{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,10,25]],"date-time":"2025-10-25T14:17:47Z","timestamp":1761401867663,"version":"3.41.0"},"reference-count":26,"publisher":"Association for Computing Machinery (ACM)","issue":"1","license":[{"start":{"date-parts":[[2017,1,17]],"date-time":"2017-01-17T00:00:00Z","timestamp":1484611200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["SIGCOMM Comput. Commun. Rev."],"published-print":{"date-parts":[[2017,1,17]]},"abstract":"<jats:p>DNS cache plays a critical role in domain name resolution, providing (1) high scalability at Root and Top-level-domain (TLD) name servers with reduced workloads and (2) low response latency to clients when the resource records of the queried domains are cached. However, the pervasive misuses of domain names, e.g., the domains of ``one-time-use'' pattern, have negative impact on the effectiveness of DNS caching as the cache has been filled with those entries that are highly unlikely to be retrieved. In this paper, we investigate such misuse and identify domain name-based features to characterize those one-time domains. By leveraging the features that are explicitly available from the domain name itself, we build a classifier to combine these features, propose simple policy modifications on caching resolvers for improving DNS cache performance, and validate their efficacy using real traces.<\/jats:p>","DOI":"10.1145\/3041027.3041032","type":"journal-article","created":{"date-parts":[[2017,1,18]],"date-time":"2017-01-18T13:13:59Z","timestamp":1484745239000},"page":"36-42","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":18,"title":["Exploring Domain Name Based Features on the Effectiveness of DNS Caching"],"prefix":"10.1145","volume":"47","author":[{"given":"Shuai","family":"Hao","sequence":"first","affiliation":[{"name":"University of Delaware"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Haining","family":"Wang","sequence":"additional","affiliation":[{"name":"University of Delaware"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2017,1,17]]},"reference":[{"key":"e_1_2_1_1_2","unstructured":"FeatureDatasets  FeatureDatasets"},{"key":"e_1_2_1_2_2","unstructured":"D.J.Bernstein djbdns http:\/\/cr.yp.to\/djbdns.html.  D.J.Bernstein djbdns http:\/\/cr.yp.to\/djbdns.html."},{"key":"e_1_2_1_3_2","unstructured":"BIND 9 Configuration Reference http:\/\/ftp.isc.org\/isc\/bind9\/cur\/9.10\/doc\/arm\/ Bv9ARM.ch06.html#id2586632. BIND 9 Configuration Reference http:\/\/ftp.isc.org\/isc\/bind9\/cur\/9.10\/doc\/arm\/ Bv9ARM.ch06.html#id2586632."},{"key":"e_1_2_1_4_2","unstructured":"RFC 2308: Negative Caching of DNS Queries (DNS NCACHE) https:\/\/tools.ietf.org\/html\/rfc2308. RFC 2308: Negative Caching of DNS Queries (DNS NCACHE) https:\/\/tools.ietf.org\/html\/rfc2308."},{"key":"e_1_2_1_5_2","unstructured":"P.Tan M.Steinbach and V.Kumar Introduction to DataMining Addison-Wesley 2006.   P.Tan M.Steinbach and V.Kumar Introduction to DataMining Addison-Wesley 2006."},{"key":"e_1_2_1_6_2","unstructured":"M. Antonakakis R. Perdisci D. Dagon W. Lee and N. Feamster \"Building a Dynamic Reputation System for DNS \" USENIX Security Symposium 2010.   M. Antonakakis R. Perdisci D. Dagon W. Lee and N. Feamster \"Building a Dynamic Reputation System for DNS \" USENIX Security Symposium 2010."},{"key":"e_1_2_1_7_2","unstructured":"M. Antonakakis R. Perdisci W.Lee N. Vasiloglou and D.Dagon \"Detecting Malware Domains in the Upper DNS Hierarchy \" USENIX Security Symposium 2011.   M. Antonakakis R. Perdisci W.Lee N. Vasiloglou and D.Dagon \"Detecting Malware Domains in the Upper DNS Hierarchy \" USENIX Security Symposium 2011."},{"key":"e_1_2_1_8_2","unstructured":"M. Antonakakis R. Perdisci Y.Nadji N. Vasiloglou S. Abu-Nimeh W. Lee and D. Dagon \"From Throw-Away Traffic to Bots: Detecting the Rise of DGA-based Malware \" USENIX Security Symposium 2012.   M. Antonakakis R. Perdisci Y.Nadji N. Vasiloglou S. Abu-Nimeh W. Lee and D. Dagon \"From Throw-Away Traffic to Bots: Detecting the Rise of DGA-based Malware \" USENIX Security Symposium 2012."},{"key":"e_1_2_1_9_2","doi-asserted-by":"publisher","DOI":"10.1145\/1455770.1455796"},{"key":"e_1_2_1_10_2","unstructured":"L. Bilge E. Kirda C. Kruegel and M. Balduzzi \"EXPOSURE: Finding Malicious Domains Using Passive DNS Analysis \" Network and Distributed System Security Symposium (NDSS) 2011.  L. Bilge E. Kirda C. Kruegel and M. Balduzzi \"EXPOSURE: Finding Malicious Domains Using Passive DNS Analysis \" Network and Distributed System Security Symposium (NDSS) 2011."},{"key":"e_1_2_1_11_2","doi-asserted-by":"publisher","DOI":"10.1145\/2500098.2500100"},{"key":"e_1_2_1_12_2","doi-asserted-by":"publisher","DOI":"10.1109\/DSN.2014.61"},{"key":"e_1_2_1_13_2","doi-asserted-by":"publisher","DOI":"10.1016\/S1389-1286(02)00424-3"},{"key":"e_1_2_1_14_2","doi-asserted-by":"publisher","DOI":"10.4108\/icst.valuetools.2013.254416"},{"key":"e_1_2_1_15_2","doi-asserted-by":"publisher","DOI":"10.1145\/2486001.2486018"},{"key":"e_1_2_1_16_2","doi-asserted-by":"publisher","DOI":"10.1145\/2504730.2504753"},{"key":"e_1_2_1_17_2","doi-asserted-by":"publisher","DOI":"10.1109\/TNET.2002.803905"},{"key":"e_1_2_1_18_2","unstructured":"J. Jung A. W. Berger and H. Balakrishnan \"Modeling TTL-based Internet Caches \" IEEE INFOCOM 2003.  J. Jung A. W. Berger and H. Balakrishnan \"Modeling TTL-based Internet Caches \" IEEE INFOCOM 2003."},{"key":"e_1_2_1_19_2","doi-asserted-by":"publisher","DOI":"10.1145\/1028788.1028792"},{"key":"e_1_2_1_20_2","doi-asserted-by":"publisher","DOI":"10.1145\/1028788.1028790"},{"key":"e_1_2_1_21_2","unstructured":"V. Paxson M. Christodorescu M. Javed J. Rao R. Sailer D. L. Schales M. Stoecklin K. Thomas W. Venema and N. Weaver \"Practical Comprehensive Bounds on Surreptitious Communication Over DNS \" USENIX Security Symposium 2013.   V. Paxson M. Christodorescu M. Javed J. Rao R. Sailer D. L. Schales M. Stoecklin K. Thomas W. Venema and N. Weaver \"Practical Comprehensive Bounds on Surreptitious Communication Over DNS \" USENIX Security Symposium 2013."},{"volume-title":"USENIX Workshop on Large-Scale Exploits and Emergent Threats (LEET)","year":"2009","author":"Porras P.","key":"e_1_2_1_22_2"},{"key":"e_1_2_1_23_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.comnet.2005.06.016"},{"key":"e_1_2_1_24_2","doi-asserted-by":"crossref","unstructured":"D. Wessels M. Fomenkov N. Brownlee and K. C. Claffy \"Measurements and Laboratory Simulations of the Upper DNS Hierarchy \" Passive and Active Measurement Conference (PAM) 2004.  D. Wessels M. Fomenkov N. Brownlee and K. C. Claffy \"Measurements and Laboratory Simulations of the Upper DNS Hierarchy \" Passive and Active Measurement Conference (PAM) 2004.","DOI":"10.1007\/978-3-540-24668-8_15"},{"key":"e_1_2_1_25_2","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2013.10"},{"key":"e_1_2_1_26_2","doi-asserted-by":"publisher","DOI":"10.1145\/1879141.1879148"}],"container-title":["ACM SIGCOMM Computer Communication Review"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3041027.3041032","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3041027.3041032","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T03:03:31Z","timestamp":1750215811000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3041027.3041032"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2017,1,17]]},"references-count":26,"journal-issue":{"issue":"1","published-print":{"date-parts":[[2017,1,17]]}},"alternative-id":["10.1145\/3041027.3041032"],"URL":"https:\/\/doi.org\/10.1145\/3041027.3041032","relation":{},"ISSN":["0146-4833"],"issn-type":[{"type":"print","value":"0146-4833"}],"subject":[],"published":{"date-parts":[[2017,1,17]]},"assertion":[{"value":"2017-01-17","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}