research-article

Unresolved Issues: Prevalence, Persistence, and Perils of Lame Delegations

Authors:

Gautam Akiwate,

Mattijs Jonker,

Raffaele Sommese,

Geoffrey M. Voelker,

Stefan Savage, and

KC ClaffyAuthors Info & Claims

IMC '20: Proceedings of the ACM Internet Measurement Conference

October 2020

Pages 281 - 294

https://doi.org/10.1145/3419394.3423623

Published: 27 October 2020 Publication History

Abstract

The modern Internet relies on the Domain Name System (DNS) to convert between human-readable domain names and IP addresses. However, the correct and efficient implementation of this function is jeopardized when the configuration data binding domains, nameservers and glue records is faulty. In particular lame delegations, which occur when a nameserver responsible for a domain is unable to provide authoritative information about it, introduce both performance and security risks. We perform a broad-based measurement study of lame delegations, using both longitudinal zone data and active querying. We show that lame delegations of various kinds are common (affecting roughly 14% of domains we queried), that they can significantly degrade lookup latency (when they do not lead to outright failure), and that they expose hundreds of thousands of domains to adversarial takeover. We also explore circumstances that give rise to this surprising prevalence of lame delegations, including unforeseen interactions between the operational procedures of registrars and registries.

Supplementary Material

MP4 File (imc2020-paper66-long.mp4)

Long and Short Talk for IMC 2020 Paper --- "Unresolved Issues: Prevalence, Persistence, and Perils of Lame Delegations"

Download
23.81 MB

MP4 File (imc2020-paper66-short.mp4)

Long and Short Talk for IMC 2020 Paper --- "Unresolved Issues: Prevalence, Persistence, and Perils of Lame Delegations"

Download
6.56 MB

References

[1]

J. Abley, B. Dickson, W. Kumari, and G. Michaelson. 2015. AS112 Redirection Using DNAME. RFC 7535. https://rfc-editor.org/rfc/rfc7535.txt

[2]

AFRINIC. 2019. AFRINIC ratifies 'Lame Delegations in the AFRINIC reverse DNS' Policy. African Network Information Centre. https://afrinic.net/lame-delegations-in-afrinic-reverse-dns-policy-ratified

[3]

AFRINIC. 2020. Lame delegations statistics. African Network Information Centre. https://stats.afrinic.net/lamerdns/

[4]

Alexa. 2020. Top 1M sites. https://toplists.net.in.tum.de/archive/alexa/alexa-top1m-2020-04-13_0900_UTC.csv.xz

[5]

E. Alowaisheq, P. Wang, S. Alrwais, X. Liao, X. Wang, T. Alowaisheq, X. Mi, S. Tang, and B. Liu. 2019. Cracking the Wall of Confinement: Understanding and Analyzing Malicious Domain Take-downs. In Proceedings of The Network and Distributed System Security Symposium (NDSS). Internet Society, San Diego, CA, USA.

[6]

APNIC. 2020. Lame DNS Reverse Delegation. Asia Pacific Network Information Centre. https://www.apnic.net/manage-ip/manage-resources/reverse-dns/lame-dns-reverse-delegation

[7]

ARIN. 2014. Recommended Draft Policy ARlN-2014-5: Remove 7.2 Lame Delegations. American Registry for Internet Numbers. https://www.arin.net/vault/policy/proposals/2014_5.html

[8]

D. Barr. 1996. Common DNS Operational and Configuration Errors. RFC 1912. https://rfc-editor.org/rfc/rfc1912.txt

Digital Library

[9]

DNS Coffee. 2020. DNS Coffee. DNS Coffee. https://dns.coffee

[10]

S. Hollenbeck. 2009. Extensible Provisioning Protocol (EPP) Domain Name Mapping. RFC 5731. https://rfc-editor.org/rfc/rfc5731.txt

[11]

S. Hollenbeck. 2009. Extensible Provisioning Protocol (EPP) Host Mapping. RFC 5732. https://rfc-editor.org/rfc/rfc5732.txt

[12]

ICANN. 2007. IANA Report on the Delegation of the. TEL Top-Level Domain. ICANN. https://www.iana.org/reports/2007/tel-report-22jan2007.html

[13]

ICANN. 2017. Transfer Report for tel. ICANN. https://www.iana.org/reports/tld-transfer/20170503-tel

[14]

ICANN. 2019. ICANN CZDS. ICANN. https://czds.icann.org

[15]

ICANN Security and Stability Advisoiry Committee (SSAC). 2020. SSAC Advisory on Private Use TLDs. https://www.icann.org/en/system/files/files/sac-113-en.pdf

[16]

A. Kalafut, M. Gupta, C. A. Cole, L. Chen, and N. E. Myers. 2010. An Empirical Study of Orphan DNS Servers in the Internet. In Proceedings of the 10th ACM SIGCOMM Conference on Internet Measurement (Melbourne, Australia) (IMC). ACM, New York, NY, USA, 308--314. https://doi.org/10.1145/1879141.1879182

[17]

LACNIC. 2020. Lame Delegation Policy. Latin America and Caribbean Network Information Centre. https://www.lacnic.net/686/2/lacnic/6-lame-delegation-policy

[18]

D. Liu, S. Hao, and H. Wang. 2016. All Your DNS Records Point to Us: Understanding the Security Threats of Dangling DNS Records. In Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security (Vienna, Austria) (CCS). ACM, New York, NY, USA, 1414--1425. https://doi.org/10.1145/2976749.2978387

[19]

P. Mockapetris. 1987. Domain Names - Concepts and Facilities. RFC 1034. https://rfc-editor.org/rfc/rfc1034.txt

[20]

P. Mockapetris. 1987. Domain Names - Implementation and Specification. RFC 1035. https://rfc-editor.org/rfc/rfc1035.txt

[21]

V. Pappas, Z. Xu, S. Lu, D. Massey, A. Terzis, and L. Zhang. 2004. Impact of Configuration Errors on DNS Robustness. In Proceedings of the 2004 Conference on Applications, Technologies, Architectures, and Protocols for Computer Communications (Portland, Oregon, USA) (SIGCOMM). ACM, New York, NY, USA, 319--330. https://doi.org/10.1145/1015467.1015503

[22]

A. Phokeer, A. Aina, and D. Johnson. 2016. DNS Lame delegations: A case-study of public reverse DNS records in the African Region. In Proceedings of the 8th EAI International Conference on e-Infrastructure and e-Services for Developing Countries -- AFRICOMM. ICANN, European Alliance for Innovation, Ouagadougou, Burkina Faso.

[23]

D. Piscitello. 2010. Conficker Summary and Review. ICANN. https://www.icann.org/en/system/files/files/conficker-summary-review-07may10-en.pdf

[24]

GoDaddy Representative. 2020. Personal Communication.

[25]

A. Romao. 1994. Tools for DNS debugging. RFC 1713. https://rfc-editor.org/rfc/rfc1713.txt

[26]

R. Sommese, M. Jonker, R. van Rijswijk-Deij, A. Dainotti, KC. Claffy, and A. Sperotto. 2020. The Forgotten Side of DNS: Orphan and Abandoned Records. In Proceedings of the 2020 Workshop on Traffic Measurements for Cybersecurity (WTMC). IEEE, Virtual Event.

[27]

R. Sommese, G. CM. Moura, M. Jonker, R. van Rijswijk-Deij, A. Dainotti, KC. Claffy, and A. Sperotto. 2020. When parents and children disagree: Diving into DNS delegation inconsistency. In Proceedings of the International Conference on Passive and Active Network Measurement (PAM). Springer, Springer International Publishing, Virtual Event, 175--189.

[28]

R. van Rijswijk-Deij, M. Jonker, A. Sperotto, and A. Pras. 2016. A High-Performance, Scalable Infrastructure for Large-Scale Active DNS Measurements. IEEE Journal on Selected Areas in Communications (JSAC) 34, 6 (2016), 1877--1888.

Cited By

Nosyk YKorczyński MDuda AMontpetit MLeivadeas AUhlig SJaved M(2023)Extended DNS Errors: Unlocking the Full Potential of DNS TroubleshootingProceedings of the 2023 ACM on Internet Measurement Conference10.1145/3618257.3624835(213-221)Online publication date: 24-Oct-2023
https://dl.acm.org/doi/10.1145/3618257.3624835
Naab JSattler PZirngibl JGünther SCarle G(2023)Gotta Query 'Em All, Again!Proceedings of the Applied Networking Research Workshop10.1145/3606464.3606478(34-40)Online publication date: 24-Jul-2023
https://dl.acm.org/doi/10.1145/3606464.3606478
Zhang MLi XLiu BLu JZhang YChen JDuan HHao SZheng X(2023)Detecting and Measuring Security Risks of Hosting-Based Dangling DomainsProceedings of the ACM on Measurement and Analysis of Computing Systems10.1145/35794407:1(1-28)Online publication date: 2-Mar-2023
https://dl.acm.org/doi/10.1145/3579440
Show More Cited By

Index Terms

Unresolved Issues: Prevalence, Persistence, and Perils of Lame Delegations
1. Networks
  1. Network services
    1. Naming and addressing
  2. Network types
    1. Public Internet

Recommendations

System design issues for internet middleware services: deductions from a large client trace
USITS'97: Proceedings of the USENIX Symposium on Internet Technologies and Systems on USENIX Symposium on Internet Technologies and Systems

In this paper, we present the analysis of a large client-side web trace gathered from the Home IP service at the University of California at Berkeley. Specifically, we demonstrate the heterogeneity of web clients, the existence of a strong and very ...
Read More
RFC 4472: Operational Considerations and Issues with IPv6 DNS
Read More
Issues in Security and Performance of the DNS Ecosystem
Read More

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

IMC '20: Proceedings of the ACM Internet Measurement Conference

October 2020

751 pages

ISBN:9781450381383

DOI:10.1145/3419394

Copyright © 2020 Owner/Author.

This work is licensed under a Creative Commons Attribution International 4.0 License.

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 27 October 2020

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Qualifiers

Research-article
Research
Refereed limited

Funding Sources

Conference

IMC '20

Sponsor:

IMC '20: ACM Internet Measurement Conference

October 27 - 29, 2020

Virtual Event, USA

Acceptance Rates

IMC '20 Paper Acceptance Rate 53 of 216 submissions, 25%;

Overall Acceptance Rate 277 of 1,083 submissions, 26%

Upcoming Conference

IMC '24

Sponsor:
sigcomm
sigcomm

ACM Internet Measurement Conference

November 4 - 6, 2024

Madrid , AA , Spain

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

14
Total Citations
View Citations
319
Total Downloads

Downloads (Last 12 months)86
Downloads (Last 6 weeks)8

Other Metrics

View Author Metrics

Citations

Cited By

Nosyk YKorczyński MDuda AMontpetit MLeivadeas AUhlig SJaved M(2023)Extended DNS Errors: Unlocking the Full Potential of DNS TroubleshootingProceedings of the 2023 ACM on Internet Measurement Conference10.1145/3618257.3624835(213-221)Online publication date: 24-Oct-2023
https://dl.acm.org/doi/10.1145/3618257.3624835
Naab JSattler PZirngibl JGünther SCarle G(2023)Gotta Query 'Em All, Again!Proceedings of the Applied Networking Research Workshop10.1145/3606464.3606478(34-40)Online publication date: 24-Jul-2023
https://dl.acm.org/doi/10.1145/3606464.3606478
Zhang MLi XLiu BLu JZhang YChen JDuan HHao SZheng X(2023)Detecting and Measuring Security Risks of Hosting-Based Dangling DomainsProceedings of the ACM on Measurement and Analysis of Computing Systems10.1145/35794407:1(1-28)Online publication date: 2-Mar-2023
https://dl.acm.org/doi/10.1145/3579440
Streibelt FSattler PLichtblau FGañán CFeldmann AGasser OFiebig T(2023)How Ready is DNS for an IPv6-Only World?Passive and Active Measurement10.1007/978-3-031-28486-1_22(525-549)Online publication date: 21-Mar-2023
https://dl.acm.org/doi/10.1007/978-3-031-28486-1_22
Arouna AJonker MLivadariu IBarakat CPelsser CBenson TChoffnes D(2022)On unifying diverse DNS data sourcesProceedings of the 22nd ACM Internet Measurement Conference10.1145/3517745.3563022(752-753)Online publication date: 25-Oct-2022
https://dl.acm.org/doi/10.1145/3517745.3563022
Sommese RJonker MClaffy KBarakat CPelsser CBenson TChoffnes D(2022)Observable KINDNSProceedings of the 22nd ACM Internet Measurement Conference10.1145/3517745.3563016(740-741)Online publication date: 25-Oct-2022
https://dl.acm.org/doi/10.1145/3517745.3563016
Sommese RClaffy Kvan Rijswijk-Deij RChattopadhyay ADainotti ASperotto AJonker MBarakat CPelsser CBenson TChoffnes D(2022)Investigating the impact of DDoS attacks on DNS infrastructureProceedings of the 22nd ACM Internet Measurement Conference10.1145/3517745.3561458(51-64)Online publication date: 25-Oct-2022
https://dl.acm.org/doi/10.1145/3517745.3561458
Izhikevich LAkiwate GBerger BDrakontaidis SAscheman APearce PAdrian DDurumeric ZBarakat CPelsser CBenson TChoffnes D(2022)ZDNSProceedings of the 22nd ACM Internet Measurement Conference10.1145/3517745.3561434(33-43)Online publication date: 25-Oct-2022
https://dl.acm.org/doi/10.1145/3517745.3561434
Akiwate GSommese RJonker MDurumeric ZClaffy KVoelker GSavage SBarakat CPelsser CBenson TChoffnes D(2022)Retroactive identification of targeted DNS infrastructure hijackingProceedings of the 22nd ACM Internet Measurement Conference10.1145/3517745.3561425(14-32)Online publication date: 25-Oct-2022
https://dl.acm.org/doi/10.1145/3517745.3561425
Houser RHao SCotton CWang H(2022)A Comprehensive, Longitudinal Study of Government DNS Deployment at Global Scale2022 52nd Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)10.1109/DSN53405.2022.00030(193-204)Online publication date: Jun-2022
https://doi.org/10.1109/DSN53405.2022.00030
Show More Cited By

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents