Configuration anormaly detection and resolution risk assessment of authoritative domain name server

Abstract

Authoritative domain name servers (referred to as authoritative servers) play a critical role in the Domain Name System (DNS) by resolving domain names to specific IP or CNAME records, ensuring seamless internet access. However, misconfigurations in authoritative servers can introduce risks to domain name resolution. This paper proposes a comprehensive approach to analyze and evaluate the configuration risks of authoritative servers. We develop a tool called “AuthDetect” to detect configuration anomalies in authoritative servers, and leveraging this tool, we conduct anomaly detection and analyze resolution risks from three perspectives: resolution latency, content, and reliability. Our evaluation indicates that 90% of the domains have a favorable overall resolution risk (below 0.13), but varying levels of risks exist: (1) 60% face resolution latency risk, (2) only 8.33% of domain names exhibit content risk, and (3) almost all domain names (99.8%) experience resolution reliability risk, primarily due to inadequate server configuration. These findings offer valuable data support for domain name managers, providing insights into the current configuration status of authoritative servers and contributing to maintaining a healthy and stable DNS system operation.