Name Dependency and Domain Name Resolution Risk Assessment

The Domain name system (DNS) is crucial to Internet services. Previous studies have pointed out that the name dependency in domain name resolution poses a risk to the security of DNS. In this paper, we present measurement results from a dataset containing resolution paths of domain names collected from a large-scale survey. This dataset is used to research the effect of the name dependency on the DNS, reaffirm findings in published work, and notice some significant differences. When name resolution spans multiple domains, it will lead to name dependency and make the resolution process more complex. Furthermore, we assess the risk of domain name resolution: a name resolution fault analysis model and the calculation of the failure probability of name resolution is proposed. The model can identify the key server sets that lead to the resolution failure of a domain name, and quantify the failure probability of its resolution. This research provides a breakthrough point for guiding the configuration, management, deployment, and upgrading of the DNS.