Towards classification of DNS erroneous queries

Yuta Kazato, Kensuke Fukuda, Toshiharu Sugawara

    Research output: Chapter in Book/Report/Conference proceedingConference contribution

    4 Citations (Scopus)

    Abstract

    We analyze domain name system (DNS) errors (i.e., Serv- Fail, Refused and NX Domain errors) in DNS traffic cap- tured at an external connection link of an academic network in Japan and attempt to understand the causes of such er- rors. Because DNS errors that are responses to erroneous queries have a large impact on DNS traffic, we should reduce as many of them as possible. First, we show that ServFail and Refused errors are generated by queries from a small number of local resolvers and authoritative nameservers that do not relate to ordinary users. Second, we demonstrate that NX Domain errors have several query patterns due to mostly anti-virus/anti-spam systems as well as meaningless queries (i.e., mis-configuration). By analyzing erroneous queries leading to NX Domain errors with the proposed heuristic rules to identify the main causes of such errors, we suc- cessfully classify them into nine groups that cover approxi- mately 90% of NX Domain errors with a low false positive rate. Furthermore, we find malicious domain names similar to Japanese SNS sites from the results. We discuss the main causes of these DNS errors and how to reduce them from the results of our analysis.

    Original languageEnglish
    Title of host publicationAsian Internet Engineeering Conference, AINTEC 2013
    PublisherAssociation for Computing Machinery
    Pages25-32
    Number of pages8
    ISBN (Print)9781450324519
    DOIs
    Publication statusPublished - 2013
    Event9th Asian Internet Engineeering Conference, AINTEC 2013 - Chiang Mai
    Duration: 2013 Nov 132013 Nov 15

    Other

    Other9th Asian Internet Engineeering Conference, AINTEC 2013
    CityChiang Mai
    Period13/11/1313/11/15

    Fingerprint

    Viruses

    Keywords

    • Classification
    • DNS
    • Dns error
    • Mis-configuration

    ASJC Scopus subject areas

    • Computer Networks and Communications

    Cite this

    Kazato, Y., Fukuda, K., & Sugawara, T. (2013). Towards classification of DNS erroneous queries. In Asian Internet Engineeering Conference, AINTEC 2013 (pp. 25-32). Association for Computing Machinery. https://doi.org/10.1145/2534142.2534146

    Towards classification of DNS erroneous queries. / Kazato, Yuta; Fukuda, Kensuke; Sugawara, Toshiharu.

    Asian Internet Engineeering Conference, AINTEC 2013. Association for Computing Machinery, 2013. p. 25-32.

    Research output: Chapter in Book/Report/Conference proceedingConference contribution

    Kazato, Y, Fukuda, K & Sugawara, T 2013, Towards classification of DNS erroneous queries. in Asian Internet Engineeering Conference, AINTEC 2013. Association for Computing Machinery, pp. 25-32, 9th Asian Internet Engineeering Conference, AINTEC 2013, Chiang Mai, 13/11/13. https://doi.org/10.1145/2534142.2534146
    Kazato Y, Fukuda K, Sugawara T. Towards classification of DNS erroneous queries. In Asian Internet Engineeering Conference, AINTEC 2013. Association for Computing Machinery. 2013. p. 25-32 https://doi.org/10.1145/2534142.2534146
    Kazato, Yuta ; Fukuda, Kensuke ; Sugawara, Toshiharu. / Towards classification of DNS erroneous queries. Asian Internet Engineeering Conference, AINTEC 2013. Association for Computing Machinery, 2013. pp. 25-32
    @inproceedings{6d50a0f8ed8346c9b54efbe03f8a3945,
    title = "Towards classification of DNS erroneous queries",
    abstract = "We analyze domain name system (DNS) errors (i.e., Serv- Fail, Refused and NX Domain errors) in DNS traffic cap- tured at an external connection link of an academic network in Japan and attempt to understand the causes of such er- rors. Because DNS errors that are responses to erroneous queries have a large impact on DNS traffic, we should reduce as many of them as possible. First, we show that ServFail and Refused errors are generated by queries from a small number of local resolvers and authoritative nameservers that do not relate to ordinary users. Second, we demonstrate that NX Domain errors have several query patterns due to mostly anti-virus/anti-spam systems as well as meaningless queries (i.e., mis-configuration). By analyzing erroneous queries leading to NX Domain errors with the proposed heuristic rules to identify the main causes of such errors, we suc- cessfully classify them into nine groups that cover approxi- mately 90{\%} of NX Domain errors with a low false positive rate. Furthermore, we find malicious domain names similar to Japanese SNS sites from the results. We discuss the main causes of these DNS errors and how to reduce them from the results of our analysis.",
    keywords = "Classification, DNS, Dns error, Mis-configuration",
    author = "Yuta Kazato and Kensuke Fukuda and Toshiharu Sugawara",
    year = "2013",
    doi = "10.1145/2534142.2534146",
    language = "English",
    isbn = "9781450324519",
    pages = "25--32",
    booktitle = "Asian Internet Engineeering Conference, AINTEC 2013",
    publisher = "Association for Computing Machinery",

    }

    TY - GEN

    T1 - Towards classification of DNS erroneous queries

    AU - Kazato, Yuta

    AU - Fukuda, Kensuke

    AU - Sugawara, Toshiharu

    PY - 2013

    Y1 - 2013

    N2 - We analyze domain name system (DNS) errors (i.e., Serv- Fail, Refused and NX Domain errors) in DNS traffic cap- tured at an external connection link of an academic network in Japan and attempt to understand the causes of such er- rors. Because DNS errors that are responses to erroneous queries have a large impact on DNS traffic, we should reduce as many of them as possible. First, we show that ServFail and Refused errors are generated by queries from a small number of local resolvers and authoritative nameservers that do not relate to ordinary users. Second, we demonstrate that NX Domain errors have several query patterns due to mostly anti-virus/anti-spam systems as well as meaningless queries (i.e., mis-configuration). By analyzing erroneous queries leading to NX Domain errors with the proposed heuristic rules to identify the main causes of such errors, we suc- cessfully classify them into nine groups that cover approxi- mately 90% of NX Domain errors with a low false positive rate. Furthermore, we find malicious domain names similar to Japanese SNS sites from the results. We discuss the main causes of these DNS errors and how to reduce them from the results of our analysis.

    AB - We analyze domain name system (DNS) errors (i.e., Serv- Fail, Refused and NX Domain errors) in DNS traffic cap- tured at an external connection link of an academic network in Japan and attempt to understand the causes of such er- rors. Because DNS errors that are responses to erroneous queries have a large impact on DNS traffic, we should reduce as many of them as possible. First, we show that ServFail and Refused errors are generated by queries from a small number of local resolvers and authoritative nameservers that do not relate to ordinary users. Second, we demonstrate that NX Domain errors have several query patterns due to mostly anti-virus/anti-spam systems as well as meaningless queries (i.e., mis-configuration). By analyzing erroneous queries leading to NX Domain errors with the proposed heuristic rules to identify the main causes of such errors, we suc- cessfully classify them into nine groups that cover approxi- mately 90% of NX Domain errors with a low false positive rate. Furthermore, we find malicious domain names similar to Japanese SNS sites from the results. We discuss the main causes of these DNS errors and how to reduce them from the results of our analysis.

    KW - Classification

    KW - DNS

    KW - Dns error

    KW - Mis-configuration

    UR - http://www.scopus.com/inward/record.url?scp=84893404551&partnerID=8YFLogxK

    UR - http://www.scopus.com/inward/citedby.url?scp=84893404551&partnerID=8YFLogxK

    U2 - 10.1145/2534142.2534146

    DO - 10.1145/2534142.2534146

    M3 - Conference contribution

    AN - SCOPUS:84893404551

    SN - 9781450324519

    SP - 25

    EP - 32

    BT - Asian Internet Engineeering Conference, AINTEC 2013

    PB - Association for Computing Machinery

    ER -