Piggybacking related domain names to improve DNS performance

Shang, Hao; Wills, Craig E.

doi:10.1016/j.comnet.2005.06.016

Cited by 21 publications

(11 citation statements)

References 18 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…These ideas include prefetching of domain names based on popularity, prefetching of related domain names using piggyback schemes, and precaching of records based on several renewal policies (e.g., [14,15]). However, none of these works perform large scale analyses or study the privacy and security implications for any of their prescribed prefetching policies.…”

Section: Related Workmentioning

confidence: 99%

An empirical study of the performance, security and privacy implications of domain name prefetching

Krishnan

Monrose

2011

2011 IEEE/IFIP 41st International Conference on Dependable Systems &Amp; Networks (DSN)

View full text Add to dashboard Cite

An increasingly popular technique for decreasing user-perceived latency while browsing the Web is to optimistically pre-resolve (or prefetch) domain name resolutions. In this paper, we present a large-scale evaluation of this practice using data collected over the span of several months, and show that it leads to noticeable increases in load on name servers-with questionable caching benefits. Furthermore, to assess the impact that prefetching can have on the deployment of security extensions to DNS (DNSSEC), we use a custom-built cache simulator to perform trace-based simulations using millions of DNS requests and responses collected campuswide. We also show that the adoption of domain name prefetching raises privacy issues. Specifically, we examine how prefetching amplifies information disclosure attacks to the point where it is possible to infer the context of searches issued by clients.

show abstract

Section: Related Workmentioning

confidence: 99%

An empirical study of the performance, security and privacy implications of domain name prefetching

Krishnan

Monrose

2011

2011 IEEE/IFIP 41st International Conference on Dependable Systems &Amp; Networks (DSN)

View full text Add to dashboard Cite

show abstract

“…Shang et al proposed a tool to reduce the DNS cache miss rate by exploiting similarity of requested Web domains to the domains that already have a DNS resolution cached [22]. DNS Pre-Resolve is another technique to eliminate DNS lookup delay by resolving domain names proactively during Web page rendering [23].…”

Section: A Reducing Dns Lookup Timementioning

confidence: 99%

Faster Web through Client-Assisted CDN Server Selection

Goel

Wittie

Steiner

2015

2015 24th International Conference on Computer Communication and Networks (ICCCN)

View full text Add to dashboard Cite

Modern websites use Content Delivery Networks (CDNs) to speed up the delivery of static content. However, we show that DNS-based selection of CDN servers can be refined to fully deliver on the speedup of CDNs. We propose DNS-Proxy (dp), a client-side process that shares load-balancing functionality with CDNs by choosing from among resolved CDN servers based on last mile network performance. Our measurement study of CDN infrastructure deployed by five major CDN providers shows that dp reduces webpage load time by 29% on average. If dp has already resolved the domain, the reduction in webpage load time is as much as 40%. Finally, dp reduces the load time of individual static Web objects by as much as 43%. We argue that dp enables a more effective use of existing content delivery infrastructure and represents a complementary strategy to a continual increase of geographic content availability.

show abstract

“…For example, renewal using piggyback method was proposed to piggyback cached DNS records to DNS queries to refresh expired cached records [5]. Related domains may also be piggybacked in DNS queries [10], e.g., to include i.cnn.net in the DNS packet for www.cnn.com as they are likely to be requested together by the browser. Millen did pioneering work on covert-channel analysis [?,?…”

Section: Related Workmentioning

confidence: 99%

Quantitatively Analyzing Stealthy Communication Channels

Butler

Yao

2011

Applied Cryptography and Network Security

View full text Add to dashboard Cite

Attackers in particular botnet controllers use stealthy messaging systems to set up large-scale command and control. Understanding the capacity of such communication channels is important in detecting organized cyber crimes. We analyze the use of domain name service (DNS) as a stealthy botnet command-and-control channel, which allows multiple entities to pass messages stored in DNS records to each other. We describe and quantitatively analyze new techniques that can be used to hide malicious DNS activities both at the host and network levels. We also present and experimentally evaluate statistical content-analysis techniques as a countermeasure, which require deep packet inspection. Our techniques are beyond the specific DNS security problem studied. We give a formal definition for the perfect stealth of a communication channel; point out the fundamental limits in achieving it, as well as the practical issues in the detection. We perform comprehensive statistical analysis that makes use of a two-month-long 4.6GB campus network dataset and 1 million domain names obtained from alexa.com.

show abstract

Piggybacking related domain names to improve DNS performance

Cited by 21 publications

References 18 publications

An empirical study of the performance, security and privacy implications of domain name prefetching

An empirical study of the performance, security and privacy implications of domain name prefetching

Faster Web through Client-Assisted CDN Server Selection

Quantitatively Analyzing Stealthy Communication Channels

Contact Info

Product

Resources

About