Security and Privacy in Communication Networks. 6th Iternational ICST Conference, SecureComm 2010, Singapore, September 7-9, 2010. Proceedings

Research Article

Surveying DNS Wildcard Usage among the Good, the Bad, and the Ugly

Download277 downloads
  • @INPROCEEDINGS{10.1007/978-3-642-16161-2_26,
        author={Andrew Kalafut and Minaxi Gupta and Pairoj Rattadilok and Pragneshkumar Patel},
        title={Surveying DNS Wildcard Usage among the Good, the Bad, and the Ugly},
        proceedings={Security and Privacy in Communication Networks. 6th Iternational ICST Conference, SecureComm 2010, Singapore, September 7-9, 2010. Proceedings},
        proceedings_a={SECURECOMM},
        year={2012},
        month={5},
        keywords={DNS Wildcard Security},
        doi={10.1007/978-3-642-16161-2_26}
    }
    
  • Andrew Kalafut
    Minaxi Gupta
    Pairoj Rattadilok
    Pragneshkumar Patel
    Year: 2012
    Surveying DNS Wildcard Usage among the Good, the Bad, and the Ugly
    SECURECOMM
    Springer
    DOI: 10.1007/978-3-642-16161-2_26
Andrew Kalafut1,*, Minaxi Gupta1,*, Pairoj Rattadilok1,*, Pragneshkumar Patel1,*
  • 1: Indiana University
*Contact email: akalafut@cs.indiana.edu, minaxi@cs.indiana.edu, prattadi@cs.indiana.edu, patel27@cs.indiana.edu

Abstract

A DNS wildcard can be used to point arbitrary requests for host names within a domain to a specific host name or IP address. Wildcards offer administrators the convenience of not having to change DNS entries when host names change. However, we are not aware of any work that documents how wildcards are used in practice. Such a study is particularly important now, because Internet miscreants are starting to exploit DNS wildcards for convenience and possibly for evading blacklists based on exact host names. In this paper, we study the prevalence and uses of wildcards among the good, bad, and ugly domains in the Internet. We find that wildcards are in extensive use among businesses that monetize unregistered domains, domains hosted by large web-hosting providers, blogging sites, and websites connected to scam, phishing, and malware.