Ali Sadeghi Jahromi

Ali Sadeghi Jahromi, AbdelRahman Abdou, Paul C. van Oorschot

Since security was not among the original design goals of the Domain Name System (herein called Vanilla DNS), many secure DNS schemes have been proposed to enhance the security and privacy of the DNS resolution process. Some proposed schemes aim to replace the existing DNS infrastructure entirely, but none have succeeded in doing so. In parallel, numerous schemes focus on improving DNS security without modifying its fundamental two-stage structure. These efforts highlight the feasibility of addressing DNS security as two distinct but compatible stages. We survey DNS resolution process attacks and threats and develop a comprehensive threat model and attack taxonomy for their systematic categorization. This analysis results in the formulation of 14 desirable security, privacy, and availability properties to mitigate the identified threats. Using these properties, we develop an objective evaluation framework and apply it to comparatively analyze 12 secure DNS schemes surveyed in this work that aim to augment the properties of the DNS resolution process. Our evaluation reveals that no single scheme provides ideal protection across the entire resolution path. Instead, the schemes tend to address a subset of properties specific to individual stages. Since these schemes targeting different stages of DNS resolution are complementary and can operate together, combining compatible schemes offers a practical and effective approach to achieving comprehensive security in the DNS resolution process.

Ali Sadeghi Jahromi, Jason Jaskolka

Iran conducted two nationwide Internet shutdowns in January and March 2026, the latter ongoing at the time of writing and the longest documented Iranian disruption. Using a three-plane methodology combining passive Censys scan data, active TCP reachability probing from five vantage points, and BGP analysis across 33 RIPE RIS snapshots from 2019 to 2026, we show that the 2022 and 2026 shutdowns are enforced via forwarding-plane null-routing at a centralized border while BGP announcements remain stable, and that Iran shifted from partial BGP withdrawal in 2019 to pure null-routing by 2022. This control- and forwarding-plane decoupling prevents BGP-based outage monitors from detecting shutdowns. Active probing of 4,571 BGP-visible Iranian prefixes shows that 96.5 to 97.4% are null-routed across all vantage points, indicating a centrally coordinated mechanism. Passive scan analysis reveals a 3.7 times increase in visible hosts between shutdown events due to measurement artifacts rather than recovery, along with two structural exemptions: academic networks rise from 1.4 to 66.6% of visible hosts during partial recovery, and ArvanCloud CDN retains 99.7% visibility while other major operators drop by at least 77%.