Cache Me Outside: A New Look at DNS Cache Probing
| Autor: | Nicholas Weaver, Andrew McGregor, William R. Marczak, Phillipa Gill, Sahand Farhoodi, Arian Akhavan Niaki |
|---|---|
| Rok vydání: | 2021 |
| Předmět: |
050101 languages & linguistics
Recursion Computer science business.industry 05 social sciences 02 engineering and technology Space (commercial competition) Domain (software engineering) Zero (linguistics) Set (abstract data type) Resource (project management) Resolver 0202 electrical engineering electronic engineering information engineering 020201 artificial intelligence & image processing 0501 psychology and cognitive sciences Cache business Computer network |
| Zdroj: | Passive and Active Measurement ISBN: 9783030725815 PAM |
| DOI: | 10.1007/978-3-030-72582-2_25 |
| Popis: | DNS cache probing infers whether users of a DNS resolver have recently issued a query for a domain name, by determining whether the corresponding resource record (RR) is present in the resolver’s cache. The most common method involves performing DNS queries with the “recursion desired” (RD) flag set to zero, which resolvers typically answer from their caches alone. The answer’s TTL value is then used to infer when the resolver cached the RR, and thus when the domain was last queried. Previous work in this space assumes that DNS resolvers will respond to researchers’ queries. However, an increasingly common policy for resolvers is to ignore queries from outside their networks. In this paper, we demonstrate that many of these DNS resolvers can still be queried indirectly through open DNS forwarders in their network. We apply our technique to localize website filtering appliances sold by Netsweeper, Inc and, tracking the global proliferation of stalkerware. We are able to discover Netsweeper devices in ASNs where OONI and Censys fail to detect them and we observe a regionality effect in the usage of stalkerware apps across the world. |
| Databáze: | OpenAIRE |
| Externí odkaz: |
|