Silence is not Golden: Disrupting the Load Balancing of Authoritative DNS Servers – ACM CCS 2023 Distinguished Paper Award

Recent news from the top security conference ACM CCS 2023 reports that a paper titled "Silence is not Golden: Disrupting the Load Balancing of Authoritative DNS Servers" authored by the Alibaba Cloud Infrastructure Network team and Tsinghua University’s NISL lab was accepted with a 19% acceptance rate (234/1222) and received the ACM CCS 2023 Distinguished Paper Award. ACM CCS is a CCF A‑class premier international conference.

The work, jointly conducted by Alibaba Cloud’s Infrastructure Network DNS team and Tsinghua University, investigates an abnormal phenomenon observed in large‑scale cloud DNS operations and discovers an attack that disrupts load balancing of authoritative DNS servers. The attack leverages the “silent” response policy of some authoritative servers—where they intentionally do not answer certain queries—to craft queries for specific domain names that influence the load‑balancing algorithms of mainstream recursive DNS software, thereby controlling traffic directed to authoritative servers. The attack impacts BIND9, PowerDNS, Microsoft DNS, affects 22.24% of popular FQDNs and 3.94% of popular TLDs, and targets multiple well‑known cloud DNS providers.

Caption: ACM CCS 2023 Distinguished Paper Award Certificate

Caption: Paper title and author team

Caption: CCS 2023 Distinguished Paper award ceremony

The Domain Name System (DNS) is a critical internet infrastructure that has become increasingly platform‑centric and centralized. Studies show that many web applications and services now rely on large third‑party Managed DNS platforms; 89% of the top 100,000 popular domains use public DNS services. To address security and stability challenges of cloud‑platform DNS, Alibaba Cloud and Tsinghua University signed a cooperation agreement titled “Cloud Platform DNS Security Research Special Project” at the Cloud Expo, launching in‑depth research on service quality, security threats, and software quality of platform‑type DNS infrastructure.

Click here to read the original paper details.