Towards classification of DNS erroneous queries

Yuta Kazato, Kensuke Fukuda, Toshiharu Sugawara

Research output: Chapter in Book/Report/Conference proceedingConference contribution

5 Citations (Scopus)


We analyze domain name system (DNS) errors (i.e., Serv- Fail, Refused and NX Domain errors) in DNS traffic cap- tured at an external connection link of an academic network in Japan and attempt to understand the causes of such er- rors. Because DNS errors that are responses to erroneous queries have a large impact on DNS traffic, we should reduce as many of them as possible. First, we show that ServFail and Refused errors are generated by queries from a small number of local resolvers and authoritative nameservers that do not relate to ordinary users. Second, we demonstrate that NX Domain errors have several query patterns due to mostly anti-virus/anti-spam systems as well as meaningless queries (i.e., mis-configuration). By analyzing erroneous queries leading to NX Domain errors with the proposed heuristic rules to identify the main causes of such errors, we suc- cessfully classify them into nine groups that cover approxi- mately 90% of NX Domain errors with a low false positive rate. Furthermore, we find malicious domain names similar to Japanese SNS sites from the results. We discuss the main causes of these DNS errors and how to reduce them from the results of our analysis.

Original languageEnglish
Title of host publicationAsian Internet Engineeering Conference, AINTEC 2013
PublisherAssociation for Computing Machinery
Number of pages8
ISBN (Print)9781450324519
Publication statusPublished - 2013
Event9th Asian Internet Engineeering Conference, AINTEC 2013 - Chiang Mai, Thailand
Duration: 2013 Nov 132013 Nov 15

Publication series

NameAsian Internet Engineeering Conference, AINTEC 2013


Conference9th Asian Internet Engineeering Conference, AINTEC 2013
CityChiang Mai


  • Classification
  • DNS
  • Dns error
  • Mis-configuration

ASJC Scopus subject areas

  • Computer Networks and Communications


Dive into the research topics of 'Towards classification of DNS erroneous queries'. Together they form a unique fingerprint.

Cite this