Article Preview
TopIntroduction
The Domain Name Systems (DNS) is a mapper service between the domain names and IP addresses and used by an increasing number of Internet applications including web services, email, chatting, etc. to translate domain names to IP addresses and vice versa (Mockapetris, 1987) (Mockapetris & Dunlap, 1988). The DNS system consists of many types of servers – authoritative name servers: those servers that are authorized to provide answers for a given domain; root name servers: those servers at the apex, providing the answers for queries by referring to the appropriate top-level domain (TLD) server; public DNS resolvers: the servers that resolve a given query for the client (e.g. Browser) by contacting the root name servers, TLD servers, and going down to the authoritative name servers. Each component of the DNS system must function properly to ensure smooth and successful query resolution. There are millions of authoritative DNS servers hosting approximately 413 million registered domains on the Internet (Domain name registration's statistics).
Security was not of concern in the early days of the Internet and DNS in general. However, attackers started targeting the DNS to launch global disruptions, which the system was able to withstand owing to the decentralized and distributed architecture. The attackers then started exploiting the DNS infrastructure to carry out attacks on a larger scale, targeting specific entities.
Figure 1. DNS threat landscape - The impact of DNS Attacks
Figure 1 shows the DNS threat landscape (IDC, 2020), which depicts the top DNS-based attacks suffered during 2017-2020, and on average, 80% of organizations had been subject to DNS-based attacks in the past four years, the average number of DNS attacks per organization keeps increasing. DNS was the most heavily abused protocol for phishing, DDoS, tunneling, and malware attacks over the past four years.
The performance of most Internet applications can be cognizably influenced by the response time, reliability, and throughput of the DNS. The ICANN symposia organized in 2009 and 2010 highlighted major DNS security issues, their potential impact, and the outcome of these symposia lead to the concept of DNS health as a means for expressing the current status of DNS. The health of the overall DNS servers is essential to be known for predicting any large-scale attacks and taking precautionary measures. However, determining the health of a large-scale distributed infrastructure like DNS is challenging especially without intruding into one's network.
As DNS is a global system, determining the health of overall DNS is an enormous challenge as it involves millions of nodes, and may require millions of probes installed and configured, which is not feasible owing to several practical constraints including privacy threats. The authors herein propose that the health of such a distributed and global system can be determined by determining the health of a few critical nodes - “authoritative name servers” i.e. those nodes that have the potential to stabilize or destabilize the entire DNS system thereby affecting the overall health of DNS.