Abstract
The Domain Name System (DNS) provides a scalable name resolution service. It uses extensive caching to improve its resiliency and performance; every DNS record contains a time-to-live (TTL) value, which specifies how long a DNS record can be cached before being discarded. Since the TTL can play an important role in both DNS security (e.g., determining a DNSSEC-signed response’s caching period) and performance (e.g., responsiveness of CDN-controlled domains), it is crucial to measure and understand how resolvers violate TTL.
Unfortunately, measuring how DNS resolvers manage TTL around the world remains difficult since it usually requires having the cooperation of many nodes spread across the globe. In this paper, we present a methodology that measures TTL-violating resolvers using an HTTP/S proxy service, which allows us to cover more than 27 K resolvers in 9.5 K ASes. Out of the 8,524 resolvers that we could measure through at least five different vantage points, we find that 8.74% of them extend the TTL arbitrarily, which potentially can degrade the performance of at least 38% of the popular websites that use CDNs. We also report that 44.1% of DNSSEC-validating resolvers incorrectly serve DNSSEC-signed responses from the cache even after their RRSIGs are expired.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
- 1.
Since we are only permitted to observe the only egress resolver IPs querying our authoritative servers, we label each querying IP as a resolver.
- 2.
Our methodology can miss domains that delegate its name server to CDNs by replacing their NS records with CDN’s ones. We could potentially identify them by checking whether both of their web server and DNS server are managed by the same CDN. However, some companies (e.g., Alibaba and Google) also provide VPS hosting service, which will cause false-positive (e.g., the domain owner manages both servers within the same VPS), thus we only focus on the CNAME expansion information.
References
Amit, K., Haya, S., Michael, W.: Counting in the Dark: DNS caches discovery and enumeration in the internet. IEEE Comput. Soc. DSN (2017)
Arends, R., Austein, R., Larson, M., Massey, D., Rose, S.: DNS security introduction and requirements. RFC 4033, IETF (2005). http://www.ietf.org/rfc/rfc4033.txt
Alzoubi, H.A., Rabinovich, M.I., Spatscheck, O.: The anatomy of LDNS clusters: findings and implications for web content delivery. In: WWW (2013)
Blank, S., Goldsten, P., Loder, T., Zinkn, T., Bradshaw, M.: Brand indicators for message identification (BIMI). In: IETF (2021)
BIND max-cache-ttl. https://bind9.readthedocs.io/en/v9_18_7/reference.html?highlight=max-cache-ttl
Chung, T., et al.: A longitudinal. End-to-end view of the DNSSEC ecosystem, In: USENIX Security (2017)
Callahan, T., Allman, M., Rabinovich, R.: On modern DNS behavior and properties. CCR 43(4) (2013)
CAIDA ASOrganizations Dataset. http://www.caida.org/data/as-organizations/
DNS based load-balancing. https://www.cloudflare.com/learning/performance/what-is-dns-load-balancing/
Elz, R., Bush, R.: Clarifications to the DNS specification. RFC 2181, IETF (1997)
Edge and Browser Cache TTL. https://developers.cloudflare.com/cache/about/edge-browser-cache-ttl/
Flavel, A., Mani, P., Maltz, D.A.: Re-evaluating the responsiveness of DNS-based network control. In: LANMAN (2014)
Hoffman, P., Schlyter, J.: The DNS-based authentication of named entities (DANE) transport layer security (TLS) protocol: TLSA. RFC 6698, IETF (2012)
Hola VPN. http://hola.org/
Jeffrey, P., Aditya, A., Anees, S., Balachander, K., Srinivasan, S.: On the responsiveness of DNS-based network control. In: IMC (2004)
Kyle, S., Tom, C., Michael, R., Mark, A.: On measuring the client-side DNS infrastructure. In: IMC (2013)
cache-min-ttl in KnotDNS. https://knot-resolver.readthedocs.io/en/stable/daemon-bindings-cache.html
Mario, A., Alessandro, F., Diego, P., Narseo, V.-R., Matteo, V.: Dissecting DNS stakeholders in mobile networks. In: CoNEXT (2017)
Margolis, D., Risher, M., Ramakrishnan, B., Brotman, A., Jones, J.: SMTP MTA strict transport security (MTA-STS). RFC 8461, IETF (2018)
Moura, G.: DNS TTL violations in the wild - measured with RIPE atlas. https://labs.ripe.net/author/giovane_moura/dns-ttl-violations-in-the-wild-measured-with-ripe-atlas
Moura, G., Heidemann, J., Schmidt, R.D.O., Hardaker, W.: Cache me if you can: effects of DNS time-to-live. In: IMC (2019)
Mockapetris, P.: Domain Names - Concepts and Facilities. RFC 1034, IETF (1987)
Nygren, E., Sitaraman, R.K., Sun, J.: The Akamai network: a platform for high-performance internet applications. OSR 44(3) (2010)
OpenINTEL. https://www.openintel.nl/
Pochat, V.L., Goethem, T.V., Tajalizadehkhoob, S., Korczyński, M., Joosen, W.: TRANCO: a research-oriented top sites ranking hardened against manipulation. In: NDSS (2019)
minimum-ttl-override option in PowerDNS. https://doc.powerdns.com/recursor/settings.html#minimum-ttl-override
ProxyRack. https://www.proxyrack.com
Randall, A., et al.: Trufflehunter: cache snooping rare domains at large public DNS resolvers. In: IMC (2020)
Cache-min-ttl, Cache-max-ttl option in Unbound. https://nlnetlabs.nl/documentation/unbound/unbound.conf/
Acknowledgments
We thank the anonymous reviewers and our shepherd, Paul Schmitt, for their helpful comments. We also thank BrightData for their credits to use the service. This research was supported in part by NSF grants CNS-2053363 and CNS-2051166, and 4-VA, a collaborative partnership for advancing the Commonwealth of Virginia.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Bhowmick, P., Ashiq, M.I., Deccio, C., Chung, T. (2023). TTL Violation of DNS Resolvers in the Wild. In: Brunstrom, A., Flores, M., Fiore, M. (eds) Passive and Active Measurement. PAM 2023. Lecture Notes in Computer Science, vol 13882. Springer, Cham. https://doi.org/10.1007/978-3-031-28486-1_23
Download citation
DOI: https://doi.org/10.1007/978-3-031-28486-1_23
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-28485-4
Online ISBN: 978-3-031-28486-1
eBook Packages: Computer ScienceComputer Science (R0)