DNS Damage - Measurements at a Root Server

Nevil Brownlee, CAIDA and Univ. of Auckland

kc claffy, CAIDA

Evi Nemeth, CAIDA and Univ. of Colorado

CAIDA is the Cooperative Association for Internet Data Analysis at the San Diego Supercomputer Center on the UC San Diego campus.

DNS Background

Locations of Root and gTLD Servers

Figure 1: Locations of the root nameservers and gTLD servers. The (x,y) notation near the city names indicates the number of root servers (x) followed by the number of gTLD servers (y) in that area. Notice the large number of both types of servers around Washington D.C. and in California.

Query Process


Query Rate at F Root Servers

Figure 7: Query load at the two F root servers F0 and F1; F1 is plotted with negative values to display it on the same plot. Black is the input packet rate and grey is the output packet rate (6-16 jan 2001); 5-minute bins.

Query Rate at F Root Servers

Query Types

F Root Server Data Sets (tcpdump)

Sample Size # queries # distinct queries (%) Date/time captured
1 weekend hour 3.6 Gb 10.3 M 2.7 M (26.2%) Sunday, Jan 7, 11am
1 weekday hour 5.9 Gb 18.0 M 4.8 M (26.7%) Tuesday, Jan 9, 3pm
2 weekday hours 10.4 Gb 29.1 M 4.5 M (15.5%) Monday, Jan 8, 1pm
2M packets (~4 min) 338 Mb 1 M 380,000 (37.9%) Wed. Jan 10, hourly 10am-9pm
4M packets (~8 min) 690 Mb 2 M 622,000 (31.2%) Jan 12, 17, 18, 19, 24, 2-4 times/day

Table 1: Root Nameserver Data Collection Regime

Super Perl Script

Repeated Queries