SlideShare a Scribd company logo

Measuring Recursive Resolver Centrality in the DNS

APNIC
APNIC

This document discusses measuring centrality in the DNS recursive resolver market. It finds that while there are over 140,000 visible recursive resolvers, just 15 resolver services serve 50% of users and 250 resolver services serve 90% of users, indicating some level of consolidation. However, 70% of users use a resolver in their own AS, and consolidation may be driven more by ISPs forwarding to open resolvers than end users reconfiguring. The largest open resolver is Google at 15-29% of users, but use of open resolvers is growing slowly. Overall centrality in recursive resolving is not currently seen as problematic due to market forces, but encryption of DNS like DNS-over-HTTPS could threaten the current shared infrastructure model

Internet
1 of 33
Download to read offline
Measuring Recursive Resolver Centrality Geoff Huston, Joao Damas APNIC Labs
Why pick on the DNS? The DNS is used by everyone and everything • Because pretty much everything you do on the net starts with a call to the DNS • If a single entity “controlled” the DNS then to all practical purposes they would control not just the DNS, but the entire Internet!
This Presentation •What’s the problem with centrality anyway? •What does centrality in the DNS mean? •How to measure DNS centrality •What we measure •What are we see 3
Centrality • Many aspects of the Internet’s infrastructure are operated by fewer and fewer entities over time 4
What’s the problem? • Economics A01 (or Adam Smith’s Invisible Hand) • Competition rewards efficient producers • Innovation that increases production efficiency is rewarded • Consumers benefit from increased production efficiency and innovation • Consolidation in the market • Distorts the functions of an open competitive market • Decreases competition pressure • Creates barriers to entry in the market • Reduces pressure for increased production efficiency and innovation • Consumers end up paying a premium 5
Consolidation in the DNS • It’s not a new topic: • For many years Bind was a defacto monopoly provider for DNS software. At the time every DNS recursive resolver and authoritative server ran Bind software. This has broadened out to a number of software platforms and is less of a concern today • Where else might we find consolidation in today’s DNS? • Name Registration services • Name Hosting service providers • Name Resolution providers 6
Focus! • Here we are going to concentrate on just one of these areas! • We will look at the recursive resolver market and try to understand the extent to which we are seeing consolidation of the recursive name resolution function 7
Recursive Resolvers • This function is generally bundled with an ISP’s access service for public network services • Which means that there is already some level of consolidation in this space as the concentration of these DNS services follows the concentration of ISPs in the retail market • Is there consolidation in the DNS recursive resolution function over and above this access market consolidation? • Where might we see such consolidation? 8
The Rise of Open DNS Resolvers • There are some 6M open DNS resolvers in operation today* Most of these appear to be inadvertently open due to errant CPE equipment • Others are explicitly configured to offer DNS resolution services as a open service • Hard to say where all this started, but an early example was the the 4.2.2.2 open resolver project offered by BBN Planet in the mid-90’s, though there were many others even then • At that time many ISPs used recursive resolvers as a service and some operated these platforms as a open service as a least cost / lowest admin overhead option • The use of anycast in the DNS made it possible to operate a single service with a distributed footprint • Open DNS was one of the early offerings of a dedicated recursive resolution service with a scaled up infrastructure • Google Public DNS entered the picture with a service that took scaling to the next level 9 * https://scan.shadowserver.org/dns/
What’s the Centrality Question here? • One way to measure centrality is by “market share” • So the question here would be: • What proportion of users of the Internet use <X> as their DNS resolver? • We won’t distinguish between end users explicitly adding their own DNS configuration into their platform and ISPs using forwarding structures to pass all DNS queries to an open resolver. Through the lens of “centrality” both paths to using open DNS resolvers look the same! 10
How we Measure DNS Centrality • We use Google Ads as the main element of this measurement • The measurement script is an embedded block of HTML5 code in an Ad • The Ad runs in campaigns that generate some 10M impressions per day • We get to “see” the DNS in operation from the inside of most mid-to-large ISPs and service providers across the entire Internet • Ads provide very little functionality in the embedded scripts – it’s basically limited to fetching URLs • But that’s enough here, as a URL fetch involves the resolution of a domain name • So we use unique DNS names in every ad, so the DNS queries will be passed though to our authoritative servers 11
Recursive Resolver Behaviours • The task is to match the source of a query of a domain name to both a resolver and an end user • We need to • map query IP source addresses to resolvers • understand how the DNS “manages” queries • how the resolver lists in /etc/resolv.conf are used 12
Mapping Resolver Addresses • We use periodic sweeps with RIPE Atlas to reveal the engine addresses used by popular Open DNS resolvers, and load this into an identification database 13
Understanding Resolver Behaviour 14 Query Distributor Resolver Engine Resolver Engine Resolver Engine Resolver Engine From Client To Server Service Address Engine Address
Resolution Metrics • Average query count per unique name: 3.4 (Dual stack hosts may be a factor here) • Max observed query count in 30 seconds is 1,761 queries! 15 0% 5% 10% 15% 20% 25% 30% 35% 1 2 3 4 5 6 7 8 9 10 % of names Number of queries Queries per Name
Resolution Metrics • Average number of resolvers (IP addresses) per unique name: 2.1 • 30 second maximum resolvers seen: 94 16 0% 10% 20% 30% 40% 50% 60% 1 2 3 4 5 6 7 8 9 10 % of names Number of resolvers Resolvers (IP addrs) per Name
First Resolver vs Full Resolver Set • What happens if the authoritative server always reports SERVFAIL to all queries? • We use a server that always returns a SERVFAIL error code to prompt the client to run through its full set of recursive resolvers 17
SERVFAIL Resolution Metrics • Average query count per unique name: 36.5 • Max observed query count in 30 seconds is 292,942 queries! 18 0% 1% 1% 2% 2% 3% 3% 4% 4% 5% 5% 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 % of names Number of queries Queries per Name
SERVFAIL Resolution Metrics • Average number of resolvers (IP addresses) per unique name: 8.9 • 30 second maximum resolvers seen: 1,368 19 0% 2% 4% 6% 8% 10% 12% 14% 16% 18% 20% 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 % of names Number of resolvers Resolvers per Name
Recursive Resolver Stats 20 Of the 140,000 visible recursive resolvers, just 150 resolvers account for 20% of all users and 1,500 resolvers account for 50% of all users. 10,000 resolvers account for 90% of all users However we are looking here at resolver IP addresses, and that’s probably misleading. Lets try and group resolver IP addresses into resolver services
Recursive Resolver Stats 21 Of the 14,600 visible recursive resolvers services, just 15 resolver services serve 50% of users 250 resolver services serve 90% of users Is this what we mean by “centralisation”?
Details Lets break this data down into: • Using a “known” open DNS resolver • Using a resolver in the same AS as the user • Using a resolver in the same country as the user • Others 22
”First” Resolver Use 23 70% of users use a resolver located in the same AS as the user (ISP resolver) 17% of users use a resolver located in the same CC as the user (ISP resolver?) 15% of users use the Google open resolver (8.8.8.8)
All Resolver Use (SERVFAIL) 24 70% -> 72% for same ISP 15% -> 29% for Google use (yes, the plotting software performed a colour change – sorry!)
Google DNS 25 Use of Google Service per CC Within each country how many users In that country use Google’s resolver?
Google DNS 26 Use of Google Service by User Count Looking at the total population of users using Google’s service, where are they located?
Google DNS • Google DNS use appears to be equally split between first use (15% of users) and backup resolvers (a further 14% of users) • Within each economy Google DNS is heavily used in some African economies, and central and southern Asian economies • The largest pool of Google DNS users are located in India (19% of Google DNS users) • Significant pools Google users are also seen in the US, China, Nigeria, Brazil and Iran (each CC has some 4% - 6% of Google’s DNS users) 27
Cloudflare’s 1.1.1.1 service 28 Where is Cloudflare used? Cloudflare is extensively used in Turkmenistan (80%), Iran (57%), Niger (54%) Cameroon (54%) and the Congo (49%) Cloudflare market share
Iran 29 A major ISP in IRAN, MCCI, distributes its queries across Google, Cloudflare, Yandex, Neustar, OpenDNS, Quad9 and others
Who makes the choice? • Is this the ISP‘s resolver performing forwarding of the query to an open resolver, or the users themselves opting out of the ISP service? • The numbers vary, but it is quite common to see 60% - 80% of users in an AS having their queries sent to an open resolver when open resolvers are used 30 Google DNS at 86% Open DNS at 27%
Resolver Centrality? • Its not a “small number” of open resolvers • It’s just 1 – Google’s Public DNS • Its not end users reconfiguring their devices • It’s the ISP • And where its not the ISP it’s mainly enterprise customers of ISPs • Is this changing? • Yes, but quite slowly 31
Is this a “problem”? • It this an emerging distortion of the market that puts excessive market control in the hands of a small set of providers? • No, not so far • It’s more likely that the shift of DNS functions into application realms using DoH services as an application function is a far greater threat to the current model of the DNS as a common single infrastructure 32
Thanks! Report on Resolver Use: https://stats.labs.apnic.net/rvrs

Recommended

RIPE 82: An Update on Fragmentation Loss Rates in IPv6
RIPE 82: An Update on Fragmentation Loss Rates in IPv6RIPE 82: An Update on Fragmentation Loss Rates in IPv6
RIPE 82: An Update on Fragmentation Loss Rates in IPv6APNIC
 
ICANN DNS Symposium 2021: Measuring Recursive Resolver Centrality
ICANN DNS Symposium 2021: Measuring Recursive Resolver CentralityICANN DNS Symposium 2021: Measuring Recursive Resolver Centrality
ICANN DNS Symposium 2021: Measuring Recursive Resolver CentralityAPNIC
 
RIPE 82: DNS Evolution
RIPE 82: DNS EvolutionRIPE 82: DNS Evolution
RIPE 82: DNS EvolutionAPNIC
 
NANOG 82: DNS Evolution
NANOG 82: DNS EvolutionNANOG 82: DNS Evolution
NANOG 82: DNS EvolutionAPNIC
 
NANOG32 - DNS Anomalies and Their Impacts on DNS Cache Servers
NANOG32 - DNS Anomalies and Their Impacts on DNS Cache ServersNANOG32 - DNS Anomalies and Their Impacts on DNS Cache Servers
NANOG32 - DNS Anomalies and Their Impacts on DNS Cache ServersChika Yoshimura
 
2nd ICANN APAC-TWNIC Engagement Forum: DNS Oblivion
2nd ICANN APAC-TWNIC Engagement Forum: DNS Oblivion2nd ICANN APAC-TWNIC Engagement Forum: DNS Oblivion
2nd ICANN APAC-TWNIC Engagement Forum: DNS OblivionAPNIC
 
RIPE 78: IPv6 reliability measurements
RIPE 78: IPv6 reliability measurementsRIPE 78: IPv6 reliability measurements
RIPE 78: IPv6 reliability measurementsAPNIC
 
Thoughts about DNS for DDoS
Thoughts about DNS for DDoSThoughts about DNS for DDoS
Thoughts about DNS for DDoSAPNIC
 

Recommended

RIPE 82: An Update on Fragmentation Loss Rates in IPv6
RIPE 82: An Update on Fragmentation Loss Rates in IPv6RIPE 82: An Update on Fragmentation Loss Rates in IPv6
RIPE 82: An Update on Fragmentation Loss Rates in IPv6APNIC
 
ICANN DNS Symposium 2021: Measuring Recursive Resolver Centrality
ICANN DNS Symposium 2021: Measuring Recursive Resolver CentralityICANN DNS Symposium 2021: Measuring Recursive Resolver Centrality
ICANN DNS Symposium 2021: Measuring Recursive Resolver CentralityAPNIC
 
RIPE 82: DNS Evolution
RIPE 82: DNS EvolutionRIPE 82: DNS Evolution
RIPE 82: DNS EvolutionAPNIC
 
NANOG 82: DNS Evolution
NANOG 82: DNS EvolutionNANOG 82: DNS Evolution
NANOG 82: DNS EvolutionAPNIC
 
NANOG32 - DNS Anomalies and Their Impacts on DNS Cache Servers
NANOG32 - DNS Anomalies and Their Impacts on DNS Cache ServersNANOG32 - DNS Anomalies and Their Impacts on DNS Cache Servers
NANOG32 - DNS Anomalies and Their Impacts on DNS Cache ServersChika Yoshimura
 
2nd ICANN APAC-TWNIC Engagement Forum: DNS Oblivion
2nd ICANN APAC-TWNIC Engagement Forum: DNS Oblivion2nd ICANN APAC-TWNIC Engagement Forum: DNS Oblivion
2nd ICANN APAC-TWNIC Engagement Forum: DNS OblivionAPNIC
 
RIPE 78: IPv6 reliability measurements
RIPE 78: IPv6 reliability measurementsRIPE 78: IPv6 reliability measurements
RIPE 78: IPv6 reliability measurementsAPNIC
 
Thoughts about DNS for DDoS
Thoughts about DNS for DDoSThoughts about DNS for DDoS
Thoughts about DNS for DDoSAPNIC
 
DINR 2021 Virtual Workshop: Passive vs Active Measurements in the DNS
DINR 2021 Virtual Workshop: Passive vs Active Measurements in the DNSDINR 2021 Virtual Workshop: Passive vs Active Measurements in the DNS
DINR 2021 Virtual Workshop: Passive vs Active Measurements in the DNSAPNIC
 
DNS Openness
DNS OpennessDNS Openness
DNS OpennessAPNIC
 
Experience Using RIR Whois
Experience Using RIR WhoisExperience Using RIR Whois
Experience Using RIR WhoisAPNIC
 
RIPE 76: Measuring ATR
RIPE 76: Measuring ATRRIPE 76: Measuring ATR
RIPE 76: Measuring ATRAPNIC
 
65% Performance Gains at Cryptocurrency Platform CoinGecko: An Argo Smart Rou...
65% Performance Gains at Cryptocurrency Platform CoinGecko: An Argo Smart Rou...65% Performance Gains at Cryptocurrency Platform CoinGecko: An Argo Smart Rou...
65% Performance Gains at Cryptocurrency Platform CoinGecko: An Argo Smart Rou...Cloudflare
 
RIPE 76: TCP and BBR
RIPE 76: TCP and BBRRIPE 76: TCP and BBR
RIPE 76: TCP and BBRAPNIC
 
Network latency - measurement and improvement
Network latency - measurement and improvementNetwork latency - measurement and improvement
Network latency - measurement and improvementMatt Willsher
 
IPv6 and the DNS, RIPE 73
IPv6 and the DNS, RIPE 73IPv6 and the DNS, RIPE 73
IPv6 and the DNS, RIPE 73APNIC
 
How Greta uses NATS to revolutionize data distribution on the Internet
How Greta uses NATS to revolutionize data distribution on the InternetHow Greta uses NATS to revolutionize data distribution on the Internet
How Greta uses NATS to revolutionize data distribution on the InternetApcera
 
Rolling the Root Zone DNSSEC Key Signing Key
Rolling the Root Zone DNSSEC Key Signing KeyRolling the Root Zone DNSSEC Key Signing Key
Rolling the Root Zone DNSSEC Key Signing KeyAPNIC
 
How Time To First Byte (TTFB) Impacts Your Site’s Performance
How Time To First Byte (TTFB) Impacts Your Site’s PerformanceHow Time To First Byte (TTFB) Impacts Your Site’s Performance
How Time To First Byte (TTFB) Impacts Your Site’s PerformanceMedianova
 
Measuring the End User
Measuring the End User Measuring the End User
Measuring the End User APNIC
 
NANOG 74: That KSK Roll
NANOG 74: That KSK RollNANOG 74: That KSK Roll
NANOG 74: That KSK RollAPNIC
 
Network
NetworkNetwork
NetworkYnon Perek
 
What to consider when monitoring microservices
What to consider when monitoring microservicesWhat to consider when monitoring microservices
What to consider when monitoring microservicesParticular Software
 
IETF 112: Internet centrality and its impact on routing
IETF 112: Internet centrality and its impact on routingIETF 112: Internet centrality and its impact on routing
IETF 112: Internet centrality and its impact on routingAPNIC
 
DNS Cache Poisoning
DNS Cache PoisoningDNS Cache Poisoning
DNS Cache PoisoningChristiaan Ottow
 
AWS re:Invent 2016: Making Every Packet Count (NET404)
AWS re:Invent 2016: Making Every Packet Count (NET404)AWS re:Invent 2016: Making Every Packet Count (NET404)
AWS re:Invent 2016: Making Every Packet Count (NET404)Amazon Web Services
 
Performance Tuning on the Fly at CMP.LY
Performance Tuning on the Fly at CMP.LYPerformance Tuning on the Fly at CMP.LY
Performance Tuning on the Fly at CMP.LYMongoDB
 
Request routing in CDN
Request routing in CDNRequest routing in CDN
Request routing in CDNSandeep Kath
 
DNS-OARC 38: The resolvers we use
DNS-OARC 38: The resolvers we useDNS-OARC 38: The resolvers we use
DNS-OARC 38: The resolvers we useAPNIC
 
Resolver concentration presentation for OARC 40 by Joao Damas and Geoff Huston
Resolver concentration presentation for OARC 40 by Joao Damas and Geoff HustonResolver concentration presentation for OARC 40 by Joao Damas and Geoff Huston
Resolver concentration presentation for OARC 40 by Joao Damas and Geoff HustonAPNIC
 

More Related Content

What's hot

DINR 2021 Virtual Workshop: Passive vs Active Measurements in the DNS
DINR 2021 Virtual Workshop: Passive vs Active Measurements in the DNSDINR 2021 Virtual Workshop: Passive vs Active Measurements in the DNS
DINR 2021 Virtual Workshop: Passive vs Active Measurements in the DNSAPNIC
 
DNS Openness
DNS OpennessDNS Openness
DNS OpennessAPNIC
 
Experience Using RIR Whois
Experience Using RIR WhoisExperience Using RIR Whois
Experience Using RIR WhoisAPNIC
 
RIPE 76: Measuring ATR
RIPE 76: Measuring ATRRIPE 76: Measuring ATR
RIPE 76: Measuring ATRAPNIC
 
65% Performance Gains at Cryptocurrency Platform CoinGecko: An Argo Smart Rou...
65% Performance Gains at Cryptocurrency Platform CoinGecko: An Argo Smart Rou...65% Performance Gains at Cryptocurrency Platform CoinGecko: An Argo Smart Rou...
65% Performance Gains at Cryptocurrency Platform CoinGecko: An Argo Smart Rou...Cloudflare
 
RIPE 76: TCP and BBR
RIPE 76: TCP and BBRRIPE 76: TCP and BBR
RIPE 76: TCP and BBRAPNIC
 
Network latency - measurement and improvement
Network latency - measurement and improvementNetwork latency - measurement and improvement
Network latency - measurement and improvementMatt Willsher
 
IPv6 and the DNS, RIPE 73
IPv6 and the DNS, RIPE 73IPv6 and the DNS, RIPE 73
IPv6 and the DNS, RIPE 73APNIC
 
How Greta uses NATS to revolutionize data distribution on the Internet
How Greta uses NATS to revolutionize data distribution on the InternetHow Greta uses NATS to revolutionize data distribution on the Internet
How Greta uses NATS to revolutionize data distribution on the InternetApcera
 
Rolling the Root Zone DNSSEC Key Signing Key
Rolling the Root Zone DNSSEC Key Signing KeyRolling the Root Zone DNSSEC Key Signing Key
Rolling the Root Zone DNSSEC Key Signing KeyAPNIC
 
How Time To First Byte (TTFB) Impacts Your Site’s Performance
How Time To First Byte (TTFB) Impacts Your Site’s PerformanceHow Time To First Byte (TTFB) Impacts Your Site’s Performance
How Time To First Byte (TTFB) Impacts Your Site’s PerformanceMedianova
 
Measuring the End User
Measuring the End User Measuring the End User
Measuring the End User APNIC
 
NANOG 74: That KSK Roll
NANOG 74: That KSK RollNANOG 74: That KSK Roll
NANOG 74: That KSK RollAPNIC
 
What to consider when monitoring microservices
What to consider when monitoring microservicesWhat to consider when monitoring microservices
What to consider when monitoring microservicesParticular Software
 
IETF 112: Internet centrality and its impact on routing
IETF 112: Internet centrality and its impact on routingIETF 112: Internet centrality and its impact on routing
IETF 112: Internet centrality and its impact on routingAPNIC
 
AWS re:Invent 2016: Making Every Packet Count (NET404)
AWS re:Invent 2016: Making Every Packet Count (NET404)AWS re:Invent 2016: Making Every Packet Count (NET404)
AWS re:Invent 2016: Making Every Packet Count (NET404)Amazon Web Services
 
Performance Tuning on the Fly at CMP.LY
Performance Tuning on the Fly at CMP.LYPerformance Tuning on the Fly at CMP.LY
Performance Tuning on the Fly at CMP.LYMongoDB
 
Request routing in CDN
Request routing in CDNRequest routing in CDN
Request routing in CDNSandeep Kath
 

What's hot (20)

DINR 2021 Virtual Workshop: Passive vs Active Measurements in the DNS
DINR 2021 Virtual Workshop: Passive vs Active Measurements in the DNSDINR 2021 Virtual Workshop: Passive vs Active Measurements in the DNS
DINR 2021 Virtual Workshop: Passive vs Active Measurements in the DNS
 
DNS Openness
DNS OpennessDNS Openness
DNS Openness
 
Experience Using RIR Whois
Experience Using RIR WhoisExperience Using RIR Whois
Experience Using RIR Whois
 
RIPE 76: Measuring ATR
RIPE 76: Measuring ATRRIPE 76: Measuring ATR
RIPE 76: Measuring ATR
 
65% Performance Gains at Cryptocurrency Platform CoinGecko: An Argo Smart Rou...
65% Performance Gains at Cryptocurrency Platform CoinGecko: An Argo Smart Rou...65% Performance Gains at Cryptocurrency Platform CoinGecko: An Argo Smart Rou...
65% Performance Gains at Cryptocurrency Platform CoinGecko: An Argo Smart Rou...
 
RIPE 76: TCP and BBR
RIPE 76: TCP and BBRRIPE 76: TCP and BBR
RIPE 76: TCP and BBR
 
Network latency - measurement and improvement
Network latency - measurement and improvementNetwork latency - measurement and improvement
Network latency - measurement and improvement
 
IPv6 and the DNS, RIPE 73
IPv6 and the DNS, RIPE 73IPv6 and the DNS, RIPE 73
IPv6 and the DNS, RIPE 73
 
How Greta uses NATS to revolutionize data distribution on the Internet
How Greta uses NATS to revolutionize data distribution on the InternetHow Greta uses NATS to revolutionize data distribution on the Internet
How Greta uses NATS to revolutionize data distribution on the Internet
 
Rolling the Root Zone DNSSEC Key Signing Key
Rolling the Root Zone DNSSEC Key Signing KeyRolling the Root Zone DNSSEC Key Signing Key
Rolling the Root Zone DNSSEC Key Signing Key
 
How Time To First Byte (TTFB) Impacts Your Site’s Performance
How Time To First Byte (TTFB) Impacts Your Site’s PerformanceHow Time To First Byte (TTFB) Impacts Your Site’s Performance
How Time To First Byte (TTFB) Impacts Your Site’s Performance
 
Measuring the End User
Measuring the End User Measuring the End User
Measuring the End User
 
NANOG 74: That KSK Roll
NANOG 74: That KSK RollNANOG 74: That KSK Roll
NANOG 74: That KSK Roll
 
Network
NetworkNetwork
Network
 
What to consider when monitoring microservices
What to consider when monitoring microservicesWhat to consider when monitoring microservices
What to consider when monitoring microservices
 
IETF 112: Internet centrality and its impact on routing
IETF 112: Internet centrality and its impact on routingIETF 112: Internet centrality and its impact on routing
IETF 112: Internet centrality and its impact on routing
 
DNS Cache Poisoning
DNS Cache PoisoningDNS Cache Poisoning
DNS Cache Poisoning
 
AWS re:Invent 2016: Making Every Packet Count (NET404)
AWS re:Invent 2016: Making Every Packet Count (NET404)AWS re:Invent 2016: Making Every Packet Count (NET404)
AWS re:Invent 2016: Making Every Packet Count (NET404)
 
Performance Tuning on the Fly at CMP.LY
Performance Tuning on the Fly at CMP.LYPerformance Tuning on the Fly at CMP.LY
Performance Tuning on the Fly at CMP.LY
 
Request routing in CDN
Request routing in CDNRequest routing in CDN
Request routing in CDN
 

Similar to Measuring Recursive Resolver Centrality in the DNS

DNS-OARC 38: The resolvers we use
DNS-OARC 38: The resolvers we useDNS-OARC 38: The resolvers we use
DNS-OARC 38: The resolvers we useAPNIC
 
Resolver concentration presentation for OARC 40 by Joao Damas and Geoff Huston
Resolver concentration presentation for OARC 40 by Joao Damas and Geoff HustonResolver concentration presentation for OARC 40 by Joao Damas and Geoff Huston
Resolver concentration presentation for OARC 40 by Joao Damas and Geoff HustonAPNIC
 
Measuring the centralization of DNS resolution' presentation by Geoff Huston...
Measuring the centralization of DNS resolution' presentation by Geoff Huston...Measuring the centralization of DNS resolution' presentation by Geoff Huston...
Measuring the centralization of DNS resolution' presentation by Geoff Huston...APNIC
 
RIPE 86: DNS in EU before dns4EU
RIPE 86: DNS in EU before dns4EURIPE 86: DNS in EU before dns4EU
RIPE 86: DNS in EU before dns4EUAPNIC
 
NANOG 84: DNS Openness
NANOG 84: DNS OpennessNANOG 84: DNS Openness
NANOG 84: DNS OpennessAPNIC
 
ICANN DNS Symposium 2019: Resolver Centrality
ICANN DNS Symposium 2019: Resolver CentralityICANN DNS Symposium 2019: Resolver Centrality
ICANN DNS Symposium 2019: Resolver CentralityAPNIC
 
DNS in IR: Collection, Analysis and Response
DNS in IR: Collection, Analysis and ResponseDNS in IR: Collection, Analysis and Response
DNS in IR: Collection, Analysis and Responsepm123008
 
Canary Analyze All The Things: How We Learned to Keep Calm and Release Often
Canary Analyze All The Things: How We Learned to Keep Calm and Release OftenCanary Analyze All The Things: How We Learned to Keep Calm and Release Often
Canary Analyze All The Things: How We Learned to Keep Calm and Release OftenC4Media
 
ThousandEyes EMEA - Become the Master of Your DNS
ThousandEyes EMEA - Become the Master of Your DNSThousandEyes EMEA - Become the Master of Your DNS
ThousandEyes EMEA - Become the Master of Your DNSThousandEyes
 
The Resolvers We Use
The Resolvers We UseThe Resolvers We Use
The Resolvers We UseAPNIC
 
AWS re:Invent 2016: Global Traffic Management with Amazon Route 53 Traffic Fl...
AWS re:Invent 2016: Global Traffic Management with Amazon Route 53 Traffic Fl...AWS re:Invent 2016: Global Traffic Management with Amazon Route 53 Traffic Fl...
AWS re:Invent 2016: Global Traffic Management with Amazon Route 53 Traffic Fl...Amazon Web Services
 
DNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff Huston
DNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff HustonDNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff Huston
DNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff HustonAPNIC
 
Consul: Service-oriented at Scale
Consul: Service-oriented at ScaleConsul: Service-oriented at Scale
Consul: Service-oriented at ScaleC4Media
 
Pmw2 k3ni 1-3b
Pmw2 k3ni 1-3bPmw2 k3ni 1-3b
Pmw2 k3ni 1-3bhariclant1
 
Measuring the end user
Measuring the end userMeasuring the end user
Measuring the end userAPNIC
 
Foundational Design Patterns for Multi-Purpose Applications
Foundational Design Patterns for Multi-Purpose ApplicationsFoundational Design Patterns for Multi-Purpose Applications
Foundational Design Patterns for Multi-Purpose ApplicationsChing-Hwa Yu
 
DNS Measurements
DNS MeasurementsDNS Measurements
DNS MeasurementsAFRINIC
 
Plan a successful enterprise Linux migration
Plan a successful enterprise Linux migrationPlan a successful enterprise Linux migration
Plan a successful enterprise Linux migrationRogue Wave Software
 
Back to the Future: Understand and Optimize your IBM Notes and Domino Infrast...
Back to the Future: Understand and Optimize your IBM Notes and Domino Infrast...Back to the Future: Understand and Optimize your IBM Notes and Domino Infrast...
Back to the Future: Understand and Optimize your IBM Notes and Domino Infrast...Dominopoint - Italian Lotus User Group
 

Similar to Measuring Recursive Resolver Centrality in the DNS (20)

DNS-OARC 38: The resolvers we use
DNS-OARC 38: The resolvers we useDNS-OARC 38: The resolvers we use
DNS-OARC 38: The resolvers we use
 
Resolver concentration presentation for OARC 40 by Joao Damas and Geoff Huston
Resolver concentration presentation for OARC 40 by Joao Damas and Geoff HustonResolver concentration presentation for OARC 40 by Joao Damas and Geoff Huston
Resolver concentration presentation for OARC 40 by Joao Damas and Geoff Huston
 
Measuring the centralization of DNS resolution' presentation by Geoff Huston...
Measuring the centralization of DNS resolution' presentation by Geoff Huston...Measuring the centralization of DNS resolution' presentation by Geoff Huston...
Measuring the centralization of DNS resolution' presentation by Geoff Huston...
 
RIPE 86: DNS in EU before dns4EU
RIPE 86: DNS in EU before dns4EURIPE 86: DNS in EU before dns4EU
RIPE 86: DNS in EU before dns4EU
 
NANOG 84: DNS Openness
NANOG 84: DNS OpennessNANOG 84: DNS Openness
NANOG 84: DNS Openness
 
ICANN DNS Symposium 2019: Resolver Centrality
ICANN DNS Symposium 2019: Resolver CentralityICANN DNS Symposium 2019: Resolver Centrality
ICANN DNS Symposium 2019: Resolver Centrality
 
DNS in IR: Collection, Analysis and Response
DNS in IR: Collection, Analysis and ResponseDNS in IR: Collection, Analysis and Response
DNS in IR: Collection, Analysis and Response
 
Canary Analyze All The Things: How We Learned to Keep Calm and Release Often
Canary Analyze All The Things: How We Learned to Keep Calm and Release OftenCanary Analyze All The Things: How We Learned to Keep Calm and Release Often
Canary Analyze All The Things: How We Learned to Keep Calm and Release Often
 
ThousandEyes EMEA - Become the Master of Your DNS
ThousandEyes EMEA - Become the Master of Your DNSThousandEyes EMEA - Become the Master of Your DNS
ThousandEyes EMEA - Become the Master of Your DNS
 
The Resolvers We Use
The Resolvers We UseThe Resolvers We Use
The Resolvers We Use
 
AWS re:Invent 2016: Global Traffic Management with Amazon Route 53 Traffic Fl...
AWS re:Invent 2016: Global Traffic Management with Amazon Route 53 Traffic Fl...AWS re:Invent 2016: Global Traffic Management with Amazon Route 53 Traffic Fl...
AWS re:Invent 2016: Global Traffic Management with Amazon Route 53 Traffic Fl...
 
DNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff Huston
DNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff HustonDNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff Huston
DNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff Huston
 
Consul: Service-oriented at Scale
Consul: Service-oriented at ScaleConsul: Service-oriented at Scale
Consul: Service-oriented at Scale
 
Pmw2 k3ni 1-3b
Pmw2 k3ni 1-3bPmw2 k3ni 1-3b
Pmw2 k3ni 1-3b
 
Measuring the end user
Measuring the end userMeasuring the end user
Measuring the end user
 
RA21: An Update on RA21
RA21: An Update on RA21RA21: An Update on RA21
RA21: An Update on RA21
 
Foundational Design Patterns for Multi-Purpose Applications
Foundational Design Patterns for Multi-Purpose ApplicationsFoundational Design Patterns for Multi-Purpose Applications
Foundational Design Patterns for Multi-Purpose Applications
 
DNS Measurements
DNS MeasurementsDNS Measurements
DNS Measurements
 
Plan a successful enterprise Linux migration
Plan a successful enterprise Linux migrationPlan a successful enterprise Linux migration
Plan a successful enterprise Linux migration
 
Back to the Future: Understand and Optimize your IBM Notes and Domino Infrast...
Back to the Future: Understand and Optimize your IBM Notes and Domino Infrast...Back to the Future: Understand and Optimize your IBM Notes and Domino Infrast...
Back to the Future: Understand and Optimize your IBM Notes and Domino Infrast...
 

More from APNIC

IP addressing and IPv6, presented by Paul Wilson at IETF 119
IP addressing and IPv6, presented by Paul Wilson at IETF 119IP addressing and IPv6, presented by Paul Wilson at IETF 119
IP addressing and IPv6, presented by Paul Wilson at IETF 119APNIC
 
draft-harrison-sidrops-manifest-number-01, presented at IETF 119
draft-harrison-sidrops-manifest-number-01, presented at IETF 119draft-harrison-sidrops-manifest-number-01, presented at IETF 119
draft-harrison-sidrops-manifest-number-01, presented at IETF 119APNIC
 
Making an RFC in Today's IETF, presented by Geoff Huston at IETF 119
Making an RFC in Today's IETF, presented by Geoff Huston at IETF 119Making an RFC in Today's IETF, presented by Geoff Huston at IETF 119
Making an RFC in Today's IETF, presented by Geoff Huston at IETF 119APNIC
 
IPv6 Operational Issues (with DNS), presented by Geoff Huston at IETF 119
IPv6 Operational Issues (with DNS), presented by Geoff Huston at IETF 119IPv6 Operational Issues (with DNS), presented by Geoff Huston at IETF 119
IPv6 Operational Issues (with DNS), presented by Geoff Huston at IETF 119APNIC
 
Is DNS ready for IPv6, presented by Geoff Huston at IETF 119
Is DNS ready for IPv6, presented by Geoff Huston at IETF 119Is DNS ready for IPv6, presented by Geoff Huston at IETF 119
Is DNS ready for IPv6, presented by Geoff Huston at IETF 119APNIC
 
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...Benefits of doing Internet peering and running an Internet Exchange (IX) pres...
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...APNIC
 
APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85
APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85
APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85APNIC
 
NANOG 90: 'BGP in 2023' presented by Geoff Huston
NANOG 90: 'BGP in 2023' presented by Geoff HustonNANOG 90: 'BGP in 2023' presented by Geoff Huston
NANOG 90: 'BGP in 2023' presented by Geoff HustonAPNIC
 
APAN 57: APNIC Report at APAN 57, Bangkok, Thailand
APAN 57: APNIC Report at APAN 57, Bangkok, ThailandAPAN 57: APNIC Report at APAN 57, Bangkok, Thailand
APAN 57: APNIC Report at APAN 57, Bangkok, ThailandAPNIC
 
Lao Digital Week 2024: It's time to deploy IPv6
Lao Digital Week 2024: It's time to deploy IPv6Lao Digital Week 2024: It's time to deploy IPv6
Lao Digital Week 2024: It's time to deploy IPv6APNIC
 
AINTEC 2023: Networking in the Penumbra!
AINTEC 2023: Networking in the Penumbra!AINTEC 2023: Networking in the Penumbra!
AINTEC 2023: Networking in the Penumbra!APNIC
 
CNIRC 2023: Global and Regional IPv6 Deployment 2023
CNIRC 2023: Global and Regional IPv6 Deployment 2023CNIRC 2023: Global and Regional IPv6 Deployment 2023
CNIRC 2023: Global and Regional IPv6 Deployment 2023APNIC
 
AFSIG 2023: APNIC Foundation and support for Internet development
AFSIG 2023: APNIC Foundation and support for Internet developmentAFSIG 2023: APNIC Foundation and support for Internet development
AFSIG 2023: APNIC Foundation and support for Internet developmentAPNIC
 
AFNOG 1: Afghanistan IP Deployment Status
AFNOG 1: Afghanistan IP Deployment StatusAFNOG 1: Afghanistan IP Deployment Status
AFNOG 1: Afghanistan IP Deployment StatusAPNIC
 
AFSIG 2023: Internet routing and addressing
AFSIG 2023: Internet routing and addressingAFSIG 2023: Internet routing and addressing
AFSIG 2023: Internet routing and addressingAPNIC
 
AFSIG 2023: APNIC - Registry & Development
AFSIG 2023: APNIC - Registry & DevelopmentAFSIG 2023: APNIC - Registry & Development
AFSIG 2023: APNIC - Registry & DevelopmentAPNIC
 
Afghanistan IGF 2023: The ABCs and importance of cybersecurity
Afghanistan IGF 2023: The ABCs and importance of cybersecurityAfghanistan IGF 2023: The ABCs and importance of cybersecurity
Afghanistan IGF 2023: The ABCs and importance of cybersecurityAPNIC
 
IDNIC OPM 2023: IPv6 deployment planning and security considerations
IDNIC OPM 2023: IPv6 deployment planning and security considerationsIDNIC OPM 2023: IPv6 deployment planning and security considerations
IDNIC OPM 2023: IPv6 deployment planning and security considerationsAPNIC
 
IDNIC OPM 2023 - Internet Number Registry System
IDNIC OPM 2023 - Internet Number Registry SystemIDNIC OPM 2023 - Internet Number Registry System
IDNIC OPM 2023 - Internet Number Registry SystemAPNIC
 
PacNOG 32: Resource Public Key Infrastructure (RPKI) in 30 minutes or less
PacNOG 32: Resource Public Key Infrastructure (RPKI) in 30 minutes or lessPacNOG 32: Resource Public Key Infrastructure (RPKI) in 30 minutes or less
PacNOG 32: Resource Public Key Infrastructure (RPKI) in 30 minutes or lessAPNIC
 

More from APNIC (20)

IP addressing and IPv6, presented by Paul Wilson at IETF 119
IP addressing and IPv6, presented by Paul Wilson at IETF 119IP addressing and IPv6, presented by Paul Wilson at IETF 119
IP addressing and IPv6, presented by Paul Wilson at IETF 119
 
draft-harrison-sidrops-manifest-number-01, presented at IETF 119
draft-harrison-sidrops-manifest-number-01, presented at IETF 119draft-harrison-sidrops-manifest-number-01, presented at IETF 119
draft-harrison-sidrops-manifest-number-01, presented at IETF 119
 
Making an RFC in Today's IETF, presented by Geoff Huston at IETF 119
Making an RFC in Today's IETF, presented by Geoff Huston at IETF 119Making an RFC in Today's IETF, presented by Geoff Huston at IETF 119
Making an RFC in Today's IETF, presented by Geoff Huston at IETF 119
 
IPv6 Operational Issues (with DNS), presented by Geoff Huston at IETF 119
IPv6 Operational Issues (with DNS), presented by Geoff Huston at IETF 119IPv6 Operational Issues (with DNS), presented by Geoff Huston at IETF 119
IPv6 Operational Issues (with DNS), presented by Geoff Huston at IETF 119
 
Is DNS ready for IPv6, presented by Geoff Huston at IETF 119
Is DNS ready for IPv6, presented by Geoff Huston at IETF 119Is DNS ready for IPv6, presented by Geoff Huston at IETF 119
Is DNS ready for IPv6, presented by Geoff Huston at IETF 119
 
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...Benefits of doing Internet peering and running an Internet Exchange (IX) pres...
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...
 
APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85
APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85
APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85
 
NANOG 90: 'BGP in 2023' presented by Geoff Huston
NANOG 90: 'BGP in 2023' presented by Geoff HustonNANOG 90: 'BGP in 2023' presented by Geoff Huston
NANOG 90: 'BGP in 2023' presented by Geoff Huston
 
APAN 57: APNIC Report at APAN 57, Bangkok, Thailand
APAN 57: APNIC Report at APAN 57, Bangkok, ThailandAPAN 57: APNIC Report at APAN 57, Bangkok, Thailand
APAN 57: APNIC Report at APAN 57, Bangkok, Thailand
 
Lao Digital Week 2024: It's time to deploy IPv6
Lao Digital Week 2024: It's time to deploy IPv6Lao Digital Week 2024: It's time to deploy IPv6
Lao Digital Week 2024: It's time to deploy IPv6
 
AINTEC 2023: Networking in the Penumbra!
AINTEC 2023: Networking in the Penumbra!AINTEC 2023: Networking in the Penumbra!
AINTEC 2023: Networking in the Penumbra!
 
CNIRC 2023: Global and Regional IPv6 Deployment 2023
CNIRC 2023: Global and Regional IPv6 Deployment 2023CNIRC 2023: Global and Regional IPv6 Deployment 2023
CNIRC 2023: Global and Regional IPv6 Deployment 2023
 
AFSIG 2023: APNIC Foundation and support for Internet development
AFSIG 2023: APNIC Foundation and support for Internet developmentAFSIG 2023: APNIC Foundation and support for Internet development
AFSIG 2023: APNIC Foundation and support for Internet development
 
AFNOG 1: Afghanistan IP Deployment Status
AFNOG 1: Afghanistan IP Deployment StatusAFNOG 1: Afghanistan IP Deployment Status
AFNOG 1: Afghanistan IP Deployment Status
 
AFSIG 2023: Internet routing and addressing
AFSIG 2023: Internet routing and addressingAFSIG 2023: Internet routing and addressing
AFSIG 2023: Internet routing and addressing
 
AFSIG 2023: APNIC - Registry & Development
AFSIG 2023: APNIC - Registry & DevelopmentAFSIG 2023: APNIC - Registry & Development
AFSIG 2023: APNIC - Registry & Development
 
Afghanistan IGF 2023: The ABCs and importance of cybersecurity
Afghanistan IGF 2023: The ABCs and importance of cybersecurityAfghanistan IGF 2023: The ABCs and importance of cybersecurity
Afghanistan IGF 2023: The ABCs and importance of cybersecurity
 
IDNIC OPM 2023: IPv6 deployment planning and security considerations
IDNIC OPM 2023: IPv6 deployment planning and security considerationsIDNIC OPM 2023: IPv6 deployment planning and security considerations
IDNIC OPM 2023: IPv6 deployment planning and security considerations
 
IDNIC OPM 2023 - Internet Number Registry System
IDNIC OPM 2023 - Internet Number Registry SystemIDNIC OPM 2023 - Internet Number Registry System
IDNIC OPM 2023 - Internet Number Registry System
 
PacNOG 32: Resource Public Key Infrastructure (RPKI) in 30 minutes or less
PacNOG 32: Resource Public Key Infrastructure (RPKI) in 30 minutes or lessPacNOG 32: Resource Public Key Infrastructure (RPKI) in 30 minutes or less
PacNOG 32: Resource Public Key Infrastructure (RPKI) in 30 minutes or less
 

Recently uploaded

Contact Rya Baby for Call Girls New Delhi
Contact Rya Baby for Call Girls New DelhiContact Rya Baby for Call Girls New Delhi
Contact Rya Baby for Call Girls New Delhimiss dipika
 
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一z xss
 
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书zdzoqco
 
『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书
『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书
『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书rnrncn29
 
Film cover research (1).pptxsdasdasdasdasdasa
Film cover research (1).pptxsdasdasdasdasdasaFilm cover research (1).pptxsdasdasdasdasdasa
Film cover research (1).pptxsdasdasdasdasdasa494f574xmv
 
Q4-1-Illustrating-Hypothesis-Testing.pptx
Q4-1-Illustrating-Hypothesis-Testing.pptxQ4-1-Illustrating-Hypothesis-Testing.pptx
Q4-1-Illustrating-Hypothesis-Testing.pptxeditsforyah
 
SCM Symposium PPT Format Customer loyalty is predi
SCM Symposium PPT Format Customer loyalty is prediSCM Symposium PPT Format Customer loyalty is predi
SCM Symposium PPT Format Customer loyalty is predieusebiomeyer
 
Font Performance - NYC WebPerf Meetup April '24
Font Performance - NYC WebPerf Meetup April '24Font Performance - NYC WebPerf Meetup April '24
Font Performance - NYC WebPerf Meetup April '24Paul Calvano
 
PHP-based rendering of TYPO3 Documentation
PHP-based rendering of TYPO3 DocumentationPHP-based rendering of TYPO3 Documentation
PHP-based rendering of TYPO3 DocumentationLinaWolf1
 
NSX-T and Service Interfaces presentation
NSX-T and Service Interfaces presentationNSX-T and Service Interfaces presentation
NSX-T and Service Interfaces presentationMarko4394
 
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170Sonam Pathan
 
Top 10 Interactive Website Design Trends in 2024.pptx
Top 10 Interactive Website Design Trends in 2024.pptxTop 10 Interactive Website Design Trends in 2024.pptx
Top 10 Interactive Website Design Trends in 2024.pptxDyna Gilbert
 
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书rnrncn29
 
Call Girls Near The Suryaa Hotel New Delhi 9873777170
Call Girls Near The Suryaa Hotel New Delhi 9873777170Call Girls Near The Suryaa Hotel New Delhi 9873777170
Call Girls Near The Suryaa Hotel New Delhi 9873777170Sonam Pathan
 
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作ys8omjxb
 

Recently uploaded (17)

Contact Rya Baby for Call Girls New Delhi
Contact Rya Baby for Call Girls New DelhiContact Rya Baby for Call Girls New Delhi
Contact Rya Baby for Call Girls New Delhi
 
young call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Service
young call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Serviceyoung call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Service
young call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Service
 
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
 
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
 
『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书
『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书
『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书
 
Film cover research (1).pptxsdasdasdasdasdasa
Film cover research (1).pptxsdasdasdasdasdasaFilm cover research (1).pptxsdasdasdasdasdasa
Film cover research (1).pptxsdasdasdasdasdasa
 
Q4-1-Illustrating-Hypothesis-Testing.pptx
Q4-1-Illustrating-Hypothesis-Testing.pptxQ4-1-Illustrating-Hypothesis-Testing.pptx
Q4-1-Illustrating-Hypothesis-Testing.pptx
 
SCM Symposium PPT Format Customer loyalty is predi
SCM Symposium PPT Format Customer loyalty is prediSCM Symposium PPT Format Customer loyalty is predi
SCM Symposium PPT Format Customer loyalty is predi
 
Font Performance - NYC WebPerf Meetup April '24
Font Performance - NYC WebPerf Meetup April '24Font Performance - NYC WebPerf Meetup April '24
Font Performance - NYC WebPerf Meetup April '24
 
PHP-based rendering of TYPO3 Documentation
PHP-based rendering of TYPO3 DocumentationPHP-based rendering of TYPO3 Documentation
PHP-based rendering of TYPO3 Documentation
 
NSX-T and Service Interfaces presentation
NSX-T and Service Interfaces presentationNSX-T and Service Interfaces presentation
NSX-T and Service Interfaces presentation
 
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
 
Top 10 Interactive Website Design Trends in 2024.pptx
Top 10 Interactive Website Design Trends in 2024.pptxTop 10 Interactive Website Design Trends in 2024.pptx
Top 10 Interactive Website Design Trends in 2024.pptx
 
Hot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort ServiceHot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort Service
 
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书
 
Call Girls Near The Suryaa Hotel New Delhi 9873777170
Call Girls Near The Suryaa Hotel New Delhi 9873777170Call Girls Near The Suryaa Hotel New Delhi 9873777170
Call Girls Near The Suryaa Hotel New Delhi 9873777170
 
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
 

Measuring Recursive Resolver Centrality in the DNS

  • 1. Measuring Recursive Resolver Centrality Geoff Huston, Joao Damas APNIC Labs
  • 2. Why pick on the DNS? The DNS is used by everyone and everything • Because pretty much everything you do on the net starts with a call to the DNS • If a single entity “controlled” the DNS then to all practical purposes they would control not just the DNS, but the entire Internet!
  • 3. This Presentation •What’s the problem with centrality anyway? •What does centrality in the DNS mean? •How to measure DNS centrality •What we measure •What are we see 3
  • 4. Centrality • Many aspects of the Internet’s infrastructure are operated by fewer and fewer entities over time 4
  • 5. What’s the problem? • Economics A01 (or Adam Smith’s Invisible Hand) • Competition rewards efficient producers • Innovation that increases production efficiency is rewarded • Consumers benefit from increased production efficiency and innovation • Consolidation in the market • Distorts the functions of an open competitive market • Decreases competition pressure • Creates barriers to entry in the market • Reduces pressure for increased production efficiency and innovation • Consumers end up paying a premium 5
  • 6. Consolidation in the DNS • It’s not a new topic: • For many years Bind was a defacto monopoly provider for DNS software. At the time every DNS recursive resolver and authoritative server ran Bind software. This has broadened out to a number of software platforms and is less of a concern today • Where else might we find consolidation in today’s DNS? • Name Registration services • Name Hosting service providers • Name Resolution providers 6
  • 7. Focus! • Here we are going to concentrate on just one of these areas! • We will look at the recursive resolver market and try to understand the extent to which we are seeing consolidation of the recursive name resolution function 7
  • 8. Recursive Resolvers • This function is generally bundled with an ISP’s access service for public network services • Which means that there is already some level of consolidation in this space as the concentration of these DNS services follows the concentration of ISPs in the retail market • Is there consolidation in the DNS recursive resolution function over and above this access market consolidation? • Where might we see such consolidation? 8
  • 9. The Rise of Open DNS Resolvers • There are some 6M open DNS resolvers in operation today* Most of these appear to be inadvertently open due to errant CPE equipment • Others are explicitly configured to offer DNS resolution services as a open service • Hard to say where all this started, but an early example was the the 4.2.2.2 open resolver project offered by BBN Planet in the mid-90’s, though there were many others even then • At that time many ISPs used recursive resolvers as a service and some operated these platforms as a open service as a least cost / lowest admin overhead option • The use of anycast in the DNS made it possible to operate a single service with a distributed footprint • Open DNS was one of the early offerings of a dedicated recursive resolution service with a scaled up infrastructure • Google Public DNS entered the picture with a service that took scaling to the next level 9 * https://scan.shadowserver.org/dns/
  • 10. What’s the Centrality Question here? • One way to measure centrality is by “market share” • So the question here would be: • What proportion of users of the Internet use <X> as their DNS resolver? • We won’t distinguish between end users explicitly adding their own DNS configuration into their platform and ISPs using forwarding structures to pass all DNS queries to an open resolver. Through the lens of “centrality” both paths to using open DNS resolvers look the same! 10
  • 11. How we Measure DNS Centrality • We use Google Ads as the main element of this measurement • The measurement script is an embedded block of HTML5 code in an Ad • The Ad runs in campaigns that generate some 10M impressions per day • We get to “see” the DNS in operation from the inside of most mid-to-large ISPs and service providers across the entire Internet • Ads provide very little functionality in the embedded scripts – it’s basically limited to fetching URLs • But that’s enough here, as a URL fetch involves the resolution of a domain name • So we use unique DNS names in every ad, so the DNS queries will be passed though to our authoritative servers 11
  • 12. Recursive Resolver Behaviours • The task is to match the source of a query of a domain name to both a resolver and an end user • We need to • map query IP source addresses to resolvers • understand how the DNS “manages” queries • how the resolver lists in /etc/resolv.conf are used 12
  • 13. Mapping Resolver Addresses • We use periodic sweeps with RIPE Atlas to reveal the engine addresses used by popular Open DNS resolvers, and load this into an identification database 13
  • 14. Understanding Resolver Behaviour 14 Query Distributor Resolver Engine Resolver Engine Resolver Engine Resolver Engine From Client To Server Service Address Engine Address
  • 15. Resolution Metrics • Average query count per unique name: 3.4 (Dual stack hosts may be a factor here) • Max observed query count in 30 seconds is 1,761 queries! 15 0% 5% 10% 15% 20% 25% 30% 35% 1 2 3 4 5 6 7 8 9 10 % of names Number of queries Queries per Name
  • 16. Resolution Metrics • Average number of resolvers (IP addresses) per unique name: 2.1 • 30 second maximum resolvers seen: 94 16 0% 10% 20% 30% 40% 50% 60% 1 2 3 4 5 6 7 8 9 10 % of names Number of resolvers Resolvers (IP addrs) per Name
  • 17. First Resolver vs Full Resolver Set • What happens if the authoritative server always reports SERVFAIL to all queries? • We use a server that always returns a SERVFAIL error code to prompt the client to run through its full set of recursive resolvers 17
  • 18. SERVFAIL Resolution Metrics • Average query count per unique name: 36.5 • Max observed query count in 30 seconds is 292,942 queries! 18 0% 1% 1% 2% 2% 3% 3% 4% 4% 5% 5% 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 % of names Number of queries Queries per Name
  • 19. SERVFAIL Resolution Metrics • Average number of resolvers (IP addresses) per unique name: 8.9 • 30 second maximum resolvers seen: 1,368 19 0% 2% 4% 6% 8% 10% 12% 14% 16% 18% 20% 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 % of names Number of resolvers Resolvers per Name
  • 20. Recursive Resolver Stats 20 Of the 140,000 visible recursive resolvers, just 150 resolvers account for 20% of all users and 1,500 resolvers account for 50% of all users. 10,000 resolvers account for 90% of all users However we are looking here at resolver IP addresses, and that’s probably misleading. Lets try and group resolver IP addresses into resolver services
  • 21. Recursive Resolver Stats 21 Of the 14,600 visible recursive resolvers services, just 15 resolver services serve 50% of users 250 resolver services serve 90% of users Is this what we mean by “centralisation”?
  • 22. Details Lets break this data down into: • Using a “known” open DNS resolver • Using a resolver in the same AS as the user • Using a resolver in the same country as the user • Others 22
  • 23. ”First” Resolver Use 23 70% of users use a resolver located in the same AS as the user (ISP resolver) 17% of users use a resolver located in the same CC as the user (ISP resolver?) 15% of users use the Google open resolver (8.8.8.8)
  • 24. All Resolver Use (SERVFAIL) 24 70% -> 72% for same ISP 15% -> 29% for Google use (yes, the plotting software performed a colour change – sorry!)
  • 25. Google DNS 25 Use of Google Service per CC Within each country how many users In that country use Google’s resolver?
  • 26. Google DNS 26 Use of Google Service by User Count Looking at the total population of users using Google’s service, where are they located?
  • 27. Google DNS • Google DNS use appears to be equally split between first use (15% of users) and backup resolvers (a further 14% of users) • Within each economy Google DNS is heavily used in some African economies, and central and southern Asian economies • The largest pool of Google DNS users are located in India (19% of Google DNS users) • Significant pools Google users are also seen in the US, China, Nigeria, Brazil and Iran (each CC has some 4% - 6% of Google’s DNS users) 27
  • 28. Cloudflare’s 1.1.1.1 service 28 Where is Cloudflare used? Cloudflare is extensively used in Turkmenistan (80%), Iran (57%), Niger (54%) Cameroon (54%) and the Congo (49%) Cloudflare market share
  • 29. Iran 29 A major ISP in IRAN, MCCI, distributes its queries across Google, Cloudflare, Yandex, Neustar, OpenDNS, Quad9 and others
  • 30. Who makes the choice? • Is this the ISP‘s resolver performing forwarding of the query to an open resolver, or the users themselves opting out of the ISP service? • The numbers vary, but it is quite common to see 60% - 80% of users in an AS having their queries sent to an open resolver when open resolvers are used 30 Google DNS at 86% Open DNS at 27%
  • 31. Resolver Centrality? • Its not a “small number” of open resolvers • It’s just 1 – Google’s Public DNS • Its not end users reconfiguring their devices • It’s the ISP • And where its not the ISP it’s mainly enterprise customers of ISPs • Is this changing? • Yes, but quite slowly 31
  • 32. Is this a “problem”? • It this an emerging distortion of the market that puts excessive market control in the hands of a small set of providers? • No, not so far • It’s more likely that the shift of DNS functions into application realms using DoH services as an application function is a far greater threat to the current model of the DNS as a common single infrastructure 32
  • 33. Thanks! Report on Resolver Use: https://stats.labs.apnic.net/rvrs