Skip to main content
SpringerLink
Log in

DualDNSMiner: A Dual-Stack Resolver Discovery Method Based on Alias Resolution

  • Conference paper
  • First Online:
Collaborative Computing: Networking, Applications and Worksharing (CollaborateCom 2023)

  • 100 Accesses

Abstract

With the rapid development of IPv6 network applications, the transition to IPv6 dns has accelerated. In this process, dual-stack resolvers take on the crucial role that ensures the resolution of domains under hybrid network conditions. However, the lagging deployment of IPv6 defence measures may undermine the overall security of resolvers, making the discovery of dual-stack resolvers vital for DNS security analysis. Previous methods for discovering dual-stack resolvers are built on strong but impractical assumptions, ignoring resolvers with multiple alias IP addresses. In this article, we propose a new dual-stack resolvers discovery model based on alias resolution - DualDNSMiner. DualDNSMiner involves address alias resolution technology in order to recognize hosts with multiple alias addresses and identify dual-stack resolvers. Large-scale measurement experiments show that, DualDNSMiner can reliably discover over 80% more new dual-stack resolvers compared to previous judgment rules. In addition, we put forth a novel approach to validate the accuracy of our findings. The results demonstrate that the precision of DualDNSMiner can exceed over 90%. Finally, the results of DualDNSMiner provide the first proof of the widespread use of alias addresses in DNS resolvers, which is crucial for analyzing the process of DNS’s IPv6 evolution.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 79.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 99.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Al-Dalky, R., Schomp, K.: Characterization of collaborative resolution in recursive DNS resolvers. In: Beverly, R., Smaragdakis, G., Feldmann, A. (eds.) Passive and Active Measurement. Lecture Notes in Computer Science(), vol. 10771, pp. 146–157. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-76481-8_11

    Chapter  Google Scholar 

  2. APNIC: Ipv6 capable rate by country. https://stats.labs.apnic.net/ipv6/

  3. APNIC: Use of ipv6 for world (XA). https://stats.labs.apnic.net/IPv6/XA

  4. Bagnulo, M., García-Martínez, A., Van Beijnum, I.: The NAT64/DNS64 tool suite for IPv6 transition. IEEE Commun. Mag. 50(7), 177–183 (2012)

    Article  Google Scholar 

  5. Bagnulo, M., Sullivan, A., Matthews, P., Van Beijnum, I.: DNS64: DNS extensions for network address translation from IPv6 clients to ipv4 servers. Technical report (2011)

    Google Scholar 

  6. Bender, A., Sherwood, R., Spring, N.: Fixing ally’s growing pains with velocity modeling. In: Proceedings of the 8th ACM SIGCOMM Conference On Internet Measurement, pp. 337–342 (2008)

    Google Scholar 

  7. Berger, A., Weaver, N., Beverly, R.: Internet nameserver IPv4 and IPv6 address relationships, pp. 91–104. Association for Computing Machinery (ACM), New York (2013). 10(2504730.2504745)

    Google Scholar 

  8. Beverly, R., Berger, A.: Server siblings: Identifying shared IPv4/IPv6 infrastructure via active fingerprinting. In: Mirkovic, J., Liu, Y. (eds.) Passive and Active Measurement. Lecture Notes in Computer Science(), vol. 8995, pp. 149–161. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-15509-8_12

    Chapter  Google Scholar 

  9. Beverly, R., Brinkmeyer, W., Luckie, M., Rohrer, J.P.: IPv6 alias resolution via induced fragmentation. In: Roughan, M., Chang, R. (eds.) Passive and Active Measurement. Lecture Notes in Computer Science, vol. 7799, pp. 155–165. Springer, Berlin, Heidelberg (2013). https://doi.org/10.1007/978-3-642-36516-4_16

    Chapter  Google Scholar 

  10. CoreDNS.io: CoreDNS-cache. https://coredns.io/plugins/cache/

  11. Durand, A., Ihren, J.: DNS IPv6 transport operational guidelines. Technical report (2004)

    Google Scholar 

  12. Durand, A., Droms, R., Lee, Y., Woodyatt, J.: Dual-stack lite broadband deployments following IPv4 exhaustion. RFC 6333 (2011). https://doi.org/10.17487/RFC6333, https://www.rfc-editor.org/info/rfc6333

  13. Elz, R., Bush, R.: RFC2181: clarifications to the DNS specification (1997)

    Google Scholar 

  14. Google: IPv6. https://www.google.com/intl/en/ipv6/statistics.html

  15. Gunes, M.H., Sarac, K.: Analytical IP alias resolution. In: 2006 IEEE International Conference on Communications, vol. 1, pp. 459–464. IEEE (2006)

    Google Scholar 

  16. Hendriks, L., Oliveira Schmidt, R.D., Rijswijk-Deij, R.V., Pras, A.: On the potential of IPv6 open resolvers for DDoS attacks. In: Kaafar, M., Uhlig, S., Amann, J. (eds.) Passive and Active Measurement. Lecture Notes in Computer Science(), vol. 10176, pp. 17–29. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-54328-4_2

    Chapter  Google Scholar 

  17. Hu, Q., Asghar, M.R., Brownlee, N.: Measuring IPv6 DNS reconnaissance attacks and preventing them using DNS guard. In: 2018 48th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), pp. 350–361. IEEE (2018)

    Google Scholar 

  18. Hub, D.: ubuntu-official images. https://hub.docker.com/ubuntu

  19. Huston, G.: IPv6 and the DNS. https://labs.apnic.net/?p=1343

  20. Keys, K., Hyun, Y., Luckie, M., Claffy, K.: Internet-scale IPv4 alias resolution with MIDAR. IEEE/ACM Trans. Networking 21(2), 383–399 (2012)

    Article  Google Scholar 

  21. Klein, A., Shulman, H., Waidner, M.: Internet-wide study of DNS cache injections. In: IEEE INFOCOM 2017-IEEE Conference on Computer Communications, pp. 1–9. IEEE (2017)

    Google Scholar 

  22. Labs, N.: NLnet labs-unbound-about. https://nlnetlabs.nl/projects/unbound/about/

  23. Mockapetris, P.V.: RFC1035: domain names-implementation and specification (1987)

    Google Scholar 

  24. Murdock, A., Li, F., Bramsen, P., Durumeric, Z., Paxson, V.: Target generation for internet-wide IPv6 scanning. In: Proceedings of the 2017 Internet Measurement Conference, pp. 242–253 (2017)

    Google Scholar 

  25. Okamoto, T., Tarao, M.: Implementation and evaluation of an immunity-enhancing module for ISC BIND9. Procedia Comput. Sci. 126, 1405–1414 (2018)

    Article  Google Scholar 

  26. Vixie, P.: Extension mechanisms for DNS (EDNS0). Technical report (1999)

    Google Scholar 

Download references

Acknowledgment

This work is supported by the Strategic Priority Research Program of the Chinese Academy of Sciences with No. XDC02030400, the National Key Research and Development Program of China with No. 2021YFB3101001 and No. 2021YFB3101403.

Author information

Authors and Affiliations

  1. Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China

    Dingkang Han, Yujia Zhu, Liang Jiao, Dikai Mo, Yong Sun & Qingyun Liu

  2. National Engineering Laboratory of Information Security Technologies, Beijing, China

    Dingkang Han, Yujia Zhu, Liang Jiao, Dikai Mo, Yong Sun & Qingyun Liu

  3. School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China

    Dingkang Han, Yujia Zhu, Liang Jiao & Dikai Mo

  4. CNCERT, Beijing, China

    Yuedong Zhang

Authors
  1. Dingkang Han
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Yujia Zhu
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Liang Jiao
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Dikai Mo
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Yong Sun
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Yuedong Zhang
    View author publications

    You can also search for this author in PubMed Google Scholar

  7. Qingyun Liu
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Yong Sun .

Editor information

Editors and Affiliations

  1. Shanghai University, Shanghai, China

    Honghao Gao

  2. Xi’an Jiaotong-Liverpool, Suzhou, China

    Xinheng Wang

  3. University of Peloponnese, Patra, Greece

    Nikolaos Voros

A Discovery and Verification Results

A Discovery and Verification Results

Table 5. Comparison of DualDNSMiner with previous methods, and verification of results.
Full size table

Rights and permissions

Reprints and permissions

Copyright information

© 2024 ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Han, D. et al. (2024). DualDNSMiner: A Dual-Stack Resolver Discovery Method Based on Alias Resolution. In: Gao, H., Wang, X., Voros, N. (eds) Collaborative Computing: Networking, Applications and Worksharing. CollaborateCom 2023. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 563. Springer, Cham. https://doi.org/10.1007/978-3-031-54531-3_19

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-54531-3_19

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-54530-6

  • Online ISBN: 978-3-031-54531-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation