Top

Published in:

2020 | OriginalPaper | Chapter

When Parents and Children Disagree: Diving into DNS Delegation Inconsistency

Authors : Raffaele Sommese, Giovane C. M. Moura, Mattijs Jonker, Roland van Rijswijk-Deij, Alberto Dainotti, K. C. Claffy, Anna Sperotto

Published in: Passive and Active Measurement

Publisher: Springer International Publishing

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

The Domain Name System (DNS) is a hierarchical, decentralized, and distributed database. A key mechanism that enables the DNS to be hierarchical and distributed is delegation [7] of responsibility from parent to child zones—typically managed by different entities. RFC1034 [12] states that authoritative nameserver (NS) records at both parent and child should be “consistent and remain so”, but we find inconsistencies for over 13M second-level domains. We classify the type of inconsistencies we observe, and the behavior of resolvers in the face of such inconsistencies, using RIPE Atlas to probe our experimental domain configured for different scenarios. Our results underline the risk such inconsistencies pose to the availability of misconfigured domains.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

previous chapter Counterfighting Counterfeit: Detecting and Taking down Fraudulent Webshops at a ccTLD

next chapter A First Comparative Characterization of Multi-cloud Connectivity in Today’s Internet

Available only for authorised users

This covers 96% of names with disjoint NSSets, the remaining 4% are indeterminate due to unresolvable names in the NSSets.

Almond, C.: CNAME at the apex of a zone. https://www.isc.org/blogs/cname-at-the-apex-of-a-zone/

CZ.NIC: Knot Resolver. https://www.knot-resolver.cz

DENIC AG: Statistics of .de domains, 22 October 2019. https://www.denic.de/en/know-how/statistics/l

DNS OARC: Root zone archive. https://www.dns-oarc.net/oarc/data/zfr/root (Jan 2020)

Elz, R., Bush, R.: Clarifications to the DNS specification. RFC 2181, IETF, July 1997. http://tools.ietf.org/rfc/rfc2181.txt

Hardaker, W.: Child-to-parent synchronization in DNS. RFC 7477, IETF, March 2015. http://tools.ietf.org/rfc/rfc7477.txt

Hoffman, P., Sullivan, A., Fujiwara, K.: DNS terminology. RFC 8499, IETF, November 2018. http://tools.ietf.org/rfc/rfc8499.txt

Hubert, A., Mook, R.: Measures for making DNS more resilient against forged answers. RFC 5452, IETF, January 2009. http://tools.ietf.org/rfc/rfc5452.txt

Internet Systems Consortium: BIND: Berkeley Internet Name Domain. https://www.isc.org/bind/

10.

Kristoff, J.: DNS inconsistency (2018). https://blog.apnic.net/2018/08/29/dns-inconsistency/

11.

Liu, D., Hao, S., Wang, H.: All your DNS records point to us: understanding the security threats of dangling DNS records. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, CCS 2016, pp. 1414–1425. ACM, New York (2016). https://doi.org/10.1145/2976749.2978387

12.

Mockapetris, P.: Domain names - concepts and facilities. RFC 1034, IETF, November 1987. http://tools.ietf.org/rfc/rfc1034.txt

13.

Moura, G.C.M., Heidemann, J., Müller, M., de Schmidt, R.O., Davids, M.: When the dike breaks: dissecting DNS defenses during DDoS. In: Proceedings of the ACM Internet Measurement Conference, October 2018. https://doi.org/10.1145/3278532.3278534

14.

Moura, G.C.M., Heidemann, J., de Schmidt, R.O., Hardaker, W.: Cache me if you can: effects of DNS time-to-live (extended). In: Proceedings of the ACM Internet Measurement Conference. ACM, Amsterdam, October 2019. https://doi.org/10.1145/3355369.3355568. p. to appear

15.

Müller, M., Moura, G.C.M., de Schmidt, R.O., Heidemann, J.: Recursives in the wild: engineering authoritative DNS servers. In: Proceedings of the ACM Internet Measurement Conference, London, UK, pp. 489–495 (2017). https://doi.org/10.1145/3131365.3131366

16.

NLnet Labs: Unbound, March 2019. https://unbound.net/

17.

Pappas, V., Wessels, D., Massey, D., Lu, S., Terzis, A., Zhang, L.: Impact of configuration errors on DNS robustness. IEEE J. Sel. Areas Commun. 27(3), 275–290 (2009)CrossRef

18.

PowerDNS: PowerDNS Recursor. https://www.powerdns.com/recursor.html

19.

van Rijswijk-Deij, R., Sperotto, A., Pras, A.: DNSSEC and its potential for DDoS attacks: a comprehensive measurement study. In: Proceedings of the 2014 ACM Conference on Internet Measurement Conference, IMC, pp. 449–460. ACM, November 2014

20.

RIPE Ncc Staff: RIPE Atlas: a global internet measurement network. Internet Protocol J. (IPJ) 18(3), 2–26 (2015)

21.

RIPE Network Coordination Centre: RIPE Atlas (2015). https://atlas.ripe.net

22.

Root Zone file: Root, February 2019. http://www.internic.net/domain/root.zone

23.

van Rijswijk-Deij, R., Jonker, M., Sperotto, A., Pras, A.: A high-performance, scalable infrastructure for large-scale active DNS measurements. IEEE J. Sel. Areas Commun. 34(6), 1877–1888 (2016). https://doi.org/10.1109/JSAC.2016.2558918CrossRef

Title: When Parents and Children Disagree: Diving into DNS Delegation Inconsistency
Authors: Raffaele Sommese
Giovane C. M. Moura
Mattijs Jonker
Roland van Rijswijk-Deij
Alberto Dainotti
K. C. Claffy
Anna Sperotto
Publisher: Springer International Publishing
Book: Passive and Active Measurement
Print ISBN: 978-3-030-44080-0

Electronic ISBN: 978-3-030-44081-7

Copyright Year: 2020
DOI: https://doi.org/10.1007/978-3-030-44081-7_11

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Premium Partner