基于转发关系推断的公共解析器任播节点枚举方法

许成喜; 施凡; 张允义; 刘保君; 张先国; 李振汉; 王宇轩

doi:10.11959/j.issn.1000-436x.2024247

您当前的位置：

首页 >

文章列表页 >

基于转发关系推断的公共解析器任播节点枚举方法

网络安全 | 更新时间：2024-12-31

- 基于转发关系推断的公共解析器任播节点枚举方法
- Enumerating anycast instances of public DNS resolver based on forwarding relationship inference
- 通信学报 2024年45卷第Z2期页码：7-15
- 作者机构：
  
  1.国防科技大学电子对抗学院，安徽合肥 230037
  2.网络空间安全态势感知与评估安徽省重点实验室，安徽合肥 230000
  3.清华大学网络科学与网络空间研究院，北京 100084
  4.中电网络空间研究院有限公司，北京 100043
- 作者简介：
  
  [ "许成喜（1989- ），男，安徽潜山人，博士，国防科技大学讲师，主要研究方向为互联网基础设施安全和网络空间测绘。" ]
  [ "施凡（1983- ），男，安徽庐江人，博士，国防科技大学副教授，主要研究方向为网络空间测绘和网络空间测量。" ]
  [ "张允义（1996- ），男，山东巨野人，国防科技大学博士生，主要研究方向为互联网基础设施安全、互联网测量、DNS协议安全分析和新型网络犯罪技术的检测与对抗。" ]
  [ "刘保君（1994- ），男，安徽宿州人，博士，清华大学助理教授、博士生导师，主要研究方向为网络安全、网络测量、网络犯罪检测等。" ]
  [ "李振汉（1989- ），男，安徽怀宁人，国防科技大学讲师，主要研究方向网络空间测绘与大数据分析。" ]
  [ "王宇轩（2000- ），男，河北保定人，国防科技大学博士生，主要研究方向为DNS协议安全分析。" ]
- 基金信息：
  
  国家社会科学基金资助项目(2023-SKJJ-C-063)
- DOI：10.11959/j.issn.1000-436x.2024247
  中图分类号： TP393.4
- 收稿日期：2024-08-21，
  
  纸质出版日期：2024-11-30
- 稿件说明：
移动端阅览
许成喜,施凡,张允义等.基于转发关系推断的公共解析器任播节点枚举方法[J].通信学报,2024,45(Z2):7-15.

XU Chengxi,SHI Fan,ZHANG Yunyi,et al.Enumerating anycast instances of public DNS resolver based on forwarding relationship inference[J].Journal on Communications,2024,45(Z2):7-15.
许成喜,施凡,张允义等.基于转发关系推断的公共解析器任播节点枚举方法[J].通信学报,2024,45(Z2):7-15. DOI： 10.11959/j.issn.1000-436x.2024247.

XU Chengxi,SHI Fan,ZHANG Yunyi,et al.Enumerating anycast instances of public DNS resolver based on forwarding relationship inference[J].Journal on Communications,2024,45(Z2):7-15. DOI： 10.11959/j.issn.1000-436x.2024247.

摘要

为了解决任播节点枚举所需测量资源多、成本高、召回率低等问题，针对采用任播技术部署的公共解析器，提出了一种基于转发关系推断的任播节点枚举方法。基于转发器与公共解析器之间存在内生转发关系的观察，将海量转发器转化成公共解析器任播节点测量的观测节点；然后，通过多轮次迭代执行转发关系测量、间接递归解析器聚合和转发器关联等步骤，推断转发器与公共解析器服务地址之间的转发关系，实现公共解析器任播节点的螺旋式枚举。以Google公共解析器公开数据为基准数据集，实验结果表明，所提方法仅需一台测量节点即可召回62.5%的Google公共解析器任播节点机场代码，与已有方法相比，在测量节点需求降低3~4个数量级的条件下，任播节点机场代码召回率提升了22.92个百分点。

Abstract

In order to solve the problems of high measurement resources needed

high cost

and low recall rate for anycast enumeration

an anycast enumeration method based on forwarding relationship inference was proposed for anycast-based public DNS resolvers. Based on the observation of the endogenous forwarding relationship between open forwarders and public DNS resolvers

a massive number of open forwarders were transformed into vantage points in measuring public DNS resolvers’anycast instances; Then

through multiple iterations of forwarding relationship measurement

indirect resolver aggregation

and forwarder correlation

the forwarding relationship between forwarders and the DNS resolvers’service addresses was inferred

achieving a spiral enumeration of public parser anycast nodes. Using the publicly available data of Google Public DNS as the benchmark dataset

the experimental results show that the proposed method only requires one measurement machine to recall 62.5% of the airport codes of Google Public DNS’s anycast instances. Compared with existing methods

the recall rate of anycast instance airport codes has increased by 22.92% under the condition of reducing the demand for measurement nodes by 3-4 orders of magnitude.

关键词

Keywords

references

PARTRIDGE C , MENDEZ T , MILLIKEN W . Host anycasting service [J ] . RFC , 1993 , 1546 : 1 - 9 .

RADU R , HAUSDING M . Consolidation in the DNS resolver market–how much, how fast, how dangerous? [J ] . Journal of Cyber Policy , 2020 , 5 ( 1 ): 46 - 64 .

Huston G . Looking at centrality in the DNS [EB/OL ] . 2022 .

刘文峰 , 张宇 , 张宏莉 , 等 . 域名系统测量研究综述 [J ] . 软件学报 , 2022 , 33 ( 1 ): 211 - 232 .

LIU W F , ZHANG Y , ZHANG H L , et al . Survey on domain name system measurement research [J ] . Journal of Software , 2022 , 33 ( 1 ): 211 - 232 .

RANDALL A , LIU E Z , AKIWATE G , et al . Trufflehunter: cache snooping rare domains at large public DNS resolvers [C ] // Proceedings of the ACM Internet Measurement Conference . New York : ACM Press , 2020 : 50 - 64 .

TURGUT T . Peeling the Google public DNS onion [D ] . Amsterdam : University of Amsterdam , 2015 .

DOAN T V , FRIES J , BAJPAI V . Evaluating public DNS services in the wake of increasing centralization of DNS [C ] // Proceedings of the 2021 IFIP Networking Conference (IFIP Networking) . Piscataway : IEEE Press , 2021 : 1 - 9 .

GAMBA J , FEAL ́A , VALLINA-RODRIGUEZ N , et al . Exploring anycast-based public DNS resolvers [C ] // Proceedings of the 18th ACM Internet Measurement Conference . New York : ACM Press , 2018 : 1 .

CALDER M , FAN X , HU Z , et al . Mapping the expansion of google’s serving infrastructure [C ] // Proceedings of the 2013 conference on Internet measurement conference . New York : ACM Press , 2013 : 313 - 326 .

CICALESE D , JOUMBLATT D , ROSSI D , et al . A fistful of pings: Accurate and lightweight anycast enumeration and geolocation [C ] // Proceedings of the 2015 IEEE Conference on Computer Communications (INFOCOM) . Piscataway : IEEE Press , 2015 : 2776 - 2784 .

CICALESE D , AUGÉ J , JOUMBLATT D , et al . Characterizing IPv4 anycast adoption and deployment [C ] // Proceedings of the 11th ACM Conference on Emerging Networking Experiments and Technologies . New York : ACM Press , 2015 : 1 - 13 .

SOMMESE R , BERTHOLDO L , AKIWATE G , et al . MAnycast2: using anycast to measure anycast [C ] // Proceedings of the ACM Internet Measurement Conference . New York : ACM Press , 2020 : 456 - 463 .

ALZOUBI H A , RABINOVICH M , SPATSCHECK O . The anatomy of LDNS clusters: findings and implications for web content delivery [C ] // Proceedings of the 22nd international conference on World Wide Web . New York : ACM Press , 2013 : 83 - 94 .

AL-DALKY R , SCHOMP K . Characterization of collaborative resolution in recursive DNS resolvers [M ] . Cham : Springer International Publishing , 2018 .

SCHOMP K , CALLAHAN T , RABINOVICH M , et al . On measuring the client-side DNS infrastructure [C ] // Proceedings of the 2013 conference on Internet measurement conference . New York : ACM Press , 2013 : 77 - 90 .

PARK J , KHORMALI A , MOHAISEN M , et al . Where are you taking me? behavioral analysis of open DNS resolvers [C ] // Proceedings of the 2019 49th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN) . Piscataway : IEEE Press , 2019 : 493 - 504 .

KÜHRER M , HUPPERICH T , BUSHART J , et al . Going wild: large-scale classification of open DNS resolvers [C ] // Proceedings of the 2015 Internet Measurement Conference . New York : ACM Press , 2015 : 355 - 368 .

Google . Locations of IP address ranges google public DNS [EB/OL ] . 2023 .

DURUMERIC Z , WUSTROW E , HALDERMAN J A . Fast internet-wide scanning and its security applications [C ] // Proceedings of the 22nd USENIX Security Symposium . Berkeley : USENIX Association , 2013 : 605 - 620 .

XU C , ZHANG Y , SHI F , et al . Measuring the centrality of DNS infrastructure in the wild [J ] . Applied Sciences , 2023 , 13 ( 9 ): 5739 .

浏览量

下载量

CSCD

文章被引用时，请邮件提醒。

提交

工具集

关联资源

暂无数据