Active Measurement And Analysis Of Open Recursive DNS Server

As a critical internet infrastructure, DNS not only translates domain name into IP address, it also supports email, web and various internet services, and plays a rather important role in the internet. With the growing popularity of Internet and wireless network, the quantity of network hosts also grows, resulting in more hosts providing DNS resolution service. This article does insightful research work from the perspective of recursive DNS servers. Experiments are done using active measurement techniques to discover domestic recursive DNS servers, and open recursive DNS servers are distinguished among them. Besides, we collect relevant DNS server information, analyze the data collected, and investigate the current domestic DNS service status.In this article, an open recursive DNS server measurement system is designed and implemented. This system consists of three main modules: brutal force discovery, recursive DNS server spotting, DNS server information collection. Brutal force discovery does efficient brutal force probing on domestic IP addresses using ZMap, and filters out potential DNS servers. recursive DNS server spotting is based on the DNS authoritative server detection technique proposed in this article, it screens out authoritative DNS servers and finally spots the open recursive DNS servers. DNS server information collection collects various information about the spotted DNS servers, namely software version, supported protocols, and geolocation, etc.In this article, we conducted multiple probing on the 330 million domestic IPv4 addresses, to discover recursive DNS servers. Highly efficient DNS detection techniques are utilized to conduct brute force detection, and the probing on all domestic IP addresses is done within one day, discovering 20 million potential recursive DNS servers. In recursive DNS servers spotting, we did spotting and validation of DNS servers on multiple measurement results, and spotted 7990 open recursive DNS servers that provide persistent DNS resolution service. In DNS information collection, we did thorough analyzation of the data collected from the 7990 servers, and discovered that the geolocation and ISP distribution of these server roughly agree with the actual network status. Also, 80% of these servers support queries via TCP, and only 40% fully implements DNSSEC.Surveys on the experiment results lead to the discovery of "fake servers", major fluctuations of measurement data among multiple probes, mismatches in spotting processes and other abnormal phenomena. This article conducts specially designed experiments on the abnormality and reveals that the "fake servers" are produced by ISP’s special configurations of their infrastructure, and for the other two abnormalities, the fundamental cause is DNS filtering deployed on the entrance gateway of the ISP China Mobile(including China Railcom).This article finally provides a stable open recursive DNS server list by implemented open recursive DNS server measuring systems. Through using the system collected server information and analyzing abnormal phenomena discovered in the process of probing, this article explores the deployment of DNS and current network situation. It revealed a number of ISP’s behaviors for DNS and provides support for the security and stability of the DNS system.