Abstract
We analyzed the largest simultaneous collection of full-payload packet traces from a core component of the global Internet infrastructure ever made available to academic researchers. Our dataset consists of three large samples of global DNS traffic collected during three annual "Day in the Life of the Internet" (DITL) experiments in January 2006, January 2007, and March 2008. Building on our previous comparison of DITL 2006 and DITL 2007 DNS datasets [28], we venture to extract historical trends, comparisons with other data sources, and interpretations, including traffic growth, usage patterns, impact of anycast distribution, and persistent problems in the root nameserver system that reflect ominously on the global Internet. Most notably, the data consistently reveals an extraordinary amount of DNS pollution -- an estimated 98% of the traffic at the root servers should not be there at all. Unfortunately, there is no clear path to reducing the pollution, so root server operators, and those who finance them, must perpetually overprovision to handle this pollution. Our study presents the most complete characterization to date of traffic reaching the roots, and while the study does not adequately fulfill the "Day in the Life of the Internet" vision, it does succeed at unequivocally demonstrating that the infrastructure on which we are all now betting our professional, personal, and political lives deserves a closer and more scientific look.
References
- IPv6 Address Added for Root Servers in the Root Zone. http://www.icann.org/en/announcements/announcement-04feb08.htm.Google Scholar
- Global Environment for Network Investigation (now "innovations"), 2005. http://www.geni.net.Google Scholar
- A Day in the Life, 2006. http://blog.caida.org/best available data/2006/09/04/a-day-in-the-life/.Google Scholar
- Top ten things lawyers should know about Internet research, #3, 2008. http://blog.caida.org/best available data/2008/04/18/top-ten-things-lawyers-should-know-about-internet-research-3/.Google Scholar
- D.E. 3rd, E. Brunner-Williams, and B. Manning. Domain Name System IANA Considerations, 2000. http://www.rfc-editor.org/rfc/rfc2929.txt.Google Scholar
- A. Broido, Y. Hyun, M. Fomenkov, and K. Claffy. The windows of private DNS updates. SIGCOMM Comput. Commun. Rev., 36(3):93--98, 2006. Google Scholar
Digital Library
- A. Broido, Y. Hyun, R. Gao, and K. Claffy. Their share: diversity and disparity in IP traffic. In PAM 2004 Proceedings, pages 113--125, 2004.Google Scholar
Cross Ref
- CAIDA and DNS-OARC. A Report on DITL data gathering Jan 9-10th 2007. http://www.caida.org/projects/ditl/summary-2007-01/.Google Scholar
- N.R. Council. Looking over the Fence: A Neighbor's View of Networking Research. National Academies Press, 2001.Google Scholar
- P.B. Danzig, K. Obraczka, and A. Kumar. An analysis of wide-area name server traffic: a study of the Internet Domain Name System. SIGCOMM Comput. Commun. Rev., 22(4):281--292, 1992. Google Scholar
Digital Library
- DNS-OARC. Domain Name System Operations, Analysis, and Research Center. https://www.dns-oarc.net/.Google Scholar
- Duane Wessels. https://www.dns-oarc.net/oarc/services/dnsentropy.Google Scholar
- T. Hardie. Distributing Authoritative Nameservers via Shared Unicast Addresses, 2002. http://www.ietf.org/rfc/rfc3258.txt. Google Scholar
Digital Library
- IANA. List of valid TLD. http://data.iana.org/TLD/tlds-alpha-by-domain.txt.Google Scholar
- ICANN. Root servers attack factsheet, 2007. http://www.icann.org/announcements/factsheet-dns-attack-08mar07.pdf.Google Scholar
- C. D. in the Life of the Internet (DITL) Project Team. Day in the Life of the Internet, January 9-10, 2007 (DITL-2007-01-09) (collection). http://imdc.datcat.org/collection/1-031B-Q=Day+in+the+Life+of+the+Internet%2C+January+9-10%2C+2007+%28DITL-2007-01-09%29.Google Scholar
- C. D. in the Life of the Internet (DITL) Project Team. Day in the Life of the Internet, March 18-19, 2008 (DITL-2008-03-18) (collection). http://imdc.datcat.org/collection/1-05MM-F=Day+in+the+Life+of+the+Internet%2C+March+18-19%2C+2008+%28DITL-2008-03-18%29.Google Scholar
- M. Larson and P. Barber. Observed DNS Resolution Misbehavior. http://www.ietf.org/rfc/rfc4697.txt.Google Scholar
- T. Lee, B. Huffaker, M. Fomenkov, and K. Claffy. On the problem of optimization of DNS root servers' placement. In PAM 2003 Proceedings, 2003.Google Scholar
- O. Lendl and L.A. Kaplan. Patching Nameservers: Austria reacts to VU#800113. http://cert.at/static/cert.at-0802-DNS-patchanalysis.pdf.Google Scholar
- Z. Liu, B. Huffaker, N. Brownlee, and K. Claffy. Two Days in the Life of the DNS Anycast Root Servers. In PAM 2007 Proceedings, pages 125--134, 2007. Google Scholar
Digital Library
- D. Malone. The root of the matter: hints or slaves. In IMC'04: Proceedings of the 4th ACM SIGCOMM conference on Internet measurement, pages 15--20, New York, NY, USA, 2004. ACM. Google Scholar
Digital Library
- P. Mockapetris. Domain Names - Concepts and Facilities, 1987.Google Scholar
- A. Odlyzko. Minnesota Internet Traffic Studies (MINTS). http://www.dtc.umn.edu/mints/home.php.Google Scholar
- R.S. Operators. Root Server Technical Operations. http://www.root-servers.org/.Google Scholar
- V. Pappas, P. Fältström, D. Massey, and L. Zhang. Distributed DNS troubleshooting. In NetT'04: Proceedings of the ACM SIGCOMM workshop on Network troubleshooting, pages 265--270, New York, NY, USA, 2004. ACM. Google Scholar
Digital Library
- V. Pappas, Z. Xu, S. Lu, D. Massey, A. Terzis, and L. Zhang. Impact of configuration errors on DNS robustness. SIGCOMM Comput. Commun. Rev., 34(4):319--330, 2004. Google Scholar
Digital Library
- S. Castro, D. Wessels, and Kimberly Claffy. A Comparison of Traffic from the DNS Root Nameservers as Measured in DITL 2006 and 2007. http://www.caida.org/research/dns/roottraffic/comparison06 07.xml.Google Scholar
- US-CERT. Vulnerability note VU#800113: Multiple DNS implementations vulnerable to cache poisoning. http://www.kb.cert.org/vuls/id/800113.Google Scholar
- W. van Wanrooij and A. Pras. DNS Zones Revisited. Open European Summer School and IFIP WG6.4/6.6/6.9 Workshop (EUNICE), 2005.Google Scholar
- D. Wessels. dnstop. http://www.caida.org/tools/utilities/dnstop/.Google Scholar
- D. Wessels. Is your caching resolver polluting the internet? In NetT'04: Proceedings of the ACM SIGCOMM workshop on Network troubleshooting, pages 271--276, New York, NY, USA, 2004. ACM. Google Scholar
Digital Library
- D. Wessels. Measuring DNS Source Port Randomness. First CAIDA/WIDE/CASFI workshop, August 2008. http://www.caida.org/workshops/wide/0808/slides/source port randomness.pdf.Google Scholar
- D. Wessels and M. Fomenkov. Wow, That's a lot of packets. In PAM 2002 Proceedings, 2002.Google Scholar
- D. Wessels, M. Fomenkov, N. Brownlee, and K. Claffy. Measurements and Laboratory Simulations of the Upper DNS Hierarchy. In PAM 2004 Proceedings, pages 147--157, 2004.Google Scholar
Index Terms
A day at the root of the internet





Comments