{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,28]],"date-time":"2026-04-28T02:18:45Z","timestamp":1777342725503,"version":"3.51.4"},"publisher-location":"New York, NY, USA","reference-count":72,"publisher":"ACM","license":[{"start":{"date-parts":[[2020,10,27]],"date-time":"2020-10-27T00:00:00Z","timestamp":1603756800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"DOI":"10.13039\/501100004801","name":"National Science Foundation","doi-asserted-by":"publisher","award":["CNS-1705050, CNS-1629973"],"award-info":[{"award-number":["CNS-1705050, CNS-1629973"]}],"id":[{"id":"10.13039\/501100004801","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/100000180","name":"U.S. Department of Homeland Security","doi-asserted-by":"publisher","award":["AFRL-FA8750-18-2-0087"],"award-info":[{"award-number":["AFRL-FA8750-18-2-0087"]}],"id":[{"id":"10.13039\/100000180","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2020,10,27]]},"DOI":"10.1145\/3419394.3423640","type":"proceedings-article","created":{"date-parts":[[2020,10,22]],"date-time":"2020-10-22T20:30:22Z","timestamp":1603398622000},"page":"50-64","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":32,"title":["Trufflehunter"],"prefix":"10.1145","author":[{"given":"Audrey","family":"Randall","sequence":"first","affiliation":[{"name":"UC San Diego"}]},{"given":"Enze","family":"Liu","sequence":"additional","affiliation":[{"name":"UC San Diego"}]},{"given":"Gautam","family":"Akiwate","sequence":"additional","affiliation":[{"name":"UC San Diego"}]},{"given":"Ramakrishna","family":"Padmanabhan","sequence":"additional","affiliation":[{"name":"CAIDA, UC San Diego"}]},{"given":"Geoffrey M.","family":"Voelker","sequence":"additional","affiliation":[{"name":"UC San Diego"}]},{"given":"Stefan","family":"Savage","sequence":"additional","affiliation":[{"name":"UC San Diego"}]},{"given":"Aaron","family":"Schulman","sequence":"additional","affiliation":[{"name":"UC San Diego"}]}],"member":"320","published-online":{"date-parts":[[2020,10,27]]},"reference":[{"key":"e_1_3_2_2_1_1","doi-asserted-by":"publisher","DOI":"10.1145\/1177080.1177086"},{"key":"e_1_3_2_2_2_1","doi-asserted-by":"publisher","DOI":"10.1145\/1879141.1879144"},{"key":"e_1_3_2_2_3_1","volume-title":"Pro Dns and BIND 10","author":"Aitchison Ron","unstructured":"Ron Aitchison. 2011. Pro Dns and BIND 10. Apress."},{"key":"e_1_3_2_2_4_1","doi-asserted-by":"publisher","DOI":"10.1145\/1367798.1367813"},{"key":"e_1_3_2_2_5_1","doi-asserted-by":"publisher","DOI":"10.1145\/3355369.3355586"},{"key":"e_1_3_2_2_6_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-76481-8_11"},{"key":"e_1_3_2_2_7_1","volume-title":"Proc. IEEE Conference on Computer Communications (INFOCOM).","author":"Alharbi Fatemah","unstructured":"Fatemah Alharbi, Jie Chang, Yuchen Zhou, Feng Qian, Zhiyun Qian, and Nael B. Abu-Ghazaleh. 2019. Collaborative Client-Side DNS Cache Poisoning Attack. In Proc. IEEE Conference on Computer Communications (INFOCOM)."},{"key":"e_1_3_2_2_8_1","doi-asserted-by":"crossref","unstructured":"Marc Blanchet and Lars-Johan Liman. 2015. RFC 7720: DNS Root Name Service Protocol and Deployment Requirements.","DOI":"10.17487\/RFC7720"},{"key":"e_1_3_2_2_9_1","unstructured":"CAIDA. 2020. Archipelago (Ark) Measurement Infrastructure. https:\/\/www.caida.org\/projects\/ark\/"},{"key":"e_1_3_2_2_10_1","doi-asserted-by":"publisher","DOI":"10.1145\/2815675.2815717"},{"key":"e_1_3_2_2_11_1","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2019.2950325"},{"key":"e_1_3_2_2_12_1","volume-title":"A Day at the Root of the Internet. ACM Computer Communication Review (CCR)","author":"Castro Sebastian","year":"2008","unstructured":"Sebastian Castro, Duane Wessels, Marina Fomenkov, and Kimberly Claffy. 2008. A Day at the Root of the Internet. ACM Computer Communication Review (CCR) (2008), 41--46."},{"key":"e_1_3_2_2_13_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2018.00061"},{"key":"e_1_3_2_2_14_1","doi-asserted-by":"publisher","DOI":"10.1145\/2785956.2787500"},{"key":"e_1_3_2_2_15_1","volume-title":"Proc. International Plagiarism Conference.","author":"Clarke Robert","year":"2006","unstructured":"Robert Clarke and Thomas Lancaster. 2006. Eliminating the successor to plagiarism? Identifying the usage of contract cheating sites. In Proc. International Plagiarism Conference."},{"key":"e_1_3_2_2_16_1","volume-title":"Proc. Network and Distributed Systems Security (NDSS) Symposium.","author":"Dagon David","year":"2008","unstructured":"David Dagon, Niels Provos, Christopher P. Lee, and Wenke Lee. 2008. Corrupted DNS Resolution Paths: The Rise of a Malicious Resolution Authority. In Proc. Network and Distributed Systems Security (NDSS) Symposium."},{"key":"e_1_3_2_2_17_1","doi-asserted-by":"crossref","unstructured":"Wouter B. de Vries Roland van Rijswijk-Deij Pieter-Tjerk de Boer and Aiko Pras. 2019. Passive Observations of a Large DNS Service: 2.5 Years in the Life of Google. (2019) 190--200.","DOI":"10.1109\/TNSM.2019.2936031"},{"key":"e_1_3_2_2_18_1","unstructured":"Selena Deckelmann. 2020. Firefox continues push to bring DNS over HTTPS by default for US users. https:\/\/blog.mozilla.org\/blog\/2020\/02\/25\/firefox-continues-push-to-bring-dns-over-https-by-default-for-us-users\/"},{"key":"e_1_3_2_2_19_1","volume-title":"Performance: How Long Does a Second Actually Last? https:\/\/dzone.com\/articles\/performance-how-long-does","author":"Denis Frank","year":"2012","unstructured":"Frank Denis. 2012. Performance: How Long Does a Second Actually Last? https:\/\/dzone.com\/articles\/performance-how-long-does"},{"key":"e_1_3_2_2_20_1","doi-asserted-by":"publisher","DOI":"10.1109\/SPW.2019.00046"},{"key":"e_1_3_2_2_21_1","unstructured":"Rom Feria. [n.d.]. Hiding from Data Collectors. https:\/\/rom.feria.name\/hiding-from-data-collectors-9485dcb93b22."},{"key":"e_1_3_2_2_22_1","doi-asserted-by":"publisher","DOI":"10.1145\/3359304"},{"key":"e_1_3_2_2_23_1","unstructured":"Google. 2018. Google Public DNS: Performance Benefits. https:\/\/developers.google.com\/speed\/public-dns\/docs\/performance?hl=zh-cn"},{"key":"e_1_3_2_2_24_1","unstructured":"Google. 2020. Google Public DNS FAQ. https:\/\/developers.google.com\/speed\/public-dns\/faq#isp"},{"key":"e_1_3_2_2_25_1","unstructured":"Luis Grangeia. 2004. DNS Cache Snooping or Snooping the Cache for Fun and Profit. Technical Report. Securi Team-Beyond Security."},{"key":"e_1_3_2_2_26_1","unstructured":"Yunhong Gu. 2014. Google Public DNS and Location-Sensitive DNS Responses. https:\/\/webmasters.googleblog.com\/2014\/12\/google-public-dns-and-location.html."},{"key":"e_1_3_2_2_27_1","unstructured":"\u00d3lafur Gu\u00f0mundsson. [n.d.]. Introducing DNS Resolver 1.1.1.1 (not a joke). https:\/\/blog.cloudflare.com\/dns-resolver-1-1-1-1\/."},{"key":"e_1_3_2_2_28_1","volume-title":"Proc. USENIX Security.","author":"Havron Sam","year":"2019","unstructured":"Sam Havron, Diana Freed, Rahul Chatterjee, Damon McCoy, Nicola Dell, and Thomas Ristenpart. 2019. Clinical Computer Security for Victims of Intimate Partner Violence. In Proc. USENIX Security."},{"key":"e_1_3_2_2_29_1","doi-asserted-by":"publisher","DOI":"10.1109\/CNS.2013.6682711"},{"key":"e_1_3_2_2_30_1","unstructured":"Michael Horowitz. 2007. OpenDNS provides added safety for free. https:\/\/www.cnet.com\/news\/opendns-provides-added-safety-for-free\/"},{"key":"e_1_3_2_2_31_1","unstructured":"joenathanone. 2017. Hacker News forum: Quad9 location request. https:\/\/news.ycombinator.com\/item?id=15712940"},{"key":"e_1_3_2_2_32_1","volume-title":"Proc. IEEE Conference on Computer Communications (INFOCOM).","author":"Jung Jaeyeon","year":"2003","unstructured":"Jaeyeon Jung, Arthur W. Berger, and Hari Balakrishnan. 2003. Modelling TTL-based Internet Caches. In Proc. IEEE Conference on Computer Communications (INFOCOM)."},{"key":"e_1_3_2_2_33_1","doi-asserted-by":"publisher","DOI":"10.1145\/510726.510748"},{"key":"e_1_3_2_2_34_1","doi-asserted-by":"publisher","DOI":"10.1145\/2815675.2815683"},{"key":"e_1_3_2_2_35_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2019.23186"},{"key":"e_1_3_2_2_36_1","doi-asserted-by":"publisher","DOI":"10.1109\/DSN.2017.63"},{"key":"e_1_3_2_2_37_1","unstructured":"Ignat Korchagin and Lennart Poettering. 2019. Git commit: resolved: use Cloudflare public DNS server as a default fallback. https:\/\/github.com\/systemd\/systemd\/commit\/def3c7c791e7918a889c2b93dee039ab77b3a523"},{"key":"e_1_3_2_2_38_1","volume-title":"Contract Cheating: The Outsourcing of Assessed Student Work.","author":"Lancaster Thomas","year":"2015","unstructured":"Thomas Lancaster and Robert Clarke. 2015. Contract Cheating: The Outsourcing of Assessed Student Work."},{"key":"e_1_3_2_2_39_1","unstructured":"Abner Li. 2018. Googles Public DNS turns '8.8.8.8 years old' teases 'exciting' future announcements. https:\/\/9to5google.com\/2018\/08\/13\/google-public-dns-8-8-8-8-years-future-announcements\/."},{"key":"e_1_3_2_2_40_1","unstructured":"Owen Lystrup. 2020. OpenDNS Enforces Threat Intelligence at the Speed of Automatic. https:\/\/umbrella.cisco.com\/blog\/opendns-custom-api-operationalizes-threat-intelligence"},{"key":"e_1_3_2_2_41_1","unstructured":"Internet Archive Wayback Machine. 2018. Mobile Spy App for Personal Catch Cheating Spouses. https:\/\/web.archive.org\/web\/20180216084527\/http:\/\/hellospy.com\/hellospy-for-personal-catch-cheating-spouses.aspx?lang=en-US"},{"key":"e_1_3_2_2_42_1","unstructured":"Internet Archive Wayback Machine. 2020. Catch Cheating Spouses With TheTruth-Spy. https:\/\/web.archive.org\/web\/20200523174940\/https:\/\/thetruthspy.com\/catch-cheating-spouses-with-thetruthspy\/"},{"key":"e_1_3_2_2_43_1","unstructured":"Linux Programmers Manual. 2020. GetHostByName - Linux manual page. https:\/\/www.man7.org\/linux\/man-pages\/man3\/gethostbyname_r.3.html"},{"key":"e_1_3_2_2_44_1","volume-title":"Proc. USENIX Annual Technical Conference.","author":"Mao Zhuoqing Morley","year":"2002","unstructured":"Zhuoqing Morley Mao, Charles D. Cranor, Fred Douglis, Michael Rabinovich, Oliver Spatscheck, and Jia Wang. 2002. A Precise and Efficient Evaluation of the Proximity Between Web Clients and Their Local DNS Servers. In Proc. USENIX Annual Technical Conference."},{"key":"e_1_3_2_2_45_1","unstructured":"Xavier Mertens. 2017. Systemd Could Fallback to Google DNS? https:\/\/isc.sans.edu\/forums\/diary\/Systemd+Could+Fallback+to+Google+DNS\/22516\/"},{"key":"e_1_3_2_2_46_1","doi-asserted-by":"publisher","DOI":"10.1145\/3308558.3313489"},{"key":"e_1_3_2_2_47_1","unstructured":"Paul V. Mockapetris. 2020. Domain Names - Implementation and Specification. https:\/\/tools.ietf.org\/html\/rfc1035"},{"key":"e_1_3_2_2_48_1","doi-asserted-by":"publisher","DOI":"10.1145\/3355369.3355568"},{"key":"e_1_3_2_2_49_1","doi-asserted-by":"publisher","DOI":"10.1145\/3278532.3278534"},{"key":"e_1_3_2_2_50_1","unstructured":"Yu Ng. 2014. In the World of DNS Cache is King. https:\/\/blog.catchpoint.com\/2014\/07\/15\/world-dns-cache-king\/"},{"key":"e_1_3_2_2_51_1","unstructured":"NLNet Labs. 2020. Unbound configuration file. https:\/\/nlnetlabs.nl\/documentation\/unbound\/unbound.conf\/"},{"key":"e_1_3_2_2_52_1","volume-title":"FAQ: Why did Cisco buy Open DNS? https:\/\/www.opendns.com\/cisco-opendns\/","author":"DNS.","year":"2015","unstructured":"OpenDNS. 2015. FAQ: Why did Cisco buy Open DNS? https:\/\/www.opendns.com\/cisco-opendns\/"},{"key":"e_1_3_2_2_53_1","volume-title":"Proc. ACM Internet Measurement Conference (IMC).","author":"Otto John S.","unstructured":"John S. Otto, Mario A. S\u00e1nchez, John P. Rula, and Fabi\u00e1n E. Bustamante. 2012. Content Delivery and the Natural Evolution of DNS: Remote DNS Trends, Performance Issues and Alternative Solutions. In Proc. ACM Internet Measurement Conference (IMC)."},{"key":"e_1_3_2_2_54_1","volume-title":"Proc. ACM Internet Measurement Conference (IMC).","author":"Pitsillidis Andreas","year":"2012","unstructured":"Andreas Pitsillidis, Chris Kanich, Geoffrey M. Voelker, Kirill Levchenko, and Stefan Savage. 2012. Tasters Choice: A Comparative Analysis of Spam Feeds. In Proc. ACM Internet Measurement Conference (IMC)."},{"key":"e_1_3_2_2_55_1","unstructured":"Quad9. 2018. Quad9 Enabled Across New York City Guest and Public WiFi. https:\/\/www.quad9.net\/quad9-enabled-across-new-york-city-guest-and-public-wifi\/"},{"key":"e_1_3_2_2_56_1","unstructured":"Quad9. 2020. Quad9: Internet Security And Privacy In a Few Easy Steps. https:\/\/www.quad9.net"},{"key":"e_1_3_2_2_57_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-68914-0_2"},{"key":"e_1_3_2_2_58_1","volume-title":"Proc. USENIX Workshop on Hot Topics in Understanding Botnets.","author":"Rajab Moheeb Abu","year":"2007","unstructured":"Moheeb Abu Rajab, Jay Zarfoss, Fabian Monrose, and Andreas Terzis. 2007. My Botnet Is Bigger Than Yours (Maybe, Better Than Yours): Why Size Estimates Remain Challenging. In Proc. USENIX Workshop on Hot Topics in Understanding Botnets."},{"key":"e_1_3_2_2_59_1","unstructured":"Tarcan Turgut Rohprimardho and Roland M. van Rijswijk-Deij. 2015. Peeling the Google DNS Onion. Technical Report."},{"key":"e_1_3_2_2_60_1","unstructured":"root-servers.org. 2020. Root Server Technical Operations Association homepage. https:\/\/root-servers.org\/"},{"key":"e_1_3_2_2_61_1","unstructured":"Chris Scharff. 2018. Have problems with 1.1.1.1? *Read Me First*. https:\/\/community.cloudflare.com\/t\/have-problems-with-1-1-1-1-read-me-first\/15902"},{"key":"e_1_3_2_2_62_1","doi-asserted-by":"publisher","DOI":"10.1145\/2504730.2504734"},{"key":"e_1_3_2_2_63_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-04918-2_21"},{"key":"e_1_3_2_2_64_1","doi-asserted-by":"publisher","DOI":"10.1145\/3342280.3342338"},{"key":"e_1_3_2_2_65_1","unstructured":"Redhat Customer Solutions. 2017. systemd-resolved falls back to Google public DNS servers. https:\/\/access.redhat.com\/solutions\/3083631"},{"key":"e_1_3_2_2_66_1","volume-title":"Proc. International Conference on Security and Privacy in Communication Systems (SECURECOMM).","author":"Son Sooel","year":"2010","unstructured":"Sooel Son and Vitaly Shmatikov. 2010. The Hitchhikers Guide to DNS Cache Poisoning. In Proc. International Conference on Security and Privacy in Communication Systems (SECURECOMM)."},{"key":"e_1_3_2_2_67_1","volume-title":"Ripe Atlas: A Global Internet Measurement Network. Internet Protocol Journal","author":"Staff RIPE NCC","year":"2015","unstructured":"RIPE NCC Staff. 2015. Ripe Atlas: A Global Internet Measurement Network. Internet Protocol Journal (2015)."},{"key":"e_1_3_2_2_68_1","doi-asserted-by":"publisher","DOI":"10.1145\/3278532.3278569"},{"key":"e_1_3_2_2_69_1","doi-asserted-by":"publisher","DOI":"10.1007\/s10805-012-9150-y"},{"key":"e_1_3_2_2_70_1","volume-title":"Proc. USENIX Workshop on Steps to Reducing Unwanted Traffic on the Internet (SRUTI).","author":"Wang Yi-Min","year":"2006","unstructured":"Yi-Min Wang, Doug Beck, Jeffrey Wang, Chad Verbowski, and Brad Daniels. 2006. Strider Typo-Patrol: Discovery and Analysis of Systematic Typo-Squatting. In Proc. USENIX Workshop on Steps to Reducing Unwanted Traffic on the Internet (SRUTI)."},{"key":"e_1_3_2_2_71_1","volume-title":"Proc. Workshop on Securing and Trusting Internet Names (SATIN).","author":"Weaver Nicholas","year":"2011","unstructured":"Nicholas Weaver, Christian Kreibich, Boris Nechaev, and Vern Paxson. 2011. Implications of Netalyzrs DNS Measurements. In Proc. Workshop on Securing and Trusting Internet Names (SATIN)."},{"key":"e_1_3_2_2_72_1","doi-asserted-by":"publisher","DOI":"10.1145\/948205.948216"}],"event":{"name":"IMC '20: ACM Internet Measurement Conference","location":"Virtual Event USA","acronym":"IMC '20","sponsor":["SIGCOMM ACM Special Interest Group on Data Communication","SIGMETRICS ACM Special Interest Group on Measurement and Evaluation"]},"container-title":["Proceedings of the ACM Internet Measurement Conference"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3419394.3423640","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3419394.3423640","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,12,15]],"date-time":"2025-12-15T23:36:08Z","timestamp":1765841768000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3419394.3423640"}},"subtitle":["Cache Snooping Rare Domains at Large Public DNS Resolvers"],"short-title":[],"issued":{"date-parts":[[2020,10,27]]},"references-count":72,"alternative-id":["10.1145\/3419394.3423640","10.1145\/3419394"],"URL":"https:\/\/doi.org\/10.1145\/3419394.3423640","relation":{},"subject":[],"published":{"date-parts":[[2020,10,27]]},"assertion":[{"value":"2020-10-27","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}