Skip to main content
SpringerLink
Log in

Surveying DNS Wildcard Usage among the Good, the Bad, and the Ugly

  • Conference paper
Book cover Security and Privacy in Communication Networks (SecureComm 2010)

Abstract

A DNS wildcard can be used to point arbitrary requests for host names within a domain to a specific host name or IP address. Wildcards offer administrators the convenience of not having to change DNS entries when host names change. However, we are not aware of any work that documents how wildcards are used in practice. Such a study is particularly important now, because Internet miscreants are starting to exploit DNS wildcards for convenience and possibly for evading blacklists based on exact host names. In this paper, we study the prevalence and uses of wildcards among the good, bad, and ugly domains in the Internet. We find that wildcards are in extensive use among businesses that monetize unregistered domains, domains hosted by large web-hosting providers, blogging sites, and websites connected to scam, phishing, and malware.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Afilias Limited: How can I get access to Afilias’ TLD zone file for INFO domains? http://www.info.info/faq/how-can-i-get-access-afilias-tld-zone-file-info-domains

  2. APWG: Anti-phishing working group, http://www.antiphishing.org/

  3. DMOZ, Open directory project, http://www.dmoz.org/

  4. DotAsia Organization Limited. ASIA Zone File Access Agreement, http://www.dotasia.org/info/DAO.ZONE-2007-10-24.pdf

  5. eSoft Inc., http://www.esoft.com/

  6. Google: Google AJAX Search API, http://code.google.com/apis/ajaxsearch/

  7. Google: Google Safe Browsing API, http://code.google.com/apis/safebrowsing

  8. Internet Architecture Board: Architectural concerns on the use of DNS wildcards. IAB Commentary (September 2003), http://www.iab.org/documents/docs/2003-09-20-dns-wildcards.html

  9. Kalafut, A., Shue, C., Gupta, M.: Understanding implications of DNS zone provisioning. In: ACM SIGCOMM Internet Measurement Conference, IMC (2008)

    Google Scholar 

  10. Lewis, E.: The role of wildcards in the domain name system (July 2006)

    Google Scholar 

  11. MalwarePatrol: Malwarepatrol - malware block list, http://www.malwarepatrol.net/lists.shtml

  12. McGrath, D.K., Kalafut, A., Gupta, M.: Phishing infrastructure fluxes all the way. IEEE Security and Privacy Magazine Special Issue on DNS Security (2009)

    Google Scholar 

  13. Measurement Factory: DNS survey (October 2008), http://dns.measurement-factory.com/surveys/200810.html

  14. Microsoft: Windows Live Fact Sheet, http://www.microsoft.com/presspass/newsroom/msn/factsheet/WindowsLive.mspx

  15. Miller, R.: Phishers use wildcard DNS to build convincing bait URLs (March 2005)

    Google Scholar 

  16. Mockapetris, P.: Domain names - concepts and facilities. IETF RFC 1034 (November 1987)

    Google Scholar 

  17. Mozilla Foundation: Public suffix list, http://publicsuffix.org

  18. mTLD, Ltd.: dotMobi Zone File Access Agreement, http://mtld.mobi/domain/zonefile

  19. Mutton, P.: New phishing attacks combine wildcard DNS and XSS, http://news.netcraft.com/archives/2009/02/17/new_phishing_attacks_combine_wildcard_dns_and_xss.html (February 2009)

  20. NETpilot GmbH: Viruswatch mailing list, http://lists.clean-mx.com/cgi-bin/mailman/listinfo/viruswatch

  21. NeuStar Registry Services: BIZ Zone File Distribution, https://www.neulevel.biz/zonefile/

  22. OpenDNS: PhishTank, http://www.phishtank.com/

  23. Pappas, V., Xu, Z., Lu, S., Massey, D., Terzis, A., Zhang, L.: Impact of configuration errors on DNS robustness (2004)

    Google Scholar 

  24. Public Interest Registry. ORG Registry - Zone File Access, http://pir.org/index.php?db=content/Website-tbl=Registrars-id=7

  25. Rasmussen, R., Aaron, G.: Apwg global phsihing survey: Trends and domain name use in 1h2009 (Oct.ober 2009)

    Google Scholar 

  26. SURBL: http://www.surbl.org/

  27. VeriSign: Domain name industry brief (February 2010), http://www.verisign.com/domain-name-services/domain-information-center/domain-name-resources/domain-name-report-feb10.pdf

  28. VeriSign, Inc.: TLD Zone Access Program, http://www.versign.com/information-services/naming-services/page_001052.html

Download references

Author information

Authors and Affiliations

  1. School of Informatics and Computing, Indiana University, USA

    Andrew Kalafut, Minaxi Gupta, Pairoj Rattadilok & Pragneshkumar Patel

Authors
  1. Andrew Kalafut
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Minaxi Gupta
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Pairoj Rattadilok
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Pragneshkumar Patel
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Center for Secure Information Systems, George Mason University, 4400 University Drive, 22030-4422, Fairfax, VA, USA

    Sushil Jajodia

  2. Institute for Infocomm Research, 1 Fusionopolis Way, 21-01 Connexis, 138632, South Tower, Singapore

    Jianying Zhou

Rights and permissions

Reprints and permissions

Copyright information

© 2010 ICST Institute for Computer Science, Social Informatics and Telecommunications Engineering

About this paper

Cite this paper

Kalafut, A., Gupta, M., Rattadilok, P., Patel, P. (2010). Surveying DNS Wildcard Usage among the Good, the Bad, and the Ugly. In: Jajodia, S., Zhou, J. (eds) Security and Privacy in Communication Networks. SecureComm 2010. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 50. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-16161-2_26

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-16161-2_26

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-16160-5

  • Online ISBN: 978-3-642-16161-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation