Gotta Query ’Em All, Again! Repeatable Name Resolution with Full Dependency Provenance
Johannes Naab, Patrick Sattler, Johannes Zirngibl, Stephan Günther, Georg Carle
Material Access #
Abstract #
Common DNS resolvers are optimized for query latency but are not designed to expose the internal dependencies and structures within the DNS. This makes it difficult to investigate DNS setups, detect errors and misconfigurations, and determine their impact on users.
In order to reliably track the internal, potentially cyclic dependencies within the DNS, we propose to split the dependency graph into strongly connected components. By querying all authorita- tive servers and considering differences in order and timing for repeated runs, we are able to resolve domain names in a repeatable and traceable manner. We validate this approach by introducing a test methodology that allows re-running the resolver against previ- ously recorded data. This data can be used to further study various aspects of global DNS deployments. We provide an example scan with 1.6 M domains on https://tcb-resolve.github.io/.