Athanasios Kountouras (Georgia Institute of Technology), Panagiotis Kintis (Georgia Institute of Technology), Athanasios Avgetidis (Georgia Institute of Technology), Thomas Papastergiou (Georgia Institute of Technology), Charles Lever (Georgia Institute of Technology), Michalis Polychronakis (Stony Brook University), Manos Antonakakis (Georgia Institute of Technology)

The Domain Name System (DNS) is fundamental to communication on the Internet. Therefore, any proposed changes or extensions to DNS can have profound consequences on network communications. In this paper, we explore the implications of a recent extension to DNS called EDNS Client Subnet (ECS). This extension extends the visibility of client information to more domain operators by providing a prefix of a client’s IP address to DNS nameservers above the recursive nameserver. This raises numerous questions about the impact of such changes on network communications that rely on DNS.

In this paper, we present the results of a longitudinal study that measures the deployment of ECS using several DNS vantage points. We show that, despite being an optional extension, ECS has seen steady adoption over time—even for sites that do not benefit from its use. Additionally, we observe that the client subnet provided by ECS may provide less privacy than originally thought, with most subnets corresponding to a /24 CIDR or smaller. Lastly, we observe several positive and negative consequences resulting from the introduction of DNS. For example, DNS can help aid security efforts when analyzing DNS data above the recursive due to the addition of client network information. However, that same client information has the potential to exacerbate existing security issues like DNS leakage. Ultimately, this paper discusses how small changes to fundamental protocols can result in unintended consequences that can be both positive and negative.

View More Papers

CHANCEL: Efficient Multi-client Isolation Under Adversarial Programs

Adil Ahmad (Purdue University), Juhee Kim (Seoul National University), Jaebaek Seo (Google), Insik Shin (KAIST), Pedro Fonseca (Purdue University), Byoungyoung Lee (Seoul National University)

Read More

Exploring The Design Space of Sharing and Privacy Mechanisms...

Abdulmajeed Alqhatani, Heather R. Lipford (University of North Carolina at Charlotte)

Read More

Demo #7: Automated Tracking System For LiDAR Spoofing Attacks...

Yulong Cao, Jiaxiang Ma, Kevin Fu (University of Michigan), Sara Rampazzi (University of Florida), and Z. Morley Mao (University of Michigan) Best Demo Award Runner-up ($200 cash prize)!

Read More

Доверя́й, но проверя́й: SFI safety for native-compiled Wasm

Evan Johnson (University of California San Diego), David Thien (University of California San Diego), Yousef Alhessi (University of California San Diego), Shravan Narayan (University Of California San Diego), Fraser Brown (Stanford University), Sorin Lerner (University of California San Diego), Tyler McMullen (Fastly Labs), Stefan Savage (University of California San Diego), Deian Stefan (University of California…

Read More