SlideShare uma empresa Scribd logo

Measuring DNS Centralization

APNIC
APNIC

Measuring the centralization of DNS resolution presentation by Geoff Huston and Joao Damas for ICANN DNS Symposium 2022, on 16 November 2022.

Internet
1 de 36
Baixar para ler offline
Measuring the Centralization of DNS Resolution Geoff Huston, Joao Damas, APNIC Labs
What are we talking about? • The DNS is a highly decentralised database that distributes its contents over much of the Internet • The DNS data model also includes information replication (secondary authoritative servers) that attempts to provide resiliency ands scalability by removing critical single choke points within the database • The DNS name resolution protocol includes query fallback to increase the robustness of name centralisation • It all sounds as if the DNS highly diverse and extensively decentralised.
What are we talking about? • The DNS is a highly decentralised database that distributes its contents over much of the Internet • The DNS data model also includes information replication (secondary authoritative servers) that attempts to provide resiliency ands scalability by removing critical single choke points within the database • The DNS name resolution protocol includes query fallback to increase the robustness of name centralisation • It all sounds as if the DNS highly diverse and extensively decentralised. But is it really decentralised?
Measuring Centrality • Various measures have been used in the related space of market dominance which appear to have some relevance to the study of market dominance in the DNS • Australia’s Consumer and Competition agency uses a metric of 70% market share by a single entity • Or there is the four-firm concentration ratio which uses the market share of the four largest firms • Or there is the Hirfindahl-Hirschman index
Herfindahl-Hirschman Index • The HHI is used in market analysis to indicate the level of competition between market entities. It is the average market share of the market, weighted by market share • Sum of the square of the market share (%) of the top 50 entities • Above 25% is often taken as an indicator of market skew • Above 10% is would be considered as a market showing “moderate concentration”
The DNS resolution environment • The question of centrality in the DNS resolution environment is equivalent to the questions of market dominance and market concentration • So lets look at DNS resolution as a market and use these measurements to assess the degree of concentration in the supply of DNS resolution services
Looking at concentration in DNS Name Resolution Recursive Resolver Authoritative Server user I. How centralized is the recursive resolver function? II. How centralized is the authoritative server function?
I Recursive Resolution
Measuring Recursive Resolution We use Ads to send each user a unique DNS name to resolve. We use an authoritative server as the data collection point and collect the IP address of the resolvers asking the authoritative server We then use the Ad presentation data to match this query to an end user IP address Recursive Resolver Authoritative Server user Ad placement data <ID, IPaddr> DNS query data <ID, DNS resolver IPaddr> Measurement
Tuning the measurement • The Authoritative Server always answers queries immediately with the A / AAAA records as requested • The data is unsigned and the responses fit comfortably within 512 octets of DNS payload • We try to minimise timeouts and requeries by steering users to a DNS Authoritative server that is (roughly) on the same continent as the user
Mapping • We need to map the resolver “helper” addresses to a resolver service • Which back-end DNS addresses are used by each open resolver? • RIPE Atlas helped here for those cases where the open resolver operator does not publish this information • We map resolvers into a number of categories based on the resolver’s IP address. The categories we use: • Resolver is in the same AS as the end user • It’s a known Open DNS resolver • Resolver is geo-located to the same CC as the end user • Resolver is geo-located to a different CC from the end user
Results June 2020 October 2022 Same AS Google Same CC Cloudflare Others
Results • Two-thirds of users direct their queries to the recursive resolver that is operated by their ISP • One seventh (15%) of users have their queries resolved by Google’s Public DNS resolver • One seventh (15%) of users direct their queries to a recursive resolver that is geolocated to the same country as they are – probably their ISP using a resolver in a different AS • Everything else – nothing more than 3% • Is the recursive resolver market centralized? Probably not • Is the open recursive resolver market centralized? That’s a different question! • But first let’s understand what is being measured here
However, the measurement is not as simple as it may suggest • We observe that this single initial query generates 1 or more queries from a single recursive resolver IP address just 30% of the time • 2 or more different resolvers are queried in 60% of cases • Most of the time (90% of cases) these multiple resolver IP addresses are all in the same AS Cumulative Distribution of number of resolver IP addresses seen to query for a unique DNS name
Multiple resolvers “see” individual stub queries • We see an average of 3.23 distinct resolver IP addresses at the authoritative server for each queried domain name within the first 15 seconds • What should we do with these “extra” DNS queries? • In this case we just add them to the count • So we are measuring who “sees” my DNS queries
What are we measuring here? • So we thought that maybe we really wanted to know all the resolvers who might see your query • But to flush out all of these resolvers we need to adjust this experiment
Seeing Everything! • Get the authoritative server to return SERVFAIL all the time • This way the stub resolver is likely to cycle through all the locally configured recursive resolvers to find a non-SERVFAIL DNS response
All Recursive Resolvers • Two-thirds of users direct their queries to the recursive resolver that is operated by their ISP • One seventh (15%) of users have their queries resolved by Google’s Public DNS resolver • One seventh (15%) of users direct their queries to a recursive resolver that is geolocated to the same country as they are – probably their ISP using a resolver in a different AS • Everything else – nothing more than 4% fifth (20%) sixth (16%) 3%
How many resolvers see the query now? • We observe that this single initial query generates 1 or more queries from a single recursive resolver IP address just 12% of the time • 2 or more different resolvers are queried in 30% of cases • Most of the time (75% of cases) these multiple resolver IP addresses are all in the same AS Cumulative Distribution of number of resolver IP addresses seen to query for a unique DNS name when the response is SERVFAIL
Are we there yet? • No, not really • Perhaps it is also useful to understand which resolver provides the response that the user will use
Third Pass • Single query – same as Pass 1 • But only record the first query at the auth server for each unique ID • We assume that the first recursive resolver to ask the auth server is the first to provide a response to the stub resolver • How does this change the measurements?
First Query Results • Two-thirds of users direct their queries to the recursive resolver that is operated by their ISP • One fifth (20%) of users have their queries resolved by Google’s Public DNS resolver • One sixth (18%) of users direct their queries to a recursive resolver that is geolocated to the same country as they are – probably their ISP using a resolver in a different AS • Everything else – nothing more than 4% seventh (15%) eighth (1%) 2%
What are we looking at? • Who gets to see my queries? • Who might get to see my queries? • Who do I believe for answers?
Concentration Measurements • Lets look at the “market” of DNS open resolvers using the “all resolvers” measurements • Single Entity Dominance: • Google has 68.7% of the open DNS resolver market • Four-Firm Concentration: • Google, Cloudflare, 114DNS and OpenDNS have 91.6% market share • HHI Index: • 49% • So the open resolver market sector is highly centralized. • But this open resolver activity represents only one third of the total resolution market, and the HHI Index of the open resolvers as a subset of the total resolution market is far lower, at 5%
II Authoritative Servers • Data about the recursive-to-authoritative query set is hard to find • Recursive resolvers sit in a privileged position in the DNS as they are exposed to both the identity of the stub resolver (the ‘user’) and the DNS names that they are querying • So there are many caveats that apply to access to such data – and rightly so • At APNIC we have limited access to the data relating to the use of the 1.1.1.1 recursive resolver • We don’t know who is querying, but we can see query names and query protocol • The market share of Cloudflare’s open resolver service is around 3% of users which is a non-trivial resolver in the open resolver set (ranked #2 in termsa of market share)
Centrality in Authoritative Servers? • One way to measure this is to look at the query-count weighted ranking of the DNS authoritative server providers • If an authoritative name server hosts a very popular domain name then it’s likely that the query count will be high • If a service operator hosts a large number of domains on its authoritative server infrastructure, then it’s likely that the query count will be high • So lets characterise the authoritative service hosting market by their query-based ‘market share’
What’s a “query”? Recursive Resolver Authoritative Server user Incoming Query Cache Outgoing Query The query count at this point is dependant on the cache settings The query count at this point depends on stub activity rather than cache settings We use incoming queries to determine relative weight
Measurement Technique • Obtain a data set of 24 hours of query name data from the 1.1.1.1 resolver system • Group the query names • Resolve the names to find the “lowest” authoritative name server for the query name using a local resolution environment • Take the first name server name • Discard the query names • Resolve the name server names to IP address, and discard the name server names • Map the IP addresses to AS numbers, and discard the IP addresses • Group the query counts into AS numbers and rank by query share
Data Set Rank AS Number Query Share Cumulative Share Name 56 31034 0.06% 89.64% Aruba, IT 57 20446 0.06% 89.70% Stackpath CDN, US 58 199524 0.06% 89.76% Gcore, LU 59 60068 0.05% 89.82% CDN77, GB Here’s an extract of the resultant data set The 24 hour data capture identified 26,971 unique AS numbers (out of a total of 75,000 unique AS numbers in the routing table) While approximately one third of networks host at least one queried authoritative name server the top 50 ASNs have 89.2% of the query share.
Cumulative Distribution
Cumulative Distribution
Top 10 Auth Server Networks Rank AS Number Query Share Cumulative Share Name 1 AS16509 35.7% 35.7% Amazon-02, US 2 AS13335 9.3% 45.0% Cloudflare, US 3 AS15169 8.3% 53.3% Google, US 4 AS21342 4.0% 57.3% Akamai – ASN2, US 5 AS8068 3.9% 61.2% Microsoft, US 6 AS397239 3.7% 64.9% UltraDNS, US 7 AS714 3.4% 68.3% Apple, US 8 AS31898 3.1% 71.4% Oracle, US 9 AS* 2.5% 73.9% Root Server System 10 AS62597 2.5% 76.4% NSONE, US
Concentration Measurements • Lets look at the “market” of DNS authoritative server providers using query-weighted ranking • Single Entity Dominance: • Amazon has 35.7% of the Authoritative Server market • Four-Firm Concentration: • Amazon, Cloudflare, Google, and Akamai have 57.3% market share • HHI Index: • 15% • This appears to be a “moderately concentrated” market
Geopolitical Centrality? • There are 10 network entities who host the authoritative name servers that have a query share of three quarters of the recursive-to- authoritative DNS query volume • All 10 networks are attributed to US entities
Caveats • This analysis is based on a single 24 hour data set from a single open recursive resolver service • The query sample set is not completely uniform and there is a potential bias to enterprise use and some browser use • Using query volumes as a proxy for some form of market share is not a universally accepted analytic metric
Thanks!

Recomendados

DNS-OARC 38: The resolvers we use
DNS-OARC 38: The resolvers we useDNS-OARC 38: The resolvers we use
DNS-OARC 38: The resolvers we useAPNIC
 
RIPE 82: Measuring Recursive Resolver Centrality
RIPE 82: Measuring Recursive Resolver CentralityRIPE 82: Measuring Recursive Resolver Centrality
RIPE 82: Measuring Recursive Resolver CentralityAPNIC
 
ICANN DNS Symposium 2021: Measuring Recursive Resolver Centrality
ICANN DNS Symposium 2021: Measuring Recursive Resolver CentralityICANN DNS Symposium 2021: Measuring Recursive Resolver Centrality
ICANN DNS Symposium 2021: Measuring Recursive Resolver CentralityAPNIC
 
DNS Openness
DNS OpennessDNS Openness
DNS OpennessAPNIC
 
RIPE 86: DNS in EU before dns4EU
RIPE 86: DNS in EU before dns4EURIPE 86: DNS in EU before dns4EU
RIPE 86: DNS in EU before dns4EUAPNIC
 
NANOG 84: DNS Openness
NANOG 84: DNS OpennessNANOG 84: DNS Openness
NANOG 84: DNS OpennessAPNIC
 
DINR 2021 Virtual Workshop: Passive vs Active Measurements in the DNS
DINR 2021 Virtual Workshop: Passive vs Active Measurements in the DNSDINR 2021 Virtual Workshop: Passive vs Active Measurements in the DNS
DINR 2021 Virtual Workshop: Passive vs Active Measurements in the DNSAPNIC
 
NANOG 82: DNS Evolution
NANOG 82: DNS EvolutionNANOG 82: DNS Evolution
NANOG 82: DNS EvolutionAPNIC
 

Recomendados

DNS-OARC 38: The resolvers we use
DNS-OARC 38: The resolvers we useDNS-OARC 38: The resolvers we use
DNS-OARC 38: The resolvers we useAPNIC
 
RIPE 82: Measuring Recursive Resolver Centrality
RIPE 82: Measuring Recursive Resolver CentralityRIPE 82: Measuring Recursive Resolver Centrality
RIPE 82: Measuring Recursive Resolver CentralityAPNIC
 
ICANN DNS Symposium 2021: Measuring Recursive Resolver Centrality
ICANN DNS Symposium 2021: Measuring Recursive Resolver CentralityICANN DNS Symposium 2021: Measuring Recursive Resolver Centrality
ICANN DNS Symposium 2021: Measuring Recursive Resolver CentralityAPNIC
 
DNS Openness
DNS OpennessDNS Openness
DNS OpennessAPNIC
 
RIPE 86: DNS in EU before dns4EU
RIPE 86: DNS in EU before dns4EURIPE 86: DNS in EU before dns4EU
RIPE 86: DNS in EU before dns4EUAPNIC
 
NANOG 84: DNS Openness
NANOG 84: DNS OpennessNANOG 84: DNS Openness
NANOG 84: DNS OpennessAPNIC
 
DINR 2021 Virtual Workshop: Passive vs Active Measurements in the DNS
DINR 2021 Virtual Workshop: Passive vs Active Measurements in the DNSDINR 2021 Virtual Workshop: Passive vs Active Measurements in the DNS
DINR 2021 Virtual Workshop: Passive vs Active Measurements in the DNSAPNIC
 
NANOG 82: DNS Evolution
NANOG 82: DNS EvolutionNANOG 82: DNS Evolution
NANOG 82: DNS EvolutionAPNIC
 
DNS in IR: Collection, Analysis and Response
DNS in IR: Collection, Analysis and ResponseDNS in IR: Collection, Analysis and Response
DNS in IR: Collection, Analysis and Responsepm123008
 
RIPE 82: DNS Evolution
RIPE 82: DNS EvolutionRIPE 82: DNS Evolution
RIPE 82: DNS EvolutionAPNIC
 
How DNS works and How to secure it: An Introduction
How DNS works and How to secure it: An IntroductionHow DNS works and How to secure it: An Introduction
How DNS works and How to secure it: An Introductionyasithbagya1
 
DNS
DNSDNS
DNSHogrGoran
 
IPv6 and the DNS, RIPE 73
IPv6 and the DNS, RIPE 73IPv6 and the DNS, RIPE 73
IPv6 and the DNS, RIPE 73APNIC
 
2nd ICANN APAC-TWNIC Engagement Forum: DNS Oblivion
2nd ICANN APAC-TWNIC Engagement Forum: DNS Oblivion2nd ICANN APAC-TWNIC Engagement Forum: DNS Oblivion
2nd ICANN APAC-TWNIC Engagement Forum: DNS OblivionAPNIC
 
DNS Measurements
DNS MeasurementsDNS Measurements
DNS MeasurementsAFRINIC
 
DoH vs DoT presentation by Geoff Huston and Joao Damos
DoH vs DoT presentation by Geoff Huston and Joao DamosDoH vs DoT presentation by Geoff Huston and Joao Damos
DoH vs DoT presentation by Geoff Huston and Joao DamosAPNIC
 
IGF 2023: DNS Privacy
IGF 2023: DNS PrivacyIGF 2023: DNS Privacy
IGF 2023: DNS PrivacyAPNIC
 
Domain Name System and Dynamic Host Configuration Protocol.pptx
Domain Name System and Dynamic Host Configuration Protocol.pptxDomain Name System and Dynamic Host Configuration Protocol.pptx
Domain Name System and Dynamic Host Configuration Protocol.pptxUsmanAhmed269749
 
Is DNS ready for IPv6, presented by Geoff Huston at IETF 119
Is DNS ready for IPv6, presented by Geoff Huston at IETF 119Is DNS ready for IPv6, presented by Geoff Huston at IETF 119
Is DNS ready for IPv6, presented by Geoff Huston at IETF 119APNIC
 
RIPE 86: DNSSEC — Yes or No?
RIPE 86: DNSSEC — Yes or No?RIPE 86: DNSSEC — Yes or No?
RIPE 86: DNSSEC — Yes or No?APNIC
 
DNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff Huston
DNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff HustonDNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff Huston
DNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff HustonAPNIC
 
What if everyone did it?, by Geoff Huston [APNIC 38 / APOPS 1]
What if everyone did it?, by Geoff Huston [APNIC 38 / APOPS 1]What if everyone did it?, by Geoff Huston [APNIC 38 / APOPS 1]
What if everyone did it?, by Geoff Huston [APNIC 38 / APOPS 1]APNIC
 
Dns
DnsDns
DnsSanoj Kumar
 
Presentation on 'The Path to Resolverless DNS' by Geoff Huston
Presentation on 'The Path to Resolverless DNS' by Geoff HustonPresentation on 'The Path to Resolverless DNS' by Geoff Huston
Presentation on 'The Path to Resolverless DNS' by Geoff HustonAPNIC
 
Measuring the End User
Measuring the End User Measuring the End User
Measuring the End User APNIC
 
Thavron maturing to consumption based models
Thavron maturing to consumption based modelsThavron maturing to consumption based models
Thavron maturing to consumption based modelsThavron Solutions
 
NZNOG 2013 - Experiments in DNSSEC
NZNOG 2013 - Experiments in DNSSECNZNOG 2013 - Experiments in DNSSEC
NZNOG 2013 - Experiments in DNSSECAPNIC
 
mnNOG 1: DNS privacy over DOH
mnNOG 1: DNS privacy over DOHmnNOG 1: DNS privacy over DOH
mnNOG 1: DNS privacy over DOHAPNIC
 
APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53APNIC
 
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024APNIC
 

Mais conteúdo relacionado

Semelhante a Measuring DNS Centralization

DNS in IR: Collection, Analysis and Response
DNS in IR: Collection, Analysis and ResponseDNS in IR: Collection, Analysis and Response
DNS in IR: Collection, Analysis and Responsepm123008
 
RIPE 82: DNS Evolution
RIPE 82: DNS EvolutionRIPE 82: DNS Evolution
RIPE 82: DNS EvolutionAPNIC
 
How DNS works and How to secure it: An Introduction
How DNS works and How to secure it: An IntroductionHow DNS works and How to secure it: An Introduction
How DNS works and How to secure it: An Introductionyasithbagya1
 
IPv6 and the DNS, RIPE 73
IPv6 and the DNS, RIPE 73IPv6 and the DNS, RIPE 73
IPv6 and the DNS, RIPE 73APNIC
 
2nd ICANN APAC-TWNIC Engagement Forum: DNS Oblivion
2nd ICANN APAC-TWNIC Engagement Forum: DNS Oblivion2nd ICANN APAC-TWNIC Engagement Forum: DNS Oblivion
2nd ICANN APAC-TWNIC Engagement Forum: DNS OblivionAPNIC
 
DNS Measurements
DNS MeasurementsDNS Measurements
DNS MeasurementsAFRINIC
 
DoH vs DoT presentation by Geoff Huston and Joao Damos
DoH vs DoT presentation by Geoff Huston and Joao DamosDoH vs DoT presentation by Geoff Huston and Joao Damos
DoH vs DoT presentation by Geoff Huston and Joao DamosAPNIC
 
IGF 2023: DNS Privacy
IGF 2023: DNS PrivacyIGF 2023: DNS Privacy
IGF 2023: DNS PrivacyAPNIC
 
Domain Name System and Dynamic Host Configuration Protocol.pptx
Domain Name System and Dynamic Host Configuration Protocol.pptxDomain Name System and Dynamic Host Configuration Protocol.pptx
Domain Name System and Dynamic Host Configuration Protocol.pptxUsmanAhmed269749
 
Is DNS ready for IPv6, presented by Geoff Huston at IETF 119
Is DNS ready for IPv6, presented by Geoff Huston at IETF 119Is DNS ready for IPv6, presented by Geoff Huston at IETF 119
Is DNS ready for IPv6, presented by Geoff Huston at IETF 119APNIC
 
RIPE 86: DNSSEC — Yes or No?
RIPE 86: DNSSEC — Yes or No?RIPE 86: DNSSEC — Yes or No?
RIPE 86: DNSSEC — Yes or No?APNIC
 
DNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff Huston
DNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff HustonDNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff Huston
DNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff HustonAPNIC
 
What if everyone did it?, by Geoff Huston [APNIC 38 / APOPS 1]
What if everyone did it?, by Geoff Huston [APNIC 38 / APOPS 1]What if everyone did it?, by Geoff Huston [APNIC 38 / APOPS 1]
What if everyone did it?, by Geoff Huston [APNIC 38 / APOPS 1]APNIC
 
Presentation on 'The Path to Resolverless DNS' by Geoff Huston
Presentation on 'The Path to Resolverless DNS' by Geoff HustonPresentation on 'The Path to Resolverless DNS' by Geoff Huston
Presentation on 'The Path to Resolverless DNS' by Geoff HustonAPNIC
 
Measuring the End User
Measuring the End User Measuring the End User
Measuring the End User APNIC
 
Thavron maturing to consumption based models
Thavron maturing to consumption based modelsThavron maturing to consumption based models
Thavron maturing to consumption based modelsThavron Solutions
 
NZNOG 2013 - Experiments in DNSSEC
NZNOG 2013 - Experiments in DNSSECNZNOG 2013 - Experiments in DNSSEC
NZNOG 2013 - Experiments in DNSSECAPNIC
 
mnNOG 1: DNS privacy over DOH
mnNOG 1: DNS privacy over DOHmnNOG 1: DNS privacy over DOH
mnNOG 1: DNS privacy over DOHAPNIC
 

Semelhante a Measuring DNS Centralization (20)

DNS in IR: Collection, Analysis and Response
DNS in IR: Collection, Analysis and ResponseDNS in IR: Collection, Analysis and Response
DNS in IR: Collection, Analysis and Response
 
RIPE 82: DNS Evolution
RIPE 82: DNS EvolutionRIPE 82: DNS Evolution
RIPE 82: DNS Evolution
 
How DNS works and How to secure it: An Introduction
How DNS works and How to secure it: An IntroductionHow DNS works and How to secure it: An Introduction
How DNS works and How to secure it: An Introduction
 
DNS
DNSDNS
DNS
 
IPv6 and the DNS, RIPE 73
IPv6 and the DNS, RIPE 73IPv6 and the DNS, RIPE 73
IPv6 and the DNS, RIPE 73
 
2nd ICANN APAC-TWNIC Engagement Forum: DNS Oblivion
2nd ICANN APAC-TWNIC Engagement Forum: DNS Oblivion2nd ICANN APAC-TWNIC Engagement Forum: DNS Oblivion
2nd ICANN APAC-TWNIC Engagement Forum: DNS Oblivion
 
DNS Measurements
DNS MeasurementsDNS Measurements
DNS Measurements
 
DoH vs DoT presentation by Geoff Huston and Joao Damos
DoH vs DoT presentation by Geoff Huston and Joao DamosDoH vs DoT presentation by Geoff Huston and Joao Damos
DoH vs DoT presentation by Geoff Huston and Joao Damos
 
IGF 2023: DNS Privacy
IGF 2023: DNS PrivacyIGF 2023: DNS Privacy
IGF 2023: DNS Privacy
 
Domain Name System and Dynamic Host Configuration Protocol.pptx
Domain Name System and Dynamic Host Configuration Protocol.pptxDomain Name System and Dynamic Host Configuration Protocol.pptx
Domain Name System and Dynamic Host Configuration Protocol.pptx
 
Is DNS ready for IPv6, presented by Geoff Huston at IETF 119
Is DNS ready for IPv6, presented by Geoff Huston at IETF 119Is DNS ready for IPv6, presented by Geoff Huston at IETF 119
Is DNS ready for IPv6, presented by Geoff Huston at IETF 119
 
RIPE 86: DNSSEC — Yes or No?
RIPE 86: DNSSEC — Yes or No?RIPE 86: DNSSEC — Yes or No?
RIPE 86: DNSSEC — Yes or No?
 
DNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff Huston
DNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff HustonDNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff Huston
DNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff Huston
 
What if everyone did it?, by Geoff Huston [APNIC 38 / APOPS 1]
What if everyone did it?, by Geoff Huston [APNIC 38 / APOPS 1]What if everyone did it?, by Geoff Huston [APNIC 38 / APOPS 1]
What if everyone did it?, by Geoff Huston [APNIC 38 / APOPS 1]
 
Dns
DnsDns
Dns
 
Presentation on 'The Path to Resolverless DNS' by Geoff Huston
Presentation on 'The Path to Resolverless DNS' by Geoff HustonPresentation on 'The Path to Resolverless DNS' by Geoff Huston
Presentation on 'The Path to Resolverless DNS' by Geoff Huston
 
Measuring the End User
Measuring the End User Measuring the End User
Measuring the End User
 
Thavron maturing to consumption based models
Thavron maturing to consumption based modelsThavron maturing to consumption based models
Thavron maturing to consumption based models
 
NZNOG 2013 - Experiments in DNSSEC
NZNOG 2013 - Experiments in DNSSECNZNOG 2013 - Experiments in DNSSEC
NZNOG 2013 - Experiments in DNSSEC
 
mnNOG 1: DNS privacy over DOH
mnNOG 1: DNS privacy over DOHmnNOG 1: DNS privacy over DOH
mnNOG 1: DNS privacy over DOH
 

Mais de APNIC

APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53APNIC
 
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024APNIC
 
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...APNIC
 
On Starlink, presented by Geoff Huston at NZNOG 2024
On Starlink, presented by Geoff Huston at NZNOG 2024On Starlink, presented by Geoff Huston at NZNOG 2024
On Starlink, presented by Geoff Huston at NZNOG 2024APNIC
 
Networking in the Penumbra presented by Geoff Huston at NZNOG
Networking in the Penumbra presented by Geoff Huston at NZNOGNetworking in the Penumbra presented by Geoff Huston at NZNOG
Networking in the Penumbra presented by Geoff Huston at NZNOGAPNIC
 
IP addressing and IPv6, presented by Paul Wilson at IETF 119
IP addressing and IPv6, presented by Paul Wilson at IETF 119IP addressing and IPv6, presented by Paul Wilson at IETF 119
IP addressing and IPv6, presented by Paul Wilson at IETF 119APNIC
 
draft-harrison-sidrops-manifest-number-01, presented at IETF 119
draft-harrison-sidrops-manifest-number-01, presented at IETF 119draft-harrison-sidrops-manifest-number-01, presented at IETF 119
draft-harrison-sidrops-manifest-number-01, presented at IETF 119APNIC
 
Making an RFC in Today's IETF, presented by Geoff Huston at IETF 119
Making an RFC in Today's IETF, presented by Geoff Huston at IETF 119Making an RFC in Today's IETF, presented by Geoff Huston at IETF 119
Making an RFC in Today's IETF, presented by Geoff Huston at IETF 119APNIC
 
IPv6 Operational Issues (with DNS), presented by Geoff Huston at IETF 119
IPv6 Operational Issues (with DNS), presented by Geoff Huston at IETF 119IPv6 Operational Issues (with DNS), presented by Geoff Huston at IETF 119
IPv6 Operational Issues (with DNS), presented by Geoff Huston at IETF 119APNIC
 
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...Benefits of doing Internet peering and running an Internet Exchange (IX) pres...
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...APNIC
 
APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85
APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85
APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85APNIC
 
NANOG 90: 'BGP in 2023' presented by Geoff Huston
NANOG 90: 'BGP in 2023' presented by Geoff HustonNANOG 90: 'BGP in 2023' presented by Geoff Huston
NANOG 90: 'BGP in 2023' presented by Geoff HustonAPNIC
 
APAN 57: APNIC Report at APAN 57, Bangkok, Thailand
APAN 57: APNIC Report at APAN 57, Bangkok, ThailandAPAN 57: APNIC Report at APAN 57, Bangkok, Thailand
APAN 57: APNIC Report at APAN 57, Bangkok, ThailandAPNIC
 
Lao Digital Week 2024: It's time to deploy IPv6
Lao Digital Week 2024: It's time to deploy IPv6Lao Digital Week 2024: It's time to deploy IPv6
Lao Digital Week 2024: It's time to deploy IPv6APNIC
 
AINTEC 2023: Networking in the Penumbra!
AINTEC 2023: Networking in the Penumbra!AINTEC 2023: Networking in the Penumbra!
AINTEC 2023: Networking in the Penumbra!APNIC
 
CNIRC 2023: Global and Regional IPv6 Deployment 2023
CNIRC 2023: Global and Regional IPv6 Deployment 2023CNIRC 2023: Global and Regional IPv6 Deployment 2023
CNIRC 2023: Global and Regional IPv6 Deployment 2023APNIC
 
AFSIG 2023: APNIC Foundation and support for Internet development
AFSIG 2023: APNIC Foundation and support for Internet developmentAFSIG 2023: APNIC Foundation and support for Internet development
AFSIG 2023: APNIC Foundation and support for Internet developmentAPNIC
 
AFNOG 1: Afghanistan IP Deployment Status
AFNOG 1: Afghanistan IP Deployment StatusAFNOG 1: Afghanistan IP Deployment Status
AFNOG 1: Afghanistan IP Deployment StatusAPNIC
 
AFSIG 2023: Internet routing and addressing
AFSIG 2023: Internet routing and addressingAFSIG 2023: Internet routing and addressing
AFSIG 2023: Internet routing and addressingAPNIC
 
AFSIG 2023: APNIC - Registry & Development
AFSIG 2023: APNIC - Registry & DevelopmentAFSIG 2023: APNIC - Registry & Development
AFSIG 2023: APNIC - Registry & DevelopmentAPNIC
 

Mais de APNIC (20)

APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53
 
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
 
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
 
On Starlink, presented by Geoff Huston at NZNOG 2024
On Starlink, presented by Geoff Huston at NZNOG 2024On Starlink, presented by Geoff Huston at NZNOG 2024
On Starlink, presented by Geoff Huston at NZNOG 2024
 
Networking in the Penumbra presented by Geoff Huston at NZNOG
Networking in the Penumbra presented by Geoff Huston at NZNOGNetworking in the Penumbra presented by Geoff Huston at NZNOG
Networking in the Penumbra presented by Geoff Huston at NZNOG
 
IP addressing and IPv6, presented by Paul Wilson at IETF 119
IP addressing and IPv6, presented by Paul Wilson at IETF 119IP addressing and IPv6, presented by Paul Wilson at IETF 119
IP addressing and IPv6, presented by Paul Wilson at IETF 119
 
draft-harrison-sidrops-manifest-number-01, presented at IETF 119
draft-harrison-sidrops-manifest-number-01, presented at IETF 119draft-harrison-sidrops-manifest-number-01, presented at IETF 119
draft-harrison-sidrops-manifest-number-01, presented at IETF 119
 
Making an RFC in Today's IETF, presented by Geoff Huston at IETF 119
Making an RFC in Today's IETF, presented by Geoff Huston at IETF 119Making an RFC in Today's IETF, presented by Geoff Huston at IETF 119
Making an RFC in Today's IETF, presented by Geoff Huston at IETF 119
 
IPv6 Operational Issues (with DNS), presented by Geoff Huston at IETF 119
IPv6 Operational Issues (with DNS), presented by Geoff Huston at IETF 119IPv6 Operational Issues (with DNS), presented by Geoff Huston at IETF 119
IPv6 Operational Issues (with DNS), presented by Geoff Huston at IETF 119
 
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...Benefits of doing Internet peering and running an Internet Exchange (IX) pres...
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...
 
APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85
APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85
APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85
 
NANOG 90: 'BGP in 2023' presented by Geoff Huston
NANOG 90: 'BGP in 2023' presented by Geoff HustonNANOG 90: 'BGP in 2023' presented by Geoff Huston
NANOG 90: 'BGP in 2023' presented by Geoff Huston
 
APAN 57: APNIC Report at APAN 57, Bangkok, Thailand
APAN 57: APNIC Report at APAN 57, Bangkok, ThailandAPAN 57: APNIC Report at APAN 57, Bangkok, Thailand
APAN 57: APNIC Report at APAN 57, Bangkok, Thailand
 
Lao Digital Week 2024: It's time to deploy IPv6
Lao Digital Week 2024: It's time to deploy IPv6Lao Digital Week 2024: It's time to deploy IPv6
Lao Digital Week 2024: It's time to deploy IPv6
 
AINTEC 2023: Networking in the Penumbra!
AINTEC 2023: Networking in the Penumbra!AINTEC 2023: Networking in the Penumbra!
AINTEC 2023: Networking in the Penumbra!
 
CNIRC 2023: Global and Regional IPv6 Deployment 2023
CNIRC 2023: Global and Regional IPv6 Deployment 2023CNIRC 2023: Global and Regional IPv6 Deployment 2023
CNIRC 2023: Global and Regional IPv6 Deployment 2023
 
AFSIG 2023: APNIC Foundation and support for Internet development
AFSIG 2023: APNIC Foundation and support for Internet developmentAFSIG 2023: APNIC Foundation and support for Internet development
AFSIG 2023: APNIC Foundation and support for Internet development
 
AFNOG 1: Afghanistan IP Deployment Status
AFNOG 1: Afghanistan IP Deployment StatusAFNOG 1: Afghanistan IP Deployment Status
AFNOG 1: Afghanistan IP Deployment Status
 
AFSIG 2023: Internet routing and addressing
AFSIG 2023: Internet routing and addressingAFSIG 2023: Internet routing and addressing
AFSIG 2023: Internet routing and addressing
 
AFSIG 2023: APNIC - Registry & Development
AFSIG 2023: APNIC - Registry & DevelopmentAFSIG 2023: APNIC - Registry & Development
AFSIG 2023: APNIC - Registry & Development
 

Último

(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...
(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...
(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...Escorts Call Girls
 
Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...
Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...
Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...Call Girls in Nagpur High Profile
 
Call Girls In Ashram Chowk Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Ashram Chowk Delhi 💯Call Us 🔝8264348440🔝Call Girls In Ashram Chowk Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Ashram Chowk Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$kojalkojal131
 
Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...
Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...
Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...Sheetaleventcompany
 
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service AvailableCall Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service AvailableSeo
 
All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445
All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445
All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445ruhi
 
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine ServiceHot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Servicesexy call girls service in goa
 
Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
Call Now ☎ 8264348440 !! Call Girls in Green Park Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Green Park Escort Service Delhi N.C.R.Call Now ☎ 8264348440 !! Call Girls in Green Park Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Green Park Escort Service Delhi N.C.R.soniya singh
 
Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...
Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...
Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...tanu pandey
 
How is AI changing journalism? (v. April 2024)
How is AI changing journalism? (v. April 2024)How is AI changing journalism? (v. April 2024)
How is AI changing journalism? (v. April 2024)Damian Radcliffe
 
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort Service
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort ServiceEnjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort Service
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort ServiceDelhi Call girls
 
Moving Beyond Twitter/X and Facebook - Social Media for local news providers
Moving Beyond Twitter/X and Facebook - Social Media for local news providersMoving Beyond Twitter/X and Facebook - Social Media for local news providers
Moving Beyond Twitter/X and Facebook - Social Media for local news providersDamian Radcliffe
 
INDIVIDUAL ASSIGNMENT #3 CBG, PRESENTATION.
INDIVIDUAL ASSIGNMENT #3 CBG, PRESENTATION.INDIVIDUAL ASSIGNMENT #3 CBG, PRESENTATION.
INDIVIDUAL ASSIGNMENT #3 CBG, PRESENTATION.CarlotaBedoya1
 
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...
₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...
₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...Diya Sharma
 
WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)
WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)
WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)Delhi Call girls
 

Último (20)

(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...
(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...
(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...
 
Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...
Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...
Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...
 
Call Girls In Ashram Chowk Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Ashram Chowk Delhi 💯Call Us 🔝8264348440🔝Call Girls In Ashram Chowk Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Ashram Chowk Delhi 💯Call Us 🔝8264348440🔝
 
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
 
Russian Call Girls in %(+971524965298 )# Call Girls in Dubai
Russian Call Girls in %(+971524965298 )# Call Girls in DubaiRussian Call Girls in %(+971524965298 )# Call Girls in Dubai
Russian Call Girls in %(+971524965298 )# Call Girls in Dubai
 
Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...
Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...
Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...
 
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service AvailableCall Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
 
All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445
All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445
All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445
 
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine ServiceHot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
 
Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝
 
Call Now ☎ 8264348440 !! Call Girls in Green Park Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Green Park Escort Service Delhi N.C.R.Call Now ☎ 8264348440 !! Call Girls in Green Park Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Green Park Escort Service Delhi N.C.R.
 
Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...
Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...
Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...
 
How is AI changing journalism? (v. April 2024)
How is AI changing journalism? (v. April 2024)How is AI changing journalism? (v. April 2024)
How is AI changing journalism? (v. April 2024)
 
@9999965857 🫦 Sexy Desi Call Girls Laxmi Nagar 💓 High Profile Escorts Delhi 🫶
@9999965857 🫦 Sexy Desi Call Girls Laxmi Nagar 💓 High Profile Escorts Delhi 🫶@9999965857 🫦 Sexy Desi Call Girls Laxmi Nagar 💓 High Profile Escorts Delhi 🫶
@9999965857 🫦 Sexy Desi Call Girls Laxmi Nagar 💓 High Profile Escorts Delhi 🫶
 
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort Service
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort ServiceEnjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort Service
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort Service
 
Moving Beyond Twitter/X and Facebook - Social Media for local news providers
Moving Beyond Twitter/X and Facebook - Social Media for local news providersMoving Beyond Twitter/X and Facebook - Social Media for local news providers
Moving Beyond Twitter/X and Facebook - Social Media for local news providers
 
INDIVIDUAL ASSIGNMENT #3 CBG, PRESENTATION.
INDIVIDUAL ASSIGNMENT #3 CBG, PRESENTATION.INDIVIDUAL ASSIGNMENT #3 CBG, PRESENTATION.
INDIVIDUAL ASSIGNMENT #3 CBG, PRESENTATION.
 
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
 
₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...
₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...
₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...
 
WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)
WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)
WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)
 

Measuring DNS Centralization

  • 1. Measuring the Centralization of DNS Resolution Geoff Huston, Joao Damas, APNIC Labs
  • 2. What are we talking about? • The DNS is a highly decentralised database that distributes its contents over much of the Internet • The DNS data model also includes information replication (secondary authoritative servers) that attempts to provide resiliency ands scalability by removing critical single choke points within the database • The DNS name resolution protocol includes query fallback to increase the robustness of name centralisation • It all sounds as if the DNS highly diverse and extensively decentralised.
  • 3. What are we talking about? • The DNS is a highly decentralised database that distributes its contents over much of the Internet • The DNS data model also includes information replication (secondary authoritative servers) that attempts to provide resiliency ands scalability by removing critical single choke points within the database • The DNS name resolution protocol includes query fallback to increase the robustness of name centralisation • It all sounds as if the DNS highly diverse and extensively decentralised. But is it really decentralised?
  • 4. Measuring Centrality • Various measures have been used in the related space of market dominance which appear to have some relevance to the study of market dominance in the DNS • Australia’s Consumer and Competition agency uses a metric of 70% market share by a single entity • Or there is the four-firm concentration ratio which uses the market share of the four largest firms • Or there is the Hirfindahl-Hirschman index
  • 5. Herfindahl-Hirschman Index • The HHI is used in market analysis to indicate the level of competition between market entities. It is the average market share of the market, weighted by market share • Sum of the square of the market share (%) of the top 50 entities • Above 25% is often taken as an indicator of market skew • Above 10% is would be considered as a market showing “moderate concentration”
  • 6. The DNS resolution environment • The question of centrality in the DNS resolution environment is equivalent to the questions of market dominance and market concentration • So lets look at DNS resolution as a market and use these measurements to assess the degree of concentration in the supply of DNS resolution services
  • 7. Looking at concentration in DNS Name Resolution Recursive Resolver Authoritative Server user I. How centralized is the recursive resolver function? II. How centralized is the authoritative server function?
  • 9. Measuring Recursive Resolution We use Ads to send each user a unique DNS name to resolve. We use an authoritative server as the data collection point and collect the IP address of the resolvers asking the authoritative server We then use the Ad presentation data to match this query to an end user IP address Recursive Resolver Authoritative Server user Ad placement data <ID, IPaddr> DNS query data <ID, DNS resolver IPaddr> Measurement
  • 10. Tuning the measurement • The Authoritative Server always answers queries immediately with the A / AAAA records as requested • The data is unsigned and the responses fit comfortably within 512 octets of DNS payload • We try to minimise timeouts and requeries by steering users to a DNS Authoritative server that is (roughly) on the same continent as the user
  • 11. Mapping • We need to map the resolver “helper” addresses to a resolver service • Which back-end DNS addresses are used by each open resolver? • RIPE Atlas helped here for those cases where the open resolver operator does not publish this information • We map resolvers into a number of categories based on the resolver’s IP address. The categories we use: • Resolver is in the same AS as the end user • It’s a known Open DNS resolver • Resolver is geo-located to the same CC as the end user • Resolver is geo-located to a different CC from the end user
  • 12. Results June 2020 October 2022 Same AS Google Same CC Cloudflare Others
  • 13. Results • Two-thirds of users direct their queries to the recursive resolver that is operated by their ISP • One seventh (15%) of users have their queries resolved by Google’s Public DNS resolver • One seventh (15%) of users direct their queries to a recursive resolver that is geolocated to the same country as they are – probably their ISP using a resolver in a different AS • Everything else – nothing more than 3% • Is the recursive resolver market centralized? Probably not • Is the open recursive resolver market centralized? That’s a different question! • But first let’s understand what is being measured here
  • 14. However, the measurement is not as simple as it may suggest • We observe that this single initial query generates 1 or more queries from a single recursive resolver IP address just 30% of the time • 2 or more different resolvers are queried in 60% of cases • Most of the time (90% of cases) these multiple resolver IP addresses are all in the same AS Cumulative Distribution of number of resolver IP addresses seen to query for a unique DNS name
  • 15. Multiple resolvers “see” individual stub queries • We see an average of 3.23 distinct resolver IP addresses at the authoritative server for each queried domain name within the first 15 seconds • What should we do with these “extra” DNS queries? • In this case we just add them to the count • So we are measuring who “sees” my DNS queries
  • 16. What are we measuring here? • So we thought that maybe we really wanted to know all the resolvers who might see your query • But to flush out all of these resolvers we need to adjust this experiment
  • 17. Seeing Everything! • Get the authoritative server to return SERVFAIL all the time • This way the stub resolver is likely to cycle through all the locally configured recursive resolvers to find a non-SERVFAIL DNS response
  • 18. All Recursive Resolvers • Two-thirds of users direct their queries to the recursive resolver that is operated by their ISP • One seventh (15%) of users have their queries resolved by Google’s Public DNS resolver • One seventh (15%) of users direct their queries to a recursive resolver that is geolocated to the same country as they are – probably their ISP using a resolver in a different AS • Everything else – nothing more than 4% fifth (20%) sixth (16%) 3%
  • 19. How many resolvers see the query now? • We observe that this single initial query generates 1 or more queries from a single recursive resolver IP address just 12% of the time • 2 or more different resolvers are queried in 30% of cases • Most of the time (75% of cases) these multiple resolver IP addresses are all in the same AS Cumulative Distribution of number of resolver IP addresses seen to query for a unique DNS name when the response is SERVFAIL
  • 20. Are we there yet? • No, not really • Perhaps it is also useful to understand which resolver provides the response that the user will use
  • 21. Third Pass • Single query – same as Pass 1 • But only record the first query at the auth server for each unique ID • We assume that the first recursive resolver to ask the auth server is the first to provide a response to the stub resolver • How does this change the measurements?
  • 22. First Query Results • Two-thirds of users direct their queries to the recursive resolver that is operated by their ISP • One fifth (20%) of users have their queries resolved by Google’s Public DNS resolver • One sixth (18%) of users direct their queries to a recursive resolver that is geolocated to the same country as they are – probably their ISP using a resolver in a different AS • Everything else – nothing more than 4% seventh (15%) eighth (1%) 2%
  • 23. What are we looking at? • Who gets to see my queries? • Who might get to see my queries? • Who do I believe for answers?
  • 24. Concentration Measurements • Lets look at the “market” of DNS open resolvers using the “all resolvers” measurements • Single Entity Dominance: • Google has 68.7% of the open DNS resolver market • Four-Firm Concentration: • Google, Cloudflare, 114DNS and OpenDNS have 91.6% market share • HHI Index: • 49% • So the open resolver market sector is highly centralized. • But this open resolver activity represents only one third of the total resolution market, and the HHI Index of the open resolvers as a subset of the total resolution market is far lower, at 5%
  • 25. II Authoritative Servers • Data about the recursive-to-authoritative query set is hard to find • Recursive resolvers sit in a privileged position in the DNS as they are exposed to both the identity of the stub resolver (the ‘user’) and the DNS names that they are querying • So there are many caveats that apply to access to such data – and rightly so • At APNIC we have limited access to the data relating to the use of the 1.1.1.1 recursive resolver • We don’t know who is querying, but we can see query names and query protocol • The market share of Cloudflare’s open resolver service is around 3% of users which is a non-trivial resolver in the open resolver set (ranked #2 in termsa of market share)
  • 26. Centrality in Authoritative Servers? • One way to measure this is to look at the query-count weighted ranking of the DNS authoritative server providers • If an authoritative name server hosts a very popular domain name then it’s likely that the query count will be high • If a service operator hosts a large number of domains on its authoritative server infrastructure, then it’s likely that the query count will be high • So lets characterise the authoritative service hosting market by their query-based ‘market share’
  • 27. What’s a “query”? Recursive Resolver Authoritative Server user Incoming Query Cache Outgoing Query The query count at this point is dependant on the cache settings The query count at this point depends on stub activity rather than cache settings We use incoming queries to determine relative weight
  • 28. Measurement Technique • Obtain a data set of 24 hours of query name data from the 1.1.1.1 resolver system • Group the query names • Resolve the names to find the “lowest” authoritative name server for the query name using a local resolution environment • Take the first name server name • Discard the query names • Resolve the name server names to IP address, and discard the name server names • Map the IP addresses to AS numbers, and discard the IP addresses • Group the query counts into AS numbers and rank by query share
  • 29. Data Set Rank AS Number Query Share Cumulative Share Name 56 31034 0.06% 89.64% Aruba, IT 57 20446 0.06% 89.70% Stackpath CDN, US 58 199524 0.06% 89.76% Gcore, LU 59 60068 0.05% 89.82% CDN77, GB Here’s an extract of the resultant data set The 24 hour data capture identified 26,971 unique AS numbers (out of a total of 75,000 unique AS numbers in the routing table) While approximately one third of networks host at least one queried authoritative name server the top 50 ASNs have 89.2% of the query share.
  • 32. Top 10 Auth Server Networks Rank AS Number Query Share Cumulative Share Name 1 AS16509 35.7% 35.7% Amazon-02, US 2 AS13335 9.3% 45.0% Cloudflare, US 3 AS15169 8.3% 53.3% Google, US 4 AS21342 4.0% 57.3% Akamai – ASN2, US 5 AS8068 3.9% 61.2% Microsoft, US 6 AS397239 3.7% 64.9% UltraDNS, US 7 AS714 3.4% 68.3% Apple, US 8 AS31898 3.1% 71.4% Oracle, US 9 AS* 2.5% 73.9% Root Server System 10 AS62597 2.5% 76.4% NSONE, US
  • 33. Concentration Measurements • Lets look at the “market” of DNS authoritative server providers using query-weighted ranking • Single Entity Dominance: • Amazon has 35.7% of the Authoritative Server market • Four-Firm Concentration: • Amazon, Cloudflare, Google, and Akamai have 57.3% market share • HHI Index: • 15% • This appears to be a “moderately concentrated” market
  • 34. Geopolitical Centrality? • There are 10 network entities who host the authoritative name servers that have a query share of three quarters of the recursive-to- authoritative DNS query volume • All 10 networks are attributed to US entities
  • 35. Caveats • This analysis is based on a single 24 hour data set from a single open recursive resolver service • The query sample set is not completely uniform and there is a potential bias to enterprise use and some browser use • Using query volumes as a proxy for some form of market share is not a universally accepted analytic metric