TY - GEN
T1 - Towards classification of DNS erroneous queries
AU - Kazato, Yuta
AU - Fukuda, Kensuke
AU - Sugawara, Toshiharu
PY - 2013
Y1 - 2013
N2 - We analyze domain name system (DNS) errors (i.e., Serv- Fail, Refused and NX Domain errors) in DNS traffic cap- tured at an external connection link of an academic network in Japan and attempt to understand the causes of such er- rors. Because DNS errors that are responses to erroneous queries have a large impact on DNS traffic, we should reduce as many of them as possible. First, we show that ServFail and Refused errors are generated by queries from a small number of local resolvers and authoritative nameservers that do not relate to ordinary users. Second, we demonstrate that NX Domain errors have several query patterns due to mostly anti-virus/anti-spam systems as well as meaningless queries (i.e., mis-configuration). By analyzing erroneous queries leading to NX Domain errors with the proposed heuristic rules to identify the main causes of such errors, we suc- cessfully classify them into nine groups that cover approxi- mately 90% of NX Domain errors with a low false positive rate. Furthermore, we find malicious domain names similar to Japanese SNS sites from the results. We discuss the main causes of these DNS errors and how to reduce them from the results of our analysis.
AB - We analyze domain name system (DNS) errors (i.e., Serv- Fail, Refused and NX Domain errors) in DNS traffic cap- tured at an external connection link of an academic network in Japan and attempt to understand the causes of such er- rors. Because DNS errors that are responses to erroneous queries have a large impact on DNS traffic, we should reduce as many of them as possible. First, we show that ServFail and Refused errors are generated by queries from a small number of local resolvers and authoritative nameservers that do not relate to ordinary users. Second, we demonstrate that NX Domain errors have several query patterns due to mostly anti-virus/anti-spam systems as well as meaningless queries (i.e., mis-configuration). By analyzing erroneous queries leading to NX Domain errors with the proposed heuristic rules to identify the main causes of such errors, we suc- cessfully classify them into nine groups that cover approxi- mately 90% of NX Domain errors with a low false positive rate. Furthermore, we find malicious domain names similar to Japanese SNS sites from the results. We discuss the main causes of these DNS errors and how to reduce them from the results of our analysis.
KW - Classification
KW - DNS
KW - Dns error
KW - Mis-configuration
UR - http://www.scopus.com/inward/record.url?scp=84893404551&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84893404551&partnerID=8YFLogxK
U2 - 10.1145/2534142.2534146
DO - 10.1145/2534142.2534146
M3 - Conference contribution
AN - SCOPUS:84893404551
SN - 9781450324519
T3 - Asian Internet Engineeering Conference, AINTEC 2013
SP - 25
EP - 32
BT - Asian Internet Engineeering Conference, AINTEC 2013
PB - Association for Computing Machinery
T2 - 9th Asian Internet Engineeering Conference, AINTEC 2013
Y2 - 13 November 2013 through 15 November 2013
ER -