Abstract
A DNS wildcard can be used to point arbitrary requests for host names within a domain to a specific host name or IP address. Wildcards offer administrators the convenience of not having to change DNS entries when host names change. However, we are not aware of any work that documents how wildcards are used in practice. Such a study is particularly important now, because Internet miscreants are starting to exploit DNS wildcards for convenience and possibly for evading blacklists based on exact host names. In this paper, we study the prevalence and uses of wildcards among the good, bad, and ugly domains in the Internet. We find that wildcards are in extensive use among businesses that monetize unregistered domains, domains hosted by large web-hosting providers, blogging sites, and websites connected to scam, phishing, and malware.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Afilias Limited: How can I get access to Afilias’ TLD zone file for INFO domains? http://www.info.info/faq/how-can-i-get-access-afilias-tld-zone-file-info-domains
APWG: Anti-phishing working group, http://www.antiphishing.org/
DMOZ, Open directory project, http://www.dmoz.org/
DotAsia Organization Limited. ASIA Zone File Access Agreement, http://www.dotasia.org/info/DAO.ZONE-2007-10-24.pdf
eSoft Inc., http://www.esoft.com/
Google: Google AJAX Search API, http://code.google.com/apis/ajaxsearch/
Google: Google Safe Browsing API, http://code.google.com/apis/safebrowsing
Internet Architecture Board: Architectural concerns on the use of DNS wildcards. IAB Commentary (September 2003), http://www.iab.org/documents/docs/2003-09-20-dns-wildcards.html
Kalafut, A., Shue, C., Gupta, M.: Understanding implications of DNS zone provisioning. In: ACM SIGCOMM Internet Measurement Conference, IMC (2008)
Lewis, E.: The role of wildcards in the domain name system (July 2006)
MalwarePatrol: Malwarepatrol - malware block list, http://www.malwarepatrol.net/lists.shtml
McGrath, D.K., Kalafut, A., Gupta, M.: Phishing infrastructure fluxes all the way. IEEE Security and Privacy Magazine Special Issue on DNS Security (2009)
Measurement Factory: DNS survey (October 2008), http://dns.measurement-factory.com/surveys/200810.html
Microsoft: Windows Live Fact Sheet, http://www.microsoft.com/presspass/newsroom/msn/factsheet/WindowsLive.mspx
Miller, R.: Phishers use wildcard DNS to build convincing bait URLs (March 2005)
Mockapetris, P.: Domain names - concepts and facilities. IETF RFC 1034 (November 1987)
Mozilla Foundation: Public suffix list, http://publicsuffix.org
mTLD, Ltd.: dotMobi Zone File Access Agreement, http://mtld.mobi/domain/zonefile
Mutton, P.: New phishing attacks combine wildcard DNS and XSS, http://news.netcraft.com/archives/2009/02/17/new_phishing_attacks_combine_wildcard_dns_and_xss.html (February 2009)
NETpilot GmbH: Viruswatch mailing list, http://lists.clean-mx.com/cgi-bin/mailman/listinfo/viruswatch
NeuStar Registry Services: BIZ Zone File Distribution, https://www.neulevel.biz/zonefile/
OpenDNS: PhishTank, http://www.phishtank.com/
Pappas, V., Xu, Z., Lu, S., Massey, D., Terzis, A., Zhang, L.: Impact of configuration errors on DNS robustness (2004)
Public Interest Registry. ORG Registry - Zone File Access, http://pir.org/index.php?db=content/Website-tbl=Registrars-id=7
Rasmussen, R., Aaron, G.: Apwg global phsihing survey: Trends and domain name use in 1h2009 (Oct.ober 2009)
SURBL: http://www.surbl.org/
VeriSign: Domain name industry brief (February 2010), http://www.verisign.com/domain-name-services/domain-information-center/domain-name-resources/domain-name-report-feb10.pdf
VeriSign, Inc.: TLD Zone Access Program, http://www.versign.com/information-services/naming-services/page_001052.html
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 ICST Institute for Computer Science, Social Informatics and Telecommunications Engineering
About this paper
Cite this paper
Kalafut, A., Gupta, M., Rattadilok, P., Patel, P. (2010). Surveying DNS Wildcard Usage among the Good, the Bad, and the Ugly. In: Jajodia, S., Zhou, J. (eds) Security and Privacy in Communication Networks. SecureComm 2010. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 50. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-16161-2_26
Download citation
DOI: https://doi.org/10.1007/978-3-642-16161-2_26
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-16160-5
Online ISBN: 978-3-642-16161-2
eBook Packages: Computer ScienceComputer Science (R0)