[dns-operations] RFC 8145 section 5 queries hidden behind CZ.NIC public resolver

George Michaelson ggm at algebras.org
Thu Oct 5 16:50:02 UTC 2017 

what ratio? what % of total unique IPs seen per sample interval?

On Thu, Oct 5, 2017 at 9:17 AM, Petr Špaček <petr.spacek at nic.cz> wrote:
> Hello list,
>
> during ICANN Root KSK Roll Discussion at DNS-OARC 27 meeting there was
> an idea to look into data from resolvers to see how many clients is
> hidden behind a particular resolver.
>
> This motivated me to look into anonymized PCAPs from CZ.NICs public
> resolver running at IPs 217.31.204.130 and 2001:1488:800:400::130 to see
> how many clients with RFC 8145 support is hidden behind this resolver.
>
> It turns out that not very much, and that all captured RFC 8145 section
> 5 queries contain *both* root key ids (old + new).
>
> Here are number of unique IP addresses querying in any given day.
>
> 2017-08-31      2
> 2017-09-01      3
> 2017-09-02      1
> 2017-09-03      5
> 2017-09-04      5
> 2017-09-05      6
> 2017-09-06      4
> 2017-09-07      6
> 2017-09-08      4
> 2017-09-09      4
> 2017-09-10      3
> 2017-09-11      1
> 2017-09-12      5
> 2017-09-13      6
> 2017-09-14      5
> 2017-09-15      8
> 2017-09-16      4
> 2017-09-17      6
> 2017-09-18      4
> 2017-09-19      4
> 2017-09-20      7
> 2017-09-21      5
> 2017-09-22      5
> 2017-09-23      4
> 2017-09-24      2
> 2017-09-25      5
> 2017-09-26      3
> 2017-09-27      4
> 2017-09-28      3
> 2017-09-29      5
> 2017-09-30      6
>
> To generate this, I used following command:
> tcpdump -nn -tt -r pcap | fgrep '_ta-' | fgrep -v dlv > ta.csv
>
> For postprocesing I decided to use LibreOffice which made easy to
> convert UNIX timestamps to readable dates and then group results by date.
>
> Hints:
> =<TIMESTAMP>/86400+25569 will give you number which can be directly
> formated as date
>
> I hope this will encourage other operators to look into their data and
> publish results as well.
>
> --
> Petr Špaček  @  CZ.NIC
>
> P.S. I told to few people privately that there were none such queries
> behind the resolver. This statement was incorrect because of a mistake
> in data processing.
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
> dns-operations mailing list
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations

More information about the dns-operations mailing list