The Windows of Private DNS Updates
Appeared in ACM SIGCOMM Computer Communication Review (CCR)

Andre Broido, Hao Shang, Marina Fomenkov, Young Hyun, kc claffy
Cooperative Association for Internet Data Analysis - CAIDA
San Diego Supercomputer Center,
University of California, San Diego

This work is motivated by the observation of one particular type of unwanted traffic - dynamic DNS updates for private (RFC1918) addresses, which leaks to global network. This spurious traffic not only wastes network resources but also jeopardizes security and privacy of users. We first look at the magnitude of these updates on two independent AS112 [1] servers. We then analyze which operating systems are responsible for these updates by using three levels of signature techniques and find that over 97% of updates come from Windows systems. While newer versions of Windows OSes are more stringent in sending private DNS updates, we did not observe an overall decreasing trend due to this evolution. Users, software vendors, and system administrators can take steps to reduce this RFC1918 traffic. However, since most end users are unlikely to interfere with vendor default settings, it should be the responsibility of software vendor and system administrators to take positive action to fix this problem.