The Domain Name System (DNS) maps domain names to IP addresses. It is an important infrastructure in the Internet. Recently, DNS has experienced various security threats. DNS resolvers experience the security threats most frequently, since they interact with clients and they are the largest group of domain name servers. In order to eliminate security threats against DNS resolvers, it is essential to improve their “health status”. Since DNS resolvers' owners are not clear which DNS resolvers should be improved and how to improve “health status”, the evaluation of “health status” for DNS resolvers has become vital. In this paper, we emphasize five indicators describing “health status” for DNS resolvers, including security, integrity, availability, speed and stability. We also present nine metrics measuring the indicators. Based on the measurement of the metrics, we present a “health status” evaluation method with factor analysis. To validate our method, we measured and evaluated more than 30,000 DNS resolvers in China and Japan. The results showed that the proposed “health status” evaluation method could describe “health status” well. We also introduce instructions for evaluating a small number of DNS resolvers. And we discuss DNSSEC and its effects on resolution speed. At last, we make suggestions for inspecting and improving “health status” of DNS resolvers.
Keyu LU
Harbin Institute of Technology
Zhaoxin ZHANG
Harbin Institute of Technology
The copyright of the original papers published on this site belongs to IEICE. Unauthorized use of the original or translated papers is prohibited. See IEICE Provisions on Copyright for details.
Copy
Keyu LU, Zhaoxin ZHANG, "Evaluating “Health Status” for DNS Resolvers" in IEICE TRANSACTIONS on Communications,
vol. E101-B, no. 12, pp. 2409-2424, December 2018, doi: 10.1587/transcom.2018EBP3023.
Abstract: The Domain Name System (DNS) maps domain names to IP addresses. It is an important infrastructure in the Internet. Recently, DNS has experienced various security threats. DNS resolvers experience the security threats most frequently, since they interact with clients and they are the largest group of domain name servers. In order to eliminate security threats against DNS resolvers, it is essential to improve their “health status”. Since DNS resolvers' owners are not clear which DNS resolvers should be improved and how to improve “health status”, the evaluation of “health status” for DNS resolvers has become vital. In this paper, we emphasize five indicators describing “health status” for DNS resolvers, including security, integrity, availability, speed and stability. We also present nine metrics measuring the indicators. Based on the measurement of the metrics, we present a “health status” evaluation method with factor analysis. To validate our method, we measured and evaluated more than 30,000 DNS resolvers in China and Japan. The results showed that the proposed “health status” evaluation method could describe “health status” well. We also introduce instructions for evaluating a small number of DNS resolvers. And we discuss DNSSEC and its effects on resolution speed. At last, we make suggestions for inspecting and improving “health status” of DNS resolvers.
URL: https://global.ieice.org/en_transactions/communications/10.1587/transcom.2018EBP3023/_p
Copy
@ARTICLE{e101-b_12_2409,
author={Keyu LU, Zhaoxin ZHANG, },
journal={IEICE TRANSACTIONS on Communications},
title={Evaluating “Health Status” for DNS Resolvers},
year={2018},
volume={E101-B},
number={12},
pages={2409-2424},
abstract={The Domain Name System (DNS) maps domain names to IP addresses. It is an important infrastructure in the Internet. Recently, DNS has experienced various security threats. DNS resolvers experience the security threats most frequently, since they interact with clients and they are the largest group of domain name servers. In order to eliminate security threats against DNS resolvers, it is essential to improve their “health status”. Since DNS resolvers' owners are not clear which DNS resolvers should be improved and how to improve “health status”, the evaluation of “health status” for DNS resolvers has become vital. In this paper, we emphasize five indicators describing “health status” for DNS resolvers, including security, integrity, availability, speed and stability. We also present nine metrics measuring the indicators. Based on the measurement of the metrics, we present a “health status” evaluation method with factor analysis. To validate our method, we measured and evaluated more than 30,000 DNS resolvers in China and Japan. The results showed that the proposed “health status” evaluation method could describe “health status” well. We also introduce instructions for evaluating a small number of DNS resolvers. And we discuss DNSSEC and its effects on resolution speed. At last, we make suggestions for inspecting and improving “health status” of DNS resolvers.},
keywords={},
doi={10.1587/transcom.2018EBP3023},
ISSN={1745-1345},
month={December},}
Copy
TY - JOUR
TI - Evaluating “Health Status” for DNS Resolvers
T2 - IEICE TRANSACTIONS on Communications
SP - 2409
EP - 2424
AU - Keyu LU
AU - Zhaoxin ZHANG
PY - 2018
DO - 10.1587/transcom.2018EBP3023
JO - IEICE TRANSACTIONS on Communications
SN - 1745-1345
VL - E101-B
IS - 12
JA - IEICE TRANSACTIONS on Communications
Y1 - December 2018
AB - The Domain Name System (DNS) maps domain names to IP addresses. It is an important infrastructure in the Internet. Recently, DNS has experienced various security threats. DNS resolvers experience the security threats most frequently, since they interact with clients and they are the largest group of domain name servers. In order to eliminate security threats against DNS resolvers, it is essential to improve their “health status”. Since DNS resolvers' owners are not clear which DNS resolvers should be improved and how to improve “health status”, the evaluation of “health status” for DNS resolvers has become vital. In this paper, we emphasize five indicators describing “health status” for DNS resolvers, including security, integrity, availability, speed and stability. We also present nine metrics measuring the indicators. Based on the measurement of the metrics, we present a “health status” evaluation method with factor analysis. To validate our method, we measured and evaluated more than 30,000 DNS resolvers in China and Japan. The results showed that the proposed “health status” evaluation method could describe “health status” well. We also introduce instructions for evaluating a small number of DNS resolvers. And we discuss DNSSEC and its effects on resolution speed. At last, we make suggestions for inspecting and improving “health status” of DNS resolvers.
ER -