Identifying and Characterizing Anycast in the Domain Name System. Fan, X., Heidemann, J., & Govindan, R. Technical Report ISI-TR-2011-671, USC/Information Sciences Institute, June, 2011. ![Identifying and Characterizing Anycast in the Domain Name System [link]](https://bibbase.org/img/filetypes/link.svg "link")
Paper abstract bibtex Since its first appearance, IP anycast has become essential for critical network services such as the Domain Name System (DNS). Despite this, there has been little attention to independently identifying and characterizing anycast nodes. External evaluation of anycast allows both third-party auditing of its benefits, and is essential to discovering benign masquerading or hostile hijacking of anycast services. In this paper, we develop ACE, an approach to identify and characterize anycast nodes. ACE first method is DNS queries for CHAOS records, the recommended debugging service for anycast, suitable for cooperative anycast services. Its second method uses \emphtraceroute to identify all anycast services by their connectivity to the Internet. Each individual method has ambiguities in some circumstances; we show a combined method improves on both. We validate ACE against two widely used anycast DNS services that provide ground truth. ACE has good precision, with 88% of its results corresponding to unique anycast nodes of the F-root DNS service. Its recall is affected by the number and diversity of vantage points. We use ACE for an initial study of how anycast is used for top-level domain servers. We find one case where a third-party server operates on root-DNS IP address, masquerades to capture traffic for its organization. We also study the 1164 nameserver IP addresses that cover all generic and country-code top-level domains, gather evidence that at least 14% and perhaps 32% use anycast.
@TechReport{Fan11a,
author = "Xun Fan and John Heidemann and Ramesh Govindan",
title = "Identifying and Characterizing Anycast in the Domain Name System",
institution = "USC/Information Sciences Institute",
year = 2011,
sortdate = "2011-06-01",
project = "ant, amite, lacrend, lander, research_root",
jsubject = "chronological",
number = "ISI-TR-2011-671",
month = jun,
jlocation = "johnh: pafile",
keywords = "anycast, detection",
jlocation = "johnh: pafile",
keywords = "anycast, discovery, topology, DNS, F-root, PCH",
url = "https://ant.isi.edu/%7ejohnh/PAPERS/Fan10b.html",
pdfurl = "https://ant.isi.edu/%7ejohnh/PAPERS/Fan10b.pdf",
myorganization = "USC/Information Sciences Institute",
copyrightholder = "authors",
abstract = "Since its first appearance, IP anycast has become essential for
critical network services such as the Domain Name System (DNS).
Despite this, there has been little attention to independently
identifying and characterizing anycast nodes. External evaluation of
anycast allows both third-party auditing of its benefits, and is
essential to discovering benign masquerading or hostile hijacking of
anycast services. In this paper, we develop ACE, an approach to
identify and characterize anycast nodes. ACE first method is DNS
queries for CHAOS records, the recommended debugging service for
anycast, suitable for cooperative anycast services. Its second method
uses \emph{traceroute} to identify all anycast services by their
connectivity to the Internet. Each individual method has ambiguities
in some circumstances; we show a combined method improves on both. We
validate ACE against two widely used anycast DNS services that
provide ground truth. ACE has good precision, with 88\% of its
results corresponding to unique anycast nodes of the F-root DNS
service. Its recall is affected by the number and diversity of
vantage points. We use ACE for an initial study of how anycast is
used for top-level domain servers. We find one case where a
third-party server operates on root-DNS IP address, masquerades to
capture traffic for its organization. We also study the 1164
nameserver IP addresses that cover all generic and country-code
top-level domains, gather evidence that at least 14\% and perhaps 32\%
use anycast.",
}
Downloads: 0
{"_id":"WztnoAYveufz2WLnf","bibbaseid":"fan-heidemann-govindan-identifyingandcharacterizinganycastinthedomainnamesystem-2011","author_short":["Fan, X.","Heidemann, J.","Govindan, R."],"bibdata":{"bibtype":"techreport","type":"techreport","author":[{"firstnames":["Xun"],"propositions":[],"lastnames":["Fan"],"suffixes":[]},{"firstnames":["John"],"propositions":[],"lastnames":["Heidemann"],"suffixes":[]},{"firstnames":["Ramesh"],"propositions":[],"lastnames":["Govindan"],"suffixes":[]}],"title":"Identifying and Characterizing Anycast in the Domain Name System","institution":"USC/Information Sciences Institute","year":"2011","sortdate":"2011-06-01","project":"ant, amite, lacrend, lander, research_root","jsubject":"chronological","number":"ISI-TR-2011-671","month":"June","jlocation":"johnh: pafile","keywords":"anycast, discovery, topology, DNS, F-root, PCH","url":"https://ant.isi.edu/%7ejohnh/PAPERS/Fan10b.html","pdfurl":"https://ant.isi.edu/%7ejohnh/PAPERS/Fan10b.pdf","myorganization":"USC/Information Sciences Institute","copyrightholder":"authors","abstract":"Since its first appearance, IP anycast has become essential for critical network services such as the Domain Name System (DNS). Despite this, there has been little attention to independently identifying and characterizing anycast nodes. External evaluation of anycast allows both third-party auditing of its benefits, and is essential to discovering benign masquerading or hostile hijacking of anycast services. In this paper, we develop ACE, an approach to identify and characterize anycast nodes. ACE first method is DNS queries for CHAOS records, the recommended debugging service for anycast, suitable for cooperative anycast services. Its second method uses \\emphtraceroute to identify all anycast services by their connectivity to the Internet. Each individual method has ambiguities in some circumstances; we show a combined method improves on both. We validate ACE against two widely used anycast DNS services that provide ground truth. ACE has good precision, with 88% of its results corresponding to unique anycast nodes of the F-root DNS service. Its recall is affected by the number and diversity of vantage points. We use ACE for an initial study of how anycast is used for top-level domain servers. We find one case where a third-party server operates on root-DNS IP address, masquerades to capture traffic for its organization. We also study the 1164 nameserver IP addresses that cover all generic and country-code top-level domains, gather evidence that at least 14% and perhaps 32% use anycast.","bibtex":"@TechReport{Fan11a,\n\tauthor = \t\"Xun Fan and John Heidemann and Ramesh Govindan\",\n\ttitle = \t\"Identifying and Characterizing Anycast in the Domain Name System\",\n\tinstitution = \t\"USC/Information Sciences Institute\",\n\tyear = \t\t2011,\n\tsortdate = \t\t\"2011-06-01\",\n\tproject = \"ant, amite, lacrend, lander, research_root\",\n\tjsubject = \"chronological\",\n\tnumber = \t\"ISI-TR-2011-671\",\n\tmonth = \tjun,\n\tjlocation = \t\"johnh: pafile\",\n\tkeywords = \t\"anycast, detection\",\n\tjlocation = \t\"johnh: pafile\",\n\tkeywords = \t\"anycast, discovery, topology, DNS, F-root, PCH\",\n\turl =\t\t\"https://ant.isi.edu/%7ejohnh/PAPERS/Fan10b.html\",\n\tpdfurl =\t\"https://ant.isi.edu/%7ejohnh/PAPERS/Fan10b.pdf\",\n\tmyorganization =\t\"USC/Information Sciences Institute\",\n\tcopyrightholder = \"authors\",\n\tabstract = \"Since its first appearance, IP anycast has become essential for\ncritical network services such as the Domain Name System (DNS).\nDespite this, there has been little attention to independently\nidentifying and characterizing anycast nodes. External evaluation of\nanycast allows both third-party auditing of its benefits, and is\nessential to discovering benign masquerading or hostile hijacking of\nanycast services. In this paper, we develop ACE, an approach to\nidentify and characterize anycast nodes. ACE first method is DNS\nqueries for CHAOS records, the recommended debugging service for\nanycast, suitable for cooperative anycast services. Its second method\nuses \\emph{traceroute} to identify all anycast services by their\nconnectivity to the Internet. Each individual method has ambiguities\nin some circumstances; we show a combined method improves on both. We\nvalidate ACE against two widely used anycast DNS services that\nprovide ground truth. ACE has good precision, with 88\\% of its\nresults corresponding to unique anycast nodes of the F-root DNS\nservice. Its recall is affected by the number and diversity of\nvantage points. We use ACE for an initial study of how anycast is\nused for top-level domain servers. We find one case where a\nthird-party server operates on root-DNS IP address, masquerades to\ncapture traffic for its organization. We also study the 1164\nnameserver IP addresses that cover all generic and country-code\ntop-level domains, gather evidence that at least 14\\% and perhaps 32\\%\nuse anycast.\",\n}\n\n","author_short":["Fan, X.","Heidemann, J.","Govindan, R."],"bibbaseid":"fan-heidemann-govindan-identifyingandcharacterizinganycastinthedomainnamesystem-2011","role":"author","urls":{"Paper":"https://ant.isi.edu/%7ejohnh/PAPERS/Fan10b.html"},"keyword":["anycast","discovery","topology","DNS","F-root","PCH"],"metadata":{"authorlinks":{}}},"bibtype":"techreport","biburl":"https://bibbase.org/f/dHevizJoWEhWowz8q/johnh-2023-2.bib","dataSources":["YLyu3mj3xsBeoqiHK","fLZcDgNSoSuatv6aX","fxEParwu2ZfurScPY","7nuQvtHTqKrLmgu99"],"keywords":["anycast","discovery","topology","dns","f-root","pch"],"search_terms":["identifying","characterizing","anycast","domain","name","system","fan","heidemann","govindan"],"title":"Identifying and Characterizing Anycast in the Domain Name System","year":2011}