{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,28]],"date-time":"2026-04-28T01:09:12Z","timestamp":1777338552593,"version":"3.51.4"},"publisher-location":"New York, NY, USA","reference-count":45,"publisher":"ACM","license":[{"start":{"date-parts":[[2025,4,22]],"date-time":"2025-04-22T00:00:00Z","timestamp":1745280000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"name":"National Key R&D Program of China","award":["2022YFB3103000"],"award-info":[{"award-number":["2022YFB3103000"]}]},{"DOI":"10.13039\/https:\/\/doi.org\/10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["U20A20180"],"award-info":[{"award-number":["U20A20180"]}],"id":[{"id":"10.13039\/https:\/\/doi.org\/10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2025,4,28]]},"DOI":"10.1145\/3696410.3714834","type":"proceedings-article","created":{"date-parts":[[2025,4,22]],"date-time":"2025-04-22T22:52:18Z","timestamp":1745362338000},"page":"4745-4754","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":2,"title":["ODNS Clustering: Unveiling Client-Side Dependency in Open DNS Infrastructure"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0009-0003-2837-0724","authenticated-orcid":false,"given":"Wenhao","family":"Wu","sequence":"first","affiliation":[{"name":"Institute of Computing Technology, Chinese Academy of Sciences, Beijing, China and University of Chinese Academy of Sciences, Beijing, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-8733-4841","authenticated-orcid":false,"given":"Zhaohua","family":"Wang","sequence":"additional","affiliation":[{"name":"Computer Network Information Center, Chinese Academy of Sciences, Beijing, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0009-0003-1469-092X","authenticated-orcid":false,"given":"Qinxin","family":"Li","sequence":"additional","affiliation":[{"name":"Institute of Computing Technology, Chinese Academy of Sciences, Beijing, China and University of Chinese Academy of Sciences, Beijing, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0009-0009-9667-5240","authenticated-orcid":false,"given":"Zihan","family":"Li","sequence":"additional","affiliation":[{"name":"Institute of Computing Technology, Chinese Academy of Sciences, Beijing, China and University of Chinese Academy of Sciences, Beijing, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0009-0002-6020-493X","authenticated-orcid":false,"given":"Yi","family":"Li","sequence":"additional","affiliation":[{"name":"Computer Network Information Center, Chinese Academy of Sciences, Beijing, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0009-0003-8693-4639","authenticated-orcid":false,"given":"Jin","family":"Yan","sequence":"additional","affiliation":[{"name":"China Internet Network Information Center, Beijing, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-9959-1124","authenticated-orcid":false,"given":"Zhenyu","family":"Li","sequence":"additional","affiliation":[{"name":"Institute of Computing Technology, Chinese Academy of Sciences, Beijing, China and Zhongguancun Laboratory, Beijing, China"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2025,4,22]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"2017. Censys. https:\/\/search.censys.io\/."},{"key":"e_1_3_2_1_2_1","unstructured":"2019. Configuring IPv4 DNS. https:\/\/www.h3c.com\/en\/d_201905\/1178327_294551_0.htm."},{"key":"e_1_3_2_1_3_1","unstructured":"2024. Google public dns. https:\/\/developers.google.com\/speed\/public-dns."},{"key":"e_1_3_2_1_4_1","unstructured":"2024. IP Info. https:\/\/ipinfo.io."},{"key":"e_1_3_2_1_5_1","unstructured":"2024. ODNS-Clustering. https:\/\/github.com\/f-555\/ODNS_Clusting."},{"key":"e_1_3_2_1_6_1","unstructured":"2024. Public DNS server. https:\/\/www.publicdns.xyz\/."},{"key":"e_1_3_2_1_7_1","volume-title":"Proceedings of the Internet Measurement Conference","author":"Allman Mark","year":"2018","unstructured":"Mark Allman. 2018. Comments on DNS robustness. In Proceedings of the Internet Measurement Conference 2018. 84--90."},{"key":"e_1_3_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2013.10.001"},{"key":"e_1_3_2_1_11_1","volume-title":"Pieter-Tjerk De Boer, and Aiko Pras","author":"De Vries Wouter B","year":"2019","unstructured":"Wouter B De Vries, Roland van Rijswijk-Deij, Pieter-Tjerk De Boer, and Aiko Pras. 2019. Passive observations of a large DNS service: 2.5 years in the life of Google. IEEE transactions on network and service management 17, 1 (2019), 190--200."},{"key":"e_1_3_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.23919\/IFIPNetworking52078.2021.9472831"},{"key":"e_1_3_2_1_13_1","volume-title":"22nd ACM Conference on Computer and Communications Security.","author":"Durumeric Zakir","unstructured":"Zakir Durumeric, David Adrian, Ariana Mirian, Michael Bailey, and J. Alex Halderman. 2015. A Search Engine Backed by Internet-Wide Scanning. In 22nd ACM Conference on Computer and Communications Security."},{"key":"e_1_3_2_1_14_1","volume-title":"22nd USENIX Security Symposium (USENIX Security 13)","author":"Durumeric Zakir","year":"2013","unstructured":"Zakir Durumeric, Eric Wustrow, and J Alex Halderman. 2013. {ZMap}: Fast internet-wide scanning and its security applications. In 22nd USENIX Security Symposium (USENIX Security 13). 605--620."},{"key":"e_1_3_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.1109\/SPW.2019.00046"},{"key":"e_1_3_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.jnca.2018.03.008"},{"key":"e_1_3_2_1_17_1","volume-title":"Rep","author":"Grangeia Luis","year":"2004","unstructured":"Luis Grangeia. 2004. Dns cache snooping. Security Team--Beyond Security, Rep (2004)."},{"key":"e_1_3_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.1145\/3407023.3407051"},{"key":"e_1_3_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.1109\/SRDS53918.2021.00029"},{"key":"e_1_3_2_1_20_1","volume-title":"DNS resolver centrality. APNIC Blogpost 23","author":"Huston Geoff","year":"2019","unstructured":"Geoff Huston. 2019. DNS resolver centrality. APNIC Blogpost 23 (2019)."},{"key":"e_1_3_2_1_21_1","unstructured":"IPQS. 2024. Domain Reputation Report. https:\/\/www.ipqualityscore.com\/domain-reputation\/securesearchnow.com."},{"key":"e_1_3_2_1_22_1","first-page":"34","article-title":"A survey of domain name system vulnerabilities and attacks","volume":"1","author":"Kim Tae Hyun","year":"2020","unstructured":"Tae Hyun Kim and Douglas Reeves. 2020. A survey of domain name system vulnerabilities and attacks. Journal of Surveillance, Security and Safety 1, 1 (2020), 34--60.","journal-title":"Journal of Surveillance, Security and Safety"},{"key":"e_1_3_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1145\/2815675.2815683"},{"key":"e_1_3_2_1_24_1","volume-title":"32nd USENIX Security Symposium (USENIX Security 23)","author":"Li Xiang","year":"2023","unstructured":"Xiang Li, Chaoyi Lu, Baojun Liu, Qifan Zhang, Zhou Li, Haixin Duan, and Qi Li. 2023. The Maginot Line: Attacking the Boundary of {DNS} Caching Protection. In 32nd USENIX Security Symposium (USENIX Security 23). 3153--3170."},{"key":"e_1_3_2_1_25_1","unstructured":"Xiang Li Wei Xu Baojun Liu Mingming Zhang Zhou Li Jia Zhang Deliang Chang Xiaofeng Zheng Chuhan Wang Jianjun Chen et al. 2024. TuDoor Attack: Systematically Exploring and Exploiting Logic Vulnerabilities in DNS Response Pre-processing with Malformed Packets. In 2024 IEEE Symposium on Security and Privacy (SP). IEEE Computer Society 181--181."},{"key":"e_1_3_2_1_26_1","volume-title":"27th USENIX Security Symposium (USENIX Security 18)","author":"Liu Baojun","year":"2018","unstructured":"Baojun Liu, Chaoyi Lu, Haixin Duan, Ying Liu, Zhou Li, Shuang Hao, and Min Yang. 2018. Who is answering my queries: Understanding and characterizing interception of the {DNS} resolution path. In 27th USENIX Security Symposium (USENIX Security 18). 1113--1128."},{"key":"e_1_3_2_1_27_1","volume-title":"Egress Measurement For Open DNS Resolvers. In 2023 26th International Conference on Computer Supported Cooperative Work in Design (CSCWD). IEEE, 1544--1550","author":"Luo Meng","year":"2023","unstructured":"Meng Luo, Liling Xin, Yepeng Yao, Zhengwei Jiang, Qiuyun Wang, and Wenchang Shi. 2023. Who Are Querying For Me? Egress Measurement For Open DNS Resolvers. In 2023 26th International Conference on Computer Supported Cooperative Work in Design (CSCWD). IEEE, 1544--1550."},{"key":"e_1_3_2_1_28_1","unstructured":"Malwareurl. 2024. MalwareURL Domain Reputation Report. https:\/\/www.malwareurl.com\/listing.php?domain=securesearchnow.com."},{"key":"e_1_3_2_1_29_1","volume-title":"Proc. Passive and Active Measurement Conference (PAM). Virtual. 427--443","author":"McGregor Andrew","year":"2021","unstructured":"Andrew McGregor, Phillipa Gill, and Nicholas Weaver. 2021. Cache me outside: A new look at DNS cache probing. In Proc. Passive and Active Measurement Conference (PAM). Virtual. 427--443."},{"key":"e_1_3_2_1_30_1","doi-asserted-by":"publisher","DOI":"10.1109\/GLOBECOM54140.2023.10437073"},{"key":"e_1_3_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.1145\/3419394.3423625"},{"key":"e_1_3_2_1_32_1","doi-asserted-by":"publisher","DOI":"10.1145\/2987443.2987446"},{"key":"e_1_3_2_1_33_1","doi-asserted-by":"publisher","DOI":"10.1145\/3485983.3494872"},{"key":"e_1_3_2_1_34_1","doi-asserted-by":"publisher","DOI":"10.1109\/TNET.2021.3105599"},{"key":"e_1_3_2_1_35_1","doi-asserted-by":"publisher","DOI":"10.1109\/DSN.2019.00057"},{"key":"e_1_3_2_1_36_1","doi-asserted-by":"publisher","DOI":"10.1109\/SCAC.1995.523675"},{"key":"e_1_3_2_1_37_1","doi-asserted-by":"publisher","DOI":"10.1145\/3419394.3423640"},{"key":"e_1_3_2_1_38_1","doi-asserted-by":"publisher","DOI":"10.1145\/3487552.3487817"},{"key":"e_1_3_2_1_39_1","unstructured":"ANY RUN. 2024. Malware analysis. https:\/\/any.run\/report\/ca08f9ead3849aeeef7e730b94a105d2846569dadd930d33e5757ba257faa017\/011bbda2--880d-48e0--894b-110ee31c3fc6."},{"key":"e_1_3_2_1_40_1","volume-title":"On the use of anycast in DNS. ACM sigmetrics performance evaluation review 33, 1","author":"Sarat Sandeep","year":"2005","unstructured":"Sandeep Sarat, Vasileios Pappas, and Andreas Terzis. 2005. On the use of anycast in DNS. ACM sigmetrics performance evaluation review 33, 1 (2005), 394--395."},{"key":"e_1_3_2_1_41_1","doi-asserted-by":"publisher","DOI":"10.1145\/2504730.2504734"},{"key":"e_1_3_2_1_42_1","doi-asserted-by":"publisher","DOI":"10.1109\/INFCOM.2001.916678"},{"key":"e_1_3_2_1_43_1","first-page":"17","article-title":"Untangling the Web from DNS","volume":"4","author":"Walfish Michael","year":"2004","unstructured":"Michael Walfish, Hari Balakrishnan, and Scott Shenker. 2004. Untangling the Web from DNS.. In NSDI, Vol. 4. 17--17.","journal-title":"NSDI"},{"key":"e_1_3_2_1_44_1","doi-asserted-by":"publisher","DOI":"10.3390\/app13095739"},{"key":"e_1_3_2_1_45_1","doi-asserted-by":"publisher","DOI":"10.1145\/3576915.3616668"},{"key":"e_1_3_2_1_46_1","volume-title":"33rd USENIX Security Symposium (USENIX Security 24)","author":"Zhang Yunyi","year":"2024","unstructured":"Yunyi Zhang, Mingming Zhang, Baojun Liu, Zhan Liu, Jia Zhang, Haixin Duan, Min Zhang, Fan Shi, and Chengxi Xu. 2024. Cross the Zone: Toward a Covert Domain Hijacking via Shared {DNS} Infrastructure. In 33rd USENIX Security Symposium (USENIX Security 24). 5751--5768."},{"key":"e_1_3_2_1_47_1","volume-title":"29th USENIX Security Symposium (USENIX Security 20)","author":"Zheng Xiaofeng","year":"2020","unstructured":"Xiaofeng Zheng, Chaoyi Lu, Jian Peng, Qiushi Yang, Dongjie Zhou, Baojun Liu, Keyu Man, Shuang Hao, Haixin Duan, and Zhiyun Qian. 2020. Poison over troubled forwarders: A cache poisoning attack targeting {DNS} forwarding devices. In 29th USENIX Security Symposium (USENIX Security 20). 577--593."}],"event":{"name":"WWW '25: The ACM Web Conference 2025","location":"Sydney NSW Australia","acronym":"WWW '25","sponsor":["SIGWEB ACM Special Interest Group on Hypertext, Hypermedia, and Web"]},"container-title":["Proceedings of the ACM on Web Conference 2025"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3696410.3714834","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3696410.3714834","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,19]],"date-time":"2025-06-19T01:18:42Z","timestamp":1750295922000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3696410.3714834"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,4,22]]},"references-count":45,"alternative-id":["10.1145\/3696410.3714834","10.1145\/3696410"],"URL":"https:\/\/doi.org\/10.1145\/3696410.3714834","relation":{},"subject":[],"published":{"date-parts":[[2025,4,22]]},"assertion":[{"value":"2025-04-22","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}