Learn More
We describe a novel, practical and simple technique to make DNS queries more resistant to poisoning attacks: mix the upper and lower case spelling of the domain name in the query. Fortuitously, almost all DNS authority servers preserve the mixed case encoding of the query in answer messages. Attackers hoping to poison a DNS cache must therefore guess the(More)
Adversary-resistant communication bootstrapping is a fundamental problem faced by many circumvention (anti-censorship) systems such as Tor. Censoring regimes actively harvest and block published Tor entry points and bridge nodes. More recently, some countries have resorted to reactive (follow-up) probing of the destination hosts of outbound encrypted(More)
DNS (domain name system) is a distributed, coherent, reliable, autonomous, hierarchical database, the first and only one of its kind. Created in the 1980s when the Internet was still young but overrunning its original system for translating host names into IP addresses, DNS is one of the foundation technologies that made the worldwide Internet (and the(More)
Suboptimal performance of the ISC BIND9 DNS server with multiple threads is a well known problem. This paper explores practical approaches addressing this longstanding issue. First, intensive profiling identifies major bottlenecks occurring due to overheads for thread synchronization. These bottlenecks are then eliminated by giving separate work areas with(More)
There has never been a greater need for comprehensive Internet metrics than now. Even basic security-critical facts about the Internet, such as "How many systems are botted?" or "What networks still don't do Source Address Validation?" remain murky and poorly quantified. Likewise, traffic characterization and summary inter-AS flow data typically remain(More)
Authority zones in the Domain Name System must be declared to have one or more authoritative name servers, usually consisting of one primary name server and several secondary name servers. These name servers are expected to synchronize zone data using DNS’s zone transfer protocols, but the configuration of these synchronization relationships depends upon(More)