Sie haben Javascript deaktiviert!
Sie haben versucht eine Funktion zu nutzen, die nur mit Javascript möglich ist. Um sämtliche Funktionalitäten unserer Internetseite zu nutzen, aktivieren Sie bitte Javascript in Ihrem Browser.

Info-Icon This content is not available in English
Studierende in den Seminarräumen des O-Gebäudes, Foto: Universität Paderborn, Fotografin: Judith Kraft Show image information

Studierende in den Seminarräumen des O-Gebäudes, Foto: Universität Paderborn, Fotografin: Judith Kraft

Analyzing the DNS Ecosystem

Currently blocked by another student

DNS is widely used to translate human readable domain names to IP addresses. However, this is not the only use case for DNS, as there are more record types than just addresses (A, AAAA, MX). It is also possible to store security related information within a DNS record. This can include simple information, for example which CAs are allowed to issue certificates for this domain (CAA) but can also include whole certificates (CERT) or keys (DNSKEY, IPSECKEY, OPENPGPKEY, SSHFP). Additionally, TXT records are used for various data for which no dedicated type exists. These can be used to verify ownership of a domain name (c.f. ACME DNS Challenge) or to store further security related information (e.g. SPF, ESNI).

The goal of this thesis is to analyze which security related records are used in the DNS ecosystem. It should be analyzed whether the existing records are configured correctly and securely, as well as categorizing misconfigurations. Furthermore, it should be analyzed whether there are furhter records containing information which may not be intended for the public.

Another challenge of this work is iterating the existing domains. There exist no list of all domains and due to their arbitrary nature they cannot be simply iterated like IPv4. However, CT logs, git commits, or web crawling can be used to find domains to analyze.

Suggested DNS records to analyze:

  • RRSIG, DNSKEY, DS (dnssec)
  • CERT
  • OPENPGPKEY (requires emails)
  • TXT: (in general,) SPF, DKIM, ESNI


  • Good programming skills
  • Basic experience in analyzing large data sets
  • Basic knowledge of DNS
  • Basic knowledge of cryptography
Further information:

The University for the Information Society