查看文章

DNS is one of the most important infrastructure of the Internet, but it unfortunately suffers from malicious attacks, such as DDoS and cache poisoning. Study and investigation of currently-deployed DNS servers are needed to implement effective and efficient countermeasure. To cope with that, we sent probing requests to the whole IPv4 address space and collected DNS-related information, ie, DNS server type distribution, DNS server software version distribution and FQDN distribution of DNS server. The measurement result shows that we obtained the addresses of about 30 million DNS servers, about 25 million open resolvers, and about 7 million DNS servers that responded to software version query request. Furthermore, we reversely looked up the DNS servers’ addresses to investigate the distribution of domain names. It revealed that there are many open resolvers in spammer-favored domains. We also discuss the relationship between the DNS amplification attack, a type of DDoS attack that abuses open resolvers, DNSSEC, and its countermeasures. DNSSEC significantly increases efficiency of the DNS amplification attack since its records typically amount to tens of thousand bytes.