Abstract

The Domain Name System (DNS) root servers have provided a useful look into the DNS and internet ecosystems for decades. We present a categorization of clients querying DNS root servers. Using two clustering algorithms on DNS traffic sampled in 2020, we can predict the structure and volume of queries originating from different types of clients. Previous research has used unsupervised techniques to better understand DNS traffic patterns, but none have, to our knowledge, considered clients beyond those driven by queries from end users. By performing clustering on IP addresses rather than on individual queries, we are able to examine the full breadth of DNS client categories. We also consider the overall deployment of recommended DNS security mechanisms, including 0x20 encoding, DNSSEC, IP-ID randomization, and QNAME minimization. We find that many of our measurements coincide with previous assessments of root server data. Our client-based approach reveals at least one group that suffers from a low rate of DNSSEC and source port randomization deployment.

Degree

MS

College and Department

Computational, Mathematical, and Physical Sciences; Computer Science

Rights

https://lib.byu.edu/about/copyright/

Date Submitted

2024-07-29

Document Type

Thesis

Handle

http://hdl.lib.byu.edu/1877/etd13305

Keywords

Domain Name System, DNSSEC, Clustering

Language

english

Download

Share

COinS