More Web Proxy on the site http://driver.im/

research-article

Public Access

ZDNS: a fast DNS toolkit for internet measurement

Authors:

Liz Izhikevich,

Gautam Akiwate,

Spencer Drakontaidis,

Zakir DurumericAuthors Info & Claims

IMC '22: Proceedings of the 22nd ACM Internet Measurement Conference

Pages 33 - 43

https://doi.org/10.1145/3517745.3561434

Published: 25 October 2022 Publication History

Abstract

Active DNS measurement is fundamental to understanding and improving the DNS ecosystem. However, the absence of an extensible, high-performance, and easy-to-use DNS toolkit has limited both the reproducibility and coverage of DNS research. In this paper, we introduce ZDNS, a modular and open-source active DNS measurement framework optimized for large-scale research studies of DNS on the public Internet. We describe ZDNS's architecture, evaluate its performance, and present two case studies that highlight how the tool can be used to shed light on the operational complexities of DNS. We hope that ZDNS will enable researchers to better---and in a more reproducible manner---understand Internet behavior.

Supplementary Material

M4V File (147.m4v)

Presentation video

Download
37.25 MB

References

[1]

2019. 1.1.1.1 Rate Limiting. https://community.cloudflare.com/t/is-there-any-rate-limiting-for-1-1-1-1-dns-queries/137206. (2019).

[2]

2021. Google Public DNS Rate-limiting queries. https://developers.google.com/speed/public-dns/docs/security#rate_limit. (2021).

[3]

2022. Amazon CloudFront. https://aws.amazon.com/cloudfront/. (2022).

[4]

2022. Bind 9. (2022). https://www.isc.org/bind/.

[5]

2022. Censys Search. https://search.censys.io/search. (2022).

[6]

2022. Comodo Certificate Authority. (2022). https://www.comodoca.com.

[7]

2022. dig - Linux Man Page. https://linux.die.net/man/1/dig. (2022).

[8]

2022. Digicert. (2022). https://www.digicert.com.

[9]

2022. DNS Categories. (2022). https://developers.cloudflare.com/cloudflare-one/policies/filtering/dns-policies/dns-categories/.

[10]

2022. Farsight Security. (2022). https://www.farsightsecurity.com.

[11]

2022. Global Traffic Management: How it works. https://techdocs.akamai.com/gtm/docs/how-it-works. (2022).

[12]

2022. MassDNS 0.3. https://github.com/blechschmidt/massdns. (2022).

[13]

2022. Top-Level Domain Zone File Information. https://www.verisign.com/en_US/channel-resources/domain-registry-products/zone-file/index.xhtml. (2022).

[14]

2022. Unbound. https://www.nlnetlabs.nl/projects/unbound/about/. (2022).

[15]

2022. Unbound - RFC Compliance. (2022). https://unbound.docs.nlnetlabs.nl/en/latest/reference/rfc-compliance.html.

[16]

2022. Unbound Issues. (2022). https://github.com/NLnetLabs/unbound/issues.

[17]

2022. Welcome to PowerDNS. (2022). https://www.powerdns.com.

[18]

2022. ZCrypto. (2022). https://github.com/zmap/zcrypto.

[19]

Josh Aas, Richard Barnes, Benton Case, Zakir Durumeric, Peter Eckersley, Alan Flores-López, J Alex Halderman, Jacob Hoffman-Andrews, James Kasten, Eric Rescorla, et al. 2019. Let's Encrypt: an automated certificate authority to encrypt the entire web. In ACM Conference on Computer and Communications Security.

Digital Library

[20]

Danny Adamitis, David Maynor, Warren Mercer, Matthew Olney, and Paul Rascagneres. 2019. DNS Hijacking Abuses Trust In Core Internet Service. (April 2019). https://blog.talosintelligence.com/2019/04/seaturtle.html.

[21]

Gautam Akiwate, Mattijs Jonker, Raffaele Sommese, Ian Foster, Geoffrey M Voelker, Stefan Savage, and KC Claffy. 2020. Unresolved Issues: Prevalence, Persistence, and Perils of Lame Delegations. In Proceedings of the ACM Internet Measurement Conference. 281--294.

Digital Library

[22]

Ludovic Barman, Sandra Siby, Christopher Wood, Marwan Fayed, Nick Sullivan, and Carmela Troncoso. 2022. This is not the padding you are looking for! On the ineffectiveness of QUIC PADDING against website fingerprinting. arXiv preprint arXiv:2203.07806 (2022).

[23]

CAIDA. [n. d.]. Complete Routed-Space DNS Lookups. ([n. d.]). https://www.caida.org/catalog/datasets/complete_dns_lookups_dataset/.

[24]

Taejoong Chung, Roland van Rijswijk-Deij, David Choffnes, Dave Levin, Bruce M Maggs, Alan Mislove, and Christo Wilson. 2017. Understanding the role of registrars in DNSSEC deployment. In ACM Internet Measurement Conference.

Digital Library

[25]

Cloudflare. [n. d.]. 1.1.1.1 - the Internet's fasters, privacy-first DNS resolver. ([n.d.]). https://1.1.1.1/dns/.

[26]

Yana Dimova, Gunes Acar, Lukasz Olejnik, Wouter Joosen, and Tom Van Goethem. 2021. The cname of the game: Large-scale analysis of dns-based tracking evasion. arXiv preprint arXiv:2102.09301 (2021).

[27]

Kristen Dorey. 2017. An Internet-Wide Analysis of Diffie-Hellman Key Exchange and X. 509 Certificates in TLS. (2017).

[28]

Zakir Durumeric, David Adrian, Ariana Mirian, Michael Bailey, and J. Alex Halderman. 2015. A Search Engine Backed by Internet-Wide Scanning. In ACM Computer and Communication Security.

[29]

Zakir Durumeric, Eric Wustrow, and J. Alex Halderman. 2013. ZMap: Fast Internet-Wide Scanning and its Security Applications. In USENIX Security Symposium.

Digital Library

[30]

R. Elz, R. Bush, S. Bradner, and M. Patton. 1997. Selection and Operation of Secondary DNS Servers. IETTF RFC 2182. (1997).

[31]

Let's Encrypt. 2017. Certificate Authority Authorization (CAA). (jul 2017). https://letsencrypt.org/docs/caa/.

[32]

Rahel A Fainchtein, Adam J Aviv, Micah Sherr, Stephen Ribaudo, and Armaan Khullar. 2021. Holes in the Geofence: Privacy Vulnerabilities in "Smart" DNS Services. Privacy Enhancing Technologies (2021).

[33]

Rodérick Fanou, Bradley Huffaker, Ricky Mok, and Kimberly C Claffy. 2020. Unintended consequences: Effects of submarine cable deployment on Internet routing. In Conference on Passive and Active Network Measurement.

[34]

Tobias Fiebig, Kevin Borgolte, Shuang Hao, Christopher Kruegel, and Giovanni Vigna. 2017. Something from nothing (There): collecting global IPv6 datasets from DNS. In Conf. on Passive and Active Network Measurement.

[35]

Tobias Fiebig, Kevin Borgolte, Shuang Hao, Christopher Kruegel, Giovanni Vigna, and Anja Feldmann. 2018. In rDNS we trust: revisiting a common data-source's reliability. In Conference on Passive and Active Network Measurement.

[36]

Miek Gieben. [n. d.]. Alternative (more granular) approach to a DNS library. https://github.com/miekg/dns. ([n. d.]).

[37]

Google. [n. d.]. Google public DNS. ([n. d.]). https://developers.google.com/speed/public-dns.

[38]

Robert David Graham. 2014. MASSCAN: Mass IP port scanner. (2014). https://github.com/robertdavidgraham/masscan.

[39]

Phillip Hallam-Baker and Rob Stradling. 2013. DNS Certification Authority Authorization (CAA) Resource Record. RFC 6844. (Jan. 2013).

Digital Library

[40]

Phillip Hallam-Baker, Rob Stradling, and Jacob Hoffman-Andrews. 2019. DNS Certification Authority Authorization (CAA) Resource Record. RFC 8659. (Nov. 2019).

Digital Library

[41]

P. Hoffman and P. McManus. 2018. DNS Queries over HTTPS (DoH). IETF RFC 8484. (2018).

[42]

P. Hoffman and J. Schlyter. 2012. The DNS-Based Authentication of Named Entities (DANE) Transport Layer Security (TLS) Protocol: TLSA. IETTF RFC 6698. (2012).

[43]

Z. Hu, L. Zhu, J. Heidemann, A. Mankin, D. Wessels, and P. Hoffman. [n. d.]. Specification for DNS over Transport Layer Security (TLS). IETF RFC 7858. ([n. d.]).

[44]

Mattijs Jonker, Alistair King, Johannes Krupp, Christian Rossow, Anna Sperotto, and Alberto Dainotti. 2017. Millions of targets under attack: a macroscopic characterization of the DoS ecosystem. In ACM Internet Measurement Conference.

Digital Library

[45]

Athanasios Kountouras, Panagiotis Kintis, Chaz Lever, Yizheng Chen, Yacin Nadji, David Dagon, Manos Antonakakis, and Rodney Joffe. 2016. Enabling network security through active DNS datasets. In Intl. Symposium on Research in Attacks, Intrusions, and Defenses.

[46]

Brian Krebs. 2019. A Deep Dive on the Recent Widespread DNS Hijacking Attacks. (Feb. 2019). https://krebsonsecurity.com/2019/02/a-deep-dive-on-the-recent-widespread-dns-hijacking-attacks.

[47]

NLnet Labs. [n. d.]. Performance Tuning. ([n. d.]). https://unbound.docs.nlnetlabs.nl/en/latest/topics/performance.html.

[48]

Rapid 7 Labs. [n. d.]. Open Data. ([n. d.]). https://opendata.rapid7.com.

[49]

Jiarun Mao, Michael Rabinovich, and Kyle Schomp. 2022. Assessing Support for DNS-over-TCP in the Wild. In International Conference on Passive and Active Network Measurement. Springer, 487--517.

[50]

Sourena Maroofi, Maciej Korczynski, and Andrzej Duda. 2020. From defensive registration to subdomain protection: evaluation of email anti-spoofing schemes for high-profile domains. In Proc. Network Traffic Measurement and Analysis Conference (TMA).

[51]

Sourena Maroofi, Maciej Korczyński, Arnold Hölzel, and Andrzej Duda. 2021. Adoption of Email Anti-Spoofing Schemes: A Large Scale Analysis. IEEE Transactions on Network and Service Management (2021).

[52]

Theodore Ian Martiny. 2022. Privacy in Centralized Systems. Ph.D. Dissertation. University of Colorado.

[53]

Angelique Medina. 2021. Inside the Fastly Outage: Analysis and Lessons Learned. https://www.thousandeyes.com/blog/inside-the-fastly-outage-analysis-and-lessons-learned. (2021).

[54]

Ariana Mirian, Christopher Thompson, Stefan Savage, Geoffrey M Voelker, and Adrienne Porter Felt. 2018. HTTPS Adoption in the Longtail. (2018).

[55]

P.V Mockapetris. 1987. Domain names: concepts and facilities. IETF RFC 1034. (1987).

[56]

Simran Patil and Nikita Borisov. 2019. What can you learn from an IP?. In Proceedings of the Applied Networking Research Workshop. 45--51.

Digital Library

[57]

Simran Pramod Patil. 2020. Privacy implications of information leakage from IP addresses-a web fingerprinting approach. Ph.D. Dissertation.

[58]

Paul Pearce, Ben Jones, Frank Li, Roya Ensafi, Nick Feamster, Nick Weaver, and Vern Paxson. 2017. Global measurement of DNS manipulation. In 26th USENIX Security Symposium.

Digital Library

[59]

Reethika Ramesh, Ram Sundara Raman, Matthew Bernhard, Victor Ongkowijaya, Leonid Evdokimov, Anne Edmundson, Steven Sprecher, Muhammad Ikram, and Roya Ensafi. 2020. Decentralized control: A case study of russia. In Network and Distributed Systems Security (NDSS) Symposium 2020.

[60]

Philipp Richter, Georgios Smaragdakis, David Plonka, and Arthur Berger. 2016. Beyond counting: new perspectives on the active IPv4 address space. In ACM Internet Measurement Conference.

Digital Library

[61]

Jan Rüth, Ingmar Poese, Christoph Dietzel, and Oliver Hohlfeld. 2018. A First Look at QUIC in the Wild. In Conf. Passive and Active Network Measurement.

[62]

Quirin Scheitle, Taejoong Chung, Jens Hiller, Oliver Gasser, Johannes Naab, Roland van Rijswijk-Deij, Oliver Hohlfeld, Ralph Holz, Dave Choffnes, Alan Mislove, and Georg Carle. 2018. A First Look at Certification Authority Authorization (CAA). SIGCOMM Comput. Commun. Rev. 48, 2 (may 2018), 10--23.

Digital Library

[63]

Raffaele Sommese, Giovane Moura, Mattijs Jonker, Roland van Rijswijk-Deij, Alberto Dainotti, Kimberly C Claffy, and Anna Sperotto. 2020. When parents and children disagree: Diving into DNS delegation inconsistency. In International Conference on Passive and Active Network Measurement. Springer, 175--189.

[64]

Roland van Rijswijk-Deij, Mattijs Jonker, Anna Sperotto, and Aiko Pras. 2016. A high-performance, scalable infrastructure for large-scale active DNS measurements. IEEE journal on selected areas in communications (2016).

[65]

Chris Villemez. 2021. AWS Outage Analysis: December 7, 2021. https://www.thousandeyes.com/blog/aws-outage-analysis-dec-7-2021l. (2021).

[66]

Gerry Wan, Liz Izhikevich, David Adrian, Katsunari Yoshioka, Ralph Holz, Christian Rossow, and Zakir Durumeric. 2020. On the origin of scanning: The impact of location on Internet-wide scans. In Proceedings of the ACM Internet Measurement Conference. 662--679.

Digital Library

[67]

Kaishen Wang. 2019. Blacklist filtering for security research: bridging the gap between domain blacklists and malicious web content. (2019).

[68]

Zack Whittaker. 2021. A DNS outage just took down a large chunk of the internet. https://techcrunch.com/2021/07/22/a-dns-outage-just-took-down-a-good-chunk-of-the-internet/. (2021).

Cited By

Zhang YXu CShi FHu MZhang MLi YXie Z(2025)Understanding and Characterizing the Adoption of Internationalized Domain Names in PracticeIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2024.338690522:1(34-48)Online publication date: Jan-2025
https://doi.org/10.1109/TDSC.2024.3386905
Stevens KErdemir MZhang HKim TPearce P(2024)BluePrint: Automatic Malware Signature Generation for Internet ScanningProceedings of the 27th International Symposium on Research in Attacks, Intrusions and Defenses10.1145/3678890.3678923(197-214)Online publication date: 30-Sep-2024
https://dl.acm.org/doi/10.1145/3678890.3678923
Hilal FSattler PVermeulen KGasser O(2024)A First Look At IPv6 Hypergiant InfrastructureProceedings of the ACM on Networking10.1145/36563002:CoNEXT2(1-25)Online publication date: 13-Jun-2024
https://dl.acm.org/doi/10.1145/3656300
Show More Cited By

Recommendations

Comparing DNS resolvers in the wild
IMC '10: Proceedings of the 10th ACM SIGCOMM conference on Internet measurement

The Domain Name System (DNS) is a fundamental building block of the Internet. Today, the performance of more and more applications depend not only on the responsiveness of DNS, but also the exact answer returned by the queried DNS resolver, e.g., for ...
Performance evaluation of new methods of automatic redirection for load balancing of Apache servers distributed in the Internet
LCN '00: Proceedings of the 25th Annual IEEE Conference on Local Computer Networks

An overloaded web server will lose incoming requests resulting in a "404 error" appearing at a client browser. Front-end application-level switches can redirect requests to less loaded servers. However, there exist no native methods within common web ...
Experiences with Hierarchical Request Flow Management for Network-Enabled Server Environments

The Distributed Interactive Engineering Toolbox DIET is a toolbox for the construction of network-enabled server systems. DIET servers provide transparent access to compute resources; resources can be either a single, interactive machine where the DIET ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences

IMC '22: Proceedings of the 22nd ACM Internet Measurement Conference

October 2022

796 pages

ISBN:9781450392594

DOI:10.1145/3517745

General Chairs:
Chadi Barakat
Inria, Université Côte d'Azur
,
Cristel Pelsser
University of Strasbourg
,
Program Chairs:
Theophilus A. Benson
Brown University
,
David Choffnes
Northeastern University

Copyright © 2022 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Sponsors

In-Cooperation

USENIX Assoc: USENIX Assoc

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 25 October 2022

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Badges

Best Dataset

Qualifiers

Research-article

Funding Sources

Conference

IMC '22

Sponsor:

IMC '22: ACM Internet Measurement Conference

October 25 - 27, 2022

Nice, France

Acceptance Rates

Overall Acceptance Rate 277 of 1,083 submissions, 26%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

18
Total Citations
View Citations
971
Total Downloads

Downloads (Last 12 months)440
Downloads (Last 6 weeks)46

Reflects downloads up to 15 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Zhang YXu CShi FHu MZhang MLi YXie Z(2025)Understanding and Characterizing the Adoption of Internationalized Domain Names in PracticeIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2024.338690522:1(34-48)Online publication date: Jan-2025
https://doi.org/10.1109/TDSC.2024.3386905
Stevens KErdemir MZhang HKim TPearce P(2024)BluePrint: Automatic Malware Signature Generation for Internet ScanningProceedings of the 27th International Symposium on Research in Attacks, Intrusions and Defenses10.1145/3678890.3678923(197-214)Online publication date: 30-Sep-2024
https://dl.acm.org/doi/10.1145/3678890.3678923
Hilal FSattler PVermeulen KGasser O(2024)A First Look At IPv6 Hypergiant InfrastructureProceedings of the ACM on Networking10.1145/36563002:CoNEXT2(1-25)Online publication date: 13-Jun-2024
https://dl.acm.org/doi/10.1145/3656300
Daniluk CNosyk YDuda AKorczynski MVallina-Rodríguez NSuarez-Tángil GLevin DPelsser C(2024)Zeros Are Heroes: NSEC3 Parameter Settings in the WildProceedings of the 2024 ACM on Internet Measurement Conference10.1145/3646547.3689017(415-422)Online publication date: 4-Nov-2024
https://dl.acm.org/doi/10.1145/3646547.3689017
Durumeric ZAdrian DStephens PWustrow EHalderman JVallina-Rodríguez NSuarez-Tángil GLevin DPelsser C(2024)Ten Years of ZMapProceedings of the 2024 ACM on Internet Measurement Conference10.1145/3646547.3689012(139-148)Online publication date: 4-Nov-2024
https://dl.acm.org/doi/10.1145/3646547.3689012
Williams GPearce PVallina-Rodríguez NSuarez-Tángil GLevin DPelsser C(2024)Seeds of Scanning: Exploring the Effects of Datasets, Methods, and Metrics on IPv6 Internet ScanningProceedings of the 2024 ACM on Internet Measurement Conference10.1145/3646547.3688449(295-313)Online publication date: 4-Nov-2024
https://dl.acm.org/doi/10.1145/3646547.3688449
Rao SLiu EHo GVoelker GSavage SChua TNgo CKa-Wei Lee RKumar RLauw H(2024)Unfiltered: Measuring Cloud-based Email Filtering BypassesProceedings of the ACM Web Conference 202410.1145/3589334.3645499(1702-1711)Online publication date: 13-May-2024
https://dl.acm.org/doi/10.1145/3589334.3645499
Kon PGattani ASaharia DCao TBarradas DChen ASherr MUjcich B(2024)NetShuffle: Circumventing Censorship with Shuffle Proxies at the Edge2024 IEEE Symposium on Security and Privacy (SP)10.1109/SP54263.2024.00036(3497-3514)Online publication date: 19-May-2024
https://doi.org/10.1109/SP54263.2024.00036
Li JLin ZMa XLi JQu JLuo XGuan X(2024)DNSScope: Fine-Grained DNS Cache Probing for Remote Network Activity CharacterizationIEEE INFOCOM 2024 - IEEE Conference on Computer Communications10.1109/INFOCOM52122.2024.10621277(1651-1660)Online publication date: 20-May-2024
https://doi.org/10.1109/INFOCOM52122.2024.10621277
Zhang SWang SLi D(2024)Robust or Risky: Measurement and Analysis of Domain Resolution DependencyIEEE INFOCOM 2024 - IEEE Conference on Computer Communications10.1109/INFOCOM52122.2024.10621098(161-170)Online publication date: 20-May-2024
https://doi.org/10.1109/INFOCOM52122.2024.10621098
Show More Cited By

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Media

Figures

Other

Tables

View Table of Contents