Detecting DNS root manipulation

Ben Jones, Nick Feamster, Vern Paxson, Nicholas Weaver, Mark Allman

Research output: Chapter in Book/Report/Conference proceedingConference contribution

13 Scopus citations


We present techniques for detecting unauthorized DNS root servers in the Internet using primarily endpoint-based measurements from RIPE Atlas, supplemented with BGP routing announcements from RouteViews and RIPE RIS. The first approach analyzes the latency to the root server and the second approach looks for route hijacks. We demonstrate the importance and validity of these techniques by measuring the only root server (“B”) not widely distributed using anycast. Our measurements establish the presence of several DNS proxies and a DNS root mirror.

Original languageEnglish (US)
Title of host publicationPassive and Active Measurement - 17th International Conference, PAM 2016, Proceedings
EditorsThomas Karagiannis, Xenofontas Dimitropoulos
PublisherSpringer Verlag
Number of pages13
ISBN (Print)9783319305042
StatePublished - 2016
Event17th International Conference on Passive and Active Measurement, PAM 2016 - Heraklion, Greece
Duration: Mar 31 2016Apr 1 2016

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349


Other17th International Conference on Passive and Active Measurement, PAM 2016

All Science Journal Classification (ASJC) codes

  • Theoretical Computer Science
  • General Computer Science


Dive into the research topics of 'Detecting DNS root manipulation'. Together they form a unique fingerprint.

Cite this