and Information Security, 2017, 3(3): 13–21 (in Chinese with English abstract). [doi: 10.11959/j.issn.2096-109x.2017.00154]
    [21] Otto JS, Sánchez MA, Rula JP, Bustamante FE. Content delivery and the natural evolution of DNS: Remote DNS trends, performance issues and alternative solutions. In: Proc. of the 2012 Internet Measurement Conf. Boston: ACM, 2012. 523–536. [doi: 10.1145/2398776.2398831]
    [22] AquaLab. EdgeScope—sharing the view from a distributed Internet telescope. https://aqualab.cs.northwestern.edu/projects/edgescope-sharing-the-view-from-a-distributed-internet-telescope
    [23] Huang C, Maltz DA, Li J, Greenberg A. Public DNS system and global traffic management. In: Proc. of 2011 INFOCOM 2011. Shanghai: IEEE, 2011. 2615–2623.
    [24] Khosla R, Fahmy S, Hu YC. Content retrieval using cloud-based DNS. In: Proc. of the 2012 IEEE INFOCOM Workshops. Orlando: IEEE, 2012. 1–6. [doi: 10.1109/INFCOMW.2012.6193491]
    [25] Ager B, Mühlbauer W, Smaragdakis G, Uhlig S. Comparing DNS resolvers in the wild. In: Proc. of the 10th ACM SIGCOMM Conf. on Internet Measurement. Melbourne: ACM, 2010. 15–21. [doi: 10.1145/1879141.1879144]
    [26] Kührer M, Hupperich T, Rossow C, Holz T. Exit from hell? Reducing the impact of amplification DDoS attacks. In: Proc. of the 23rd USENIX Security Symp. San Diego: ACM, 2014. 111–125.
    [27] Open resolver project. https://archive.nanog.org/sites/default/files/tue.lightning3.open_resolver.mauch_.pdf
    [28] Dagon D, Provos N, Lee CP, Lee W. Corrupted DNS resolution paths: The rise of a malicious resolution authority. In: Proc. of 2008 Network and Distributed System Security Symp. 2008.
    [29] Klein A, Shulman H, Waidner M. Internet-wide study of DNS cache injections. In: Proc. of the 2017 IEEE Conf. on Computer Communications. Atlanta: IEEE, 2017. 1–9. [doi: 10.1109/INFOCOM.2017.8057202]
    [30] Jung J, Sit E, Balakrishnan H, Morris R. DNS performance and the effectiveness of caching. IEEE/ACM Transactions on Networking, 2002, 10(5): 589–603. [doi: 10.1109/TNET.2002.803905]
    [31] Bhatti SN, Atkinson R. Reducing DNS caching. In: Proc. of the 2011 IEEE Conf. on Computer Communications Workshops. Shanghai: IEEE, 2011. 792–797. [doi: 10.1109/INFCOMW.2011.5928919]
    [32] Gao HY, Yegneswaran V, Chen Y, Porras P, Ghosh S, Jiang J, Duan HX. An empirical reexamination of global DNS behavior. ACM SIGCOMM Computer Communication Review, 2013, 43(4): 267–278. [doi: 10.1145/2534169.2486018]
    [33] Fujiwara K, Sato A, Yoshida K. DNS traffic analysis: Issues of IPv6 and CDN. In: Proc. of the 12th IEEE/IPSJ Int’l Symp. on Applications and the Internet. Izmir: IEEE, 2012. 129–137. [doi: 10.1109/SAINT.2012.26]
    [34] Callahan T, Allman M, Rabinovich M. On modern DNS behavior and properties. ACM SIGCOMM Computer Communication Review, 2013, 43(3): 7–15. [doi: 10.1145/2500098.2500100]
    [35] Almeida M, Finamore A, Perino D, Vallina-Rodriguez N, Varvello M. Dissecting dns stakeholders in mobile networks. In: Proc. of the 13th Int’l Conf. on Emerging Networking Experiments and Technologies. Incheon: ACM, 2017. 28–34. [doi: 10.1145/3143361.3143375]
    [36] Shafir L, Afek Y, Bremler-Barr A, Peleg N, Sabag M. DNS negative caching in the wild. In: Proc. of the 2019 ACM SIGCOMM Conf. on Posters and Demos. Beijing: ACM, 2019. 143–145. [doi: 10.1145/3342280.3342338]
    [37] Schomp K, Callahan T, Rabinovich M, Allman M. On measuring the client-side DNS infrastructure. In: Proc. of the 2013 Internet Measurement Conf. Barcelona: ACM, 2013. 77–90. [doi: 10.1145/2504730.2504734]
    [38] Shue CA, Kalafut AJ, Allman M, Taylor CR. On building inexpensive network capabilities. ACM SIGCOMM Computer Communication Review, 2012, 42(2): 72–79. [doi: 10.1145/2185376.2185386]
    [39] Pang J, Akella A, Shaikh A, Krishnamurthy B, Seshan S. On the responsiveness of DNS-based network control. In: Proc. of the 4th ACM SIGCOMM Conf. on Internet Measurement. Taormina: ACM, 2004. 21–26. [doi: 10.1145/1028788.1028792]
    [40] Wills CE, Mikhailov M, Shang H. Inferring relative popularity of internet applications by actively querying DNS caches. In: Proc. of the 3rd ACM SIGCOMM Conf. on Internet Measurement. Miami Beach: ACM, 2003. 78–90. [doi: 10.1145/948205.948216]
    [41] Rajab MA, Monrose F, Terzis A, Provos N. Peeking through the cloud: DNS-based estimation and its applications. In: Proc. of the 6th Int’l Conf. on Applied Cryptography and Network Security. New York: Springer, 2008. 21–38. [doi: 10.1007/978-3-540-68914-0_2]
    [42] Ma XB, Zhang JJ, Li ZH, Li JF, Tao J, Guan XH, Lui JCS, Towsley D. Accurate DNS query characteristics estimation via active probing. Journal of Network and Computer Applications, 2015, 47: 72–84. [doi: 10.1016/j.jnca.2014.09.016]
    [43] Gummadi KP, Saroiu S, Gribble SD. King: Estimating latency between arbitrary Internet end hosts. In: Proc. of the 2nd ACM SIGCOMM Workshop on Internet Measurment. Marseille: ACM, 2002. 5–18. [doi: 10.1145/637201.637203]
    [44] Leonard D, Loguinov D. Turbo king: Framework for large-scale internet delay measurements. In: Proc. of the 27th Conf. on Computer Communications. Phoenix: IEEE, 2008. 31–35. [doi: 10.1109/INFOCOM.2008.15]
    [45] Wang YA, Huang C, Li J, Ross KW. Queen: Estimating packet loss rate between arbitrary internet hosts. In: Proc. of the 10th Int’l Conf. on Passive and Active Network Measurement. Seoul: Springer, 2009. 57–66. [doi: 10.1007/978-3-642-00975-4_6]
    [46] Elz R, Bush R, Bradner SO, Patton MA. Selection and operation of secondary DNS servers. RFC 2182, 1997. [doi: 10.17487/RFC2182]
    [47] Wessels D, Fomenkov M, Brownlee N, Claffy K. Measurements and laboratory simulations of the upper DNS hierarchy. In: Proc. of the 5th Int’l Workshop on Passive and Active Network Measurement. Antibes Juan-les-Pins: Springer, 2004. 147–157. [doi: 10.1007/978-3-540-24668-8_15]
    [48] Yu YD, Wessels D, Larson M, Zhang LX. Authority server selection in DNS caching resolvers. ACM SIGCOMM Computer Communication Review, 2012, 42(2): 80–86. [doi: 10.1145/3310165.3310175]
    [49] Cho K, Kato A, Nakamura Y, Somegawa R, Sekiya Y, Jinmei T, Suzuki S, Murai J. A study on the performance of the root name servers. http://mawi.wide.ad.jp/mawi/dnsprobe
    [50] Brownlee N. Root/gTLD DNS performance plots. http://www.caida.org/cgi-bin/dns_perf/main.pl
    [51] Yuchi X, Wang X, Li XD, Yan BP. DNS measurements at the. CN TLD servers. In: Proc. of the 6th Int’l Conf. on Fuzzy Systems and Knowledge Discovery. IEEE, 2009. 540–545.
    [52] Sebastien Ailleret. Web crawler généraliste. http://larbin.sourceforge.net
    [53] Liu ZQ, Huffaker B, Fomenkov M, Brownlee N, Claffy K. Two days in the life of the DNS anycast root servers. In: Proc. of the 8th Int’l Conf. on Passive and Active Network Measurement. Louvain-la-neuve: Springer, 2007. 125–134. [doi: 10.1007/978-3-540-71617-4_13]
    [54] Sarat S, Pappas V, Terzis A. On the use of anycast in DNS. In: Proc. of the 15th Int’l Conf. on Computer Communications and Networks. Arlington: IEEE, 2006. 71–78. [doi: 10.1109/ICCCN.2006.286248]
    [55] PlanetLab. https://developers.planet.com/devtrial/
    [56] Moura GCM, de O Schmidt R, Heidemann J, de Vries WB, Muller M, Wei L, Hesselman C. Anycast vs. DDoS: Evaluating the November 2015 root DNS event. In: Proc. of the 2016 Internet Measurement Conf. Santa Monica: ACM, 2016. 255–270. [doi: 10.1145/2987443.2987446]
    [57] RIPE Atlas. https://atlas.ripe.net
    [58] Yan H, Oliveira R, Burnett K, Matthews D, Zhang LX, Massey D. BGPmon: A real-time, scalable, extensible monitoring system. In: Proc. of the 2009 Cybersecurity Applications & Technology Conf. for Homeland Security (CATCH). Washington: IEEE, 2009. 212–223. [doi: 10.1109/CATCH.2009.28]
    [59] Fan X, Heidemann J, Govindan R. Evaluating anycast in the domain name system. In: Proc. of the 2013 IEEE INFOCOM. Turin: IEEE, 2013. 1681–1689. [doi: 10.1109/INFCOM.2013.6566965]
    [60] Kreibich C, Weaver N, Nechaev B, Paxson V. Netalyzr: Illuminating the edge network. In: Proc. of the 10th ACM SIGCOMM Conf. on Internet Measurement. Melbourne: ACM, 2010. 246–259. [doi: 10.1145/1879141.1879173]
    [61] AS112 Project. 2018. https://www.as112.net
    [62] Gao ZY, Venkataramani A. Measuring update performance and consistency anomalies in managed DNS services. In: Proc. of the 2019 IEEE Conf. on Computer Communications. Paris: IEEE, 2019. 2206–2214. [doi: 10.1109/INFOCOM.2019.8737568]
    [63] Allman M. Comments on DNS Robustness. In: Proc. of the 2018 Internet Measurement Conf. Boston: ACM, 2018. 84–90.
    [64] Abhishta A, van Rijswijk-Deij R, Nieuwenhuis LJM. Measuring the impact of a successful DDoS attack on the customer behaviour of managed DNS service providers. ACM SIGCOMM Computer Communication Review, 2019, 48(5): 70–76. [doi: 10.1145/3310165.3310175]
    [65] Rijswijk-Deij RV, Jonker M, Sperotto A, Pras A. A high-performance, scalable infrastructure for large-scale active DNS measurements. IEEE Journal on Selected Areas in Communications, 2016, 34(6): 1877–1888. [doi: 10.1109/JSAC.2016.2558918]
    [66] Open INTEL. Active DNS measurement project. https://openintel.nl
    [67] Pappas V, Xu ZG, Lu SW, Massey D, Terzis A, Zhang LX. Impact of configuration errors on DNS robustness. ACM SIGCOMM Computer Communication Review, 2004, 34(4): 319–330. [doi: 10.1145/1030194.1015503]
    [68] Kalafut AJ, Shue CA, Gupta M. Touring DNS open houses for trends and configurations. IEEE/ACM Transactions on Networking, 2011, 19(6): 1666–1675. [doi: 10.1109/TNET.2011.2130537]
    [69] Deccio C, Sedayao J, Kant K, Mohapatra P. Measuring availability in the domain name system. In: Proc. of the 2010 IEEE INFOCOM. San Diego: IEEE, 2010. 1–5. [doi: 10.1109/INFCOM.2010.5462270]
    [70] Kalafut AJ, Gupta M, Cole CA, Chen L, Myers NE. An empirical study of orphan DNS servers in the internet. In: Proc. of the 10th ACM SIGCOMM Conf. on Internet Measurement. Melbourne: ACM, 2010. 308–314. [doi: 10.1145/1879141.1879182]
    [71] Korczyński M, Król M, van Eeten M. Zone poisoning: The how and where of non-secure DNS dynamic updates. In: Proc. of the 2016 Internet Measurement Conf. Santa Monica: ACM, 2016. 271–278. [doi: 10.1145/2987443.2987477]
    [72] Farsight Security: DNS Database (DNS-DB). https://www.dnsdb.info
    [73] Internet wide scan data repository: DNS records (ANY). https://scans.io/study/sonar.fdns
    [74] Colajanni M, Yu PS, Cardellini V. Dynamic load balancing in geographically distributed heterogeneous web servers. In: Proc. of the 18th Int’l Conf. on Distributed Computing Systems. Amsterdam: IEEE, 1998. 295–302. [doi: 10.1109/ICDCS.1998.679729]
    [75] Rabinovich M, Spatscheck O. Web caching and replication. SIGMOD Record, 2003, 32(4): 107–108.
    [76] Alzoubi HA, Rabinovich M, Spatscheck O. The anatomy of LDNS clusters: Findings and implications for Web content delivery. In: Proc. of the 22nd Int’l Conf. on World Wide Web. Rio de Janeiro: ACM, 2013. 83–94. [doi: 10.1145/2488388.2488397]
    [77] Mao ZM, Cranor CD, Douglis F, Rabinovich M, Spatscheck O, Wang J. A precise and efficient evaluation of the proximity between Web clients and their local DNS servers. In: Proc. of the General Track: 2002 USENIX Annual Technical Conf. 2002. 229–242.
    [78] Krishnan R, Madhyastha HV, Srinivasan S, Jain S, Krishnamurthy A, Anderson T, Gao J. Moving beyond end-to-end path information to optimize CDN performance. In: Proc. of the 9th ACM SIGCOMM Conf. on Internet Measurement. 2009. 190–201.
    [79] Shaikh A, Tewari R, Agrawal M. On the effectiveness of DNS-based server selection. In: Proc. of the 2001 IEEE Conf. on Computer Communications. the 20th Annual Joint Conf. of the IEEE Computer and Communications Society. Anchorage: IEEE, 2001. 1801–1810. [doi: 10.1109/INFCOM.2001.916678]
    [80] Contavalli C, van der Gaast W, Lawrence D, Kumari W. Client subnet in DNS queries. RFC 7871, 2016. [doi: 10.17487/RFC7871]
    [81] Chen FF, Sitaraman RK, Torres M. End-user mapping: Next generation request routing for content delivery. ACM SIGCOMM Computer Communication Review, 2015, 45(4): 167–181. [doi: 10.1145/2829988.2787500]
    [82] Leonard D, Loguinov D. Demystifying service discovery: Implementing an internet-wide scanner. In: Proc. of the 10th ACM SIGCOMM Conf. on Internet Measurement. Melbourne: ACM, 2010. 109–122. [doi: 10.1145/1879141.1879156]
    [83] Sisson G. DNS survey: October 2010. http://dns.measurement-factory.com/surveys/201010. [2020-07-04].
    [84] Ramasubramanian V, Sirer EG. Perils of transitive trust in the domain name system. In: Proc. of the 5th ACM SIGCOMM Conf. on Internet Measurement. Berkeley: ACM, 2005. 379–384.
    [85] Open Directory Project, Web directory of high-quality resources. http://www.odp.org
    [86] 江健. 互联网域名系统授权机制中不一致和多重依赖问题研究[博士学位论文]. 北京: 清华大学, 2013.
    Jiang J. Research on inconsistent and multiple dependence in the authorization mechanism of internet domain name system [Ph.D. Thesis]. Beijing: Tsinghua University, 2013 (in Chinese with English abstract).
    [87] Liu WF, Zhang Y, Li YY, Fang BX. Modeling, measuring, and analyzing the resolution process of popular domains. In: Proc. of the 2019 IEEE Int’l Conf. on Communications (ICC). Shanghai: IEEE, 2019. 1–7. [doi: 10.1109/ICC.2019.8761698]
    [88] Deccio C, Sedayao J, Kant K, Mohapatra P. Quantifying dns namespace influence. Computer Networks, 2012, 56(2): 780–794. [doi: 10.1016/j.comnet.2011.11.005]
    [89] Jiang J, Zhang J, Duan HX, Li K, Liu W. Analysis and measurement of zone dependency in the domain name system. In: Proc. of the 2018 IEEE Int’l Conf. on Communications (ICC). Kansas City: IEEE, 2018. 1–7. [doi: 10.1109/ICC.2018.8422602]
    [90] Pang J, Hendricks J, Akella A, De Prisco R, Maggs B, Seshan S. Availability, usage, and deployment characteristics of the domain name system. In: Proc. of the 4th ACM SIGCOMM Conf. on Internet Measurement. Taormina: ACM, 2004. 1–14. [doi: 10.1145/1028788.1028790]
    [91] Castro S, Wessels D, Fomenkov M, Claffy K. A day at the root of the internet. ACM SIGCOMM Computer Communication Review, 2008, 38(5): 41–46. [doi: 10.1145/1452335.1452341]
    [92] Castro S, Zhang M, John W, Wessels D, Claffy K. Understanding and preparing for DNS evolution. In: Proc. of the 2nd Int’l Workshop on Traffic Monitoring and Analysis. Zurich: Springer, 2010. 1–16. [doi: 10.1007/978-3-642-12365-8_1]
    [93] Wessels D, Fomenkov M. Wow, that’s a lot of packets. Int’l Workshop on Passive and Active Network Measurement. Springer. 2003.
    [94] IANA. List of valid TLD. http://data.iana.org/TLD/tlds-alpha-by-domain.txt
    [95] Brownlee N, Claffy KC, Nemeth E. DNS measurements at a root server. In: Proc. of the 2001 IEEE Global Telecommunications Conf. San Antonio: IEEE, 2001. 1672–1676. [doi: 10.1109/GLOCOM.2001.965864]
    [96] DNS OARC. DITL traces and analysis. https://www.dns-oarc.net/oarc/data/ditl/2017
    [97] Wessels D. Is your caching resolver polluting the internet? In: Proc. of the ACM SIGCOMM Workshop on Network Troubleshooting: Research, Theory and Operations Practice Meet Malfunctioning Reality. Portland: ACM, 2004. 271–276.
    [98] Broido A, Nemeth E, Claffy K. Spectroscopy of private DNS update sources. In: Proc. the 3rd IEEE Workshop on Internet Applications. San Jose: IEEE, 2003. 19–29. [doi: 10.1109/WIAPP.2003.1210282]
    [99] Abley J, Sotomayor W. AS112 nameserver operations. RFC7534, 2015.
    [100] Jeong SH, Kang AR, Kim J, Kim HK, Mohaisen A. A longitudinal analysis of. i2p leakage in the public DNS infrastructure. In: Proc. of the 2016 ACM SIGCOMM Conf. Florianopolis: ACM, 2016. 557–558. [doi: 10.1145/2934872.2960423]
    [101] Danzig PB, Obraczka K, Kumar A. An analysis of wide-area name server traffic: A study of the Internet Domain Name System. ACM SIGCOMM Computer Communication Review, 1992, 22(4): 281–292. [doi: 10.1145/144191.144301]
    [102] Lentz M, Levin D, Castonguay J, Spring N, Bhattacharjee B. D-mystifying the D-root address change. In: Proc. of the 2013 Internet Measurement Conf. Barcelona: ACM, 2013. 57–62. [doi: 10.1145/2504730.2504772]
    [103] Barber P, Larson M, Kosters M, Toscano P. Life and times of J-root. In: Proc. of the North American Network Operators’ Group (NANOG) Archive. 2004.
    [104] Manning B. Persistent queries and phantom nameservers. In: Proc. of the CAIDA-WIDE Workshop. 2006.
    [105] Khattak S, Javed M, Khayam SA, Uzmi ZA, Paxson V. A look at the consequences of internet censorship through an ISP lens. In: Proc. of the 2014 Internet Measurement Conf. Vancouver: ACM, 2014. 271–284. [doi: 10.1145/2663716.2663750]
    [106] Anderson C, Winter P, Roya. Global network interference detection over the RIPE Atlas network. In: Proc. of the 4th USENIX Workshop on Free and Open Communications on the Internet. San Diego: USENIX Association, 2014. 1–8.
    [107] Aryan S, Aryan H, Halderman JA. Internet censorship in Iran: A first look. In: Proc. of the 3rd USENIX Workshop on Free and Open Communications on the Internet (FOCI 13). Washington: USENIX Association, 2013. 1–8.
    [108] Chaabane A, Chen T, Cunche M, De Cristofaro E, Friedman A, Kaafar MA. Censorship in the wild: Analyzing Internet filtering in Syria. In: Proc. of 2014 Internet Measurement Conf. Vancouver: ACM, 2014. 285–298. [doi: 10.1145/2663716.2663720]
    [109] Jones B, Feamster N, Paxson V. Detecting DNS root manipulation. In: Proc. of the 17th Int’l Conf. on Passive and Active Network Measurement. Heraklion: Springer, 2016. 276–288. [doi: 10.1007/978-3-319-30505-9_21]
    [110] Weaver N, Kreibich C, Nechaev B, Paxson V. Implications of Netalyzr’s DNS measurements. In: Proc. of the 1st Workshop on Securing and Trusting Internet Names (SATIN). 2011.
    [111] Liu BJ, Lu CY, Duan HX, Liu Y, Li Z, Hao S, Yang M. Who is answering my queries: Understanding and characterizing interception of the DNS resolution path. In: Proc. of the 27th USENIX Security Symp. Baltimore: USENIX Association, 2018. 1113–1128.
    [112] Migault D, Girard C, Laurent M. A performance view on DNSSEC migration. In: Proc. of the 2010 Int’l Conf. on Network and Service Management (CNSM). Niagara Falls: IEEE, 2010. 469–474. [doi: 10.1109/CNSM.2010.5691275]
    [113] Kolkman OM. Measuring the resource requirements of DNSSEC. RIPE NCC/NLnet Labs. RIPE NCC, 2005.
    [114] Zhu L, Heidemann J. LDplayer: DNS Experimentation at scale. In: Proc. of the 2018 Internet Measurement Conf. Boston: ACM, 2018. 119–132. [doi: 10.1145/3278532.3278544]
    [115] Ager B, Dreger H, Feldmann A. Predicting the DNSSEC overhead using DNS traces. In: Proc. of the 40th Annual Conf. on Information Sciences and Systems. Princeton: IEEE, 2006. 1484–1489. [doi: 10.1109/CISS.2006.286699]
    [116] Rossow C. Amplification hell: Revisiting network protocols for DDoS abuse. In: Proc. of the 21st Network and Distributed System Security Symp. 2014. [doi: 10.14722/NDSS.2014.23233]
    [117] Van Rijswijk-Deij R, Sperotto A, Pras A. DNSSEC and its potential for DDoS attacks: A comprehensive measurement study. In: Proc. of the 2014 Internet Measurement Conf. Vancouver: ACM, 2014. 449–460. [doi: 10.1145/2663716.2663731]
    [118] DNSSEC deployment timeline. https://www.dnssec-deployment.org/history/timeline
    [119] Sisson G. DNS survey: October 2010. http://dns.measurement-factory.com/surveys/201010/dns_survey_2010.pdf
    [120] Chung T, van Rijswijk-Deij R, Chandrasekaran B, Choffnes DR, Levin D, Maggs BM, Mislove A, Wilson C. A Longitudinal, end-to-end view of the DNSSEC ecosystem. In: Proc. of the 26th USENIX Security Symp. Vancouver: USENIX Association, 2017. 1307–1322.
    [121] State of DNSSEC deployment 2016. https://www.internetsociety.org/wp-content/uploads/2017/08/ISOC-State-of-DNSSEC-Deployment-2016-v1.pdf
    [122] Dai TX, Shulman H, Waidner M. DNSSEC misconfigurations in popular domains. In: Proc. of the 15th Int’l Conf. on Cryptology and Network Security. Milan: Springer, 2016. 651–660. [doi: 10.1007/978-3-319-48965-0_43]
    [123] Wander M. Measurement survey of server-side DNSSEC adoption. In: Proc. of the 2017 Network Traffic Measurement and Analysis Conf. Dublin: IEEE, 2017. 1–9. [doi: 10.23919/TMA.2017.8002913]
    [124] ICANN. TLD DNSSEC report. http://stats.research.icann.org/dns/tld_report
    [125] Guðmundsson Ó, Crocker SD. Observing DNSSEC validation in the wild. In: Securing and Trusting Internet Names (SATIN). 2011.
    [126] Lian W, Rescorla E, Shacham H, Savage S. Measuring the practical impact of DNSSEC deployment. In: Proc. of the 22th USENIX Security Symp. Washington: USENIX Association. 2013. 573–588.
    [127] Yu YD, Wessels D, Larson M, Zhang LX. Check-Repeat: A new method of measuring DNSSEC validating resolvers. In: Proc. of the 2013 IEEE Conf. on Computer Communications Workshops. Turin: IEEE, 2013. 3147–3152. [doi: 10.1109/INFCOMW.2013.6562861]
    [128] Osterweil E, Ryan M, Massey D, Zhang LX. Quantifying the operational status of the dnssec deployment. In: Proc. of the 8th ACM SIGCOMM Conf. on Internet Measurement. Vouliagmeni: ACM, 2008. 231–242. [doi: 10.1145/1452520.1452548]
    [129] Yang H, Osterweil E, Massey D, Lu SW, Zhang LX. Deploying cryptography in Internet-scale systems: A case study on DNSSEC. IEEE Transactions on Dependable and Secure Computing, 2011, 8(5): 656–669. [doi: 10.1109/TDSC.2010.10]
    [130] Chung T, van Rijswijk-Deij R, Choffnes D, Levin D, Maggs BM, Mislove A, Wilson C. Understanding the role of registrars in DNSSEC deployment. In: Proc. of the 2017 Internet Measurement Conf. London: ACM, 2017. 369–383. [doi: 10.1145/3131365.3131373]
    [131] Adrichem NLM, Blenn N, Lúa AR, Wang X, Wasif M, Fatturrahman F, Kuipers FA. A measurement study of DNSSEC misconfigurations. Security Informatics, 2015, 4(1): 8. [doi: 10.1186/S13388-015-0023-Y]
    [132] DNS Census 2013. https://dnscensus2013.neocities.org
    [133] Lu CY, Liu BJ, Li Z, Hao S, Duan HX, Zhang MM, Leng CY, Liu Y, Zhang ZF, Wu JP. An end-to-end, large-scale measurement of DNS-over-encryption: How far have we come? In: Proc. of the 2019 Internet Measurement Conf. Amsterdam: ACM, 2019. 22–35. [doi: 10.1145/3355369.3355580]
    [134] Hao S, Thomas M, Paxson V, Feamster N, Kreibich C, Grier C, Hollenbeck S. Understanding the domain registration behavior of spammers. In: Proc. of the 2013 Internet Measurement Conf. Barcelona: ACM, 2013. 63–76. [doi: 10.1145/2504730.2504753]
    [135] Lauinger T, Onarlioglu K, Chaabane A, Robertson W, Kirda E. WHOIS lost in translation: (Mis) understanding domain name expiration and re-registration. In: Proc. of the 2016 Internet Measurement Conf. Santa Monica: ACM, 2016. 247–253. [doi: 10.1145/2987443.2987463]
    [136] Hao S, Feamster N, Pandrangi R. Monitoring the initial DNS behavior of malicious domains. In: Proc. of the 11th ACM SIGCOMM Internet Measurement Conf. Berlin: ACM, 2011. 269–278. [doi: 10.1145/2068816.2068842]
    [137] Spring JM, Metcalf LB, Stoner E. Correlating domain registrations and DNS first activity in general and for malware. In: Securing and Trusting Internet Names. 2011.
    [138] Farsight Security. Security Information Exchange (SIE). https://www.farsightsecurity.com/solutions/security-information-exchange
    [139] Konte M, Feamster N, Jung J. Dynamics of online scam hosting infrastructure. In: Proc. of the 10th Int’l Conf. on Passive and Active Network Measurement. Seoul: Springer, 2009. 219–228. [doi: 10.1007/978-3-642-00975-4_22]
    [140] Felegyhazi M, Kreibich C, Paxson V. On the potential of proactive domain blacklisting. In: Proc. of the 3rd USENIX Conf. on Large-Scale Exploits and Emergent Threats: Botnets, Spyware, Worms, and More. USENIX Association, 2010.
    [141] Antonakakis M, Perdisci R, Lee W, Vasiloglou N, Dagon D. Detecting malware domains at the upper DNS hierarchy. In: Proc. of the 20th USENIX Conf. on Security Symp. San Francisco: ACM, 2011. 27.
    [142] 张维维, 龚俭, 刘尚东, 胡晓艳. 面向主干网的DNS流量监测. 软件学报, 2017, 28(9): 2370-2387. http://www.jos.org.cn/1000-9825/5186.htm
    Zhang WW, Gong J, Liu SD, Hu XY. DNS surveillance on backbone. Ruan Jian Xue Bao/Journal of Software, 2017, 28(9): 2370-2387 (in Chinese with English abstract). http://www.jos.org.cn/1000-9825/5186.htm
    [143] ITHI. ICANN’s ITHI project. https://ithi.research.icann.org/about.html
    [144] Casalicchio E, Caselli M, Coletta A. Measuring the global domain name system. IEEE Network, 2013, 27(1): 25–31. [doi: 10.1109/MNET.2013.6423188]
    [145] Liu BJ, Lu CY, Li Z, Liu Y, Duan HX, Hao S, Zhang ZF. A reexamination of internationalized domain names: The good, the bad and the ugly. In: Proc. of the 48th Annual IEEE/IFIP Int’l Conf. on Dependable Systems and Networks. Luxembourg: IEEE, 2018. 654–665. [doi: 10.1109/DSN.2018.00072]
    引证文献
    网友评论
    网友评论
    分享到微博
    发 布
引用本文

刘文峰,张宇,张宏莉,方滨兴.域名系统测量研究综述.软件学报,2022,33(1):211-232

复制
分享
文章指标
  • 点击次数:2425
  • 下载次数: 6869
  • HTML阅读次数: 5211
  • 引用次数: 0
历史
  • 收稿日期:2020-07-05
  • 最后修改日期:2020-11-10
  • 在线发布日期: 2021-01-15
  • 出版日期: 2022-01-06
文章二维码
您是第20229263位访问者
版权所有:中国科学院软件研究所 京ICP备05046678号-3
地址:北京市海淀区中关村南四街4号,邮政编码:100190
电话:010-62562563 传真:010-62562533 Email:jos@iscas.ac.cn
技术支持:北京勤云科技发展有限公司

京公网安备 11040202500063号