Domain Name System Security and Privacy: A Contemporary Survey

TL;DR

This survey comprehensively reviews over 170 recent research papers on DNS vulnerabilities, threats, countermeasures, and data analysis methods, highlighting ongoing challenges and vulnerable entities in DNS security and privacy.

Contribution

It provides a detailed overview of DNS security threats, summarizes existing countermeasures, and analyzes the threat landscape from various system entities, offering insights for future research.

Findings

Identified key vulnerabilities in DNS infrastructure.

Summarized effective countermeasures and mitigation strategies.

Highlighted vulnerable entities within DNS systems.

Abstract

The domain name system (DNS) is one of the most important components of today's Internet, and is the standard naming convention between human-readable domain names and machine-routable IP addresses of Internet resources. However, due to the vulnerability of DNS to various threats, its security and functionality have been continuously challenged over the course of time. Although, researchers have addressed various aspects of the DNS in the literature, there are still many challenges yet to be addressed. In order to comprehensively understand the root causes of the vulnerabilities of DNS, it is mandatory to review the various activities in the research community on DNS landscape. To this end, this paper surveys more than 170 peer-reviewed papers, which are published in both top conferences and journals in the last ten years, and summarizes vulnerabilities in DNS and corresponding countermeasures. This paper not only focuses on the DNS threat landscape and existing challenges, but also discusses the utilized data analysis methods, which are frequently used to address DNS threat vulnerabilities. Furthermore, we looked into the DNSthreat landscape from the viewpoint of the involved entities in the DNS infrastructure in an attempt to point out more vulnerable entities in the system.