[dns-operations] RFC 8145 section 5 queries hidden behind CZ.NIC public resolver
Petr Špaček
petr.spacek at nic.cz
Thu Oct 5 16:17:06 UTC 2017
Hello list,
during ICANN Root KSK Roll Discussion at DNS-OARC 27 meeting there was
an idea to look into data from resolvers to see how many clients is
hidden behind a particular resolver.
This motivated me to look into anonymized PCAPs from CZ.NICs public
resolver running at IPs 217.31.204.130 and 2001:1488:800:400::130 to see
how many clients with RFC 8145 support is hidden behind this resolver.
It turns out that not very much, and that all captured RFC 8145 section
5 queries contain *both* root key ids (old + new).
Here are number of unique IP addresses querying in any given day.
2017-08-31 2
2017-09-01 3
2017-09-02 1
2017-09-03 5
2017-09-04 5
2017-09-05 6
2017-09-06 4
2017-09-07 6
2017-09-08 4
2017-09-09 4
2017-09-10 3
2017-09-11 1
2017-09-12 5
2017-09-13 6
2017-09-14 5
2017-09-15 8
2017-09-16 4
2017-09-17 6
2017-09-18 4
2017-09-19 4
2017-09-20 7
2017-09-21 5
2017-09-22 5
2017-09-23 4
2017-09-24 2
2017-09-25 5
2017-09-26 3
2017-09-27 4
2017-09-28 3
2017-09-29 5
2017-09-30 6
To generate this, I used following command:
tcpdump -nn -tt -r pcap | fgrep '_ta-' | fgrep -v dlv > ta.csv
For postprocesing I decided to use LibreOffice which made easy to
convert UNIX timestamps to readable dates and then group results by date.
Hints:
=<TIMESTAMP>/86400+25569 will give you number which can be directly
formated as date
I hope this will encourage other operators to look into their data and
publish results as well.
--
Petr Špaček @ CZ.NIC
P.S. I told to few people privately that there were none such queries
behind the resolver. This statement was incorrect because of a mistake
in data processing.
More information about the dns-operations
mailing list