Date of Award
Summer 7-15-2025
Document Type
Thesis
Degree Name
Master of Science (MS)
Department
Computer Science
First Advisor
Debbie Perouli
Second Advisor
David Plonka
Third Advisor
Michael Zimmer
Abstract
This thesis presents a dual-method investigation into the DNS-layer security posture of a Research and Education Network and its member organizations, focusing on both email authentication practices and real-time domain resolution behavior. Using a pre-built DNS scanner and custom Python scripts, the first component evaluated the accuracy and implementation of SPF, DMARC, and CAA, three DNS-based email security protocols, across 503 member domains. The results showed that even though many members had implemented these protocols, there were significant misconfigurations; just 31% of DMARC records enforced strict regulations, and many SPF and CAA records had structural or semantic issues. Grouping domains by configuration likeness further exposed systemic vulnerabilities tied to shared service providers or outdated templates. The second component involved deploying a DNS monitoring tool that scanned 1.6 billion DNS packets to find the query name hits in the blacklist of domain names. During approximately a two-week period, 727 suspicious queries were detected, with a small number of members’ hosts responsible for most of the traffic to domains linked to ad fraud, malware, and inappropriate content. Together, these results emphasize the value of DNS-layer analysis as a scalable, non-invasive method for improving network security. This study provides a reproducible framework for regional or educational networks to evaluate DNS configurations and detect harmful traffic quickly, with minimal infrastructure needs.