Skip to main content
SpringerLink
Log in

A Study on the Use of 3rd Party DNS Resolvers for Malware Filtering or Censorship Circumvention

  • Conference paper
  • First Online:
ICT Systems Security and Privacy Protection (SEC 2022)

Part of the book series: IFIP Advances in Information and Communication Technology ((IFIPAICT,volume 648))

Abstract

DNS resolvers perform the essential role of translating domain names into IP addresses. The default DNS resolver offered by an Internet Service Provider (ISP) can be undesirable for a number of reasons such as censorship, lack of malware filtering options and low service quality. In this paper, we propose a novel method for estimating the amount of DNS traffic directed at non-ISP resolvers by using DNS and NetFlow data from an ISP. This method is extended to also estimate the amount of DNS traffic towards resolvers that offer malware filtering or parental control functionality. Finally, we propose a novel method for estimating the amount of DNS traffic at non-ISP resolvers that would have been censored by ISP resolvers. The results of applying these methods on an ISP dataset shows to which extent 3rd party resolvers are chosen by users for either malware filtering or censorship circumvention purposes.

Funded by Telenor A/S and Innovation Fund Denmark, 2022.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 89.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 119.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 119.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Ager, B., Mühlbauer, W., Smaragdakis, G., Uhlig, S.: Comparing DNS resolvers in the wild. IMC: ACM SIGCOMM conference on Internet measurement (2010). http://dx.doi.org/10.1145/1879141.1879144

  2. Antunes, N., Pipiras, V., Jacinto, G.: Regularized inversion of flow size distribution. INFOCOM: IEEE Conference on Computer Communications (2019). https://doi.org/10.1109/INFOCOM.2019.8737406

  3. Callejo, P., Cuevas, R., Vallina-Rodriguez, N., Rumin, Á.C.: Measuring the global recursive DNS infrastructure: a view from the edge. IEEE Access 7, 168020–168028 (2019). https://doi.org/10.1109/ACCESS.2019.2950325

    Article  Google Scholar 

  4. Cisco: Cisco Umbrella Privacy data sheet (2021). https://trustportal.cisco.com/c/dam/r/ctp/docs/privacydatasheet/security/umbrella-privacy-data-sheet.pdf

  5. Cloudflare: 1.1.1.1 Public DNS Resolver (2020). https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver

  6. Danish Ministry of Justice: Lov om ændring af retsplejeloven og forskellige andre love (2017). https://www.retsinformation.dk/eli/ft/201612L00192

  7. Duffield, N., Lund, C., Thorup, M.: Properties and prediction of flow statistics from sampled packet streams. IMW: ACM SIGCOMM Internet Measurement Workshop (2002). https://doi.org/10.1145/637201.637225

  8. Farnan, O., Darer, A., Wright, J.: Analysing censorship circumvention with VPNs via DNS cache snooping. In: IEEE Security and Privacy Workshops (SPW) (2019). http://dx.doi.org/10.1109/SPW.2019.00046

  9. Fejrskov, M., Pedersen, J.M., Vasilomanolakis, E.: Cyber-security research by ISPs: a NetFlow and DNS anonymization policy. In: International Conference on Cyber Security And Protection Of Digital Services (2020). https://doi.org/10.1109/CyberSecurity49315.2020.9138869

  10. Florio, A.D., Verde, N.V., Villani, A., Vitali, D., Mancini, L.V.: Bypassing censorship: a proven tool against the recent Internet censorship in Turkey. In: IEEE International Symposium on Software Reliability Engineering Workshops (2014). https://doi.org/10.1109/ISSREW.2014.93

  11. Google: Your privacy (2021). https://developers.google.com/speed/public-dns/privacy

  12. Hubert, A., van Mook, R.: RFC 5452: measures for making DNS more resilient against forged answers (2009). https://datatracker.ietf.org/doc/html/rfc5452

  13. Khormali, A., Park, J., Alasmary, H., Anwar, A., Mohaisen, D.: Domain name system security and privacy: a contemporary survey. Comput. Netw. 185, 107699 (2021). https://doi.org/10.1016/j.comnet.2020.107699

    Article  Google Scholar 

  14. Konopa, M., et al.: Using machine learning for DNS over HTTPS detection. In: European Conference on Cyber Warfare and Security (2020). http://dx.doi.org/10.34190/EWS.20.001

  15. Pearce, P., et al.: Global measurement of DNS manipulation. In: USENIX Security Symposium (2017). https://www.usenix.org/system/files/conference/usenixsecurity17/sec17-pearce.pdf

  16. Quad9: Data Privacy Policy (2021). https://www.quad9.net/privacy/policy/

  17. Radu, R., Hausding, M.: Consolidation in the DNS resolver market - how much, how fast, how dangerous? J. Cyber Policy (2019). https://doi.org/10.1080/23738871.2020.1722191

  18. Reddy.K, T., Wing, D., Patil, P.: RFC 8094: DNS over datagram transport layer security (DTLS) (2017). https://www.rfc-editor.org/rfc/rfc8094.html

  19. Roberts, H., Zuckerman, E., York, J., Faris, R., Palfrey, J.: 2010 circumvention tool usage report. The Berkman Center for Internet & Society (2010). https://cyber.harvard.edu/sites/cyber.harvard.edu/files/2010_Circumvention_Tool_Usage_Report.pdf

  20. Sivaraman, M., Kerr, S., Song, L.: DNS message fragments (2016). https://www.ietf.org/staging/draft-muks-dnsop-dns-message-fragments-00.txt

  21. Telecom Industry Association Denmark: Blokeringer (2021). https://www.teleindu.dk/brancheholdninger/blokeringer-pa-nettet/

  22. The Danish Rights Alliance: Report On Share With Care 2 (2020). https://rettighedsalliancen.dk/wp-content/uploads/2020/06/Report-On-Share-With-Care-2_Final.pdf

  23. The ICANN Security and Stability Advisory Committee (SSAC): SAC 032 - Preliminary Report on DNS Response Modification (2008). https://www.icann.org/en/system/files/files/sac-032-en.pdf

  24. Trevisan, M., Drago, I., Mellia, M., Munafò, M.M.: Automatic detection of DNS manipulations. In: IEEE International Conference on Big Data (2017). https://doi.org/10.1109/BigData.2017.8258415

  25. Yandex: Terms of use of the Yandex.DNS service (2021). https://yandex.com/legal/dns_termsofuse/

Download references

Author information

Authors and Affiliations

  1. Telenor A/S, Aalborg, Denmark

    Martin Fejrskov

  2. Cyber Security Group, Aalborg University, Copenhagen, Denmark

    Emmanouil Vasilomanolakis & Jens Myrup Pedersen

Authors
  1. Martin Fejrskov
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Emmanouil Vasilomanolakis
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Jens Myrup Pedersen
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Martin Fejrskov .

Editor information

Editors and Affiliations

  1. Technical University of Denmark, Lyngby, Denmark

    Weizhi Meng

  2. Karlstad University, Karlstad, Sweden

    Simone Fischer-Hübner

  3. Technical University of Denmark, Lyngby, Denmark

    Christian D. Jensen

Rights and permissions

Reprints and permissions

Copyright information

© 2022 IFIP International Federation for Information Processing

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Fejrskov, M., Vasilomanolakis, E., Pedersen, J.M. (2022). A Study on the Use of 3rd Party DNS Resolvers for Malware Filtering or Censorship Circumvention. In: Meng, W., Fischer-Hübner, S., Jensen, C.D. (eds) ICT Systems Security and Privacy Protection. SEC 2022. IFIP Advances in Information and Communication Technology, vol 648. Springer, Cham. https://doi.org/10.1007/978-3-031-06975-8_7

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-06975-8_7

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-06974-1

  • Online ISBN: 978-3-031-06975-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation