[dns-operations] Statistics from Austria

Sidney Faber sfaber at cert.org
Mon Jul 28 17:28:33 UTC 2008

I'm getting a slightly different picture of ~65% not vulnerable, but 
that's because I'm using different data.  You can see the results at 

This is based on SIE data (https://sie.isc.org/, much thanks to Paul 
Vixie and Duane Wessels) and is not necessarily meant to represent the 
Internet as a whole, more work has to be done on that front.

I haven't yet had a chance to put together a writeup on how this is done 
yet (btw, great job to CERT.at!) but basically I watch the deltas 
between each resolver's successive DNS query ephemeral port.

I look forward to discussing these results in detail at the upcoming 
OARC meeting.


Otmar Lendl wrote:
> On 2008/07/24 14:07, Otmar Lendl <ol at bofh.priv.at> wrote:
>>> I'm tracking the Austrian resolvers based on the queries seen
>>> at one of the .at authorative servers.
>> http://cert.at/static/cert.at-0802-DNS-patchanalysis.pdf
> Given the PR drums of last week, we hoped to see significant
> improvements. Well, see for yourself:
> http://www.cert.at/static/cert.at-0802bis-DNS-patchanalysis-update.pdf
> /ol

Sid Faber, Member of the Technical Staff
Software Engineering Institute
Carnegie Mellon University
sfaber at cert.org

More information about the dns-operations mailing list