9-10 May 2015
Okura Hotel
Europe/Amsterdam timezone

A countermeasure of random subdomain attacks (Aggressive negative caching with NSEC)

9 May 2015, 13:50
Heian I/II (Okura Hotel)

Heian I/II

Okura Hotel

Ferdinand Bolstraat 333 1072 LH Amsterdam
Public Workshop


Mr. Kazunori Fujiwara (Japan Registry Services Co., Ltd)


Random sub-domain attacks (also called as "Water Torture" attacks) send many non-existent queries to full resolvers. Negative cache does not work well because query names vary. However, NSEC resource records contain non-existent name ranges. Aggressive negative caching using NSEC resource records may be a countermeasure of random sub-domain attacks for signed domains. The presentation will explain a proposal of a protocol change, attack tool, a patch to Unbound, and an experiment result. It also decrease non-existent TLD queries to root DNS servers. (about 20 minutes without questions)

Primary author

Mr. Kazunori Fujiwara (Japan Registry Services Co., Ltd)

Presentation Materials

Your browser is out of date!

Update your browser to view this website correctly. Update my browser now