{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,14]],"date-time":"2026-02-14T10:28:52Z","timestamp":1771064932318,"version":"3.50.1"},"reference-count":105,"publisher":"Institute of Electrical and Electronics Engineers (IEEE)","issue":"6","license":[{"start":{"date-parts":[[2024,11,1]],"date-time":"2024-11-01T00:00:00Z","timestamp":1730419200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/ieeexplore.ieee.org\/Xplorehelp\/downloads\/license-information\/IEEE.html"},{"start":{"date-parts":[[2024,11,1]],"date-time":"2024-11-01T00:00:00Z","timestamp":1730419200000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-029"},{"start":{"date-parts":[[2024,11,1]],"date-time":"2024-11-01T00:00:00Z","timestamp":1730419200000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-037"}],"funder":[{"name":"National Key Research and Development Program of China","award":["2023YFB3105600"],"award-info":[{"award-number":["2023YFB3105600"]}]},{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["62102218"],"award-info":[{"award-number":["62102218"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["U1836213"],"award-info":[{"award-number":["U1836213"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["U19B2034"],"award-info":[{"award-number":["U19B2034"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["62302258"],"award-info":[{"award-number":["62302258"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]},{"name":"Alibaba Innovative Research Program"},{"name":"CCF-Tencent Rhino-Bird Young Faculty Open Research Fund","award":["CCF-Tencent RAGR20230116"],"award-info":[{"award-number":["CCF-Tencent RAGR20230116"]}]},{"name":"Taishan Scholars Program"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IEEE Trans. Dependable and Secure Comput."],"published-print":{"date-parts":[[2024,11]]},"DOI":"10.1109\/tdsc.2024.3373530","type":"journal-article","created":{"date-parts":[[2024,3,5]],"date-time":"2024-03-05T19:24:52Z","timestamp":1709666692000},"page":"5275-5292","source":"Crossref","is-referenced-by-count":4,"title":["Investigating Deployment Issues of DNS Root Server Instances From a China-Wide View"],"prefix":"10.1109","volume":"21","author":[{"ORCID":"https:\/\/orcid.org\/0000-0001-5325-175X","authenticated-orcid":false,"given":"Fenglu","family":"Zhang","sequence":"first","affiliation":[{"name":"Institute for Network Sciences and Cyberspace, Tsinghua University, Beijing, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-9032-8063","authenticated-orcid":false,"given":"Baojun","family":"Liu","sequence":"additional","affiliation":[{"name":"Institute for Network Sciences and Cyberspace, Tsinghua University, Beijing, China"}]},{"ORCID":"https:\/\/orcid.org\/0009-0005-3512-7612","authenticated-orcid":false,"given":"Chaoyi","family":"Lu","sequence":"additional","affiliation":[{"name":"Institute for Network Sciences and Cyberspace, Tsinghua University, Beijing, China"}]},{"ORCID":"https:\/\/orcid.org\/0009-0003-8677-7629","authenticated-orcid":false,"given":"Yunpeng","family":"Xing","sequence":"additional","affiliation":[{"name":"Institute for Network Sciences and Cyberspace, Tsinghua University, Beijing, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-0083-733X","authenticated-orcid":false,"given":"Haixin","family":"Duan","sequence":"additional","affiliation":[{"name":"Institute for Network Sciences and Cyberspace, Tsinghua University, Beijing, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-4919-1130","authenticated-orcid":false,"given":"Ying","family":"Liu","sequence":"additional","affiliation":[{"name":"Institute for Network Sciences and Cyberspace, Tsinghua University, Beijing, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-6729-1450","authenticated-orcid":false,"given":"Liyuan","family":"Chang","sequence":"additional","affiliation":[{"name":"Innovation Department, China Telecom Network Security Technology Company Ltd., Beijing, China"}]}],"member":"263","reference":[{"key":"ref1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-98785-5_11"},{"key":"ref2","doi-asserted-by":"crossref","DOI":"10.17487\/rfc6698","article-title":"The DNS-Based authentication of named entities (DANE) transport layer security (TLS) protocol: TLSA","author":"Hoffman","year":"2012"},{"key":"ref3","doi-asserted-by":"crossref","DOI":"10.17487\/RFC7671","article-title":"The DNS-Based authentication of named entities (DANE) protocol: Updates and operational guidance","author":"Dukhovni","year":"2015"},{"key":"ref4","article-title":"DomainKeys identified mail (DKIM) signatures","author":"Kucherawy","year":"2011"},{"key":"ref5","doi-asserted-by":"crossref","DOI":"10.17487\/rfc7208","article-title":"Sender policy framework (SPF) for authorizing use of domains in email, Version 1","author":"Kitterman","year":"2014"},{"key":"ref6","first-page":"14","article-title":"Retroactive identification of targeted DNS infrastructure hijacking","volume-title":"Proc. 22nd ACM Internet Meas. Conf.","author":"Akiwate"},{"key":"ref7","first-page":"3147","article-title":"The hijackers guide to the galaxy: Off-path taking over internet resources","volume-title":"Proc. 30th USENIX Secur. Symp.","author":"Dai"},{"key":"ref8","doi-asserted-by":"publisher","DOI":"10.1145\/3460120.3484815"},{"key":"ref9","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-30505-9_21"},{"key":"ref10","volume-title":"DDoS attacks on dyn","year":"2016"},{"key":"ref11","volume-title":"Akamai Edge DNS goes down, takes a chunk of the internet with it","year":"2021"},{"key":"ref12","doi-asserted-by":"crossref","DOI":"10.17487\/rfc3258","article-title":"Distributing authoritative name servers via shared unicast addresses","volume-title":"RFC 3258","author":"Hardie","year":"2002"},{"key":"ref13","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-71617-4_13"},{"key":"ref14","article-title":"RSSAC057: Requirements for measurements of the local perspective on the root server system","year":"2021","journal-title":"RSSAC"},{"key":"ref15","article-title":"Root server technical operations association","year":"2022"},{"key":"ref16","article-title":"Operation of anycast services","volume-title":"RFC 4786","author":"Lindqvist","year":"2006"},{"key":"ref17","article-title":"Hierarchical anycast for global service distribution","author":"Abley","year":"2003"},{"key":"ref18","article-title":"RSSAC056: RSSAC advisory on rogue DNS root server operators","year":"2021","journal-title":"RSSAC"},{"key":"ref19","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-36516-4_15"},{"key":"ref20","article-title":"Atlas data viewer","volume-title":"ISC","year":"2022"},{"key":"ref21","doi-asserted-by":"publisher","DOI":"10.1145\/3452296.3472891"},{"key":"ref22","volume-title":"Measuring the health of the domain name system","year":"2010"},{"key":"ref23","article-title":"The ITHI (identifier technologies health indicators) project","volume-title":"ICANN","year":"2022"},{"key":"ref24","article-title":"RSSAC002: RSSAC advisory on measurements of the root server system","year":"2015","journal-title":"RSSAC"},{"key":"ref25","doi-asserted-by":"publisher","DOI":"10.1109\/INFCOM.2013.6566965"},{"key":"ref26","doi-asserted-by":"crossref","DOI":"10.17487\/RFC7720","article-title":"DNS root name service protocol and deployment requirements","volume-title":"RFC 7720","author":"Blanchet","year":"2015"},{"key":"ref27","article-title":"Root name server operational requirements","volume-title":"RFC 2870","author":"Karrenberg","year":"2000"},{"key":"ref28","article-title":"RSSAC055: Principles guiding the operation of the public root server system","year":"2021","journal-title":"RSSAC"},{"key":"ref29","article-title":"RSSAC020: RSSAC statement on client side reliability of root DNS data","year":"2021","journal-title":"RSSAC"},{"key":"ref30","article-title":"B-root begins anycast in may","volume-title":"Univ. of Southern California","year":"2017"},{"key":"ref31","first-page":"1113","article-title":"Who is answering my queries: Understanding and characterizing interception of the DNS resolution path","volume-title":"Proc. 27th USENIX Secur. Symp.","author":"Liu"},{"key":"ref32","doi-asserted-by":"publisher","DOI":"10.1109\/SP40000.2020.00014"},{"key":"ref33","volume-title":"Cernet","year":"2022"},{"key":"ref34","volume-title":"Domain names - Concepts and facilities, RFC 1034","year":"1987"},{"key":"ref35","article-title":"Brief overview of the root server system","author":"Conrad","year":"2020"},{"key":"ref36","article-title":"Root zone management","volume-title":"IANA","year":"2022"},{"key":"ref37","doi-asserted-by":"publisher","DOI":"10.1109\/SP46214.2022.9833637"},{"key":"ref38","doi-asserted-by":"publisher","DOI":"10.3233\/JCS-150529"},{"key":"ref39","article-title":"Upgrading HTTPS in mid-air","volume-title":"Proc. Thz Netw. Distrib. Syst. Secur. Symp.","author":"Kranch"},{"key":"ref40","article-title":"Domain name system security extensions","volume-title":"D. E. E. 3rd","year":"1999"},{"key":"ref41","article-title":"IAB technical comment on the unique DNS root","volume-title":"IAB","year":"2000"},{"key":"ref42","first-page":"3381","article-title":"How great is the great firewall? Measuring China\u2019s DNS censorship","volume-title":"Proc. 30th USENIX Secur. Symp.","author":"Hoang"},{"key":"ref43","doi-asserted-by":"publisher","DOI":"10.1515\/popets-2015-0005"},{"key":"ref44","article-title":"Towards a comprehensive picture of the great firewall\u2019s DNS censorship","volume-title":"Proc. 4th USENIX Workshop Free Open Commun. Internet"},{"key":"ref45","first-page":"1","article-title":"The great DNS wall of China","volume":"21","author":"Lowe","year":"2007"},{"key":"ref46","doi-asserted-by":"publisher","DOI":"10.1145\/3517745.3561461"},{"key":"ref47","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2020.23098"},{"key":"ref48","doi-asserted-by":"publisher","DOI":"10.1145\/3278532.3278555"},{"key":"ref49","article-title":"The anatomy of web censorship in Pakistan","volume-title":"Proc. 3rd USENIX Workshop Free Open Commun. Internet","author":"Nabi"},{"key":"ref50","doi-asserted-by":"publisher","DOI":"10.1109\/ICC.2017.7996467"},{"key":"ref51","doi-asserted-by":"publisher","DOI":"10.1145\/1315245.1315290"},{"key":"ref52","article-title":"Internet censorship in Iran: A first look","volume-title":"Proc. 3rd USENIX Workshop Free Open Commun. Internet","author":"Aryan"},{"key":"ref53","article-title":"Extension mechanisms for DNS (EDNS(0))","volume-title":"RFC 6891","author":"da Silva Damas","year":"2013"},{"key":"ref54","first-page":"307","article-title":"Global measurement of DNS manipulation","volume-title":"Proc. 26th USENIX Secur. Symp.","author":"Pearce"},{"key":"ref55","first-page":"2","article-title":"Redirecting DNS for ads and profit","volume-title":"Proc. USENIX Workshop Free Open Commun. Internet","author":"Weaver"},{"key":"ref56","doi-asserted-by":"publisher","DOI":"10.23919\/TMA.2017.8002906"},{"key":"ref57","doi-asserted-by":"publisher","DOI":"10.1145\/3442381.3450050"},{"key":"ref58","doi-asserted-by":"publisher","DOI":"10.1145\/3485447.3512214"},{"key":"ref59","first-page":"2047","article-title":"The security lottery: Measuring client-side web security inconsistencies","volume-title":"Proc. 31st USENIX Secur. Symp.","author":"Roth"},{"key":"ref60","doi-asserted-by":"publisher","DOI":"10.1145\/3278532.3278570"},{"key":"ref61","first-page":"203","article-title":"How to catch when proxies lie: Verifying the physical locations of network proxies with active geolocation","volume-title":"Proc. Internet Meas. Conf.","author":"Weinberg"},{"key":"ref62","article-title":"Proxyrack: Buy proxies HTTP, UDP, SOCKS proxy","volume-title":"ProxyRack","year":"2022"},{"issue":"3","key":"ref63","first-page":"2","article-title":"Ripe atlas: A global Internet measurement network","volume":"18","author":"Staff","year":"2015","journal-title":"Internet Protocol J."},{"key":"ref64","article-title":"Layer two tunneling protocol \u201cL2TP\u201d","volume-title":"RFC 2661","author":"Valencia","year":"1999"},{"key":"ref65","article-title":"Point-to-point tunneling protocol (PPTP)","volume-title":"RFC 2637","author":"Zorn","year":"1999"},{"key":"ref66","article-title":"IP geolocation and online fraud prevention","volume-title":"MaxMind","year":"2022"},{"key":"ref67","volume-title":"China telecom limited","year":"2022"},{"key":"ref68","volume-title":"China unicom limited","year":"2022"},{"key":"ref69","volume-title":"China mobile limited","year":"2022"},{"key":"ref70","volume-title":"Alibaba cloud","year":"2022"},{"key":"ref71","volume-title":"Tencent cloud","year":"2022"},{"key":"ref72","first-page":"449","article-title":"Many roads lead to rome: How packet headers influence DNS censorship measurement","volume-title":"Proc. 31st USENIX Secur. Symp.","author":"Bhaskar"},{"key":"ref73","doi-asserted-by":"crossref","DOI":"10.17487\/rfc5001","article-title":"DNS name server identifier (NSID) option","volume-title":"RFC 5001","author":"Austein","year":"2007"},{"key":"ref74","article-title":"Requirements for a mechanism identifying a name server instance","volume-title":"RFC 4892","author":"Conrad","year":"2007"},{"key":"ref75","doi-asserted-by":"crossref","DOI":"10.17487\/rfc7108","article-title":"A summary of various mechanisms deployed at L-root for the identification of anycast nodes","volume-title":"RFC 7108","author":"Abley","year":"2014"},{"key":"ref76","volume-title":"Domain names - Implementation and specification, RFC 1035","year":"1987"},{"key":"ref77","article-title":"Root files","volume-title":"IANA","year":"2022"},{"key":"ref78","doi-asserted-by":"crossref","DOI":"10.17487\/rfc3225","article-title":"Indicating resolver support of DNSSEC","volume-title":"RFC 3225","author":"Conrad","year":"2001"},{"key":"ref79","article-title":"CVE","volume-title":"The MITRE Corporation","year":"2024"},{"key":"ref80","article-title":"Root server system metrics","volume-title":"Verisign","year":"2024"},{"key":"ref81","doi-asserted-by":"publisher","DOI":"10.1145\/3379479"},{"key":"ref82","doi-asserted-by":"publisher","DOI":"10.1145\/3372297.3417883"},{"key":"ref83","article-title":"Understanding internet censorship policy: The case of Greece","volume-title":"Proc. 5th USENIX Workshop Free Open Commun. Internet","author":"Ververis"},{"key":"ref84","article-title":"BIND 9","volume-title":"ISC","year":"2022"},{"key":"ref85","article-title":"Unbound","volume-title":"NLnet Labs","year":"2022"},{"key":"ref86","article-title":"Knot resolver","volume-title":"CZ.NIC","year":"2022"},{"key":"ref87","article-title":"PowerDNS recursor","volume-title":"PowerDNS","year":"2022"},{"key":"ref88","volume-title":"Docker: Empowering app development for developers","year":"2022"},{"key":"ref89","volume-title":"GDB: The GNU project debugger - GNU.org","year":"2022"},{"key":"ref90","article-title":"Misadventure at root I in China","author":"van Beijnum","year":"2010"},{"key":"ref91","article-title":"Host an I-root","volume-title":"Netnod","year":"2022"},{"key":"ref92","article-title":"Route views project","volume-title":"University of Oregon","year":"2022"},{"key":"ref93","doi-asserted-by":"publisher","DOI":"10.1145\/2896816"},{"key":"ref94","doi-asserted-by":"publisher","DOI":"10.2139\/ssrn.2445102"},{"key":"ref95","doi-asserted-by":"crossref","DOI":"10.17487\/RFC8806","article-title":"Running a root server local to a resolver","volume-title":"RFC 8806","author":"Kumari","year":"2020"},{"key":"ref96","first-page":"3171","article-title":"Fourteen years in the life: A root server\u2019s perspective on DNS resolver security","volume-title":"Proc. 32nd USENIX Secur. Symp.","author":"Hilton"},{"key":"ref97","doi-asserted-by":"publisher","DOI":"10.1145\/3487552.3487849"},{"key":"ref98","article-title":"Corrupted DNS resolution paths: The rise of a malicious resolution authority","volume-title":"Proc. 15th Netw. Distrib. Syst. Secur. Symp.","author":"Dagon"},{"key":"ref99","doi-asserted-by":"publisher","DOI":"10.1109\/SRDS53918.2021.00029"},{"key":"ref100","doi-asserted-by":"publisher","DOI":"10.1145\/1452335.1452341"},{"key":"ref101","first-page":"255","article-title":"Anycast vs. DDoS: Evaluating the Nov. 2015 Root DNS Event","volume-title":"Proc. ACM Internet Meas. Conf.","author":"Moura"},{"key":"ref102","article-title":"Ipv4 vs ipv6 anycast catchment: A root dns study","author":"Wicaksana","year":"2016"},{"key":"ref103","doi-asserted-by":"publisher","DOI":"10.1145\/2185376.2185387"},{"key":"ref104","doi-asserted-by":"publisher","DOI":"10.1145\/3131365.3131366"},{"key":"ref105","doi-asserted-by":"publisher","DOI":"10.1145\/1879141.1879144"}],"container-title":["IEEE Transactions on Dependable and Secure Computing"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx7\/8858\/10750463\/10460172.pdf?arnumber=10460172","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,11,26]],"date-time":"2024-11-26T23:24:12Z","timestamp":1732663452000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/10460172\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,11]]},"references-count":105,"journal-issue":{"issue":"6"},"URL":"https:\/\/doi.org\/10.1109\/tdsc.2024.3373530","relation":{},"ISSN":["1545-5971","1941-0018","2160-9209"],"issn-type":[{"value":"1545-5971","type":"print"},{"value":"1941-0018","type":"electronic"},{"value":"2160-9209","type":"electronic"}],"subject":[],"published":{"date-parts":[[2024,11]]}}}