Evaluating “Health Status” for DNS Resolvers

Abstract

The Domain Name System (DNS) maps domain names to IP addresses. It is an important infrastructure in the Internet. Recently, DNS has experienced various security threats. DNS resolvers experience the security threats most frequently, since they interact with clients and they are the largest group of domain name servers. In order to eliminate security threats against DNS resolvers, it is essential to improve their “health status”. Since DNS resolvers' owners are not clear which DNS resolvers should be improved and how to improve “health status”, the evaluation of “health status” for DNS resolvers has become vital. In this paper, we emphasize five indicators describing “health status” for DNS resolvers, including security, integrity, availability, speed and stability. We also present nine metrics measuring the indicators. Based on the measurement of the metrics, we present a “health status” evaluation method with factor analysis. To validate our method, we measured and evaluated more than 30,000 DNS resolvers in China and Japan. The results showed that the proposed “health status” evaluation method could describe “health status” well. We also introduce instructions for evaluating a small number of DNS resolvers. And we discuss DNSSEC and its effects on resolution speed. At last, we make suggestions for inspecting and improving “health status” of DNS resolvers.