In rDNS We Trust: Revisiting a Common Data-Source’s Reliability

  • Tobias FiebigEmail author
  • Kevin Borgolte
  • Shuang Hao
  • Christopher Kruegel
  • Giovanni Vigna
  • Anja Feldmann
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10771)


Reverse DNS (rDNS) is regularly used as a data source in Internet measurement research. However, existing work is polarized on its reliability, and new techniques to collect active IPv6 datasets have not yet been sufficiently evaluated. In this paper, we investigate active and passive data collection and practical use aspects of rDNS datasets. We observe that the share of non-authoritatively answerable IPv4 rDNS queries reduced since earlier studies and IPv6 rDNS has less non-authoritatively answerable queries than IPv4 rDNS. Furthermore, we compare passively collected datasets with actively collected ones, and we show that they enable observing the same effects in rDNS data. While highlighting opportunities for future research, we find no immediate challenges to the use of rDNS as active and passive data-source for Internet measurement research.



We thank the anonymous reviewers and John Heidemann for their helpful feedback. We also thank David Plonka for his valuable feedback and the comparison with the CDN dataset. This material is based on research sponsored by the Defense Advanced Research Projects Agency (DARPA) under agreement number FA8750-15-2-0084, the Office of Naval Research (ONR) under grant N00014-17-1-2011 and N00014-15-1-2948, the National Science Foundation (NSF) under grant DGE- 1623246 and CNS-1704253, a Google Security, Privacy and Anti-Abuse Award to Giovanni Vigna, the Bundesministerium für Bildung und Forschung (BMBF) under Award No. KIS1DSD032 (Project Enzevalos), and a Leibniz Price project by the German Research Foundation (DFG) under Award No. FKZ FE 570/4-1.The U.S. Government is authorized to reproduce and distribute reprints for Governmental purposes notwithstanding any copyright notation thereon. Any views, opinions, findings, recommendations, or conclusions contained or expressed herein are those of the authors, and do not necessarily reflect the position, official policies, or endorsements, either expressed or implied, the U.S. Government, DARPA, ONR, NSF, Google, BMBF, or DFG.


  1. 1.
    Cormack, G.V.: Email spam filtering: a systematic review. Found. Trends Inf. Retrieval 1(4), 335–455 (2007)CrossRefGoogle Scholar
  2. 2.
    Nicholas, D., Huntington, P.: Micro-mining and segmented log file analysis: a method for enriching the data yield from internet log files. SAGE J. Inf. Sci. 29(5), 391–404 (2003)CrossRefGoogle Scholar
  3. 3.
    Zhang, M., Ruan, Y., Pai, V.S., Rexford, J.: How DNS misnaming distorts internet topology mapping. In: Usenix Annual Technical Conference (ATC) (2006)Google Scholar
  4. 4.
    Oliveira, R.V., Pei, D., Willinger, W., Zhang, B., Zhang, L.: In search of the elusive ground truth: Yhe Internet’s AS-level connectivity structure. In: Proceedings of ACM SIGMETRICS, vol. 36 (2008)Google Scholar
  5. 5.
    Fiebig, T., Borgolte, K., Hao, S., Kruegel, C., Vigna, G.: Something from nothing (There): collecting global IPv6 datasets from DNS. In: Proceedings of Passive and Active Measurement (PAM) (2017)Google Scholar
  6. 6.
    Gao, H., Yegneswaran, V., Chen, Y., Porras, P., Ghosh, S., Jiang, J., Duan, H.: An empirical reexamination of global DNS behavior. Proc. ACM SIGCOMM 43(4), 267–278 (2013)CrossRefGoogle Scholar
  7. 7.
    Phokeer, A., Aina, A., Johnson, D.: DNS Lame delegations: a case-study of public reverse DNS records in the African region. In: Bissyande, T.F., Sie, O. (eds.) AFRICOMM 2016. LNICST, vol. 208, pp. 232–242. Springer, Cham (2018). CrossRefGoogle Scholar
  8. 8.
    Hao, S., Feamster, N., Pandrangi, R.: An internet-wide view into DNS lookup patterns. Technical report, School of Computer Science, Georgia Technology (2010)Google Scholar
  9. 9.
    Gao, H., Yegneswaran, V., Jiang, J., Chen, Y., Porras, P., Ghosh, S., Duan, H.: Reexamining DNS from a global recursive resolver perspective. IEEE/ACM Trans. Networking (TON) 24(1), 43–57 (2016)CrossRefGoogle Scholar
  10. 10.
    Spring, N., Mahajan, R., Wetherall, D., Anderson, T.: Measuring ISP topologies with rocketfuel. IEEE/ACM Trans. Networking (TON) 12(1), 2–16 (2004)CrossRefGoogle Scholar
  11. 11.
    Czyz, J., Luckie, M., Allman, M., Bailey, M.: Don’t forget to lock the back door! A characterization of IPv6 network security policy. In: Proceedings of Internet Society Symposium on Network and Distributed System Security (NDSS) (2016)Google Scholar
  12. 12.
    Borgolte, K., Hao, S., Fiebig, T., Kruegel, C., Vigna, G.: Enumerating active IPv6 hosts for large-scale security scans via DNSSEC-signed reverse zones. In: Proceedings of IEEE Security & Privacy (S&P) (2018)Google Scholar
  13. 13.
    Huston, G.: Deprecation of “”. RFC 4159 (Best Current Practice), August 2005Google Scholar
  14. 14.
    Cheshire, S., Krochmal, M.: DNS-based service discovery. RFC 6763 (Proposed Standard), February 2013Google Scholar
  15. 15.
    Wessels, D., Fomenkov, M.: Wow, that’s a lot of packets. In: Proceedings of Passive and Active Measurement Workshop (PAM) (2003)Google Scholar
  16. 16.
    Borgolte, K., Fiebig, T., Hao, S., Kruegel, C., Vigna, G.: Cloud strife: mitigating the security risks of domain-validated certificates. In: Proceedings of Internet Society Symposium on Network and Distributed System Security (NDSS) (2018)Google Scholar
  17. 17.
    Eidnes, H., de Groot, G., Vixie, P.: Classless IN-ADDR.ARPA delegation. RFC 2317 (Best Current Practice), March 1998Google Scholar
  18. 18.
    Hu, X., Li, B., Zhang, Y., Zhou, C., Ma, H.: Detecting compromised email accounts from the perspective of graph topology. In: Proceedings of ACM Conference on Future Internet Technologies (2016)Google Scholar
  19. 19.
    Plonka, D., Berger, A.: Temporal and spatial classification of active IPv6 addresses. In: Proceedings of ACM Internet Measurement Conference (2015)Google Scholar
  20. 20.
    Bortzmeyer, S., Huque, S.: NXDOMAIN: there really is nothing underneath. RFC 8020 (Proposed Standard), November 2016Google Scholar
  21. 21.
    Richter, P., Smaragdakis, G., Plonka, D., Berger, A.: Beyond counting: new perspectives on the active IPv4 address space. In: Proceedings of ACM Internet Measurement Conference (2016)Google Scholar
  22. 22.
    IAB, IESG: IAB/IESG recommendations on IPv6 address allocations to sites. RFC 3177 (Informational), September 2001. Obsoleted by RFC 6177Google Scholar
  23. 23.
    de Velde, G.V., Popoviciu, C., Chown, T., Bonness, O., Hahn, C.: IPv6 unicast address assignment considerations. RFC 5375 (Informational), December 2008Google Scholar

Copyright information

© Springer International Publishing AG, part of Springer Nature 2018

Authors and Affiliations

  • Tobias Fiebig
    • 1
    • 2
    • 3
    Email author
  • Kevin Borgolte
    • 2
  • Shuang Hao
    • 4
  • Christopher Kruegel
    • 2
  • Giovanni Vigna
    • 2
  • Anja Feldmann
    • 3
    • 5
  1. 1.TU DelftDelftNetherlands
  2. 2.UC Santa BarbaraSanta BarbaraUSA
  3. 3.TU BerlinBerlinGermany
  4. 4.University of Texas at DallasRichardsonUSA
  5. 5.Max Planck Institute for InformaticsSaarbrückenGermany

Personalised recommendations