For Full-Text PDF, please login, if you are a member of IEICE,|
or go to Pay Per View on menu list, if you are a nonmember of IEICE.
Evaluating “Health Status” for DNS Resolvers
Keyu LU Zhaoxin ZHANG
IEICE TRANSACTIONS on Communications
Publication Date: 2018/12/01
Online ISSN: 1745-1345
Type of Manuscript: PAPER
domain name system, security threats, measurement, evaluation,
Full Text: PDF(2.1MB)
>>Buy this Article
The Domain Name System (DNS) maps domain names to IP addresses. It is an important infrastructure in the Internet. Recently, DNS has experienced various security threats. DNS resolvers experience the security threats most frequently, since they interact with clients and they are the largest group of domain name servers. In order to eliminate security threats against DNS resolvers, it is essential to improve their “health status”. Since DNS resolvers' owners are not clear which DNS resolvers should be improved and how to improve “health status”, the evaluation of “health status” for DNS resolvers has become vital. In this paper, we emphasize five indicators describing “health status” for DNS resolvers, including security, integrity, availability, speed and stability. We also present nine metrics measuring the indicators. Based on the measurement of the metrics, we present a “health status” evaluation method with factor analysis. To validate our method, we measured and evaluated more than 30,000 DNS resolvers in China and Japan. The results showed that the proposed “health status” evaluation method could describe “health status” well. We also introduce instructions for evaluating a small number of DNS resolvers. And we discuss DNSSEC and its effects on resolution speed. At last, we make suggestions for inspecting and improving “health status” of DNS resolvers.