CAREER: Debugging the Fragmented DNS Infrastructure at Scale


Domain Name System (DNS) is one of the most critical Internet infrastructures. It underpins nearly every Internet activity, translating user-friendly names like to computer-friendly IP addresses. Though designed as a highly reliable infrastructure in its blueprint, DNS failures are not rare, sometimes even leading to the network outage of a country. Debugging DNS failures is undoubtedly important but also challenging. Though DNS can be seen as a distributed system, it is open-ended and fragmented, containing numerous service providers and being interfered by powerful network adversaries. Though the basic logic of DNS is conceptually simple, its implementation is highly customized on the client-side devices and DNS bugs can be caused by the complex interactions between code and non-code resources. These unique settings make DNS failures and bugs complex and difficult to be diagnosed. This project is to develop novel platforms, techniques, and tools to enable holistic debugging for the DNS Infrastructure, through two research thrusts: debugging DNS failures at the network layer, and debugging client-side DNS bugs at the software layer.


  • Zhou Li. PI on this project, project leader and professor (UCI EECS).
  • Joann Qiongna Chen. Ph.D. Student Researcher (UCI EECS).
  • Qifan Zhang. Ph.D. Student Researcher (UCI EECS).
  • Xuesong Bai. M.S. Student Researcher (UCI EECS).
  • Xiang Li. Project Specialist (UCI EECS).
  • Xianran Liao. Undergraduate Student Researcher (UCI EECS).


  • [Security’23a] Xiang Li, Chaoyi Lu, Baojun Liu, Qifan Zhang, Zhou Li, Haixin Duan and Qi Li.The Maginot Line: Attacking the Boundary of DNS Caching Protection. Accepted by the 32nd USENIX Security Symposium, August, 2023.
  • [NDSS’23] Xiang Li, Baojun Liu, Xuesong Bai, Mingming Zhang, Qifan Zhang, Zhou Li, Haixin Duan and Qi Li.Ghost Domain Reloaded: Vulnerable Links in Domain Name Delegation and Revocation. In Proceedings of the 30th Annual Network and Distributed System Security Symposium, February, 2023.
  • [ACCESS] Xianran Liao, Jiacen Xu, Qifan Zhang and Zhou Li.A Comprehensive Study of DNS Operational Issues by Mining DNS Forums. In IEEE Access, 2022.
  • [EuroS&P'22] Deliang Chang*, Joann Qiongna Chen*, Zhou Li and Xing Li. Hide and Seek: Revisiting DNS-based User Tracking. In Proceedings of the 7th IEEE European Symposium on Security and Privacy, June, 2022.
  • [CCS'21a] Tianhao Wang, Joann Qiongna Chen, Zhikun Zhang, Dong Su, Yueqiang Cheng, Zhou Li, Ninghui Li, and Somesh Jha. Continuous Release of Data Streams under both Centralized and Local Differential Privacy. In Proceedings of the 28th ACM Conference on Computer and Communications Security, virtual, November, 2021.
  • [SRDS'21] Rebekah Houser, Shuai Hao, Zhou Li, Daiping Liu, Chase Cotton, and Haining Wang. A Comprehensive Measurement-based Investigation of DNS Hijacking. In Proceedings of the 40th International Symposium on Reliable Distributed Systems, virtual, September, 2021.
  • Talks

  • "Phoenix Domain Attack: Vulnerable Links in Domain Name Delegation and Revocation" at Blackhat Asia 2023, Singapore, May 2023.
  • "DNS-based User Tracking (Attacks and Defenses)" at DNS and Internet Naming Research Directions 2023, virtual, Feb. 2023.
  • "The Phoenix Domain attack" at ICANN DNS Symposium, Nov. 2022.
  • "Ghost Domain Reloaded: Vulnerable Links in Domain Name Delegation and Revocation" at OARC 39 & 47th CENTR Technical Workshop, Serbia, Oct. 2022.
  • "A Measurement-based Investigation of DNS Hijacking" at DNS and Internet Naming Research Directions 2021, virtual, Nov. 2021 and DNS-OARC 36 Workshop, virtual, Nov. 2021.
  • "Debugging the Fragmented DNS Infrastructure at Scale" at USC CS, Mar. 2023, TAMU CSE, Feb. 2023, and UCLA ECE 209AS, Feb. 2023.
  • Software and Datasets

  • Code and dataset for [ACCESS]
  • Code and dataset for [CCS'21a], including DNS
  • Code and dataset for [EuroS&P'22]
  • Outreach

  • Content about DNS bugs was integrated into the curriculum of UCI courses: EECS 148/COMPSCI 132 (Intro to Computer Networks), EECS 121 (System Security) and EECS 231 (Advanced System Security).