Survey and Analysis of DNS Filtering Components

Abstract

The Domain Name System (DNS) comprises name servers translating domain names into, commonly, IP addresses. Authoritative name servers hosts the resource records (RR) for certain zones, and resolver name servers are responsible for querying and answering DNS queries on behalf of their clients. Unfortunately, cybercriminals often use DNS for malicious purposes, such as phishing, malware distribution, and botnet communication. To combat these threats, filtering resolvers have become increasingly popular, employing various techniques to identify and block malicious requests. In this paper, we survey several techniques to implement and enhance the capabilities of filtering resolvers including response policy zones, threat intelligence feeds, and detection of algorithmically generated domains. We identify the current trends of each area and find missing intersections in the literature, which could be used to improve the effectiveness of filtering resolvers. In addition, we propose future work designing a framework for filtering resolvers using state-of-the-art approaches identified in this study.