SlideShare a Scribd company logo

The Resolvers We Use

APNIC, profile picture
APNIC

The document discusses DNS (Domain Name System) resolution performance data collected from online advertising. Some key findings include: - For 25% of internet users, a simple DNS query is not resolved in a single query. - 6% of users have resolvers that take over 2 seconds to complete DNS resolution. - DNS query logs contain information about users' online activities that could potentially be used to infer personal details or preferences. - The top 25 resolvers in the data set, believed to be Google public DNS servers, each serviced hundreds of thousands of queries.

Internet
1 of 45
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
The Resolvers We Use Geoff Huston APNIC    
One of those wtf moments… This  figure  was  produced  as  part   of  some  related  work  that  was   measuring  the  addi7onal  7me   penalty  that  would  apply  when   the  name  being  resolved  was   signed  using  DNSSEC.  
One of those wtf moments… This  figure  was  produced  as  part   of  some  related  work  that  was   measuring  the  addi7onal  7me   penalty  that  would  apply  when   the  name  being  resolved  was   signed  using  DNSSEC.   One surprising observation here is that for 25% of the world’s users a simple uncached DNS name is not resolved in a single query Some 6% of Internet users use resolvers that take more than 2 seconds to complete the resolution function
One of those wtf moments… This  figure  was  produced  as  part   of  some  related  work  that  was   measuring  the  addi7onal  7me   penalty  that  would  apply  when   the  name  being  resolved  was   signed  using  DNSSEC.     One surprising observation here is that for 25% of the world’s users a simple uncached DNS name is not resolved in a single query Some 6% of Internet users use resolvers that take more than 2 seconds to complete the resolution function Why is DNS resolution performance so incredibly bad for so many users?
And that leads to… •  It  appears  that  what  we  think  about  how  the  DNS  works  and   how  folk  actually  are  using  the  DNS  is  not  well  aligned   •  We  all  think  we  understand  how  DNS  resolu7on  works  in   terms  of  the  interchange  of  DNS  protocol  elements   –  But  the  performance  of  DNS  name  resolu7on  depends  on  a  number  of   addi7onal  factors,  both  in  terms  of  the  users’  choice  of  resolvers  and   the  name  admin’s  choice  of  authorita7ve  servers  
But… The  issue  is  more  than  just  a  ques7on  of   unexpected  poor  performance  of  name   resolu7on.     There’s  more  to  this...  
Why is DNS resolution data valuable? •  Almost  everything  we  do  on  the  Internet  starts   with  a  DNS  name  resolu7on  opera7on   •  DNS    resolver  query  logs  contain  a  rich  vein  of   real  7me    informa7on  about  what  users  do   query  logs  and  can  be  analyzed  to  infer  informa7on   about  the  users  themselves  through  the  names  that   their  applica7ons  resolve   query  logs  contains  indirect  pointers  that  can  be  used  to   derive  aggregate  aspects  of  users’  demographics,   preferences,  purchases,  etc  
Information Leaks The  ques7on  of  where  your  DNS  query  traffic  is  being  sent  is   also  a  ques7on  of  whether  you  are  leaking  a  real  7me  trail  of   your  online  ac7vi7es   Which  leads  to  an  interes7ng  ques7on  about  today’s  Internet:   –  To  what  extent  is  this  DNS  resolu7on  data  stream  “leaked”   outward?   •  Across  network  boundaries?   •  Across  na7onal  boundaries?   –  This  second  form  of  informa7on  leakage  is  “interes7ng”   While  many  na7onal  regimes  include  regula7ons  concerning  personally   iden7fying  data,  its  not  clear  if  these  regula7ons  extend  these  same   protec7ons  to  aliens  who  are  not  ci7zens  of  the  country  where  the   informa7on  is  held  
Measuring the Internet via its Users At  APNIC  we’ve  been  using  online  ads  to  measure   the  user’s  view  of  the    Internet  for  some  years   –  We  ask  users  to  fetch  a  unique  URL   –  This  involves  a  DNS  resolu7on  and  a  HTTP  GET  to  our   servers   –  So  we  collect  sets  of  DNS  queries  and  WEB  queries   –  To  see   •  how  we  are  doing  with  the  IPv6  transi7on   •  where  DNSSEC  valida7on  is  being  used   •  And  similar    
Users and Resolvers These  data  sets  also  allow  us  to  match       –  the  IP  address  of  the  resolver  that  queries  the  authorita7ve  name   server  (the  “visible  resolver”)   to   –  the  IP  address  of  the  client  agent  that  retrieves  the  URL    
Some Numbers Using  data  collected  across  2014  (Jan-­‐Dec):            104,986,719  individual  sample  points    404,705  unique  resolver  IP  addresses     This  “raw”  data  is  skewed  to  the  ad  placement  algorithms  we   used,  so  we  then  re-­‐weighted  the  raw  numbers  in  each   country  to  align  to  the  rela7vi7es  of  the  Internet  user   popula7on  in  each  country.  This  provides  us  with  a  view  that   does  not  over-­‐represent  certain  countries  in  the  data          
Top 25 Resolvers Rank Resolver Use % 1 74.125.189.20 962,729 0.42% 2 74.125.189.16 961,207 0.42% 3 74.125.189.23 960,124 0.42% 4 74.125.189.17 959,964 0.42% 5 74.125.189.21 959,915 0.42% 6 74.125.189.19 959,060 0.42% 7 74.125.189.18 958,675 0.42% 8 74.125.189.22 958,597 0.42% 9 74.125.41.81 879,019 0.39% 10 74.125.41.82 877,909 0.39% 11 74.125.41.84 876,049 0.39% 12 74.125.41.83 875,978 0.39% 13 74.125.41.80 875,355 0.39% 14 74.125.41.16 862,749 0.38% 15 74.125.41.17 862,407 0.38% 16 74.125.41.18 861,868 0.38% 17 74.125.41.20 861,713 0.38% 18 74.125.41.19 861,538 0.38% 19 74.125.16.82 731,702 0.32% 20 74.125.16.81 730,670 0.32% 21 74.125.16.84 730,328 0.32% 22 74.125.16.80 730,098 0.32% 23 74.125.16.83 729,540 0.32% 24 74.125.41.145 669,941 0.30% 25 74.125.41.147 669,081 0.29%
Top 25 Resolvers Rank Resolver Use % 1 74.125.189.20 962,729 0.42% 2 74.125.189.16 961,207 0.42% 3 74.125.189.23 960,124 0.42% 4 74.125.189.17 959,964 0.42% 5 74.125.189.21 959,915 0.42% 6 74.125.189.19 959,060 0.42% 7 74.125.189.18 958,675 0.42% 8 74.125.189.22 958,597 0.42% 9 74.125.41.81 879,019 0.39% 10 74.125.41.82 877,909 0.39% 11 74.125.41.84 876,049 0.39% 12 74.125.41.83 875,978 0.39% 13 74.125.41.80 875,355 0.39% 14 74.125.41.16 862,749 0.38% 15 74.125.41.17 862,407 0.38% 16 74.125.41.18 861,868 0.38% 17 74.125.41.20 861,713 0.38% 18 74.125.41.19 861,538 0.38% 19 74.125.16.82 731,702 0.32% 20 74.125.16.81 730,670 0.32% 21 74.125.16.84 730,328 0.32% 22 74.125.16.80 730,098 0.32% 23 74.125.16.83 729,540 0.32% 24 74.125.41.145 669,941 0.30% 25 74.125.41.147 669,081 0.29% This list looks pretty strange!
Top Resolvers Rank Resolver Use % Origin AS 1 74.125.189.20 962,729 0.42% 15169 - Google 2 74.125.189.16 961,207 0.42% 15169 - Google 3 74.125.189.23 960,124 0.42% 15169 - Google 4 74.125.189.17 959,964 0.42% 15169 - Google 5 74.125.189.21 959,915 0.42% 15169 - Google 6 74.125.189.19 959,060 0.42% 15169 - Google 7 74.125.189.18 958,675 0.42% 15169 - Google 8 74.125.189.22 958,597 0.42% 15169 - Google 9 74.125.41.81 879,019 0.39% 15169 - Google 10 74.125.41.82 877,909 0.39% 15169 - Google 11 74.125.41.84 876,049 0.39% 15169 - Google 12 74.125.41.83 875,978 0.39% 15169 - Google 13 74.125.41.80 875,355 0.39% 15169 - Google 14 74.125.41.16 862,749 0.38% 15169 - Google 15 74.125.41.17 862,407 0.38% 15169 - Google 16 74.125.41.18 861,868 0.38% 15169 - Google 17 74.125.41.20 861,713 0.38% 15169 - Google 18 74.125.41.19 861,538 0.38% 15169 - Google 19 74.125.16.82 731,702 0.32% 15169 - Google 20 74.125.16.81 730,670 0.32% 15169 - Google 21 74.125.16.84 730,328 0.32% 15169 - Google 22 74.125.16.80 730,098 0.32% 15169 - Google 23 74.125.16.83 729,540 0.32% 15169 - Google 24 74.125.41.145 669,941 0.30% 15169 - Google 25 74.125.41.147 669,081 0.29% 15169 - Google When we add origin AS it gets a little clearer These resolvers are part of Google’s Public DNS resolver farms that support 8.8.8.8 and 8.8.4.4 – they are the fetch slaves So we need a different counting approach -- what if we group all resolvers by their AS?
Top Resolvers by Origin AS Rank AS Count Share Cumulative AS Name 1 15169 77,752,963 34.24% 34.24% GOOGLE - Google Inc.,US 2 4134 7,515,050 3.31% 37.55% CHINANET-BACKBONE No.31,Jin-rong Street,CN 3 3462 5,651,005 2.49% 40.04% HINET Data Communication Business Group,TW 4 3356 5,544,822 2.44% 42.48% LEVEL3 - Level 3 Communications, Inc.,US 5 6147 5,123,169 2.26% 44.74% Telefonica del Peru S.A.A.,PE 6 16880 4,120,210 1.81% 46.55% AS2-TRENDMICRO-COM - TREND MICRO INCORPORATED,US 7 8151 4,090,436 1.80% 48.35% Uninet S.A. de C.V.,MX 8 7470 3,388,845 1.49% 49.85% TRUEINTERNET-AS-AP TRUE INTERNET Co.,Ltd.,TH 9 4837 3,150,429 1.39% 51.23% CHINA169-BACKBONE CNCGROUP China169 Backbone,CN 10 9121 2,958,671 1.30% 52.54% TTNET Turk Telekomunikasyon Anonim Sirketi,TR 11 7922 2,808,303 1.24% 53.77% COMCAST-7922 - Comcast Cable Communications, Inc.,US 12 9299 2,719,648 1.20% 54.97% IPG-AS-AP Philippine Long Distance Telephone Company,PH 13 4766 2,595,704 1.14% 56.11% KIXS-AS-KR Korea Telecom,KR 14 45758 2,408,824 1.06% 57.17% TRIPLETNET-AS-AP TripleT Bangkok,TH 15 36692 2,075,246 0.91% 58.09% OPENDNS - OpenDNS, LLC,US 16 9318 1,839,866 0.81% 58.90% HANARO-AS Hanaro Telecom Inc.,KR 17 8048 1,740,434 0.77% 59.67% CANTV Servicios, Venezuela,VE 18 3786 1,675,723 0.74% 60.40% LGDACOM LG DACOM Corporation,KR 19 9737 1,662,131 0.73% 61.14% TOTNET-TH-AS-AP TOT Public Company Limited,TH 20 13489 1,634,966 0.72% 61.86% EPM Telecomunicaciones S.A. E.S.P.,CO 21 17974 1,554,658 0.68% 62.54% TELKOMNET-AS2-AP PT Telekomunikasi Indonesia,ID 22 7643 1,487,808 0.66% 63.20% VNPT-AS-VN Vietnam Posts and Telecommunications,VN 23 7303 1,414,687 0.62% 63.82% Telecom Argentina S.A.,AR 24 19994 1,357,249 0.60% 64.42% RACKSPACE - Rackspace Hosting,US 25 8708 1,272,774 0.56% 64.98% RCS-RDS RCS & RDS SA,RO
Top Resolvers by AS Rank AS Count Share Cumulative AS Name 1 15169 77,752,963 34.24% 34.24% GOOGLE - Google Inc.,US 2 4134 7,515,050 3.31% 37.55% CHINANET-BACKBONE No.31,Jin-rong Street,CN 3 3462 5,651,005 2.49% 40.04% HINET Data Communication Business Group,TW 4 3356 5,544,822 2.44% 42.48% LEVEL3 - Level 3 Communications, Inc.,US 5 6147 5,123,169 2.26% 44.74% Telefonica del Peru S.A.A.,PE 6 16880 4,120,210 1.81% 46.55% AS2-TRENDMICRO-COM - TREND MICRO INCORPORATED,US 7 8151 4,090,436 1.80% 48.35% Uninet S.A. de C.V.,MX 8 7470 3,388,845 1.49% 49.85% TRUEINTERNET-AS-AP TRUE INTERNET Co.,Ltd.,TH 9 4837 3,150,429 1.39% 51.23% CHINA169-BACKBONE CNCGROUP China169 Backbone,CN 10 9121 2,958,671 1.30% 52.54% TTNET Turk Telekomunikasyon Anonim Sirketi,TR 11 7922 2,808,303 1.24% 53.77% COMCAST-7922 - Comcast Cable Communications, Inc.,US 12 9299 2,719,648 1.20% 54.97% IPG-AS-AP Philippine Long Distance Telephone Company,PH 13 4766 2,595,704 1.14% 56.11% KIXS-AS-KR Korea Telecom,KR 14 45758 2,408,824 1.06% 57.17% TRIPLETNET-AS-AP TripleT Bangkok,TH 15 36692 2,075,246 0.91% 58.09% OPENDNS - OpenDNS, LLC,US 16 9318 1,839,866 0.81% 58.90% HANARO-AS Hanaro Telecom Inc.,KR 17 8048 1,740,434 0.77% 59.67% CANTV Servicios, Venezuela,VE 18 3786 1,675,723 0.74% 60.40% LGDACOM LG DACOM Corporation,KR 19 9737 1,662,131 0.73% 61.14% TOTNET-TH-AS-AP TOT Public Company Limited,TH 20 13489 1,634,966 0.72% 61.86% EPM Telecomunicaciones S.A. E.S.P.,CO 21 17974 1,554,658 0.68% 62.54% TELKOMNET-AS2-AP PT Telekomunikasi Indonesia,ID 22 7643 1,487,808 0.66% 63.20% VNPT-AS-VN Vietnam Posts and Telecommunications,VN 23 7303 1,414,687 0.62% 63.82% Telecom Argentina S.A.,AR 24 19994 1,357,249 0.60% 64.42% RACKSPACE - Rackspace Hosting,US 25 8708 1,272,774 0.56% 64.98% RCS-RDS RCS & RDS SA,RO This list still looks pretty strange! The problem is that resolver farms amplify their presence in this list because they splay multiple Instances of the same query across slave resolvers Can we compensate for this?
Top Resolvers by AS – filtered to initial query Rank AS Use AS Name 1 15169 9.91% GOOGLE - Google Inc.,US 2 4134 9.53% CHINANET-BACKBONE No.31,Jin-rong Street,CN 3 4837 5.95% CHINA169-BACKBONE CNCGROUP China169 Backbone,CN 4 7922 1.67% COMCAST-7922 - Comcast Cable Communications, Inc.,US 5 36692 1.32% OPENDNS - OpenDNS, LLC,US 6 8151 1.27% Uninet S.A. de C.V.,MX 7 9829 1.17% BSNL-NIB National Internet Backbone,IN 8 4713 1.13% OCN NTT Communications Corporation,JP 9 3320 1.02% DTAG Deutsche Telekom AG,DE 10 10753 0.93% LVLT-10753 - Level 3 Communications, Inc.,US 11 4812 0.92% CHINANET-SH-AP China Telecom (Group),CN 12 4813 0.90% BACKBONE-GUANGDONG-AP China Telecom(Group),CN 13 4766 0.86% KIXS-AS-KR Korea Telecom,KR 14 28573 0.84% NET Servicos de Comunicatio S.A.,BR 15 4808 0.76% CHINA169-BJ CNCGROUP IP network China169 Beijing Province Network,CN 16 24560 0.75% AIRTELBROADBAND-AS-AP Bharti Airtel Ltd., Telemedia Services,IN 17 3215 0.72% AS3215 Orange S.A.,FR 18 701 0.71% UUNET - MCI Communications Services, Inc. d/b/a Verizon Business,US 19 9121 0.64% TTNET Turk Telekomunikasyon Anonim Sirketi,TR 20 8452 0.63% TE-AS TE-AS,EG 21 9394 0.62% CTTNET China TieTong Telecommunications Corporation,CN 22 9808 0.60% CMNET-GD Guangdong Mobile Communication Co.Ltd.,CN 23 6713 0.57% IAM-AS,MA 24 6830 0.56% LGI-UPC Liberty Global Operations B.V.,EU 25 18881 0.55% Global Village Telecom,BR
Resolver Distribution
Resolver Distribution Just 3 resolver farms process 23% of users! 0.7% of all visible resolvers handle the query load for 90% of all users 90% of users 1,900 resolvers
Who’s Resolving “Locally” and Who’s Not? Let’s  filter  this  data  by  removing  all  entries   where  the  user  and  the  visible  resolver  are   located  within  the  same  network  (same  AS)     Which  non-­‐local  resolvers  are  being  used?  
Non-Local (AS) Resolution: Top Resolvers (by AS) Rank AS Use AS Name 1 15169 2,494,244 36.87% GOOGLE - Google Inc.,US 2 36692 332,762 4.92% OPENDNS - OpenDNS, LLC,US 3 10753 233,568 3.45% LVLT-10753 - Level 3 Communications, Inc.,US 4 4813 227,137 3.36% BACKBONE-GUANGDONG-AP China Telecom(Group),CN 5 7132 126,454 1.87% SBIS-AS - AT&T Internet Services,US 6 6713 116,586 1.72% IAM-AS,MA 7 4134 104,840 1.55% CHINANET-BACKBONE No.31,Jin-rong Street,CN 8 18209 86,197 1.27% BEAMTELE-AS-AP Beam Telecom Pvt Ltd,IN 9 4837 75,780 1.12% CHINA169-BACKBONE CNCGROUP China169 Backbone,CN 10 4808 75,497 1.12% China169 China Unicom Beijing Province Network,CN 11 18101 73,760 1.09% Reliance Communications Ltd.DAKC MUMBAI,IN 12 20746 68,061 1.01% ASN-IDC Telecomitalia s.p.a.,IT 13 3786 65,025 0.96% LGDACOM LG DACOM Corporation,KR 14 9394 64,963 0.96% CTTNET China TieTong Telecommunications Corporation,CN 15 7843 55,329 0.82% TWCABLE-BACKBONE - Time Warner Cable Internet LLC,US 16 17621 54,542 0.81% CNCGROUP-SH China Unicom Shanghai network,CN 17 17816 52,618 0.78% China Unicom China169 Guangdong province,CN 18 7643 48,236 0.71% VNPT-AS-VN Vietnam Posts and Telecommunications (VNPT),VN 19 5713 46,887 0.69% SAIX-NET,ZA 20 23724 42,281 0.62% CHINANET-IDC-BJ-AP IDC, China Telecommunications Corporation,CN 21 3356 40,161 0.59% LEVEL3 - Level 3 Communications, Inc.,US 22 7470 39,916 0.59% TRUEINTERNET-AS-AP TRUE INTERNET Co.,Ltd.,TH 23 2914 36,238 0.54% NTT-COMMUNICATIONS-2914 - NTT America, Inc.,US 24 58466 35,730 0.53% CT-GUANGZHOU-IDC CHINANET Guangdong province network,CN 25 4835 34,897 0.52% CHINANET-IDC-SN China Telecom (Group),CN Total: 27% of total end users
Who’s using “Foreign” Resolvers? Let’s  apply  a  further  filter  and  look  only  at  those   instances  where  the  IP  address  of  the  end  users   and  that  of  the  resolvers  that  they  are  using  are   geo-­‐located  in  different  countries  
Foreign Resolution: Top Resolvers by AS Rank AS Use AS Name 1 15169 2,501,732 67.00% GOOGLE - Google Inc.,US 2 36692 280,737 7.52% OPENDNS - OpenDNS, LLC,US 3 10753 205,897 5.51% LVLT-10753 - Level 3 Communications, Inc.,US 4 6830 67,353 1.80% LGI-UPC Liberty Global Operations B.V.,AT 5 3356 30,737 0.82% LEVEL3 - Level 3 Communications, Inc.,US 6 2914 28,814 0.77% NTT-COMMUNICATIONS-2914 - NTT America, Inc.,US 7 1273 26,120 0.70% CW Cable and Wireless Worldwide plc,GB 8 9050 23,194 0.62% RTD ROMTELECOM S.A,RO 9 174 18,097 0.48% COGENT-174 - Cogent Communications,US 10 198605 16,564 0.44% AVAST-AS-DC AVAST Software a.s.,CZ 11 30689 16,483 0.44% FLOW-NET - FLOW,JM 12 3257 15,298 0.41% TINET-BACKBONE Tinet SpA,DE 13 29791 14,078 0.38% VOXEL-DOT-NET - Voxel Dot Net, Inc.,US 14 13238 12,961 0.35% YANDEX Yandex LLC,RU 15 35838 10,761 0.29% CCANET CCANet Limited,GB 16 35074 10,591 0.28% COBRANET-AS Cobranet Limited,LB 17 42523 10,575 0.28% PLATINIUM-AS Platinium Star TV SRL,RO 18 13210 9,878 0.26% ASE ACADEMIA DE STUDII ECONOMICE,RO 19 36351 9,748 0.26% SOFTLAYER - SoftLayer Technologies Inc.,US 20 6939 9,221 0.25% HURRICANE - Hurricane Electric, Inc.,US 21 37204 8,897 0.24% TELONE,ZW 22 3462 8,761 0.23% HINET Data Communication Business Group,TW 23 13127 7,710 0.21% VERSATEL Tele 2 Nederland B.V.,NL 24 30607 7,137 0.19% 302-DIRECT-MEDIA-ASN - 302 Direct Media LLC,US 25 6663 6,813 0.18% TTI-NET Euroweb Romania SA,RO Total: 15% of total end users
Countries with users that have the lowest foreign resolution counts CC            %                        Foreign      Domes.c            Country   KR 1.52 6,922 448,705 Republic of Korea UY 2.96 571 18,715 Uruguay CN 3.29 19,3273 5,673,988 China PF 3.35 50 1,460 French Polynesia LT 3.56 743 20,179 Lithuania JP 3.68 40,465 1,058,919 Japan QA 3.82 675 17,009 Qatar HR 4.22 1,140 25,851 Croatia FR 4.30 23,787 528,936 France MN 4.53 180 3,797 Mongolia FI 4.62 2,450 50,550 Finland MT 4.64 148 3,061 Malta GR 4.67 2,942 60,038 Greece NZ 4.75 1,933 38,791 New Zealand FM 4.83 12 247 Micronesia (Federated States of) AE 4.96 4,061 77,743 United Arab Emirates MD 5.04 722 13,627 Republic of Moldova GE 5.12 762 14,133 Georgia PT 5.13 3,297 60,940 Portugal CL 5.38 5,498 96,718 Chile PE 5.55 6,782 115,421 Peru GY 5.60 153 2,583 Guyana FO 5.61 24 412 Faroe Islands SR 5.65 108 1,807 Suriname SA 5.68 8,771 145,574 Saudi Arabia EE 5.95 638 10,104 Estonia BE 6.19 6,178 93,695 Belgium IL 6.58 3,912 55,516 Israel VE 7.23 9,909 127,117 Venezuela
Countries with highest foreign resolution counts CC            %                        Foreign      Domes.c            Country   MQ 100.00 1,837 0 Martinique DZ 98.91 61,171 673 Algeria LR 98.56 1,443 21 Liberia GF 98.07 781 15 French Guiana AF 96.85 16,807 546 Afghanistan BF 95.27 5,537 274 Burkina Faso SO 94.66 1,422 80 Somalia DJ 94.40 646 38 Djibouti RE 93.38 3,153 223 Reunion TD 91.00 2,542 251 Chad GQ 90.19 897 97 Equatorial Guinea CD 88.12 8,152 1,098 Democratic Republic of the Congo IM 86.96 375 56 Isle of Man GN 86.47 1,503 235 Guinea SV 84.94 11,266 1,997 El Salvador IR 84.88 154,305 27,487 Iran (Islamic Republic of) ZW 78.64 20,042 5,444 Zimbabwe CG 78.44 2,620 720 Congo BN 77.37 2,023 591 Brunei Darussalam SL 72.02 445 172 Sierra Leone VN 68.04 243,186 114,206 Vietnam NI 67.30 4,858 2,360 Nicaragua NG 61.17 345,177 219,107 Nigeria BZ 60.39 425 279 Belize ZM 59.45 11,444 7,805 Zambia NE 56.22 1,514 1,179 Niger CY 55.27 3,992 3,231 Cyprus SY 54.53 29,657 24,734 Syrian Arab Republic BI 54.21 702 593 Burundi  
Mapping the resolver spread For  each  country  can  we  show  the  distribu7on   of  the  resolvers  used  by  users  located  within   that  country?  
Mapping Foreign Resolution- JP %  of  foreign  name  resolu7on  per  country   0.5%    
Mapping Foreign Resolution- JP %  of  foreign  name  resolu7on  per  country   0.5%    
Mapping Foreign Resolution - CN %  of  foreign  name  resolu7on  per  country   0.07%    
Mapping Foreign Resolution - CN %  of  foreign  name  resolu7on  per  country   0.07%    
Mapping Foreign Resolution - IN %  of  foreign  name  resolu7on  per  country   0.1%    
Mapping Foreign Resolution - IN %  of  foreign  name  resolu7on  per  country   0.1%    
Mapping Foreign Resolution- US %  of  foreign  name  resolu7on  per  country   US:  2,813,576  samples,    345,087  foreign  resolu7on  instances   6.46% use PK resolvers %  of  foreign  name  resolu7on  per  country   0.07%    
Mapping Foreign Resolution- US %  of  foreign  name  resolu7on  per  country   US:  2,813,576  samples,    345,087  foreign  resolu7on  instances   6.46% use PK resolvers
What About Google’s Public DNS? %  of  users  who  have  their  queries  resolved  by  Google’s  PDNS  service  
What About Google’s Public DNS? %  of  users  who  have  their  queries  resolved  by  Google’s  PDNS  service   Aside - This jump in the use of Google’s service from ~12% to 20% of the world’s users in earl;y November 2014 is a surprise. These additional queries have Checking Disabled. It’s as if some popular app has decided not to trust the local environment and perform resolution within the app itself.
What About Google’s Public DNS? %  of  users  who  have  their  queries  resolved  by  Google’s  PDNS  service   Aside - This jump in the use of Google’s service from ~12% to 20% of the world’s users in earl;y November 2014 is a surprise. These additional queries have Checking Disabled. It’s as if some popular app has decided not to trust the local environment and perform resolution within the app itself.
Where is Google’s Public DNS used?
Where is Google’s Public DNS used?
Which Countries make extensive use of Google’s PDNS? %  of  users  who  direct  queries  to  Google  
Which Countries make extensive use of Google’s PDNS? %  of  users  who  direct  queries  to  Google  
Why is this happening? q   At  lot  of  this  story  is  Google’s  Public  DNS,  which  now  has  a   “market  share”  of  more  than  10  %  of  the  Internet’s  user   popula7on   q   User’s  efforts  to  circumvent  content  control  via  na7onal   DNS  filtering  measures   q   Also  there  is  Users’  efforts  to  circumvent  DNS-­‐based  geo-­‐ loc  content  access  controls  (think  Neglix)   q   3rd  party  DNS  query  monitoring/stalking  (yes,  there  is  some  of   this  going  on,  but  that’s  a  lightning  talk  for  another  7me!)   q   Virus  contamina7on  of  the  host  (yes,  captured  systems  oken   show  a  redirected  DNS  config)   q   <insert  your  favourite  theory  here>  
Where is the DNS heading? •  Is  the  DNS  under  pressure  to  aggregate  to  ever  larger   resolvers  and  server  farms?   •  What  is  the  economic  model  of  name  resolu7on  in  a   highly  aggregated  environment?  Will  resolver   operators  turn  to  data  mining  of  queries  to  generate   revenue  streams?   •  Is  it  possible  to  reduce  the  informa7on  exposure  while   s7ll  using  common  resolver  caches?   •  What  is  the  nature  of  the  trade-­‐off  between  resolu7on   performance  and  informa7on  leakage  in  DNS   resolu7on?  
%  of  foreign  name  resolu7on  per  country   If you want to play with these maps, here’s a (temporary) URL: h4p://bit.ly/13oU09X  
Thanks!

More Related Content

PDF
System and User Aspects of Web Search Latency
Telefonica Research
 
PPTX
Bilancio sociale 2011-2012
infanziamarchesane
 
PDF
1357.full
wanted1361
 
PPTX
Fdi 1
Anas Vj
 
PDF
Russia 2013 statistical factbook
Andrew Gelston
 
PDF
Notiplastic Marzo 2015
avipla
 
PDF
Texas A&M-Kingsville Game Notes March 4 vs. ASU
Kelvin Queliz
 
PDF
Cp r75.40 release_notes
Luiz Eduardo Improta
 
System and User Aspects of Web Search Latency
Telefonica Research
 
Bilancio sociale 2011-2012
infanziamarchesane
 
1357.full
wanted1361
 
Fdi 1
Anas Vj
 
Russia 2013 statistical factbook
Andrew Gelston
 
Notiplastic Marzo 2015
avipla
 
Texas A&M-Kingsville Game Notes March 4 vs. ASU
Kelvin Queliz
 
Cp r75.40 release_notes
Luiz Eduardo Improta
 

Viewers also liked (20)

PDF
Ritchie Bros. AUS & NZ Q4 Unreserved Auction
Ritchie Bros. Auctioneers
 
PPTX
Aparato circulatorio
Carlos Mohr
 
PPTX
Swifton - TechStars - Aug 7 2015
David Fogel, CPA
 
DOC
Smuhsd technology plan draft aug 11
dbigue
 
PDF
Revista
Delmacy Cruz Souza
 
PPT
4.5 webminig
Krish_ver2
 
DOC
dsfds
Maxim Parfenov
 
PPTX
Magnit 1 q2015
Magnit IR Team
 
PDF
Qgis ibama rasterlegendsensitive
Luiz Motta
 
PPTX
GEHB: Paying More for Less
lyndseyoday
 
PPT
Négos Agirc et Arrco : enjeux et propositions
UGICT, la CGT des Inégnieurs, Cadres Techniciens
 
PDF
Tcc rafael sa, 2006
wevertonsb
 
PDF
2015 FULL YEAR
Roby Herskowicz
 
PDF
1 q2009
Embraer RI
 
PDF
Panasonic Radio Manual
guestc32ab7
 
PDF
0110 tarletonstate
Kelvin Queliz
 
PDF
Reporte compañia 4
Luciana Portofino
 
PDF
Telenor prislista
mazyar1521
 
PDF
MHK-ar1999_financial
finance30
 
PDF
亞洲女性移民與移工研討會會議手冊 Final
blackdog1968
 
Ritchie Bros. AUS & NZ Q4 Unreserved Auction
Ritchie Bros. Auctioneers
 
Aparato circulatorio
Carlos Mohr
 
Swifton - TechStars - Aug 7 2015
David Fogel, CPA
 
Smuhsd technology plan draft aug 11
dbigue
 
Revista
Delmacy Cruz Souza
 
4.5 webminig
Krish_ver2
 
dsfds
Maxim Parfenov
 
Magnit 1 q2015
Magnit IR Team
 
Qgis ibama rasterlegendsensitive
Luiz Motta
 
GEHB: Paying More for Less
lyndseyoday
 
Négos Agirc et Arrco : enjeux et propositions
UGICT, la CGT des Inégnieurs, Cadres Techniciens
 
Tcc rafael sa, 2006
wevertonsb
 
2015 FULL YEAR
Roby Herskowicz
 
1 q2009
Embraer RI
 
Panasonic Radio Manual
guestc32ab7
 
0110 tarletonstate
Kelvin Queliz
 
Reporte compañia 4
Luciana Portofino
 
Telenor prislista
mazyar1521
 
MHK-ar1999_financial
finance30
 
亞洲女性移民與移工研討會會議手冊 Final
blackdog1968
 
Ad

Similar to The Resolvers We Use (20)

PDF
OARC 26: Who's asking
APNIC
 
PPTX
Become the Master of Your DNS
ThousandEyes
 
PPTX
ThousandEyes EMEA - Become the Master of Your DNS
ThousandEyes
 
PPTX
IPv6 and the DNS, RIPE 73
APNIC
 
PDF
DNS-OARC 38: The resolvers we use
APNIC
 
PDF
RIPE 82: Measuring Recursive Resolver Centrality
APNIC
 
PDF
RIPE 78: A review of the KSK Roll
APNIC
 
PDF
Zombie DNS
APNIC
 
PDF
ICANN DNS Symposium 2021: Measuring Recursive Resolver Centrality
APNIC
 
PDF
Measuring the End User
APNIC
 
PDF
Some DNSSEC Measurements, presented at ICANN 82
APNIC
 
PDF
RP11_XaviertTorrentGorjon
Xavier Torrent Gorjón
 
PDF
GraphTalk Helsinki - Introduction to Graphs and Neo4j
Neo4j
 
PPT
Back to the Future: Understand and Optimize your IBM Notes and Domino Infrast...
Dominopoint - Italian Lotus User Group
 
PPTX
Idge dell qp_robo2014_04222014[1]
jmariani14
 
PDF
Measuring the centralization of DNS resolution' presentation by Geoff Huston...
APNIC
 
PDF
NANOG 82: DNS Evolution
APNIC
 
PPTX
Managed dns webinar 2015 internap
Internap
 
PDF
DINR 2021 Virtual Workshop: Passive vs Active Measurements in the DNS
APNIC
 
PDF
Exam Ref 70-741.pdf
Yogeshwaran R
 
OARC 26: Who's asking
APNIC
 
Become the Master of Your DNS
ThousandEyes
 
ThousandEyes EMEA - Become the Master of Your DNS
ThousandEyes
 
IPv6 and the DNS, RIPE 73
APNIC
 
DNS-OARC 38: The resolvers we use
APNIC
 
RIPE 82: Measuring Recursive Resolver Centrality
APNIC
 
RIPE 78: A review of the KSK Roll
APNIC
 
Zombie DNS
APNIC
 
ICANN DNS Symposium 2021: Measuring Recursive Resolver Centrality
APNIC
 
Measuring the End User
APNIC
 
Some DNSSEC Measurements, presented at ICANN 82
APNIC
 
RP11_XaviertTorrentGorjon
Xavier Torrent Gorjón
 
GraphTalk Helsinki - Introduction to Graphs and Neo4j
Neo4j
 
Back to the Future: Understand and Optimize your IBM Notes and Domino Infrast...
Dominopoint - Italian Lotus User Group
 
Idge dell qp_robo2014_04222014[1]
jmariani14
 
Measuring the centralization of DNS resolution' presentation by Geoff Huston...
APNIC
 
NANOG 82: DNS Evolution
APNIC
 
Managed dns webinar 2015 internap
Internap
 
DINR 2021 Virtual Workshop: Passive vs Active Measurements in the DNS
APNIC
 
Exam Ref 70-741.pdf
Yogeshwaran R
 
Ad

More from APNIC (20)

PPTX
APNIC Report, presented at APAN 60 by Thy Boskovic
APNIC
 
PDF
APNIC Update, presented at PHNOG 2025 by Shane Hermoso
APNIC
 
PDF
RPKI Status Update, presented by Makito Lay at IDNOG 10
APNIC
 
PDF
The Internet -By the Numbers, Sri Lanka Edition
APNIC
 
PDF
Triggering QUIC, presented by Geoff Huston at IETF 123
APNIC
 
PDF
DNSSEC Made Easy, presented at PHNOG 2025
APNIC
 
PDF
BGP Security Best Practices that Matter, presented at PHNOG 2025
APNIC
 
PDF
APNIC's Role in the Pacific Islands, presented at Pacific IGF 2205
APNIC
 
PDF
IPv6 Deployment and Best Practices, presented by Makito Lay
APNIC
 
PDF
Cleaning up your RPKI invalids, presented at PacNOG 35
APNIC
 
PDF
The Internet - By the numbers, presented at npNOG 11
APNIC
 
PDF
Transmission Control Protocol (TCP) and Starlink
APNIC
 
PDF
DDoS in India, presented at INNOG 8 by Dave Phelan
APNIC
 
PDF
Global Networking Trends, presented at the India ISP Conclave 2025
APNIC
 
PDF
Make DDoS expensive for the threat actors
APNIC
 
PDF
Fast Reroute in SR-MPLS, presented at bdNOG 19
APNIC
 
PDF
DDos Mitigation Strategie, presented at bdNOG 19
APNIC
 
PDF
ICP -2 Review – What It Is, and How to Participate and Provide Your Feedback
APNIC
 
PDF
APNIC Update - Global Synergy among the RIRs: Connecting the Regions
APNIC
 
PDF
Measuring Starlink Protocol Performance, presented at LACNIC 43
APNIC
 
APNIC Report, presented at APAN 60 by Thy Boskovic
APNIC
 
APNIC Update, presented at PHNOG 2025 by Shane Hermoso
APNIC
 
RPKI Status Update, presented by Makito Lay at IDNOG 10
APNIC
 
The Internet -By the Numbers, Sri Lanka Edition
APNIC
 
Triggering QUIC, presented by Geoff Huston at IETF 123
APNIC
 
DNSSEC Made Easy, presented at PHNOG 2025
APNIC
 
BGP Security Best Practices that Matter, presented at PHNOG 2025
APNIC
 
APNIC's Role in the Pacific Islands, presented at Pacific IGF 2205
APNIC
 
IPv6 Deployment and Best Practices, presented by Makito Lay
APNIC
 
Cleaning up your RPKI invalids, presented at PacNOG 35
APNIC
 
The Internet - By the numbers, presented at npNOG 11
APNIC
 
Transmission Control Protocol (TCP) and Starlink
APNIC
 
DDoS in India, presented at INNOG 8 by Dave Phelan
APNIC
 
Global Networking Trends, presented at the India ISP Conclave 2025
APNIC
 
Make DDoS expensive for the threat actors
APNIC
 
Fast Reroute in SR-MPLS, presented at bdNOG 19
APNIC
 
DDos Mitigation Strategie, presented at bdNOG 19
APNIC
 
ICP -2 Review – What It Is, and How to Participate and Provide Your Feedback
APNIC
 
APNIC Update - Global Synergy among the RIRs: Connecting the Regions
APNIC
 
Measuring Starlink Protocol Performance, presented at LACNIC 43
APNIC
 

Recently uploaded (20)

PDF
The Ikigai Template _ Recalibrate How You Spend Your Time.pdf
KinchitJain2
 
PDF
FINAL CALL-6th International Conference on Networks & IOT (NeTIOT 2025)
IJMIT JOURNAL
 
PPTX
t_and_OpenAI_Combined_two_pressentations
wuvjwfnaadbnzelauy
 
PPTX
Internet___Basics___Styled_ presentation
poonam62133
 
PPTX
Digital Literacy And Online Safety on internet
riksa rifqi
 
PPTX
Introduction to cybersecurity and digital nettiquette
shanefrancisjavier21
 
PPTX
Power Point - Lesson 3_2.pptx grad school presentation
JoyPPD
 
PPTX
Module 1 - Cyber Law and Ethics 101.pptx
anantyakhrisna1
 
PPT
isotopes_sddsadsaadasdasdasdasdsa1213.ppt
Kenneth James Alamillo
 
PPT
250152213-Excitation-SystemWERRT (1).ppt
woldemariamworku2
 
PPTX
Database Information System - Management Information System
faizhossain3
 
PDF
Exploring VPS Hosting Trends for SMBs in 2025
Liquid Web
 
PPTX
Mathew Digital SEO Checklist Guidlines 2025
Mathew Digital
 
PPT
415456121-Jiwratrwecdtwfdsfwgdwedvwe dbwsdjsadca-EVN.ppt
woldemariamworku2
 
PDF
Smart Home Technology for Health Monitoring (www.kiu.ac.ug)
publication11
 
PPT
Design_with_Watersergyerge45hrbgre4top (1).ppt
DiogoRibeiro730590
 
PPTX
SAP Ariba Sourcing PPT for learning material
NKKumar16
 
PDF
SASE Traffic Flow - ZTNA Connector-1.pdf
mackwell7777
 
PDF
💰 𝐔𝐊𝐓𝐈 𝐊𝐄𝐌𝐄𝐍𝐀𝐍𝐆𝐀𝐍 𝐊𝐈𝐏𝐄𝐑𝟒𝐃 𝐇𝐀𝐑𝐈 𝐈𝐍𝐈 𝟐𝟎𝟐𝟓 💰
GRAB
 
PDF
Introduction to the IoT system, how the IoT system works
TinBinh
 
The Ikigai Template _ Recalibrate How You Spend Your Time.pdf
KinchitJain2
 
FINAL CALL-6th International Conference on Networks & IOT (NeTIOT 2025)
IJMIT JOURNAL
 
t_and_OpenAI_Combined_two_pressentations
wuvjwfnaadbnzelauy
 
Internet___Basics___Styled_ presentation
poonam62133
 
Digital Literacy And Online Safety on internet
riksa rifqi
 
Introduction to cybersecurity and digital nettiquette
shanefrancisjavier21
 
Power Point - Lesson 3_2.pptx grad school presentation
JoyPPD
 
Module 1 - Cyber Law and Ethics 101.pptx
anantyakhrisna1
 
isotopes_sddsadsaadasdasdasdasdsa1213.ppt
Kenneth James Alamillo
 
250152213-Excitation-SystemWERRT (1).ppt
woldemariamworku2
 
Database Information System - Management Information System
faizhossain3
 
Exploring VPS Hosting Trends for SMBs in 2025
Liquid Web
 
Mathew Digital SEO Checklist Guidlines 2025
Mathew Digital
 
415456121-Jiwratrwecdtwfdsfwgdwedvwe dbwsdjsadca-EVN.ppt
woldemariamworku2
 
Smart Home Technology for Health Monitoring (www.kiu.ac.ug)
publication11
 
Design_with_Watersergyerge45hrbgre4top (1).ppt
DiogoRibeiro730590
 
SAP Ariba Sourcing PPT for learning material
NKKumar16
 
SASE Traffic Flow - ZTNA Connector-1.pdf
mackwell7777
 
💰 𝐔𝐊𝐓𝐈 𝐊𝐄𝐌𝐄𝐍𝐀𝐍𝐆𝐀𝐍 𝐊𝐈𝐏𝐄𝐑𝟒𝐃 𝐇𝐀𝐑𝐈 𝐈𝐍𝐈 𝟐𝟎𝟐𝟓 💰
GRAB
 
Introduction to the IoT system, how the IoT system works
TinBinh
 

The Resolvers We Use

  • 1. The Resolvers We Use Geoff Huston APNIC    
  • 2. One of those wtf moments… This  figure  was  produced  as  part   of  some  related  work  that  was   measuring  the  addi7onal  7me   penalty  that  would  apply  when   the  name  being  resolved  was   signed  using  DNSSEC.  
  • 3. One of those wtf moments… This  figure  was  produced  as  part   of  some  related  work  that  was   measuring  the  addi7onal  7me   penalty  that  would  apply  when   the  name  being  resolved  was   signed  using  DNSSEC.   One surprising observation here is that for 25% of the world’s users a simple uncached DNS name is not resolved in a single query Some 6% of Internet users use resolvers that take more than 2 seconds to complete the resolution function
  • 4. One of those wtf moments… This  figure  was  produced  as  part   of  some  related  work  that  was   measuring  the  addi7onal  7me   penalty  that  would  apply  when   the  name  being  resolved  was   signed  using  DNSSEC.     One surprising observation here is that for 25% of the world’s users a simple uncached DNS name is not resolved in a single query Some 6% of Internet users use resolvers that take more than 2 seconds to complete the resolution function Why is DNS resolution performance so incredibly bad for so many users?
  • 5. And that leads to… •  It  appears  that  what  we  think  about  how  the  DNS  works  and   how  folk  actually  are  using  the  DNS  is  not  well  aligned   •  We  all  think  we  understand  how  DNS  resolu7on  works  in   terms  of  the  interchange  of  DNS  protocol  elements   –  But  the  performance  of  DNS  name  resolu7on  depends  on  a  number  of   addi7onal  factors,  both  in  terms  of  the  users’  choice  of  resolvers  and   the  name  admin’s  choice  of  authorita7ve  servers  
  • 6. But… The  issue  is  more  than  just  a  ques7on  of   unexpected  poor  performance  of  name   resolu7on.     There’s  more  to  this...  
  • 7. Why is DNS resolution data valuable? •  Almost  everything  we  do  on  the  Internet  starts   with  a  DNS  name  resolu7on  opera7on   •  DNS    resolver  query  logs  contain  a  rich  vein  of   real  7me    informa7on  about  what  users  do   query  logs  and  can  be  analyzed  to  infer  informa7on   about  the  users  themselves  through  the  names  that   their  applica7ons  resolve   query  logs  contains  indirect  pointers  that  can  be  used  to   derive  aggregate  aspects  of  users’  demographics,   preferences,  purchases,  etc  
  • 8. Information Leaks The  ques7on  of  where  your  DNS  query  traffic  is  being  sent  is   also  a  ques7on  of  whether  you  are  leaking  a  real  7me  trail  of   your  online  ac7vi7es   Which  leads  to  an  interes7ng  ques7on  about  today’s  Internet:   –  To  what  extent  is  this  DNS  resolu7on  data  stream  “leaked”   outward?   •  Across  network  boundaries?   •  Across  na7onal  boundaries?   –  This  second  form  of  informa7on  leakage  is  “interes7ng”   While  many  na7onal  regimes  include  regula7ons  concerning  personally   iden7fying  data,  its  not  clear  if  these  regula7ons  extend  these  same   protec7ons  to  aliens  who  are  not  ci7zens  of  the  country  where  the   informa7on  is  held  
  • 9. Measuring the Internet via its Users At  APNIC  we’ve  been  using  online  ads  to  measure   the  user’s  view  of  the    Internet  for  some  years   –  We  ask  users  to  fetch  a  unique  URL   –  This  involves  a  DNS  resolu7on  and  a  HTTP  GET  to  our   servers   –  So  we  collect  sets  of  DNS  queries  and  WEB  queries   –  To  see   •  how  we  are  doing  with  the  IPv6  transi7on   •  where  DNSSEC  valida7on  is  being  used   •  And  similar    
  • 10. Users and Resolvers These  data  sets  also  allow  us  to  match       –  the  IP  address  of  the  resolver  that  queries  the  authorita7ve  name   server  (the  “visible  resolver”)   to   –  the  IP  address  of  the  client  agent  that  retrieves  the  URL    
  • 11. Some Numbers Using  data  collected  across  2014  (Jan-­‐Dec):            104,986,719  individual  sample  points    404,705  unique  resolver  IP  addresses     This  “raw”  data  is  skewed  to  the  ad  placement  algorithms  we   used,  so  we  then  re-­‐weighted  the  raw  numbers  in  each   country  to  align  to  the  rela7vi7es  of  the  Internet  user   popula7on  in  each  country.  This  provides  us  with  a  view  that   does  not  over-­‐represent  certain  countries  in  the  data          
  • 12. Top 25 Resolvers Rank Resolver Use % 1 74.125.189.20 962,729 0.42% 2 74.125.189.16 961,207 0.42% 3 74.125.189.23 960,124 0.42% 4 74.125.189.17 959,964 0.42% 5 74.125.189.21 959,915 0.42% 6 74.125.189.19 959,060 0.42% 7 74.125.189.18 958,675 0.42% 8 74.125.189.22 958,597 0.42% 9 74.125.41.81 879,019 0.39% 10 74.125.41.82 877,909 0.39% 11 74.125.41.84 876,049 0.39% 12 74.125.41.83 875,978 0.39% 13 74.125.41.80 875,355 0.39% 14 74.125.41.16 862,749 0.38% 15 74.125.41.17 862,407 0.38% 16 74.125.41.18 861,868 0.38% 17 74.125.41.20 861,713 0.38% 18 74.125.41.19 861,538 0.38% 19 74.125.16.82 731,702 0.32% 20 74.125.16.81 730,670 0.32% 21 74.125.16.84 730,328 0.32% 22 74.125.16.80 730,098 0.32% 23 74.125.16.83 729,540 0.32% 24 74.125.41.145 669,941 0.30% 25 74.125.41.147 669,081 0.29%
  • 13. Top 25 Resolvers Rank Resolver Use % 1 74.125.189.20 962,729 0.42% 2 74.125.189.16 961,207 0.42% 3 74.125.189.23 960,124 0.42% 4 74.125.189.17 959,964 0.42% 5 74.125.189.21 959,915 0.42% 6 74.125.189.19 959,060 0.42% 7 74.125.189.18 958,675 0.42% 8 74.125.189.22 958,597 0.42% 9 74.125.41.81 879,019 0.39% 10 74.125.41.82 877,909 0.39% 11 74.125.41.84 876,049 0.39% 12 74.125.41.83 875,978 0.39% 13 74.125.41.80 875,355 0.39% 14 74.125.41.16 862,749 0.38% 15 74.125.41.17 862,407 0.38% 16 74.125.41.18 861,868 0.38% 17 74.125.41.20 861,713 0.38% 18 74.125.41.19 861,538 0.38% 19 74.125.16.82 731,702 0.32% 20 74.125.16.81 730,670 0.32% 21 74.125.16.84 730,328 0.32% 22 74.125.16.80 730,098 0.32% 23 74.125.16.83 729,540 0.32% 24 74.125.41.145 669,941 0.30% 25 74.125.41.147 669,081 0.29% This list looks pretty strange!
  • 14. Top Resolvers Rank Resolver Use % Origin AS 1 74.125.189.20 962,729 0.42% 15169 - Google 2 74.125.189.16 961,207 0.42% 15169 - Google 3 74.125.189.23 960,124 0.42% 15169 - Google 4 74.125.189.17 959,964 0.42% 15169 - Google 5 74.125.189.21 959,915 0.42% 15169 - Google 6 74.125.189.19 959,060 0.42% 15169 - Google 7 74.125.189.18 958,675 0.42% 15169 - Google 8 74.125.189.22 958,597 0.42% 15169 - Google 9 74.125.41.81 879,019 0.39% 15169 - Google 10 74.125.41.82 877,909 0.39% 15169 - Google 11 74.125.41.84 876,049 0.39% 15169 - Google 12 74.125.41.83 875,978 0.39% 15169 - Google 13 74.125.41.80 875,355 0.39% 15169 - Google 14 74.125.41.16 862,749 0.38% 15169 - Google 15 74.125.41.17 862,407 0.38% 15169 - Google 16 74.125.41.18 861,868 0.38% 15169 - Google 17 74.125.41.20 861,713 0.38% 15169 - Google 18 74.125.41.19 861,538 0.38% 15169 - Google 19 74.125.16.82 731,702 0.32% 15169 - Google 20 74.125.16.81 730,670 0.32% 15169 - Google 21 74.125.16.84 730,328 0.32% 15169 - Google 22 74.125.16.80 730,098 0.32% 15169 - Google 23 74.125.16.83 729,540 0.32% 15169 - Google 24 74.125.41.145 669,941 0.30% 15169 - Google 25 74.125.41.147 669,081 0.29% 15169 - Google When we add origin AS it gets a little clearer These resolvers are part of Google’s Public DNS resolver farms that support 8.8.8.8 and 8.8.4.4 – they are the fetch slaves So we need a different counting approach -- what if we group all resolvers by their AS?
  • 15. Top Resolvers by Origin AS Rank AS Count Share Cumulative AS Name 1 15169 77,752,963 34.24% 34.24% GOOGLE - Google Inc.,US 2 4134 7,515,050 3.31% 37.55% CHINANET-BACKBONE No.31,Jin-rong Street,CN 3 3462 5,651,005 2.49% 40.04% HINET Data Communication Business Group,TW 4 3356 5,544,822 2.44% 42.48% LEVEL3 - Level 3 Communications, Inc.,US 5 6147 5,123,169 2.26% 44.74% Telefonica del Peru S.A.A.,PE 6 16880 4,120,210 1.81% 46.55% AS2-TRENDMICRO-COM - TREND MICRO INCORPORATED,US 7 8151 4,090,436 1.80% 48.35% Uninet S.A. de C.V.,MX 8 7470 3,388,845 1.49% 49.85% TRUEINTERNET-AS-AP TRUE INTERNET Co.,Ltd.,TH 9 4837 3,150,429 1.39% 51.23% CHINA169-BACKBONE CNCGROUP China169 Backbone,CN 10 9121 2,958,671 1.30% 52.54% TTNET Turk Telekomunikasyon Anonim Sirketi,TR 11 7922 2,808,303 1.24% 53.77% COMCAST-7922 - Comcast Cable Communications, Inc.,US 12 9299 2,719,648 1.20% 54.97% IPG-AS-AP Philippine Long Distance Telephone Company,PH 13 4766 2,595,704 1.14% 56.11% KIXS-AS-KR Korea Telecom,KR 14 45758 2,408,824 1.06% 57.17% TRIPLETNET-AS-AP TripleT Bangkok,TH 15 36692 2,075,246 0.91% 58.09% OPENDNS - OpenDNS, LLC,US 16 9318 1,839,866 0.81% 58.90% HANARO-AS Hanaro Telecom Inc.,KR 17 8048 1,740,434 0.77% 59.67% CANTV Servicios, Venezuela,VE 18 3786 1,675,723 0.74% 60.40% LGDACOM LG DACOM Corporation,KR 19 9737 1,662,131 0.73% 61.14% TOTNET-TH-AS-AP TOT Public Company Limited,TH 20 13489 1,634,966 0.72% 61.86% EPM Telecomunicaciones S.A. E.S.P.,CO 21 17974 1,554,658 0.68% 62.54% TELKOMNET-AS2-AP PT Telekomunikasi Indonesia,ID 22 7643 1,487,808 0.66% 63.20% VNPT-AS-VN Vietnam Posts and Telecommunications,VN 23 7303 1,414,687 0.62% 63.82% Telecom Argentina S.A.,AR 24 19994 1,357,249 0.60% 64.42% RACKSPACE - Rackspace Hosting,US 25 8708 1,272,774 0.56% 64.98% RCS-RDS RCS & RDS SA,RO
  • 16. Top Resolvers by AS Rank AS Count Share Cumulative AS Name 1 15169 77,752,963 34.24% 34.24% GOOGLE - Google Inc.,US 2 4134 7,515,050 3.31% 37.55% CHINANET-BACKBONE No.31,Jin-rong Street,CN 3 3462 5,651,005 2.49% 40.04% HINET Data Communication Business Group,TW 4 3356 5,544,822 2.44% 42.48% LEVEL3 - Level 3 Communications, Inc.,US 5 6147 5,123,169 2.26% 44.74% Telefonica del Peru S.A.A.,PE 6 16880 4,120,210 1.81% 46.55% AS2-TRENDMICRO-COM - TREND MICRO INCORPORATED,US 7 8151 4,090,436 1.80% 48.35% Uninet S.A. de C.V.,MX 8 7470 3,388,845 1.49% 49.85% TRUEINTERNET-AS-AP TRUE INTERNET Co.,Ltd.,TH 9 4837 3,150,429 1.39% 51.23% CHINA169-BACKBONE CNCGROUP China169 Backbone,CN 10 9121 2,958,671 1.30% 52.54% TTNET Turk Telekomunikasyon Anonim Sirketi,TR 11 7922 2,808,303 1.24% 53.77% COMCAST-7922 - Comcast Cable Communications, Inc.,US 12 9299 2,719,648 1.20% 54.97% IPG-AS-AP Philippine Long Distance Telephone Company,PH 13 4766 2,595,704 1.14% 56.11% KIXS-AS-KR Korea Telecom,KR 14 45758 2,408,824 1.06% 57.17% TRIPLETNET-AS-AP TripleT Bangkok,TH 15 36692 2,075,246 0.91% 58.09% OPENDNS - OpenDNS, LLC,US 16 9318 1,839,866 0.81% 58.90% HANARO-AS Hanaro Telecom Inc.,KR 17 8048 1,740,434 0.77% 59.67% CANTV Servicios, Venezuela,VE 18 3786 1,675,723 0.74% 60.40% LGDACOM LG DACOM Corporation,KR 19 9737 1,662,131 0.73% 61.14% TOTNET-TH-AS-AP TOT Public Company Limited,TH 20 13489 1,634,966 0.72% 61.86% EPM Telecomunicaciones S.A. E.S.P.,CO 21 17974 1,554,658 0.68% 62.54% TELKOMNET-AS2-AP PT Telekomunikasi Indonesia,ID 22 7643 1,487,808 0.66% 63.20% VNPT-AS-VN Vietnam Posts and Telecommunications,VN 23 7303 1,414,687 0.62% 63.82% Telecom Argentina S.A.,AR 24 19994 1,357,249 0.60% 64.42% RACKSPACE - Rackspace Hosting,US 25 8708 1,272,774 0.56% 64.98% RCS-RDS RCS & RDS SA,RO This list still looks pretty strange! The problem is that resolver farms amplify their presence in this list because they splay multiple Instances of the same query across slave resolvers Can we compensate for this?
  • 17. Top Resolvers by AS – filtered to initial query Rank AS Use AS Name 1 15169 9.91% GOOGLE - Google Inc.,US 2 4134 9.53% CHINANET-BACKBONE No.31,Jin-rong Street,CN 3 4837 5.95% CHINA169-BACKBONE CNCGROUP China169 Backbone,CN 4 7922 1.67% COMCAST-7922 - Comcast Cable Communications, Inc.,US 5 36692 1.32% OPENDNS - OpenDNS, LLC,US 6 8151 1.27% Uninet S.A. de C.V.,MX 7 9829 1.17% BSNL-NIB National Internet Backbone,IN 8 4713 1.13% OCN NTT Communications Corporation,JP 9 3320 1.02% DTAG Deutsche Telekom AG,DE 10 10753 0.93% LVLT-10753 - Level 3 Communications, Inc.,US 11 4812 0.92% CHINANET-SH-AP China Telecom (Group),CN 12 4813 0.90% BACKBONE-GUANGDONG-AP China Telecom(Group),CN 13 4766 0.86% KIXS-AS-KR Korea Telecom,KR 14 28573 0.84% NET Servicos de Comunicatio S.A.,BR 15 4808 0.76% CHINA169-BJ CNCGROUP IP network China169 Beijing Province Network,CN 16 24560 0.75% AIRTELBROADBAND-AS-AP Bharti Airtel Ltd., Telemedia Services,IN 17 3215 0.72% AS3215 Orange S.A.,FR 18 701 0.71% UUNET - MCI Communications Services, Inc. d/b/a Verizon Business,US 19 9121 0.64% TTNET Turk Telekomunikasyon Anonim Sirketi,TR 20 8452 0.63% TE-AS TE-AS,EG 21 9394 0.62% CTTNET China TieTong Telecommunications Corporation,CN 22 9808 0.60% CMNET-GD Guangdong Mobile Communication Co.Ltd.,CN 23 6713 0.57% IAM-AS,MA 24 6830 0.56% LGI-UPC Liberty Global Operations B.V.,EU 25 18881 0.55% Global Village Telecom,BR
  • 19. Resolver Distribution Just 3 resolver farms process 23% of users! 0.7% of all visible resolvers handle the query load for 90% of all users 90% of users 1,900 resolvers
  • 20. Who’s Resolving “Locally” and Who’s Not? Let’s  filter  this  data  by  removing  all  entries   where  the  user  and  the  visible  resolver  are   located  within  the  same  network  (same  AS)     Which  non-­‐local  resolvers  are  being  used?  
  • 21. Non-Local (AS) Resolution: Top Resolvers (by AS) Rank AS Use AS Name 1 15169 2,494,244 36.87% GOOGLE - Google Inc.,US 2 36692 332,762 4.92% OPENDNS - OpenDNS, LLC,US 3 10753 233,568 3.45% LVLT-10753 - Level 3 Communications, Inc.,US 4 4813 227,137 3.36% BACKBONE-GUANGDONG-AP China Telecom(Group),CN 5 7132 126,454 1.87% SBIS-AS - AT&T Internet Services,US 6 6713 116,586 1.72% IAM-AS,MA 7 4134 104,840 1.55% CHINANET-BACKBONE No.31,Jin-rong Street,CN 8 18209 86,197 1.27% BEAMTELE-AS-AP Beam Telecom Pvt Ltd,IN 9 4837 75,780 1.12% CHINA169-BACKBONE CNCGROUP China169 Backbone,CN 10 4808 75,497 1.12% China169 China Unicom Beijing Province Network,CN 11 18101 73,760 1.09% Reliance Communications Ltd.DAKC MUMBAI,IN 12 20746 68,061 1.01% ASN-IDC Telecomitalia s.p.a.,IT 13 3786 65,025 0.96% LGDACOM LG DACOM Corporation,KR 14 9394 64,963 0.96% CTTNET China TieTong Telecommunications Corporation,CN 15 7843 55,329 0.82% TWCABLE-BACKBONE - Time Warner Cable Internet LLC,US 16 17621 54,542 0.81% CNCGROUP-SH China Unicom Shanghai network,CN 17 17816 52,618 0.78% China Unicom China169 Guangdong province,CN 18 7643 48,236 0.71% VNPT-AS-VN Vietnam Posts and Telecommunications (VNPT),VN 19 5713 46,887 0.69% SAIX-NET,ZA 20 23724 42,281 0.62% CHINANET-IDC-BJ-AP IDC, China Telecommunications Corporation,CN 21 3356 40,161 0.59% LEVEL3 - Level 3 Communications, Inc.,US 22 7470 39,916 0.59% TRUEINTERNET-AS-AP TRUE INTERNET Co.,Ltd.,TH 23 2914 36,238 0.54% NTT-COMMUNICATIONS-2914 - NTT America, Inc.,US 24 58466 35,730 0.53% CT-GUANGZHOU-IDC CHINANET Guangdong province network,CN 25 4835 34,897 0.52% CHINANET-IDC-SN China Telecom (Group),CN Total: 27% of total end users
  • 22. Who’s using “Foreign” Resolvers? Let’s  apply  a  further  filter  and  look  only  at  those   instances  where  the  IP  address  of  the  end  users   and  that  of  the  resolvers  that  they  are  using  are   geo-­‐located  in  different  countries  
  • 23. Foreign Resolution: Top Resolvers by AS Rank AS Use AS Name 1 15169 2,501,732 67.00% GOOGLE - Google Inc.,US 2 36692 280,737 7.52% OPENDNS - OpenDNS, LLC,US 3 10753 205,897 5.51% LVLT-10753 - Level 3 Communications, Inc.,US 4 6830 67,353 1.80% LGI-UPC Liberty Global Operations B.V.,AT 5 3356 30,737 0.82% LEVEL3 - Level 3 Communications, Inc.,US 6 2914 28,814 0.77% NTT-COMMUNICATIONS-2914 - NTT America, Inc.,US 7 1273 26,120 0.70% CW Cable and Wireless Worldwide plc,GB 8 9050 23,194 0.62% RTD ROMTELECOM S.A,RO 9 174 18,097 0.48% COGENT-174 - Cogent Communications,US 10 198605 16,564 0.44% AVAST-AS-DC AVAST Software a.s.,CZ 11 30689 16,483 0.44% FLOW-NET - FLOW,JM 12 3257 15,298 0.41% TINET-BACKBONE Tinet SpA,DE 13 29791 14,078 0.38% VOXEL-DOT-NET - Voxel Dot Net, Inc.,US 14 13238 12,961 0.35% YANDEX Yandex LLC,RU 15 35838 10,761 0.29% CCANET CCANet Limited,GB 16 35074 10,591 0.28% COBRANET-AS Cobranet Limited,LB 17 42523 10,575 0.28% PLATINIUM-AS Platinium Star TV SRL,RO 18 13210 9,878 0.26% ASE ACADEMIA DE STUDII ECONOMICE,RO 19 36351 9,748 0.26% SOFTLAYER - SoftLayer Technologies Inc.,US 20 6939 9,221 0.25% HURRICANE - Hurricane Electric, Inc.,US 21 37204 8,897 0.24% TELONE,ZW 22 3462 8,761 0.23% HINET Data Communication Business Group,TW 23 13127 7,710 0.21% VERSATEL Tele 2 Nederland B.V.,NL 24 30607 7,137 0.19% 302-DIRECT-MEDIA-ASN - 302 Direct Media LLC,US 25 6663 6,813 0.18% TTI-NET Euroweb Romania SA,RO Total: 15% of total end users
  • 24. Countries with users that have the lowest foreign resolution counts CC            %                        Foreign      Domes.c            Country   KR 1.52 6,922 448,705 Republic of Korea UY 2.96 571 18,715 Uruguay CN 3.29 19,3273 5,673,988 China PF 3.35 50 1,460 French Polynesia LT 3.56 743 20,179 Lithuania JP 3.68 40,465 1,058,919 Japan QA 3.82 675 17,009 Qatar HR 4.22 1,140 25,851 Croatia FR 4.30 23,787 528,936 France MN 4.53 180 3,797 Mongolia FI 4.62 2,450 50,550 Finland MT 4.64 148 3,061 Malta GR 4.67 2,942 60,038 Greece NZ 4.75 1,933 38,791 New Zealand FM 4.83 12 247 Micronesia (Federated States of) AE 4.96 4,061 77,743 United Arab Emirates MD 5.04 722 13,627 Republic of Moldova GE 5.12 762 14,133 Georgia PT 5.13 3,297 60,940 Portugal CL 5.38 5,498 96,718 Chile PE 5.55 6,782 115,421 Peru GY 5.60 153 2,583 Guyana FO 5.61 24 412 Faroe Islands SR 5.65 108 1,807 Suriname SA 5.68 8,771 145,574 Saudi Arabia EE 5.95 638 10,104 Estonia BE 6.19 6,178 93,695 Belgium IL 6.58 3,912 55,516 Israel VE 7.23 9,909 127,117 Venezuela
  • 25. Countries with highest foreign resolution counts CC            %                        Foreign      Domes.c            Country   MQ 100.00 1,837 0 Martinique DZ 98.91 61,171 673 Algeria LR 98.56 1,443 21 Liberia GF 98.07 781 15 French Guiana AF 96.85 16,807 546 Afghanistan BF 95.27 5,537 274 Burkina Faso SO 94.66 1,422 80 Somalia DJ 94.40 646 38 Djibouti RE 93.38 3,153 223 Reunion TD 91.00 2,542 251 Chad GQ 90.19 897 97 Equatorial Guinea CD 88.12 8,152 1,098 Democratic Republic of the Congo IM 86.96 375 56 Isle of Man GN 86.47 1,503 235 Guinea SV 84.94 11,266 1,997 El Salvador IR 84.88 154,305 27,487 Iran (Islamic Republic of) ZW 78.64 20,042 5,444 Zimbabwe CG 78.44 2,620 720 Congo BN 77.37 2,023 591 Brunei Darussalam SL 72.02 445 172 Sierra Leone VN 68.04 243,186 114,206 Vietnam NI 67.30 4,858 2,360 Nicaragua NG 61.17 345,177 219,107 Nigeria BZ 60.39 425 279 Belize ZM 59.45 11,444 7,805 Zambia NE 56.22 1,514 1,179 Niger CY 55.27 3,992 3,231 Cyprus SY 54.53 29,657 24,734 Syrian Arab Republic BI 54.21 702 593 Burundi  
  • 26. Mapping the resolver spread For  each  country  can  we  show  the  distribu7on   of  the  resolvers  used  by  users  located  within   that  country?  
  • 27. Mapping Foreign Resolution- JP %  of  foreign  name  resolu7on  per  country   0.5%    
  • 28. Mapping Foreign Resolution- JP %  of  foreign  name  resolu7on  per  country   0.5%    
  • 29. Mapping Foreign Resolution - CN %  of  foreign  name  resolu7on  per  country   0.07%    
  • 30. Mapping Foreign Resolution - CN %  of  foreign  name  resolu7on  per  country   0.07%    
  • 31. Mapping Foreign Resolution - IN %  of  foreign  name  resolu7on  per  country   0.1%    
  • 32. Mapping Foreign Resolution - IN %  of  foreign  name  resolu7on  per  country   0.1%    
  • 33. Mapping Foreign Resolution- US %  of  foreign  name  resolu7on  per  country   US:  2,813,576  samples,    345,087  foreign  resolu7on  instances   6.46% use PK resolvers %  of  foreign  name  resolu7on  per  country   0.07%    
  • 34. Mapping Foreign Resolution- US %  of  foreign  name  resolu7on  per  country   US:  2,813,576  samples,    345,087  foreign  resolu7on  instances   6.46% use PK resolvers
  • 35. What About Google’s Public DNS? %  of  users  who  have  their  queries  resolved  by  Google’s  PDNS  service  
  • 36. What About Google’s Public DNS? %  of  users  who  have  their  queries  resolved  by  Google’s  PDNS  service   Aside - This jump in the use of Google’s service from ~12% to 20% of the world’s users in earl;y November 2014 is a surprise. These additional queries have Checking Disabled. It’s as if some popular app has decided not to trust the local environment and perform resolution within the app itself.
  • 37. What About Google’s Public DNS? %  of  users  who  have  their  queries  resolved  by  Google’s  PDNS  service   Aside - This jump in the use of Google’s service from ~12% to 20% of the world’s users in earl;y November 2014 is a surprise. These additional queries have Checking Disabled. It’s as if some popular app has decided not to trust the local environment and perform resolution within the app itself.
  • 38. Where is Google’s Public DNS used?
  • 39. Where is Google’s Public DNS used?
  • 40. Which Countries make extensive use of Google’s PDNS? %  of  users  who  direct  queries  to  Google  
  • 41. Which Countries make extensive use of Google’s PDNS? %  of  users  who  direct  queries  to  Google  
  • 42. Why is this happening? q   At  lot  of  this  story  is  Google’s  Public  DNS,  which  now  has  a   “market  share”  of  more  than  10  %  of  the  Internet’s  user   popula7on   q   User’s  efforts  to  circumvent  content  control  via  na7onal   DNS  filtering  measures   q   Also  there  is  Users’  efforts  to  circumvent  DNS-­‐based  geo-­‐ loc  content  access  controls  (think  Neglix)   q   3rd  party  DNS  query  monitoring/stalking  (yes,  there  is  some  of   this  going  on,  but  that’s  a  lightning  talk  for  another  7me!)   q   Virus  contamina7on  of  the  host  (yes,  captured  systems  oken   show  a  redirected  DNS  config)   q   <insert  your  favourite  theory  here>  
  • 43. Where is the DNS heading? •  Is  the  DNS  under  pressure  to  aggregate  to  ever  larger   resolvers  and  server  farms?   •  What  is  the  economic  model  of  name  resolu7on  in  a   highly  aggregated  environment?  Will  resolver   operators  turn  to  data  mining  of  queries  to  generate   revenue  streams?   •  Is  it  possible  to  reduce  the  informa7on  exposure  while   s7ll  using  common  resolver  caches?   •  What  is  the  nature  of  the  trade-­‐off  between  resolu7on   performance  and  informa7on  leakage  in  DNS   resolu7on?  
  • 44. %  of  foreign  name  resolu7on  per  country   If you want to play with these maps, here’s a (temporary) URL: h4p://bit.ly/13oU09X