Detecting DNS Root Manipulation

TitleDetecting DNS Root Manipulation
Publication TypeConference Paper
Year of Publication2016
AuthorsJones, B., Feamster N., Paxson V., Weaver N., & Allman M.
Published inProceedings of Passive and Active Measurement Conference (PAM)

We present techniques for detecting unauthorized DNS root servers in the Internet using primarily endpoint-based measurements from RIPE Atlas, supplemented with BGP routing announcements from RouteViews and RIPE RIS. The first approach analyzes the latency to the root server and the second approach looks for route hijacks. We demonstrate the importance and validity of these techniques by measuring the only root server (``B'') not widely distributed using anycast. Our measurements establish the presence of several DNS proxies and a DNS root mirror.

ICSI Research Group

Networking and Security