DNS Noise - Measuring the Pervasiveness of Disposable Domains in Modern DNS Traffic
Yizheng Chen, Manos Antonakakis, Roberto Perdisci, Yacin Nadji, David Dagon, Wenke Lee
Dependable Systems and Networks (DSN), 2014 44th Annual IEEE/IFIP International Conference
In this paper, we present an analysis of a new class of domain names: disposable domains. We observe that popular web applications, along with other Internet services, systematically use this new class of domain names. Disposable domains are likely generated automatically, characterized by a “one-time use” pattern, and appear to be used as a way of “signaling” via DNS queries. To shed light on the pervasiveness of disposable domains, we study 24 days of live DNS traffic spanning a year observed at a large Internet Service Provider. We find that disposable domains increased from 23.1% to 27.6% of all queried domains, and from 27.6% to 37.2% of all resolved domains observed daily. While this creative use of DNS may enable new applications, it may also have unanticipated negative consequences on the DNS caching infrastructure, DNSSEC validating resolvers, and passive DNS data collection systems.