The root server is at the top of the domain name hierarchical structure. To improve root service performance, each root deploys anycast nodes worldwide. What is the actual service performance of these nodes after deployment? We analyze the service performance of the root anycast nodes deployed in China based on the active measurement data detected by the VPs of different ISPs in different geographical locations. From the analysis, we find that the resolution performance of the roots with anycast nodes deployed in China is higher than that of roots without deployment. However, users of different operators have significant differences in accessing the root servers, such as parsing time, hitting anycast nodes, and most anycast nodes only providing services for one operator, limiting the service scope and reducing the service performance. The analysis results can help the root management and introduction institutions master the actual service status of the root servers, which can be used to optimize the performance of the existing root anycast nodes and provide a basis for deploying new root anycast nodes in the next step. Finally, we find that 67 top-level domain names are hijacked on the resolution path based on the measured data.
A large number of domains are abused every day for cybercrime. At the same time, the fight against abusive domains is not the fight of one person or organization but a battle that requires the cooperation of the entire community. However, very little research has been done to quantify the positive benefits of this strategy for dealing with abusive domains. As a result, using pornography and gambling domain names as examples, we present the first empirical study evaluating the usability and effectiveness of all Internet entities (e.g., registrars and hosting providers) in the DNS ecosystem for receiving and handling abusive domain reports. First, the paper thoroughly demonstrates the mechanisms for receiving and handling abusive domain reports at various Internet entities in China. Second, we select and report the appropriate 2433 abusive domains to 43 service providers across six categories of Internet entities. Finally, we discover the methods and response time used by each Internet entity to handle abuse reports based on the changes in reported domains. Based on the above data, we analyze and evaluate the effectiveness of Internet entities in dealing with abusive domains. Moreover, we indicate the scope of protection and disadvantages of each method, i.e., whether the abusive domain can escape handling. The paper aims to provide a more detailed overview and reference for the security communities, service providers, and Internet entities concerned with dealing with abusive domains.
Millions of new domain names are registered every day, but a large proportion of them are malicious and usually discovered and blacklisted after the crime has been committed. In order to improve the security of domain name registration, this paper proposes a lightweight detection method based on the AdaBoost to identify malicious domain names, which focuses on proactively detecting malicious domain names by exploring the abnormal WHOIS records. The domain name registries and registrars can adopt the proposed method as the first layer of defense to identify malicious domains on the domain registration stage. Extensive experiments on a large-scale database demonstrate that the proposed approach achieves satisfactory results on various malicious domain names.
DNS filtering is the practice of blocking access to certain sites for a specific purpose, often content-based filtering. Unlike previous studies that focused on the behavior of national-level DNS filtering itself (e.g., location of filtering devices), we demonstrate and evaluate in depth the impact of DNS filtering on different types (public, ISP, and open) of DNS resolvers in the censored networks. In particular, we actively send DNS queries for 83 well-selected domain names to three types of DNS resolvers and keep track of the resolvers’ responses changing over time and space in China. Here, we present the results of our system running for 40 days, during which we obtained a total of 1.7 billion DNS records. Using these collected data, we found that specific DNS resolvers are unaffected by DNS filtering devices and can respond with the correct IP addresses for particular blocked domains. Furthermore, we revealed that three factors should be considered to evaluate the impact of a country-level DNS filtering mechanism: DNS resolver, client location, and blocked domain. Finally, we propose and implement a system to identify the correct IP addresses of blocked domain names in censored networks based on the characteristics of country-level DNS filtering.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
hi@scite.ai
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.