Detecting DNS root manipulation

Ben Jones; Nick Feamster; Vern Paxson; Nicholas Weaver; Mark Allman

doi:10.1007/978-3-319-30505-9_21

Detecting DNS root manipulation

Ben Jones, Nick Feamster, Vern Paxson, Nicholas Weaver, Mark Allman

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

10 Scopus citations

Abstract

We present techniques for detecting unauthorized DNS root servers in the Internet using primarily endpoint-based measurements from RIPE Atlas, supplemented with BGP routing announcements from RouteViews and RIPE RIS. The first approach analyzes the latency to the root server and the second approach looks for route hijacks. We demonstrate the importance and validity of these techniques by measuring the only root server (“B”) not widely distributed using anycast. Our measurements establish the presence of several DNS proxies and a DNS root mirror.

Original language	English (US)
Title of host publication	Passive and Active Measurement - 17th International Conference, PAM 2016, Proceedings
Editors	Thomas Karagiannis, Xenofontas Dimitropoulos
Publisher	Springer Verlag
Pages	276-288
Number of pages	13
ISBN (Print)	9783319305042
DOIs	https://doi.org/10.1007/978-3-319-30505-9_21
State	Published - 2016
Event	17th International Conference on Passive and Active Measurement, PAM 2016 - Heraklion, Greece Duration: Mar 31 2016 → Apr 1 2016

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	9631
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Other

Other	17th International Conference on Passive and Active Measurement, PAM 2016
Country/Territory	Greece
City	Heraklion
Period	3/31/16 → 4/1/16

All Science Journal Classification (ASJC) codes

Theoretical Computer Science
Computer Science(all)

Access to Document

10.1007/978-3-319-30505-9_21

Cite this

Jones, B., Feamster, N., Paxson, V., Weaver, N., & Allman, M. (2016). Detecting DNS root manipulation. In T. Karagiannis, & X. Dimitropoulos (Eds.), Passive and Active Measurement - 17th International Conference, PAM 2016, Proceedings (pp. 276-288). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 9631). Springer Verlag. https://doi.org/10.1007/978-3-319-30505-9_21

Jones, Ben ; Feamster, Nick ; Paxson, Vern et al. / Detecting DNS root manipulation. Passive and Active Measurement - 17th International Conference, PAM 2016, Proceedings. editor / Thomas Karagiannis ; Xenofontas Dimitropoulos. Springer Verlag, 2016. pp. 276-288 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{96a44fc73297426996068158896cf374,

title = "Detecting DNS root manipulation",

abstract = "We present techniques for detecting unauthorized DNS root servers in the Internet using primarily endpoint-based measurements from RIPE Atlas, supplemented with BGP routing announcements from RouteViews and RIPE RIS. The first approach analyzes the latency to the root server and the second approach looks for route hijacks. We demonstrate the importance and validity of these techniques by measuring the only root server (“B”) not widely distributed using anycast. Our measurements establish the presence of several DNS proxies and a DNS root mirror.",

author = "Ben Jones and Nick Feamster and Vern Paxson and Nicholas Weaver and Mark Allman",

note = "Funding Information: This research was supported in part by NSF awards CNS-1540066, CNS-1602399, CNS-1223717, CNS-1237265, and CNS-1518918. Ben Jones is also partially supported by a senior research fellowship from the Open Technology Fund. Any opinions, findings, and conclusions or recommendations are those of the authors and do not necessarily reflect the views of the sponsors. Publisher Copyright: {\textcopyright} Springer International Publishing Switzerland 2016.; 17th International Conference on Passive and Active Measurement, PAM 2016 ; Conference date: 31-03-2016 Through 01-04-2016",

year = "2016",

doi = "10.1007/978-3-319-30505-9_21",

language = "English (US)",

isbn = "9783319305042",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer Verlag",

pages = "276--288",

editor = "Thomas Karagiannis and Xenofontas Dimitropoulos",

booktitle = "Passive and Active Measurement - 17th International Conference, PAM 2016, Proceedings",

address = "Germany",

}

Jones, B, Feamster, N, Paxson, V, Weaver, N & Allman, M 2016, Detecting DNS root manipulation. in T Karagiannis & X Dimitropoulos (eds), Passive and Active Measurement - 17th International Conference, PAM 2016, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 9631, Springer Verlag, pp. 276-288, 17th International Conference on Passive and Active Measurement, PAM 2016, Heraklion, Greece, 3/31/16. https://doi.org/10.1007/978-3-319-30505-9_21

Detecting DNS root manipulation. / Jones, Ben; Feamster, Nick; Paxson, Vern et al.
Passive and Active Measurement - 17th International Conference, PAM 2016, Proceedings. ed. / Thomas Karagiannis; Xenofontas Dimitropoulos. Springer Verlag, 2016. p. 276-288 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 9631).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

TY - GEN

T1 - Detecting DNS root manipulation

AU - Jones, Ben

AU - Feamster, Nick

AU - Paxson, Vern

AU - Weaver, Nicholas

AU - Allman, Mark

N1 - Funding Information: This research was supported in part by NSF awards CNS-1540066, CNS-1602399, CNS-1223717, CNS-1237265, and CNS-1518918. Ben Jones is also partially supported by a senior research fellowship from the Open Technology Fund. Any opinions, findings, and conclusions or recommendations are those of the authors and do not necessarily reflect the views of the sponsors. Publisher Copyright: © Springer International Publishing Switzerland 2016.

PY - 2016

Y1 - 2016

N2 - We present techniques for detecting unauthorized DNS root servers in the Internet using primarily endpoint-based measurements from RIPE Atlas, supplemented with BGP routing announcements from RouteViews and RIPE RIS. The first approach analyzes the latency to the root server and the second approach looks for route hijacks. We demonstrate the importance and validity of these techniques by measuring the only root server (“B”) not widely distributed using anycast. Our measurements establish the presence of several DNS proxies and a DNS root mirror.

AB - We present techniques for detecting unauthorized DNS root servers in the Internet using primarily endpoint-based measurements from RIPE Atlas, supplemented with BGP routing announcements from RouteViews and RIPE RIS. The first approach analyzes the latency to the root server and the second approach looks for route hijacks. We demonstrate the importance and validity of these techniques by measuring the only root server (“B”) not widely distributed using anycast. Our measurements establish the presence of several DNS proxies and a DNS root mirror.

UR - http://www.scopus.com/inward/record.url?scp=84962219430&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84962219430&partnerID=8YFLogxK

U2 - 10.1007/978-3-319-30505-9_21

DO - 10.1007/978-3-319-30505-9_21

M3 - Conference contribution

AN - SCOPUS:84962219430

SN - 9783319305042

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 276

EP - 288

BT - Passive and Active Measurement - 17th International Conference, PAM 2016, Proceedings

A2 - Karagiannis, Thomas

A2 - Dimitropoulos, Xenofontas

PB - Springer Verlag

T2 - 17th International Conference on Passive and Active Measurement, PAM 2016

Y2 - 31 March 2016 through 1 April 2016

ER -

Jones B, Feamster N, Paxson V, Weaver N, Allman M. Detecting DNS root manipulation. In Karagiannis T, Dimitropoulos X, editors, Passive and Active Measurement - 17th International Conference, PAM 2016, Proceedings. Springer Verlag. 2016. p. 276-288. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-319-30505-9_21

Detecting DNS root manipulation

Abstract

Publication series

Other

All Science Journal Classification (ASJC) codes

Access to Document

Other files and links

Fingerprint

Cite this