pith. sign in

arxiv: 2512.13946 · v2 · submitted 2025-12-15 · 💻 cs.NI

Assessing Resilience in Authoritative DNS Infrastructure Supporting Government Services

Pith reviewed 2026-05-16 21:26 UTC · model grok-4.3

classification 💻 cs.NI
keywords authoritative DNSresilience assessmentgovernment servicesDNS infrastructurescoring frameworkoperational resiliencecross-domain comparisoninfrastructure levels
0
0 comments X

The pith

A scoring framework evaluates the resilience of authoritative DNS infrastructure for government services by assigning numerical values to attributes at four hierarchical levels and aggregating them for comparisons.

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

The paper introduces a framework to systematically assess the operational resilience of authoritative DNS infrastructure that supports government online services. It defines a multi-sourced data schema that describes each domain across four hierarchical levels and isolates resilience attributes within three operational phases. Numerical scores are assigned to the attributes and then combined through an algorithmic process. The approach produces comparable results across domains and countries, exposing specific infrastructure strengths and areas needing operational improvement.

Core claim

We introduce a comprehensive assessment framework with purpose-designed mechanisms to systematically evaluate the operational resilience of authoritative DNS infrastructure supporting government services. Our first contribution develops a multi-sourced data schema that characterizes a domain's authoritative DNS infrastructure across four hierarchical levels. Using data from six countries, our second contribution identifies resilience attributes at their finest hierarchy across three operational phases, assigns numerical scores to each attribute, and aggregates them algorithmically to enable consistent and cross-domain comparisons.

What carries the argument

The multi-sourced data schema characterizing authoritative DNS infrastructure across four hierarchical levels (physical hosting infrastructure, server functionality, name servers, and individual hosting instances), together with numerical scoring and algorithmic aggregation of resilience attributes identified in three operational phases.

If this is right

  • Resilience comparisons become feasible across different government domains and countries using a single numerical scale.
  • Specific operational practices in infrastructure placement, configuration, and record dispatch can be isolated for targeted fixes.
  • The framework supplies a holistic view that complements existing studies focused on website hosting and recursive resolution.
  • Pinpointed weaknesses can guide infrastructure upgrades to reduce the risk of service disruptions.

Where Pith is reading between the lines

These are editorial extensions of the paper, not claims the author makes directly.

  • National agencies could adopt the scoring method as a benchmark when auditing or procuring DNS services.
  • Periodic re-application of the framework could track whether resilience improves after policy or technical changes.
  • The same attribute hierarchy might be tested on non-government critical services such as health or finance domains.

Load-bearing premise

The multi-sourced data accurately reflects real infrastructure states and the selected attributes and scoring rules meaningfully capture operational resilience.

What would settle it

A documented outage or sustained performance failure in a government domain that the framework scores as highly resilient, or the absence of issues in a domain scored as low-resilience.

Figures

Figures reproduced from arXiv: 2512.13946 by Agung Septiadi, Hassan Habibi Gharakheili, Minzhao Lyu, Vijay Sivaraman.

Figure 1
Figure 1. Figure 1: A simplified view of the authoritative DNS infrastructure for a domain and its role in resolving and [PITH_FULL_IMAGE:figures/full_fig_p004_1.png] view at source ↗
Figure 2
Figure 2. Figure 2: Our structured data schema (the left region in gray) integrating DNS resource records, IP registration data, and IP operational information to represent the resilience-relevant attributes of authoritative DNS infrastructure for a government domain. components (rectangular boxes in [PITH_FULL_IMAGE:figures/full_fig_p006_2.png] view at source ↗
Figure 3
Figure 3. Figure 3: Hosting-organization categories for (a) primary and (b) authoritative name servers supporting [PITH_FULL_IMAGE:figures/full_fig_p008_3.png] view at source ↗
Figure 4
Figure 4. Figure 4: Overview of operational practices in (a) primary and (b) authoritative name servers of Australian [PITH_FULL_IMAGE:figures/full_fig_p009_4.png] view at source ↗
Figure 5
Figure 5. Figure 5: Operational practices in the DNS record-dispatch phase [PITH_FULL_IMAGE:figures/full_fig_p010_5.png] view at source ↗
Figure 6
Figure 6. Figure 6: Attributes used to characterize the network operational resilience of an authoritative DNS infras [PITH_FULL_IMAGE:figures/full_fig_p011_6.png] view at source ↗
Figure 7
Figure 7. Figure 7: Exponential saturation function used to assign [PITH_FULL_IMAGE:figures/full_fig_p013_7.png] view at source ↗
Figure 8
Figure 8. Figure 8: Authoritative DNS resilience scores for government domain names in the six studied countries across: [PITH_FULL_IMAGE:figures/full_fig_p016_8.png] view at source ↗
Figure 9
Figure 9. Figure 9: Resilience heatmaps for authoritative DNS infrastructures supporting government domains in (a) [PITH_FULL_IMAGE:figures/full_fig_p017_9.png] view at source ↗
Figure 10
Figure 10. Figure 10: Resilience heatmaps for authoritative DNS infrastructures supporting government domain names in [PITH_FULL_IMAGE:figures/full_fig_p018_10.png] view at source ↗
Figure 11
Figure 11. Figure 11: Overview of our assessment pipeline for evaluating the operational resilience of authoritative DNS [PITH_FULL_IMAGE:figures/full_fig_p024_11.png] view at source ↗
Figure 12
Figure 12. Figure 12: Simulation of the best-score-dominant strategy in Algorithm 1, showing aggregated outcomes for 𝑠𝑎,ℎ+1,𝑏𝑎𝑠𝑒 set to: (a) 5, (b) 4, (c) 3, (d) 2, and (e) 1. Each subfigure shows boundary cases with one best-scoring instance and all remaining instances sharing the same lower score. with scores worse than the best score should never reduce the aggregated value by more than a single step Δ𝐷 = 1. This property i… view at source ↗
Figure 13
Figure 13. Figure 13: Simulation of the worst-score-dominant strategy in Algorithm 1, showing aggregated outcomes for 𝑠𝑎,ℎ+1,𝑏𝑎𝑠𝑒 set to: (a) 5, (b) 4, (c) 3, (d) 2, and (e) 1. Each subfigure shows boundary cases with one worst-scoring instance and all remaining instances sharing the same higher score. For the worst-score-dominant aggregation strategy, simulation results in [PITH_FULL_IMAGE:figures/full_fig_p026_13.png] view at source ↗
read the original abstract

Online government services are increasingly regarded as critical national infrastructure. Because these services directly influence public trust, any disruption can have significant societal and political consequences. Yet their supporting infrastructures remain vulnerable to outages from natural disasters, geopolitical tensions, and targeted attacks. Central to their operation is the authoritative Domain Name System (DNS) infrastructure, the single source of truth that maps government domain names to service endpoints. While indispensable, this infrastructure also represents a potential and critical point of system failure. In this paper, we introduce a comprehensive assessment framework with purpose-designed mechanisms to systematically evaluate the operational resilience of authoritative DNS infrastructure supporting government services. Complementing prior studies on website hosting, recursive resolution, and DNS record integrity, our work provides a holistic view of authoritative DNS operation. Our first contribution develops a multi-sourced data schema that characterizes a (government) domain's authoritative DNS infrastructure across four hierarchical levels: physical hosting infrastructure, server functionality, name servers, and individual hosting instances. Using data collected from six representative countries, our second contribution identifies resilience attributes at their finest applicable hierarchy across three operational phases: infrastructure placement, service configuration, and DNS record dispatch. Our method assigns numerical scores to each attribute and aggregates them algorithmically to enable consistent and cross-domain comparisons. We apply our method to government domains in the six countries, highlighting their strengths and weaknesses in authoritative DNS resilience and pinpointing operational practices that require improvement.

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Referee Report

3 major / 1 minor

Summary. The paper claims to introduce a comprehensive assessment framework for the operational resilience of authoritative DNS infrastructure supporting government services. It develops a multi-sourced data schema characterizing domains across four hierarchical levels (physical hosting infrastructure, server functionality, name servers, and individual hosting instances), identifies resilience attributes across three operational phases (infrastructure placement, service configuration, and DNS record dispatch) using data from six countries, assigns numerical scores to attributes, and aggregates them algorithmically for consistent cross-domain comparisons, while highlighting strengths, weaknesses, and areas for improvement.

Significance. If the scoring rules and aggregation can be shown to correlate with observable resilience indicators such as historical uptime or incident reports, the framework would offer a useful standardized approach for cross-domain comparisons of critical DNS infrastructure, complementing prior work on hosting and recursive resolution. The multi-country application demonstrates potential for identifying operational weaknesses, but without validation the practical significance remains limited.

major comments (3)
  1. [Abstract] Abstract: the central claim that assigning numerical scores and aggregating them 'algorithmically' produces 'consistent and cross-domain comparisons' is not supported by any presented scoring formulas, sensitivity analysis, data tables, or correlation with independent observables such as historical DNS uptime or resolution success rates for the six countries.
  2. [Contributions] The description of the multi-sourced data schema and attribute identification across four hierarchy levels and three phases provides no derivation or justification for the mapping of attributes to numerical scores; this is load-bearing for the claim that the resulting metrics meaningfully proxy operational resilience rather than arbitrary rankings.
  3. [Evaluation] Application to government domains in the six countries: the highlighting of strengths and weaknesses is asserted but cannot be evaluated without the actual aggregated scores, raw attribute values, or any error analysis showing how the framework responds to real infrastructure states.
minor comments (1)
  1. [Abstract] The abstract would benefit from a brief sentence situating the work relative to the cited prior studies on website hosting and recursive resolution.

Simulated Author's Rebuttal

3 responses · 0 unresolved

We thank the referee for the constructive and detailed feedback. The comments highlight important areas where the presentation of our scoring methodology and evaluation results can be strengthened for clarity and verifiability. We address each major comment below and will perform a major revision to incorporate explicit formulas, justifications, and supporting data tables.

read point-by-point responses
  1. Referee: [Abstract] Abstract: the central claim that assigning numerical scores and aggregating them 'algorithmically' produces 'consistent and cross-domain comparisons' is not supported by any presented scoring formulas, sensitivity analysis, data tables, or correlation with independent observables such as historical DNS uptime or resolution success rates for the six countries.

    Authors: We acknowledge that the abstract does not sufficiently preview the supporting details. Section 4 of the manuscript defines the scoring rules for each resilience attribute (e.g., geographic diversity scored 0-10 based on number of distinct locations) and the aggregation algorithm (weighted sum normalized to [0,1]). To address the concern, we will revise the abstract to reference the key scoring components and add a sensitivity analysis subsection in the evaluation that tests score stability under attribute perturbations. Direct correlation with historical uptime is not feasible with currently available public data for all six countries; we will add a limitations paragraph noting this and outlining how future work could validate against incident reports. revision: partial

  2. Referee: [Contributions] The description of the multi-sourced data schema and attribute identification across four hierarchy levels and three phases provides no derivation or justification for the mapping of attributes to numerical scores; this is load-bearing for the claim that the resulting metrics meaningfully proxy operational resilience rather than arbitrary rankings.

    Authors: The attribute-to-score mappings are grounded in DNS operational best practices drawn from RFC 1035, ICANN resilience guidelines, and NIST cybersecurity frameworks for critical infrastructure. Each score reflects measurable properties such as redundancy or diversity that prior literature links to reduced outage risk. We agree that explicit derivation is needed and will insert a new subsection (3.3) in the methodology that justifies every mapping with references and a brief rationale table, ensuring the scores are not arbitrary. revision: yes

  3. Referee: [Evaluation] Application to government domains in the six countries: the highlighting of strengths and weaknesses is asserted but cannot be evaluated without the actual aggregated scores, raw attribute values, or any error analysis showing how the framework responds to real infrastructure states.

    Authors: We will expand the evaluation section to include a new table presenting both raw attribute values and final aggregated resilience scores for all domains across the six countries. We will also add an error analysis subsection that quantifies data collection uncertainties (e.g., incomplete WHOIS records) and demonstrates framework sensitivity to missing attributes via imputation tests. revision: yes

Circularity Check

0 steps flagged

No circularity: framework relies on external data collection and attribute definition

full rationale

The paper's central method collects multi-sourced data on authoritative DNS infrastructure across four hierarchy levels and three phases, then assigns numerical scores to identified attributes before algorithmic aggregation. No equations, fitted parameters, or derivations are presented that reduce to self-referential inputs or predictions. No self-citations invoke uniqueness theorems, ansatzes, or prior results from the same authors to justify the scoring or aggregation. The process is presented as a methodological schema grounded in observed infrastructure states rather than any loop that equates outputs to inputs by construction. This is the expected non-circular outcome for a descriptive assessment framework.

Axiom & Free-Parameter Ledger

0 free parameters · 2 axioms · 0 invented entities

The framework depends on domain assumptions about data fidelity and attribute validity rather than free parameters or new postulated entities.

axioms (2)
  • domain assumption Multi-sourced data accurately represents the true state of physical hosting, server functionality, name servers, and instances.
    Invoked when the schema is used to characterize infrastructure across the six countries.
  • domain assumption The chosen resilience attributes at each hierarchy and phase are the right ones for measuring operational resilience.
    Required for the scoring and aggregation step to produce meaningful comparisons.

pith-pipeline@v0.9.0 · 5559 in / 1223 out tokens · 41782 ms · 2026-05-16T21:26:43.451565+00:00 · methodology

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.

Lean theorems connected to this paper

Citations machine-checked in the Pith Canon. Every link opens the source theorem in the public Lean library.

What do these tags mean?
matches
The paper's claim is directly supported by a theorem in the formal canon.
supports
The theorem supports part of the paper's argument, but the paper may add assumptions or extra steps.
extends
The paper goes beyond the formal theorem; the theorem is a base layer rather than the whole result.
uses
The paper appears to rely on the theorem as machinery.
contradicts
The paper's claim conflicts with a theorem or certificate in the canon.
unclear
Pith found a possible connection, but the passage is too broad, indirect, or ambiguous to say the theorem truly supports the claim.

Reference graph

Works this paper leans on

85 extracted references · 85 canonical work pages

  1. [1]

    ACSC. 2025. Annual Cyber Threat Report 2024-2025. https://www.cyber.gov.au/about-us/view-all-content/reports- and-statistics/annual-cyber-threat-report-2024-2025 Accessed: 2025-11-11

  2. [2]

    AGOR. 2025. AGOR Quarterly Report. https://www.finance.gov.au/government/managing-commonwealth-resources/ structure-australian-government-public-sector Accessed: 2025-07-21

  3. [3]

    Akamai. 2025. Designing DNS for Availability and Resilience Against DDoS Attacks. https://www.akamai.com/ resources/white-paper/designing-dns-for-availability-and-resilience-against-ddos-attacks Accessed: 2025-11-28

  4. [4]

    Akamai. 2025. Edge DNS. https://www.akamai.com/products/edge-dns Accessed: 2025-12-01

  5. [5]

    Voelker, and Stefan Savage

    Gautam Akiwate, Raffaele Sommese, Mattijs Jonker, Zakir Durumeric, KC Claffy, Geoffrey M. Voelker, and Stefan Savage. 2022. Retroactive identification of targeted DNS infrastructure hijacking. InProc. ACM IMC. Nice, France

  6. [6]

    Eihal Alowaisheq, Siyuan Tang, Zhihao Wang, Fatemah Alharbi, Xiaojing Liao, and XiaoFeng Wang. 2020. Zombie Awakening: Stealthy Hijacking of Active Domains through DNS Hosting Referral. InProc. ACM CCS. Virtual Event

  7. [7]

    ANSSI. 2025. French Cybersecurity Agency. https://cyber.gouv.fr/ Accessed: 2025-11-14

  8. [8]

    Mahdi Arghavani, Haibo Zhang, David Eyers, and Abbas Arghavani. 2024. SUSS: Improving TCP Performance by Speeding Up Slow-Start. InProc. ACM SIGCOMM. Sydney, NSW, Australia

  9. [9]

    Brazil Government. 2025. Órgãos do Governo. https://www.gov.br/pt-br/orgaos-do-governo/ministerios-e-orgaos- com-status-de-ministerios Accessed: 2025-11-03

  10. [10]

    Rishabh Chhabra, Paul Murley, Deepak Kumar, Michael Bailey, and Gang Wang. 2021. Measuring DNS-over-HTTPS performance around the world. InProc. ACM IMC. Virtual Event

  11. [11]

    Cloudflare. 2020. Improving DNS security, performance, and reliability. https://www.cloudflare.com/en-au/improving- dns-security-performance-reliability/ Accessed: 2025-11-28

  12. [12]

    Cloudflare. 2025. Cloudflare DNS. https://www.cloudflare.com/application-services/products/dns/ Accessed: 2025-12- 01

  13. [13]

    CSIS. 2025. Significant Cyber Incidents. https://www.csis.org/programs/strategic-technologies-program/significant- cyber-incidents Accessed: 2025-11-11

  14. [14]

    Cybersecurity and Infrastructure Security Agency. 2025. get.gov. https://get.gov/about/data/ Accessed: 2025-04-20

  15. [15]

    Rasmus Dahlberg and Tobias Pulls. 2023. Timeless Timing Attacks and Preload Defenses in Tor’s DNS Cache. InProc. USENIX Security. Anaheim, CA, USA

  16. [16]

    datagouv. 2022. Lists of gouv.fr sites. https://www.data.gouv.fr/datasets/listes-des-sites-gouv-fr/ Accessed: 2022-07-22

  17. [17]

    Casey Deccio, Alden Hilton, Michael Briggs, Trevin Avery, and Robert Richardson. 2020. Behind Closed Doors: A Network Tale of Spoofing, Intrusion, and False DNS Security. InProc. ACM IMC. Virtual Event, USA

  18. [18]

    Hongying Dong, Yizhe Zhang, Hyeonmin Lee, Shumon Huque, and Yixin Sun. 2024. Exploring the Ecosystem of DNS HTTPS Resource Records: An End-to-End Perspective. InProc. ACM IMC. Madrid, Spain

  19. [19]

    Huayi Duan, Marco Bearzi, Jodok Vieli, David Basin, Adrian Perrig, Si Liu, and Bernhard Tellenbach. 2024. CAMP: Compositional Amplification Attacks against DNS. InProc. USENIX Security. Philadelphia, PA, USA

  20. [20]

    Ludwig Englbrecht, Stefan Meier, and Günther Pernul. 2020. Towards a Capability Maturity Model for Digital Forensic Readiness.Wireless Networks26, 7 (Oct. 2020)

  21. [21]

    European Commision. 2025. Digital Tracking. https://commission.europa.eu/strategy-and-policy/eu-budget/ performance-and-reporting/horizontal-priorities/digital-tracking_en Accessed: 2025-11-11

  22. [22]

    Evans, Julia. 2022. Why might you run your own DNS server? https://jvns.ca/blog/2022/01/05/why-might-you-run- your-own-dns-server-/ Accessed: 2025-11-28

  23. [23]

    ExamLabs. 2025. Understanding the Role of DNS Authoritative Name Servers. https://www.exam-labs.com/blog/ understanding-the-role-of-dns-authoritative-name-servers Accessed: 2025-11-28

  24. [24]

    Tillson Galloway, Kleanthis Karakolios, Zane Ma, Roberto Perdisci, Angelos Keromytis, and Manos Antonakakis. 2024. Practical Attacks Against DNS Reputation Systems. InProc. IEEE S&P

  25. [25]

    Google. 2025. Cloud DNS. https://cloud.google.com/dns/ Accessed: 2025-12-01

  26. [26]

    Government Digital Service and Central Digital and Data Office. 2025. List of .gov.uk domain names. https: //www.gov.uk/government/publications/list-of-gov-uk-domain-names Accessed: 2025-07-22

  27. [27]

    Harm Griffioen, Georgios Koursiounis, Georgios Smaragdakis, and Christian Doerr. 2024. Have you SYN me? Charac- terizing Ten Years of Internet Scanning. InProc. ACM IMC. Madrid, Spain

  28. [28]

    Rumaisa Habib, Kimberly Ruth, Gautam Akiwate, and Zakir Durumeric. 2025. Formalizing Dependence of Web Infrastructure. InProc. ACM SIGCOMM. São Francisco Convent, Coimbra, Portugal

  29. [29]

    Elias Heftrig, Haya Schulmann, Niklas Vogel, and Michael Waidner. 2024. The Harder You Try, The Harder You Fail: The KeyTrap Denial-of-Service Algorithmic Complexity Attacks on DNSSEC. InProc. ACM CCS

  30. [30]

    Thomas, Mattijs Jonker, Ricky Mok, Xiapu Luo, John Kristoff, Thomas C

    Raphael Hiesgen, Marcin Nawrocki, Marinho Barcellos, Daniel Kopp, Oliver Hohlfeld, Echo Chan, Roland Dobbins, Christian Doerr, Christian Rossow, Daniel R. Thomas, Mattijs Jonker, Ricky Mok, Xiapu Luo, John Kristoff, Thomas C. Schmidt, Matthias Wählisch, and kc claffy. 2024. The Age of DDoScovery: An Empirical Comparison of Industry and , Vol. 1, No. 1, Ar...

  31. [31]

    Alden Hilton, Casey Deccio, and Jacob Davis. 2023. Fourteen Years in the Life: A Root Server’s Perspective on DNS Resolver Security. InProc. USENIX Security. Anaheim, CA, USA

  32. [32]

    Rebekah Houser, Shuai Hao, Chase Cotton, and Haining Wang. 2022. A Comprehensive, Longitudinal Study of Government DNS Deployment at Global Scale. InProc. IEEE/IFIP DSN

  33. [33]

    IPinfo. 2025. IPinfo: The Trusted Source For IP Address Data. https://ipinfo.io Accessed: 2025-11-14

  34. [34]

    Katsuki Isobe, Daishi Kondo, and Hideki Tode. 2022. A first look at the name resolution latency on handshake. InProc. ACM IMC. Nice, France

  35. [35]

    Liz Izhikevich, Gautam Akiwate, Briana Berger, Spencer Drakontaidis, Anna Ascheman, Paul Pearce, David Adrian, and Zakir Durumeric. 2022. ZDNS: a fast DNS toolkit for internet measurement. InProc. ACM IMC. Nice, France

  36. [36]

    Akshath Jain, Deepayan Patra, Peijing Xu, Justine Sherry, and Phillipa Gill. 2022. The ukrainian internet under attack: an NDT perspective. InProc. ACM IMC. Nice, France

  37. [37]

    Voelker, Roland van Rijswijk- Deij, and Stefan Savage

    Mattijs Jonker, Gautam Akiwate, Antonia Affinito, kc Claffy, Alessio Botta, Geoffrey M. Voelker, Roland van Rijswijk- Deij, and Stefan Savage. 2022. Where .ru? Assessing the Impact of Conflict on Russian Domain Infrastructure. InProc. ACM IMC. Nice, France

  38. [38]

    Joshi, Sagar. 2025. 10 Biggest IT Outages in History: Who Pulled the Plug? https://learn.g2.com/biggest-it-outages- in-history Accessed: 2025-12-01

  39. [39]

    Aqsa Kashaf, Vyas Sekar, and Yuvraj Agarwal. 2020. Analyzing Third Party Service Dependencies in Modern Web Services: Have We Learned from the Mirai-Dyn Incident?. InProc. ACM IMC. Virtual Event

  40. [40]

    Mike Kosek, Luca Schumann, Robin Marx, Trinh Viet Doan, and Vaibhav Bajpai. 2022. DNS privacy with speed? evaluating DNS over QUIC and its impact on web performance. InProc. ACM IMC. Nice, France

  41. [41]

    Bustamante

    Rashna Kumar, Sana Asif, Elise Lee, and Fabian E. Bustamante. 2023. Each at its Own Pace: Third-Party Dependency and Centralization Around the World.Proc. ACM Meas. Anal. Comput. Syst.7, 1 (March 2023)

  42. [42]

    Bustamante, Ihsan Ayyub Qazi, and Mariano G

    Rashna Kumar, Esteban Carisimo, Lukas De Angelis Riva, Mauricio Buzzone, Fabián E. Bustamante, Ihsan Ayyub Qazi, and Mariano G. Beiró. 2024. Of Choices and Control - A Comparative Analysis of Government Hosting. InProc. ACM IMC. Madrid, Spain

  43. [43]

    Jungjae Lee, Yubin Choi, Minhyuk Song, and Sanghyun Park. 2024. ChatFive: Enhancing User Experience in Likert Scale Personality Test through Interactive Conversation with LLM Agents. InProc. ACM CUI. Luxembourg, Luxembourg

  44. [44]

    Lewis and Alfred Hoenes

    Edward P. Lewis and Alfred Hoenes. 2010. DNS Zone Transfer Protocol (AXFR). RFC 5936

  45. [45]

    Xiang Li, Dashuai Wu, Haixin Duan, and Qi Li. 2024. DNSBomb: A New Practical-and-Powerful Pulsing DoS Attack Exploiting DNS Queries-and-Responses. InIEEE Symposium on Security and Privacy

  46. [46]

    Xiang Li, Wei Xu, Baojun Liu, Mingming Zhang, Zhou Li, Jia Zhang, Deliang Chang, Xiaofeng Zheng, Chuhan Wang, Jianjun Chen, Haixin Duan, and Qi Li. 2024. TuDoor Attack: Systematically Exploring and Exploiting Logic Vulnerabilities in DNS Response Pre-processing with Malformed Packets. InIEEE Symposium on Security and Privacy

  47. [47]

    Kurt Erik Lindqvist and Joe Abley. 2006. Operation of Anycast Services. RFC 4786

  48. [48]

    Guannan Liu, Lin Jin, Shuai Hao, Yubao Zhang, Daiping Liu, Angelos Stavrou, and Haining Wang. 2023. Dial "N" for NXDomain: The Scale, Origin, and Security Implications of DNS Queries to Non-Existent Domains. InProc. ACM IMC. Montreal QC, Canada

  49. [49]

    Minzhao Lyu, Hassan Habibi Gharakheili, Craig Russell, and Vijay Sivaraman. 2021. Hierarchical Anomaly-Based Detection of Distributed DNS Attacks on Enterprise Networks.IEEE TNSM18, 1 (2021)

  50. [50]

    Minzhao Lyu, Hassan Habibi Gharakheili, Craig Russell, and Vijay Sivaraman. 2023. Enterprise DNS Asset Mapping and Cyber-Health Tracking via Passive Traffic Analysis.IEEE TNSM20, 3 (2023)

  51. [51]

    Minzhao Lyu, Hassan Habibi Gharakheili, and Vijay Sivaraman. 2022. Classifying and tracking enterprise assets via dual-grained network behavioral analysis.Computer Networks218 (2022)

  52. [52]

    Keyu Man, Xin’an Zhou, and Zhiyun Qian. 2021. DNS Cache Poisoning Attack: Resurrections with Side Channels. In Proc. ACM CCS. Virtual Event

  53. [53]

    McLeod, Saul. 2025. Likert Scale Questionnaire: Examples & Analysis. https://www.simplypsychology.org/likert- scale.html Accessed: 2025-12-01

  54. [54]

    Mitchell, Robert. 2025. What Is Internet Resilience? https://www.internetsociety.org/blog/2025/08/what-is-internet- resilience/ Accessed: 2025-11-11

  55. [55]

    Moss, Sebastian. 2025. 8.8 magnitude earthquake causes Internet outages in Kamchatka, Russia. https://www. datacenterdynamics.com/en/news/88-magnitude-earthquake-causes-internet-outages-in-kamchatka-russia/ Ac- cessed: 2025-10-30

  56. [56]

    Giovane C. M. Moura, Sebastian Castro, Wes Hardaker, Maarten Wullink, and Cristian Hesselman. 2020. Clouding up the Internet: how centralized is DNS traffic becoming?. InProc. ACM IMC. Virtual Event

  57. [57]

    Giovane C. M. Moura, Sebastian Castro, John Heidemann, and Wes Hardaker. 2021. TsuNAME: exploiting misconfigu- ration and vulnerability to DDoS DNS. InProc. ACM IMC(Virtual Event). , Vol. 1, No. 1, Article . Publication date: December 2025. Assessing Resilience in Authoritative DNS Infrastructure Supporting Government Services 23

  58. [58]

    Giovane C. M. Moura, Thomas Daniels, Maarten Bosteels, Sebastian Castro, Moritz Müller, Thymen Wabeke, Thijs van den Hout, Maciej Korczyński, and Georgios Smaragdakis. 2024. Characterizing and Mitigating Phishing Attacks at ccTLD Scale. InProc. ACM CCS

  59. [59]

    Schmidt, and Matthias Wählisch

    Marcin Nawrocki, Mattijs Jonker, Thomas C. Schmidt, and Matthias Wählisch. 2021. The far side of DNS amplification: tracing the DDoS attack ecosystem from the internet core. InProc. ACM IMC(Virtual Event)

  60. [60]

    Alexandra Nisenoff, Ranya Sharma, and Nick Feamster. 2023. User Awareness and Behaviors Concerning Encrypted DNS Settings in Web Browsers. InProc. USENIX Security. Anaheim, CA, USA

  61. [61]

    Fariba Osali, Khwaja Zubair Sediqi, and Oliver Gasser. 2025. Sibling Prefixes: Identifying Similarities in IPv4 and IPv6 Prefixes. InProc. ACM IMC. USA

  62. [62]

    Pallarito, Ash and Abley, Joe. 2022. Cloudflare 1.1.1.1 incident on July 14, 2025. https://blog.cloudflare.com/cloudflare- 1-1-1-1-incident-on-july-14-2025/ Accessed: 2025-11-11

  63. [63]

    Patton, Scott O

    Michael A. Patton, Scott O. Bradner, Robert Elz, and Randy Bush. 1997. Selection and Operation of Secondary DNS Servers. RFC 2182

  64. [64]

    Presiden Republik Indonesia. 2018. Peraturan Presiden Nomor 95 Tahun 2018 tentang Sistem Pemerintahan Berbasis Elektronik. https://peraturan.bpk.go.id/Details/96913/perpres-no-95-tahun-2018 Accessed: 2025-11-12

  65. [65]

    Voelker, Stefan Savage, and Aaron Schulman

    Audrey Randall, Enze Liu, Gautam Akiwate, Ramakrishna Padmanabhan, Geoffrey M. Voelker, Stefan Savage, and Aaron Schulman. 2020. Trufflehunter: Cache Snooping Rare Domains at Large Public DNS Resolvers. InProc. ACM IMC(Virtual Event)

  66. [66]

    Voelker, Stefan Savage, and Aaron Schulman

    Audrey Randall, Enze Liu, Ramakrishna Padmanabhan, Gautam Akiwate, Geoffrey M. Voelker, Stefan Savage, and Aaron Schulman. 2021. Home is where the hijacking is: understanding DNS interception by residential routers. InProc. ACM IMC. Virtual Event

  67. [67]

    RDAP.org. 2025. The Registration Data Access Protocol. https://about.rdap.org Accessed: 2025-11-01

  68. [68]

    Robinson, Dan. 2025. A single DNS race condition brought Amazon’s cloud empire to its knees. https://www. theregister.com/2025/10/23/amazon_outage_postmortem/ Accessed: 2025-11-11

  69. [69]

    Secretary of State Science. 2025. State of digital government review. https://www.gov.uk/government/publications/ state-of-digital-government-review/state-of-digital-government-review Accessed: 2025-08-11

  70. [70]

    Sekretaris Kabinet Republik Indonesia. 2024. Kabinet Pemerintahan Indonesia. https://setkab.go.id/profil-kabinet/ Accessed: 2025-11-12

  71. [71]

    Raffaele Sommese, Gautam Akiwate, Antonia Affinito, Moritz Muller, Mattijs Jonker, and kc claffy. 2024. DarkDNS: Revisiting the Value of Rapid Zone Update. InProc. ACM on IMC. Madrid, Spain

  72. [72]

    Raffaele Sommese, KC Claffy, Roland van Rijswijk-Deij, Arnab Chattopadhyay, Alberto Dainotti, Anna Sperotto, and Mattijs Jonker. 2022. Investigating the impact of DDoS attacks on DNS infrastructure. InProc. ACM IMC. Nice, France

  73. [73]

    Raffaele Sommese, Mattijs Jonker, Jeroen van der Ham, and Giovane C. M. Moura. 2022. Assessing e-Government DNS Resilience. InProc. International Conference on Network and Service Management

  74. [74]

    Florian Steurer, Amreesh Phokeer, Philip Paeps, and Liz Izhikevich. 2025. Measuring Resilience of Authoritative DNS. InProc. ACM SIGCOMM Posters and Demos. Coimbra, Portugal

  75. [75]

    United Nation. 2024. E-Government Development Index (EGDI). https://publicadministration.un.org/egovkb/en- us/About/Overview/-E-Government-Development-Index Accessed: 2025-08-22

  76. [76]

    Congress

    U.S. Congress. 2024. Information Technology Spending in the President’s Budget Submission for FY2025: In Brief. https://www.congress.gov/crs-product/R48049 Accessed: 2025-11-11

  77. [77]

    Paul Wouters and Ondřej Surý. 2019. Algorithm Implementation Requirements and Usage Guidance for DNSSEC. RFC

  78. [78]

    https://www.rfc-editor.org/info/rfc8624

  79. [79]

    Yunpeng Xing, Chaoyi Lu, Baojun Liu, Haixin Duan, Junzhe Sun, and Zhou Li. 2024. Yesterday Once More: Global Measurement of Internet Traffic Shadowing Behaviors. InProc. ACM IMC. Madrid, Spain

  80. [80]

    Wei Xu, Xiang Li, Chaoyi Lu, Baojun Liu, Haixin Duan, Jia Zhang, Jianjun Chen, and Tao Wan. 2023. TsuKing: Coordinating DNS Resolvers and Queries into Potent DoS Amplifiers. InProc. ACM CCS. Copenhagen, Denmark

Showing first 80 references.