Abstract

Domain Name System (DNS) lies at the core of the Internet to translate human-readable domain names into machine-friendly Internet Protocol (IP) addresses so that web browsers can access Internet resources requested by the users. B-Root server is one of the 13 DNS root servers across the world, which are authoritative for queries to different Top-Level-Domains (TLDs). Root servers receive billions of queries every year mainly for address resolution. Among these, there are a huge number of unexpected queries (queries that occur frequently or occur with no valid request), accounting for more than half of the total incoming queries. As such, there is a clear need to identify the reason for such high density of queries. In this work, we perform a comprehensive and longitudinal analysis to find the source and probable cause of such millions of unexpected, repetitive, and malformed incoming queries hitting B-root server. Finding the root cause of these queries will assist to classify them based on the cause, such as being malicious or accidental. One of the aims of this project is to improve the efficiency of the B-root server by comprehensively dealing with unexpected queries. In addition to the unexpected queries, we find that a major type of invalid queries are those requests arriving with an invalid TLD. For example internal, local, lan, localhost, etc. are the most common and highly queried ones among the list. Chromium, an open source web browser project accepts user inputs to search terms, website names, etc. It’s probing process involves sending three randomly generated DNS queries of 7-15 lowercase characters (such as banananina) to …

Metadata

publication

year

2024

publication date

2024/4/4

authors

Dipsy Desai, Jelena Mirkovic

link

https://ant.isi.edu/events/dinr2024/P/p21.pdf

resource_link

https://ant.isi.edu/events/dinr2024/P/p21.pdf