ABSTRACT
Reverse DNS (rDNS) is often used as a reliable data-source for critical services, such as mail, security appliances or geolocation services. Unlike forward DNS, rDNS remains understudied, especially from a deployment perspective. In this paper, we take steps towards closing the gap, starting at regional Internet registries, down to network operators in the lower hierarchy. To this end, we use public and complementary data sources and find that around 40% of allocated IPv4 address space has well-configured rDNS entries. We highlight regional differences as rDNS deployment is driven by mail and infrastructure providers in the developed world, while national Internet registries and national ISPs are drivers in the developing world. We study the use of classless delegation and the prevalence of configuration errors breaking DNS resolution. Finally, we observe that multi-regional organizations such as CDNs and mail providers actively invest effort towards improving rDNS deployment.
- Donald E. Eastlake 3rd and Aliza R. Panitz. 1999. Reserved Top Level DNS Names. RFC 2606. https://doi.org/10.17487/RFC2606Google ScholarDigital Library
- Mark P. Andrews. 2016. Adding 100.64.0.0/10 Prefixes to the IPv4 Locally-Served DNS Zones Registry. RFC 7793. https://doi.org/10.17487/RFC7793Google ScholarDigital Library
- Alfred Arouna, Ioana Livadariu, and Mattijs Jonker. 2023. Lowering the Barriers to Working with Public RIR-Level Data. In Proceedings of the Applied Networking Research Workshop. 24–26.Google ScholarDigital Library
- Doug Barton. 2012. RFC 2317 Delegations for IPv4 Blocks Less Than /24. https://www.dougbarton.us/DNS/2317.htmlGoogle Scholar
- Kevin Borgolte, Shuang Hao, Tobias Fiebig, and Giovanni Vigna. 2018. Enumerating active IPv6 hosts for large-scale security scans via DNSSEC-signed reverse zones. In 2018 IEEE Symposium on Security and Privacy (SP). IEEE, 770–784.Google ScholarCross Ref
- CAIDA. [n. d.]. bgp.tools:Browse the Internet ecosystem. https://bgp.tools/Google Scholar
- CAIDA. 2023. Routeviews Prefix to AS mappings Dataset (pfx2as) for IPv4 and IPv6. https://www.caida.org/catalog/datasets/routeviews-prefix2as/Google Scholar
- Stuart Cheshire and Marc Krochmal. 2013. Special-Use Domain Names. RFC 6761. https://doi.org/10.17487/RFC6761Google ScholarDigital Library
- Gordon V Cormack 2008. Email spam filtering: A systematic review. Foundations and Trends® in Information Retrieval 1, 4 (2008), 335–455.Google ScholarCross Ref
- Leslie Daigle. 2004. WHOIS Protocol Specification. RFC 3912. https://doi.org/10.17487/RFC3912Google ScholarDigital Library
- Ovidiu Dan, Vaibhav Parikh, and Brian D Davison. 2018. Distributed reverse DNS geolocation. In 2018 IEEE International Conference on Big Data (Big Data). IEEE, 1581–1586.Google ScholarCross Ref
- Ovidiu Dan, Vaibhav Parikh, and Brian D Davison. 2021. IP geolocation through reverse DNS. ACM Transactions on Internet Technology (TOIT) 22, 1 (2021), 1–29.Google ScholarDigital Library
- Havard Eidnes, Paul A. Vixie, and Geert Jan de Groot. 1998. Classless IN-ADDR.ARPA delegation. RFC 2317. https://doi.org/10.17487/RFC2317Google ScholarDigital Library
- FBI. 2022. Business Email Compromise and Real Estate Wire Fraud. FBI 2022 Congressional Report on BEC and Real Estate Wire Fraud. https://www.fbi.gov/file-repository/fy-2022-fbi-congressional-report-business-email-compromise-and-real-estate-wire-fraud-111422.pdf/viewGoogle Scholar
- Tobias Fiebig, Kevin Borgolte, Shuang Hao, Christopher Kruegel, and Giovanni Vigna. 2017. Something from nothing (There): collecting global IPv6 datasets from DNS. In International Conference on Passive and Active Network Measurement. Springer, 30–43.Google ScholarCross Ref
- Tobias Fiebig, Kevin Borgolte, Shuang Hao, Christopher Kruegel, Giovanni Vigna, and Anja Feldmann. 2018. In rDNS we trust: revisiting a common data-source’s reliability. In International Conference on Passive and Active Network Measurement. Springer, 131–145.Google ScholarCross Ref
- Kensuke Fukuda and John Heidemann. 2015. Detecting malicious activity with DNS backscatter. In Proceedings of the 2015 Internet Measurement Conference. 197–210.Google ScholarDigital Library
- Paul E. Hoffman, Andrew Sullivan, and Kazunori Fujiwara. 2019. DNS Terminology. RFC 8499. https://doi.org/10.17487/RFC8499Google ScholarDigital Library
- Bradley Huffaker, Marina Fomenkov, and KC Claffy. 2014. DRoP: DNS-based router positioning. ACM SIGCOMM Computer Communication Review 44, 3 (2014), 5–13.Google ScholarDigital Library
- IAB. 2001. Management Guidelines & Operational Requirements for the Address and Routing Parameter Area Domain ("arpa"). RFC 3172. https://doi.org/10.17487/RFC3172Google ScholarDigital Library
- IANA. 2022. IANA IPv4 Address Space Registry. https://www.iana.org/assignments/ipv4-address-space/ipv4-address-space.xhtmlGoogle Scholar
- Daniel Karrenberg. 2012. Conclusions Drawn from Reverse DNS Event. https://labs.ripe.net/author/dfk/conclusions-drawn-from-reverse-dns-event/Google Scholar
- Scott Kitterman. 2014. Sender Policy Framework (SPF) for Authorizing Use of Domains in Email, Version 1. RFC 7208. https://doi.org/10.17487/RFC7208Google ScholarDigital Library
- Youndo Lee and Neil Spring. 2017. Identifying and analyzing broadband internet reverse DNS names. In Proceedings of the 13th International Conference on emerging Networking EXperiments and Technologies. 35–40.Google ScholarDigital Library
- Enze Liu, Gautam Akiwate, Mattijs Jonker, Ariana Mirian, Stefan Savage, and Geoffrey M Voelker. 2021. Who’s got your mail? characterizing mail service provider usage. In Proceedings of the 21st ACM Internet Measurement Conference. 122–136.Google ScholarDigital Library
- Matthew Luckie, Bradley Huffaker, Alexander Marder, Zachary Bischof, Marianne Fletcher, and K Claffy. 2021. Learning to extract geographic information from internet router hostnames. In Proceedings of the 17th International Conference on emerging Networking EXperiments and Technologies. 440–453.Google ScholarDigital Library
- William F. Maton and Joe Abley. 2011. I’m Being Attacked by PRISONER.IANA.ORG!RFC 6305. https://doi.org/10.17487/RFC6305Google ScholarDigital Library
- P. Mockapetris. 1987. Domain names - implementation and specification. RFC 1035. https://doi.org/10.17487/RFC1035Google ScholarDigital Library
- Robert Moskowitz, Daniel Karrenberg, Yakov Rekhter, Eliot Lear, and Geert Jan de Groot. 1996. Address Allocation for Private Internets. RFC 1918. https://doi.org/10.17487/RFC1918Google ScholarDigital Library
- Giovane CM Moura, Sebastian Castro, Wes Hardaker, Maarten Wullink, and Cristian Hesselman. 2020. Clouding up the internet: How centralized is dns traffic becoming?. In Proceedings of the ACM Internet Measurement Conference. 42–49.Google ScholarDigital Library
- Jon Oberheide, Manish Karir, and Z Morley Mao. 2007. Characterizing dark dns behavior. In International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment. Springer, 140–156.Google ScholarDigital Library
- Number Resource Organization. 2023. RIR Comparative Policy Overview 2022-Q4. https://www.nro.net/wp-content/uploads/RIR-Comparative-Policy-Overview-2022-Q4.pdfGoogle Scholar
- Amreesh Phokeer, Alain Aina, and David Johnson. 2016. DNS Lame delegations: A case-study of public reverse DNS records in the African Region. In International Conference on e-Infrastructure and e-Services for Developing Countries. Springer, 232–242.Google Scholar
- Scott Rose and Wouter Wijngaards. 2012. DNAME Redirection in the DNS. RFC 6672. https://doi.org/10.17487/RFC6672Google ScholarDigital Library
- Jukka Ruohonen. 2020. Measuring Basic Load-Balancing and Fail-Over Setups for Email Delivery via DNS MX Records. In 2020 IFIP Networking Conference (Networking). 815–820.Google Scholar
- Fernando Sanchez, Zhenhai Duan, and Yingfei Dong. 2011. Blocking spam by separating end-user machines from legitimate mail server machines. In Proceedings of the 8th Annual Collaboration, Electronic messaging, Anti-Abuse and Spam Conference. 116–124.Google ScholarDigital Library
- Statista. 2022. Number of internet users worldwide as of 2022, by region. https://www.statista.com/statistics/249562/number-of-worldwide-internet-users-by-region/Google Scholar
- Olivier van der Toorn, Roland van Rijswijk-Deij, Raffaele Sommese, Anna Sperotto, and Mattijs Jonker. 2022. Saving Brian’s privacy: the perils of privacy exposure through reverse DNS. In Proceedings of the 22nd ACM Internet Measurement Conference. 1–13.Google Scholar
- Ming Zhang, Yaoping Ruan, Vivek S Pai, and Jennifer Rexford. 2006. How DNS Misnaming Distorts Internet Topology Mapping.. In USENIX Annual Technical Conference, General Track. 369–374.Google Scholar
- Zesen Zhang, Alexander Marder, Ricky Mok, Bradley Huffaker, Matthew Luckie, Kimberly C Claffy, and Aaron Schulman. 2021. Inferring regional access network topologies: methods and applications. In Proceedings of the 21st ACM Internet Measurement Conference. 720–738.Google ScholarDigital Library
Index Terms
- Advancing in Reverse: A Comprehensive Characterization of IN-ADDR.ARPA Deployment
Recommendations
Lowering the Barriers to Working with Public RIR-Level Data
ANRW '23: Proceedings of the Applied Networking Research WorkshopRegional Internet Registries (RIRs) publish WHOIS, route object delegation, and reverse DNS zone files. These data are valuable resources for network researchers and engineers, yet contain inconsistencies and are not all available long-term. In this ...
Understanding the role of registrars in DNSSEC deployment
IMC '17: Proceedings of the 2017 Internet Measurement ConferenceThe Domain Name System (DNS) provides a scalable, flexible name resolution service. Unfortunately, its unauthenticated architecture has become the basis for many security attacks. To address this, DNS Security Extensions (DNSSEC) were introduced in ...
Comments