Is Protective DNS Blocking the Wild West?
By: David Plonka, Branden Palacio, Debbie Perouli
Potential Business Impact:
Blocks bad websites to keep people safe online.
We perform a passive measurement study investigating how a Protective DNS service might perform in a Research & Education Network serving hundreds of member institutions. Utilizing freely-available DNS blocklists consisting of domain names deemed to be threats, we test hundreds of millions of users' real DNS queries, observed over a week's time, to find which answers would be blocked because they involve domain names that are potential threats. We find the blocklists disorderly regarding their names, goals, transparency, and provenance making them quite difficult to compare. Consequently, these Protective DNS underpinnings lack organized oversight, presenting challenges and risks in operation at scale.
Similar Papers
Blockchain-Based Decentralized Domain Name System
Cryptography and Security
Makes internet addresses safer from hackers.
A Survey and Evaluation Framework for Secure DNS Resolution
Cryptography and Security
Makes internet addresses safer from hackers.
Mind the IP Gap: Measuring the impact of IPv6 on DNS censorship
Networking and Internet Architecture
Finds ways to bypass internet blocks using new internet addresses.