May 9 – 10, 2015
Okura Hotel
Europe/Amsterdam timezone

A countermeasure of random subdomain attacks (Aggressive negative caching with NSEC)

May 9, 2015, 1:50 PM
Heian I/II (Okura Hotel)

Heian I/II

Okura Hotel

Ferdinand Bolstraat 333 1072 LH Amsterdam
Public Workshop


Mr Kazunori Fujiwara (Japan Registry Services Co., Ltd)


Random sub-domain attacks (also called as "Water Torture" attacks) send many non-existent queries to full resolvers. Negative cache does not work well because query names vary. However, NSEC resource records contain non-existent name ranges. Aggressive negative caching using NSEC resource records may be a countermeasure of random sub-domain attacks for signed domains. The presentation will explain a proposal of a protocol change, attack tool, a patch to Unbound, and an experiment result. It also decrease non-existent TLD queries to root DNS servers. (about 20 minutes without questions)

Primary author

Mr Kazunori Fujiwara (Japan Registry Services Co., Ltd)

Presentation materials