Abstract
Domain Name System (DNS) is a fundamental component for today’s Internet communications, enabling the domain-to-IP translations for billions of users and numerous applications. Yet, the operational failures of DNS are not rare and sometimes lead to severe consequences like Internet outages. To gain a better understanding of DNS operational failures, previous works examined large-scale DNS logs (DNS queries and responses between Internet users and DNS servers), but the DNS logs cannot offer a comprehensive view of the failures (e.g., errors at domain registrars) and explain the failures at a finer grain. In this paper, we try to assess DNS operational failures from another data source, the supporting forums built by DNS service providers. Specifically, we mined 4 DNS forums and crawled more than 10000 posts and 50000 replies. With a new analysis framework developed by us, we are able to tag the forum posts by different categories (e.g., general concerns, issue locations, and record types), and gain new insights regarding how and why users encounter DNS failures. In the end, we offer suggestions to DNS service providers and users to mitigate DNS operational issues.
Qifan Zhang
Senior Staff Researcher
Dr. Qifan Zhang (张起帆) is now a Senior Staff Researcher of Palo Alto Networks. His research focuses on safeguarding critical internet infrastructure and addressing emerging threats in networked systems. His work centers on Network Security, with deep expertise in the Domain Name System (DNS)—the backbone of internet communication. By combining protocol analysis, fuzzing techniques, and formal methods, he designs automated tools to uncover high-risk vulnerabilities in DNS implementations and standards.
One of his flagship projects, ResolverFuzz, is a novel testing framework that exposed critical flaws in widely deployed DNS resolvers, including protocol-level security gaps (e.g., cache poisoning) and implementation errors (e.g., memory corruption). These discoveries have directly strengthened cybersecurity practices for the industry, open-source communities, and public infrastructure providers, earning recognition from organizations like CERT/CC and CVE.
Beyond DNS, he also explores the intersection of AI and Security, investigating risks in real-world machine learning deployments. My research, published in ACSAC 2022, demonstrated the first practical model extraction attacks against autonomous vehicle (AV) systems, using gradient-descent-based methods to reverse-engineer proprietary AI models. This work underscores the urgent need for robust defenses in safety-critical AI applications.
Prior to Palo Alto Networks, he earned his Ph.D. in Computer Engineering from University of California, Irvine advised by Prof. Zhou Li in 2025, and B.Eng. in Computer Science and Technology from ShanghaiTech University in 2020, complemented by a summer session at the University of California, Berkeley in 2017.
Pronunciation of his name: Chee-Fan Jang.
His Curriculum Vitae (last updated on March 14, 2025)