article

The windows of pivate DNS updates

Authors:

Marina Fomenkov,

kc claffyAuthors Info & Claims

ACM SIGCOMM Computer Communication Review, Volume 36, Issue 3

Pages 93 - 98

https://doi.org/10.1145/1140086.1140098

Published: 05 July 2006 Publication History

Abstract

This work is motivated by the observation of one particular type of unwanted traffic -- dynamic DNS updates for private (RFC1918) addresses, which leaks to global network. This spurious traffic not only wastes network resources but also jeopardizes security and privacy of users.We first look at the magnitude of these updates on two independent AS112 [1] servers. We then analyze which operating systems are responsible for these updates by using three levels of signature techniques and find that over 97% of updates come from Windows systems. While newer versions of Windows OSes are more stringent in sending private DNS updates, we did not observe an overall decreasing trend due to this evolution. Users, software vendors, and system administrators can take steps to reduce this RFC1918 traffic. However, since most end users are unlikely to interfere with vendor default settings, it should be the responsibility of software vendor and system administrators to take positive action to fix this problem.

References

[1]

"AS112 Project Home Page," www.as112.net.

[2]

Y. Rekhter, B. Moskowitz, D. Karrenberg, G. J. de Groot, and E. Lear, "Address Allocation for Private Internets, RFC1918," February 1996.

Digital Library

[3]

A. Broido, E. Nemeth, and kc claffy, "Spectroscopy of private DNS update sources," in WIAPP, 2003.A. Moore and D. Zuev, "Internet traffic classification using bayesian analysis," in ACM SIGMETRICS, 2005.

Digital Library

[4]

S. Cheshire, B. Aboba, and E. Guttman, "Dynamic Configuration of IPv4 Link-Local Addresses," draft-ietf-zeroconf-ipv4-linklocal-07.txt, 23rd August 2002 www.potaroo.net/ietf/ids/draft-ietf-zeroconf-ipv4-linklocal-07.txt.

[5]

R. Droms, "Dynamic host configuration protocol, RFC2131," March 1997.

[6]

S. Alexander and R.Droms, "DHCP options and BOOTP vendor extensions, RFC2132," March 1997.

Digital Library

[7]

P. Vixie, S.Thompson, Y.Rekhter, and J.Bound, "Dynamic updates in the Domain Name System, RFC2136," April 1997.

Digital Library

[8]

N. Brownlee, kc claffy, and E.Nemeth, "DNS Measurements at a Root Server," Globecom 2001.

[9]

"Root Server Technical Operations Association," www.root-servers.org.

[10]

A. Broido, E. Nemeth, and kc claffy, "Internet expansion, refinement and churn," European Transactions on Telecommunications, 13, No.1, Jan-Feb 2002, 33--51.

[11]

David Meyer e.a., "University of Oregon Route Views Archive Project, www.routeviews.org,"

[12]

P. Mockapetris, "Domain names - implementation and specification, RFC1035," November 1987.

[13]

D. Eastlake 3rd, "Secret Key Establishment for DNS (TKEY RR), RFC2930," September 2000.

Digital Library

[14]

S. Kwan, P. Garg, J. Gilroy, L. Esibov, J. Westhead, and R. Hall, "Generic Security Service Algorithm for Secret Key Transaction Authentication for DNS (GSS-TSIG), RFC3645," October 2003, potaroo.net/ietf/idref/rfc3645.

Digital Library

[15]

"Microsoft Security Bulletin MS01-008," 2003, www.microsoft.com/technet/security/bulletin/MS01-008.mspx.

[16]

Microsoft TechNet, "Windows 2000 DNS," www.microsoft.com/technet/prodtechnol/windows2000serv/plan/w2kdns2.mspx.

[17]

Microsoft TechNet, "How DHCP technology works," Mar 2003, www.microsoft.com/technet/prodtechnol/windowsserver2003/library/TechRef/8006f246-2029-4bad-b9f0-4f31a56b0590.mspx.

[18]

Microsoft TechNet, "How to configure DNS dynamic updates in Wiindows Server 2003," Oct. 2005, support.microsoft.com/default.aspx?scid=kb;en-us;816592.

[19]

M. Zalewsky, "The new p0f: 2.0.5," 2004, lcamtuf.coredump.cx/p0f.shtml.

[20]

Microsoft, "TCP/IP and NBT config parameters for Windows 2000 or Windows NT," 2004, support.microsoft.com/kb/q120642.

[21]

Microsoft, "TCP/IP and NBT config parameters for Windows XP," 2004, support.microsoft.com/kb/314053/EN-US.

[22]

"W3 schools browser statistics," 2005, www.w3schools.com/browsers/browsers stats.asp.

[23]

R. Beverly, "A Robust Classifier for Passive TCP/IP Fingerprinting," in PAM, 2004.

[24]

"Internet Software Consortium," www.isc.org.

[25]

"Secure dynamic dns howto," 2002, ops.ietf.org/dns/dynupd/secure-ddns-howto.html.

[26]

"How to Disable Dynamic DNS Updates on Windows Systems," www.caida.org/research/dns/disable dns updates.xml.

Cited By

Castro SWessels DFomenkov MClaffy K(2008)A day at the root of the internetACM SIGCOMM Computer Communication Review10.1145/1452335.145234138:5(41-46)Online publication date: 30-Sep-2008
https://dl.acm.org/doi/10.1145/1452335.1452341
Aura TLindqvist JRoe MMohammed A(2008)Chattering LaptopsProceedings of the 8th international symposium on Privacy Enhancing Technologies10.1007/978-3-540-70630-4_11(167-186)Online publication date: 23-Jul-2008
https://dl.acm.org/doi/10.1007/978-3-540-70630-4_11

Index Terms

The windows of pivate DNS updates
1. Networks
2. Software and its engineering
  1. Software organization and properties
    1. Contextual software domains
      1. Operating systems

Recommendations

Securing DNS: Extending DNS Servers with a DNSSEC Validator

DNS Security Extensions (DNSSEC) is a proposed standard for securely authenticating information in the Domain Name System. DNSSEC validators check the digital signatures on DNS data. However, designing a validator worth the operational costs is a ...
DNS on Windows NT
RFC 5205: Host Identity Protocol (HIP) Domain Name System (DNS) Extensions

Comments

Information & Contributors

Information

Published In

cover image ACM SIGCOMM Computer Communication Review

ACM SIGCOMM Computer Communication Review Volume 36, Issue 3

July 2006

97 pages

ISSN:0146-4833

DOI:10.1145/1140086

Issue’s Table of Contents

Copyright © 2006 Authors.

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 05 July 2006

Published in SIGCOMM-CCR Volume 36, Issue 3

Check for updates

Author Tags

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

2
Total Citations
View Citations
357
Total Downloads

Downloads (Last 12 months)3
Downloads (Last 6 weeks)0

Reflects downloads up to 27 Dec 2024

Other Metrics

View Author Metrics

Citations

Cited By

Castro SWessels DFomenkov MClaffy K(2008)A day at the root of the internetACM SIGCOMM Computer Communication Review10.1145/1452335.145234138:5(41-46)Online publication date: 30-Sep-2008
https://dl.acm.org/doi/10.1145/1452335.1452341
Aura TLindqvist JRoe MMohammed A(2008)Chattering LaptopsProceedings of the 8th international symposium on Privacy Enhancing Technologies10.1007/978-3-540-70630-4_11(167-186)Online publication date: 23-Jul-2008
https://dl.acm.org/doi/10.1007/978-3-540-70630-4_11

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Issue’s Table of Contents