DNS Research

• Hijacking registered domains (2024-08)
  Looking for "Sitting Ducks" domains where their delegations point to authoritative DNS hosting services that no longer serve for the domain.
• Finding out-of-sync TLD nameservers (2024-05)
  Looking at nameservers for 1448 TLDs to find zones that possibly are out-of-date by comparing SOAs and RRSIGs.
• DNS over IPv6 for Czech Republic Domains (2024-02)
  An analysis of Czech Republic government domains indicated that around 22% of the domains had an IPv6 mistake related to DNS and 7% completely failed for DNS over IPv6.
• DNSSEC Research for Largest 100 Banks (2022-12)
  Twenty-eight of the top 100 global banks had at least one DNS domain with DNSSEC. Only 9.4% of the domains owned by the largest banks were DNSSEC signed. The banks with the most DNSSEC-signed domains were State Bank of India (26), Skandinaviska Enskilda Banken AB (22), and Svenska Handelsbanken AB (15).
• SPF Record Problems (2022-05)
  DNS Institute identified SPF (Sender Policy Framework) problems in around 4.2% of domains.
• SPF and Dangling DNS Targets (2022-05)
  DNS Institute found over 80 SPF records that had policies using currently non-existent domains which may be available for purchase or assignment from domain resellers, brokers, squatters, registrars, or subdomain hosting providers.
• Top Ten Most Frequent Test Failures (2022-04)
  We have ran over a third of a million test runs resulting in over fifty-one million individual test results. Some of the tests fail so frequently they can be considered just unimportant noise — or are they?
• Analyzing OpenNIC (2022-01)
  Quick audit of over a thousand delegated domain names found under the alternative DNS root OpenNIC identified tens of thousands of issues (58 unique) including two expired TLDs. Interestingly, we learned that many of the domains also used delegations under standard DNS.
• Summary of Audit of Top Ten Domains for Top TLDs (2021-10)
  Highlights of the interesting problems from analyzing the top domains and nameservers for 62 most popular TLDs.
• ASN and Network Prefixes for TLD Nameservers (2021-10)
  Counts of different ASNs and network prefixes for each IPv4 nameserver (from root server delegations) for all TLDs.
• Running ancient 1990 BIND 4 on modern Internet
  DNS standards still mostly working after 30 years. This week-long study used a 386BSD port of 1990 4.3BSD-Reno's BIND named 4.8.3 with modern DNS for recursive and authoritative services.
• Russia Government Domains Analysis (2021-07)
  Identified over 20,000 DNS anomalies from research of 500 Russian Federation domains including very poor IPv6 and DNSSEC support, many nameservers without EDNS support, and several open resolvers.
• Summary of Analysis for Single Top Ranked Domain for Each TLD (2021-02)
  The most popular domain for many TLDs had interesting DNS problems.
• Popularity Rankings for TLDs
  Popularity Rankings table for 1200+ TLDs. The 10 most popular TLDs from the Tranco top sites list are com, net, ru, org, info, in, ir, uk, au, and de.
• DNS over IPv6 Research 2020-11 for Fortune 500 Companies
  129 Fortune 500 companies didn't have working DNS over IPv6.
• DNSSEC Report 2020-10 for Top 100 Banking Institutions
  Only 4.7% of the domains owned by the largest banks were DNSSEC signed.
• TLD Delegation and Nameserver Failures (2020-09)
  An analysis of 1508 top-level domain names found many interesting and even critical problems in at least 20 TLDs, including DNSSEC failures.
• DNS Nameserver Counts for Top Million Websites (2020-08)
  The most popular NS nameserver domain name was cloudflare.com.
• DNS Mistakes (Part 2): Lots of Typos
  More mistakes often caused by typos, copy-and-paste issues, or misunderstandings for what is allowed in DNS.
• DNS Mistakes (Part 1): Missing or Added Trailing Dots
  Technical mistakes caused with a missing trailing dot in zone files and for a trailing period appended when not meant to.
• Potential Email Compromise via Dangling DNS MX
  While the Dangling MX concept is already known, our paper also describes a novel vulnerability and research approach where the Dangling MX or other DNS target is an existing registered domain, but available for purchase or unknown third-party use.
• IPv6 Report 2020-06 for US Government and Military Domains
  651 (50%) US government domains had at least one IPv6 problem and 19% completely failed for IPv6.
• DNS Lame Delegations Report 2019-11
  Various examples of invalid or broken nameservers as listed in NS records.
• DNS over IPv6 Report 2019-10 for Fortune 500 (US) Companies
  56% of the Fortune 500 companies have a domain that doesn't work via IPv6.
• DNSSEC Report 2019-09 for Top 100 Banking Institutions
  Only 18 out of the largest 100 banking institutions had signed domains. And only 68 domains out of 1518 domains (4.4%) were DNSSEC signed.
• Query Times Report 2019-08 for Top 100 Banking Institutions
  The three fastest banks in this study were: Lloyds Banking Group PLC, Canadian Imperial Bank of Commerce, and Bank of New York Mellon Corp.

Contact Us | About | Site Map |  Gab |  Twitter